Quorum Cyber released alarming findings from its 2026 Global Cyber Risk Outlook report, highlighting how AI automation and Ransomware-as-a-Service are reshaping modern threats. The report notes that nation-state actors can now automate up to 90% of intrusion activity, while vulnerability disclosures have surpassed 35,000 for the first time. Attackers are also moving away from slow-encryption techniques, with financial services ransom demands surging by 179%. As a result, organizations face shrinking detection windows, lower barriers to entry for attackers, and advanced capabilities increasingly accessible to less-skilled criminals.
Insights from the 2026 Global Cyber Risk Outlook are derived from incidents and investigations observed across over 350 global organizations ranging in staff size from 10 to 10,000 throughout calendar year 2025. Highlighted report findings that need to reshape 2026 cyber risk considerations include:
- The number of newly formed ransomware groups increased by 30% in the year to October 2025
- Global vulnerability disclosures rose 21%, surpassing 35,000
- Early evidence of a nation-state group using AI agents to automate up to 90% of an intrusion
- Cybercriminals are increasingly shifting away from encryption toward faster, lower-cost data exfiltration attacks
- New white-label RaaS platforms enabling rapid launch of branded criminal operations
- Average ransom demands surged across multiple sectors, including 179% in financial services and 97% in manufacturing
- Nation-state threat actors associated with Russia, China, and Iran remain the top threats to the public sector, while North Korea-linked actors likely earned over $2 billion from cybercrime in 2025
“Over the past year, we have witnessed a marked acceleration in the capability and ambition of threat actors. The proliferation of AI-enabled tooling, combined with an increasingly professionalized cybercriminal economy, has lowered barriers to entry and expanded the reach of even modestly skilled actors,” says Federico Charosky, Quorum Cyber’s Chief Executive Officer. “This report distills the most significant developments observed across our intelligence, incident response, and counter extortion work, offering practical guidance to help organizations anticipate and mitigate emerging risks.”
Industry Sector Companion Reports
In addition, the 2026 Global Cyber Risk Outlook includes companion reports focused on nine industry sectors, including energy, financial services and insurance, healthcare and pharmaceuticals, higher education, housing and construction, legal and professional services, manufacturing, public sector, and retail. Each companion report outlines sector-specific threat dynamics and practical considerations for strengthening cyber resilience.
Quorum Cyber Teams With Microsoft
To help organizations interpret these findings and prioritize action, Quorum Cyber will host a live webinar on February 25 featuring Lesley Kipling, Chief Security Advisor at Microsoft, alongside Quorum Cyber’s Threat Intelligence leadership. The session will examine how evolving threat actor tactics intersect with modern cloud, identity, and AI-driven environments — and what security leaders should focus on to strengthen resilience heading into 2026.
The 2026 Global Cyber Risk Outlook reflects Quorum Cyber’s Microsoft-first approach to security, informed by deep visibility into cloud, identity, and AI-driven environments. Founded as a Microsoft-first security services provider, Quorum Cyber is a long-standing member of the Microsoft Intelligent Security Association (MISA) and holds all four Microsoft Security specializations: Cloud Security, Identity and Access Management, Information Protection and Governance, and Threat Protection.
To learn more, read Quorum Cyber’s 2026 Global Cyber Risk Outlook Report here.
Related News:
New Threats Exposed: Quorum Cyber’s Mid-Year Global Cyber Risk Outlook
Quorum Cyber Named Finalist in Microsoft Security Excellence Awards
