Quorum Cyber has published its 2026 Global Cyber Risk Outlook, presenting a detailed and concerning assessment of how cybercrime continues to evolve in scale, speed, and sophistication. The report concludes that artificial intelligence–driven automation and the rapid expansion of Ransomware-as-a-Service (RaaS) ecosystems have reshaped the threat environment, allowing nation-state actors to automate as much as 90% of intrusion activity. At the same time, global vulnerability disclosures exceeded 35,000 for the first time, underscoring the growing attack surface facing organizations worldwide.
According to the findings, adversaries are moving away from slower, encryption-heavy ransomware models in favor of faster, cost-efficient data exfiltration tactics. This shift is reflected in ransom demands, which surged dramatically—most notably a 179% increase within the financial services sector. As barriers to entry continue to erode, detection timelines are shrinking and capabilities once limited to highly advanced threat actors are now accessible to comparatively low-skilled cybercriminals.
The 2026 Global Cyber Risk Outlook is based on incident response engagements and threat investigations conducted across more than 350 organizations globally, with employee populations ranging from 10 to 10,000, during calendar year 2025. Key findings that should influence cyber risk strategy and investment decisions for 2026 include:
- A 30% increase in newly established ransomware groups in the year through October 2025
- A 21% rise in global vulnerability disclosures, surpassing 35,000 reported vulnerabilities
- Early confirmation of a nation-state threat group leveraging AI agents to automate up to 90% of an intrusion lifecycle
- A clear pivot by cybercriminals from encryption-based ransomware toward rapid data theft and extortion
- The emergence of white-label RaaS platforms that significantly reduce the time required to launch branded criminal operations
- Sharp growth in average ransom demands across sectors, including 179% in financial services and 97% in manufacturing
- Continued dominance of nation-state actors linked to Russia, China, and Iran targeting the public sector, alongside estimates that North Korea–associated groups generated more than $2 billion from cybercrime activity in 2025
“Over the past year, we have witnessed a marked acceleration in the capability and ambition of threat actors. The proliferation of AI-enabled tooling, combined with an increasingly professionalized cybercriminal economy, has lowered barriers to entry and expanded the reach of even modestly skilled actors,” says Federico Charosky, Quorum Cyber’s Chief Executive Officer. “This report distills the most significant developments observed across our intelligence, incident response, and counter extortion work, offering practical guidance to help organizations anticipate and mitigate emerging risks.”
Industry Sector Companion Reports
Alongside the core outlook, Quorum Cyber has released a series of companion reports tailored to nine key industry sectors: energy; financial services and insurance; healthcare and pharmaceuticals; higher education; housing and construction; legal and professional services; manufacturing; public sector; and retail. Each sector-focused report analyzes unique threat patterns and provides actionable recommendations to enhance cyber resilience in the face of evolving adversary behavior.
Quorum Cyber Teams With Microsoft
To support security leaders in translating these insights into action, Quorum Cyber will host a live webinar on February 25. The event will feature Lesley Kipling, Chief Security Advisor at Microsoft, together with Quorum Cyber’s Threat Intelligence leadership. The discussion will explore how modern threat actor techniques intersect with cloud, identity, and AI-centric environments, and highlight priority areas for strengthening organizational resilience as 2026 approaches.
The 2026 Global Cyber Risk Outlook reflects Quorum Cyber’s Microsoft-first security strategy, drawing on deep operational visibility across cloud, identity, and AI-enabled ecosystems. Established as a Microsoft-first security services provider, Quorum Cyber is a long-standing member of the Microsoft Intelligent Security Association (MISA) and holds all four Microsoft Security specializations: Cloud Security, Identity and Access Management, Information Protection and Governance, and Threat Protection.
___
About Quorum Cyber
Founded in Edinburgh in 2016, Quorum Cyber is a proactive, threat-led cybersecurity company helping organizations defend against an increasingly hostile digital landscape. With customers across North America, the UK, and beyond, Quorum Cyber is a Microsoft Solutions Partner for Security, a member of the Microsoft Intelligent Security Association (MISA), and the 2025 Microsoft Security MSSP of the Year. Its mission is to help good people win by providing clarity and confidence in moments of cyber risk. For more information, visit www.quorumcyber.com
.
Join our LinkedIn group Information Security Community!
