Cyber risk continues to rise on corporate agendas as organizations move into 2026. Advances in artificial intelligence, expanding regulatory requirements, and persistent ransomware activity have elevated cyber risk beyond the technology function and into executive leadership and board oversight.
The global average cost of a data breach reached nearly $5 million in 2024, underscoring the financial exposure tied to cyber events. Aon’s Global Risk Management Survey reinforces this reality, identifying cyber attacks and data breaches as the top enterprise risk through 2026, with expectations that this ranking will persist into 2028.
Supply Chain and Third-Party Exposure Intensifies
Third-party and supply chain risks remain significant drivers of cyber losses. Supply chain disruption ranks among the top 10 global risks, according to Aon’s survey, and high-profile incidents in recent years have demonstrated how a single cyber event can cascade across thousands of dependent organizations.
Third-party involvement accounted for 30% of all data breaches in 2024, up from 15% the year prior. Both malicious attacks and non-malicious technology outages have resulted in widespread business interruption, highlighting the challenges organizations face in maintaining visibility into supplier security practices as ecosystems grow more complex.
AI Expands the Cyber Attack Surface
AI adoption has introduced new dimensions of cyber risk. While AI supports operational efficiency, it also enables threat actors to automate and scale attacks with limited resources. AI-driven cyberattacks now rank among the top 10 global risks for business leaders.
Research conducted in 2025 showed that altering as little as 0.1% of an AI model’s training data could cause targeted misclassification. Despite these risks, only 37% of organizations currently assess the security of third-party AI tools before deployment.
AI-related threats also extend beyond digital systems, as attackers increasingly use open-source intelligence, autonomous tools, and synthetic identities to exploit physical and cyber security gaps.
Ransomware Activity Rebounds
Ransomware severity increased in 2025 following a period of decline. While global ransomware frequency dropped 44% in the fourth quarter of 2025, average ransomware payment amounts rose 95%, and global ransomware claims increased 74%. New ransomware groups contributed to heightened aggression and financial impact.
Regulatory Pressure and Market Conditions Shift
Regulatory and legal risk ranks fourth among enterprise concerns globally. New disclosure requirements from the U.S. Securities and Exchange Commission and expanded cyber regulations in the European Union are raising expectations for incident reporting and governance.
Meanwhile, the cyber insurance market remains broadly buyer-friendly, supported by significant new capacity since 2022. However, signs of tightening emerged in late 2025 as insurers responded to rising losses and set minimum pricing thresholds for capacity deployment.
