2025 Cybersecurity and Claims Trends Decoded: What Cyber Trends to Look Out for in 2026

Trend 1: AI Powered Phishing and Deepfakes Will Become the Norm 

The insurance and cybersecurity sectors have long warned against growing AI driven cyber scams, but we’re at a turning point where AI has turned the “if it will happen” question into “when it will happen,” says Jardine. 

According to Verizon DBIR 2025, between January to October 2025, AI-assisted cyberattacks across industries surged 72% globally, causing $30 billion in projected global damages. Thanks to GenAI, phishing attacks surged 1,265%. And in North America alone, deepfake fraud jumped 1,740% last year. 

 It’s not just businesses who should be worried. One in 10 people have already received an AI-generated voice clone and 77% of them lost money in the scam. Two-thirds of people can’t tell AI audio from real speech and almost half fail tospot deepfake AI-videos. 

Cybercriminals now use AI every day to: 

• Easily execute social engineering scams. “These scams take minimal effort but they’re hyper-personal and more convincing than ever,” says Jardine. 
• Launch automated attacks. AI tools are amplifying the scale and sophistication of attacks, making them faster and more successful. 
• Exploit weak defences. “Poorly protected businesses and individuals continue to offer high returns for cybercriminals,” Baker says. 
• Expand their opportunities: “Our growing reliance on digital payments, cloud services and shared personal data creates an ever-larger attack surface for scammers,” Baker adds. 

Trend 2: Cybercriminals Will Exploit Growing Attack Surfaces in 2026 

As businesses expand their digital operations and rely more heavily on cloud technology, IoT devices and third party systems, their attack surface is exponentially growing. 

“Your digital attack surface includes every internet-facing asset connected to your organization, from websites and VPNs to cloud services, remote access portals, shadow IT and even third-party vendors, impacting your entire supply chain. These are the digital doorways cybercriminals are constantly probing for weaknesses,” says Baker. 

Globally, 90% of organizations have seen an increase in impactful attack surface incidents. Today, attack surface vulnerabilities are responsible for over 80% of cybersecurity breaches. SMEs experience 60% more severe incidents than larger ones, with breaches causing deeper operational disruption, greater financial loss and longer recovery times.  

The recent CrowdStrike outage and Amazon Web Services disruptions, showed how fragile the global digital ecosystem can be. According to IDC’s latest research, organizations experienced an average of nine cloud security incidents in 2024, with 89% reporting a year-over-year increase. 

Small businesses in the US, which are three times more likely to get hacked, experienced a 46% cyberattack rate in 2025, with incidents occurring every 11 seconds. 

“Traditional endpoint detection tools don’t catch these exposures. It’s no longer enough to secure what’s inside your network. You need to know what’s connected outside of it and who else has access,” Jardine says. 

Attack Surface Management is an essential tool to help businesses and individuals continuously identify, monitor and secure internal and external assets and detect vulnerabilities before they’re exploited. 

Trend 3: Impersonation Fraud Explodes

Impersonation scams have become one of the fastest growing forms of cyber fraud thanks to AI, which enables cybercriminals to automate and personalize trust-based deception at scale. With further sophistication of AI-based technologies in 2026, this trend will continue. 

Impersonation scams surged 148% in the past year, becoming the top reported scam in America, according to Identity Theft Resource Center’s 2025 Trends in Identity Report. Americans already lost $2.9 billion to cyber scammers impersonating businesses, government and financial institutions. 

Impersonation fraud goes far beyond stolen identities. It now spans multiple forms of cyber extortion, from fraudsters posing as executives to trick employees into wiring funds, to spoofed vendors submitting fake invoices. The same techniques are used in sextortion scams targeting youth and romance and grandparent scams preying on seniors. The Federal Trade Commission reports an eight-fold increase since 2020 in reports from older Americans who lost more than $100,000 to scams. 

“These hyper personalized attacks exploit human trust, not technical flaws. Criminals spoof colleagues, vendors, executives and ordinary people with alarming realism,” says Baker 

“As impersonation fraud escalates, businesses must build a ‘verify before you trust’ culture,” adds Jardine. “That means validating requests, even familiar ones, through independent channels, equipping employees to recognize social engineering red flags and ensuring response plans and insurance policies adequately address these risks.” 

Trend 4: Ransomware and Data Breaches Persist 

Ransomware and data breaches are here to stay 2026 and beyond. 

In 2025, a ransomware attack occurs somewhere in the world every 19 seconds, with the United States being the most targeted country. 

“Ransomware remains the most costly cyberattack, often resulting in major business disruption or even permanent closure due to financial or reputational damage,” says Jardine. “We now see cybercriminals making frequent, smaller ransom demands targeting more businesses, or using ransomware as a secondary step after data theft.” 

Today’s businesses need to be prepared to pay a median ransom payment of $1 million plus recovery costs of $1.5 million. 

Exploited vulnerabilities are the most common root cause of ransomware attacks, with 84% organizations hit by ransomware saying incidents were tied to compromised backups.  

“Vulnerabilities like outdated software, unpatched systems and weak cloud security leave businesses vulnerable. There’s a clear need to prioritize Endpoint Detection and Response and strong backups to reduce these risks,” Jardine says. 

Emerging Cyber Threats in 2026 

2026 will push three trends from the margins to the mainstream: 

Relationship-based AI-social engineering scams:
 Cybercriminals will use your personal, social and professional networks as your new attack surface, exploiting more people through their colleagues, friends and family. “Attackers are using AI to map real world relationships and craft messages that feel authentic. It’s a new wave of social engineering through relationships,” Jardine explains. 

Dark Web exposure and credential stuffing:
 Today, there are over 24 billion complete sets of usernames and passwords circulating the dark web. The dark web is a thriving marketplace and in an era of hyper connectivity, dark web monitoring of this hidden world is an essential part of any cyber risk strategy, Baker says, whether you’re running a business or trying to protect yourself and your household. 

Quantum era encryption preparation: 
The race to protect data against future quantum threats is underway. “The risk isn’t theoretical. Attackers are already stealing and storing encrypted data to decrypt later. In 2026, quantum readiness will move from research to real world implementation,” says Jardine. 

Protect Your Businesses and Households from Cyber Risks in 2026 

Every organization and individual must raise their guard. 

For Businesses: 

• Use phishing resistant MFA and avoid SMS based codes. 
• Adopt Endpoint Detection and Response for continuous monitoring. 
• Back up data regularly and store backups offline. 
• Strengthen cloud security beyond default settings. 
• Build awareness with regular phishing simulations and training. 
• Integrate prevention-first cyber insurance and protection. Work with an insurance partner that understands today’s risks and helps you predict, prevent, insure and recover from them for tomorrow. 

For Individuals and Households 

• Strengthen the basics: enable MFA, use strong unique passwords and know when to use VPNs. 
• Stay informed: monitor your digital and financial footprint and set up breach alerts. 
• Be skeptical online: verify urgent messages or money requests, even from familiar people. 
• Protect family members: Regularly talk to children and seniors about online scams and the role of AI and ensure everyone knows how to report suspicious activity. Protect your household with an all-in-one personal cyber insurance and protection solution that integrates prediction and prevention services so you don’t face today’s risks alone.  

Prevention Is the New Cyber Resilience 

If 2025 proved anything, it’s that cyber risk never rests, so neither can your defences. From insurance coverage to everyday security habits and tools, protection must be continuous. 

“Protecting yourself, your household or your business means not waiting for the next threat but predicting and preventing it before it strikes,” says Baker. 

“Reaching out to an expert the moment you suspect a breach always leads to a better outcome than trying to manage it on your own,” Jardine adds. “Our BOXX Hackbusters® team provides 24/7 monitoring and containment, preventing over 80% of incidents before they ever become claims.” 

The stakes have never been higher. 

“As we move into 2026, it’s time to rethink your defences, reinforce awareness and stay prepared,” says Jardine. “Prevention means protecting what matters, but even more important, it’s cyber resilience in action.”