Ransomware attacks forecast to surge 40% by 2026, QBE warns

Ransomware attacks are expected to rise by more than 40% over the next two years, with the number of victims named on leak sites projected to exceed 7,000 by the end of 2026, according to new research from QBE.

The insurer’s latest cyber report, “Cloud cover: forecasting digital disruption in a cybercrime climate”, produced in partnership with crisis consulting firm Control Risks, found that ransomware incidents have increased fivefold since 2020.

In 2024, 5,010 victims were named publicly on leak sites, compared with just 1,412 four years earlier.

The UK accounted for 10% of the 447 major cyber incidents recorded globally over the past two years, the report observed.

Government and administrative systems were the most frequently targeted sector worldwide between August 2023 and August 2025, making up 19% of cases, followed by IT and telecommunications at 18%.

The report highlights how cybercriminals are exploiting artificial intelligence and cloud vulnerabilities to access sensitive data and disrupt critical systems. QBE warned that the pace of digital adoption is outstripping the rate at which many firms can adapt their defences.

“As British businesses expand their use of cloud infrastructure and AI tools, they are also reshaping their risk landscape,” said David Warr, cyber portfolio manager at QBE.

“The challenge is not just preparing for the future but catching up with exposures that have evolved at speed. Each outsourced provider that connects into your company creates an additional layer of risk, not only in terms of malware transmission but also in critical dependencies. A single point of failure can halt business operations altogether.”

QBE’s report found ransomware incidents almost tripled year-on-year, with 1,537 recorded in the first quarter of 2025 compared with 572 in the same period of 2024.

High-severity cloud alerts rose 235% in 2024, while deepfakes were implicated in nearly one in ten successful attacks, generating losses of up to $20m.

Global data storage is expected to reach 200 zettabytes by 2025, half of which will be held in the cloud, up from just 10% a decade ago. Nearly half of corporate data stored online is now classified as sensitive, making it a prime target for ransomware.

Generative AI is also reshaping the cyber threat environment. By early 2025, ChatGPT had 755m users, up 33% in just two months, while Microsoft Copilot reached 88m.

Some 78% of organisations now deploy AI in at least one business function, compared with 55% a year earlier.

While these technologies have boosted productivity, they have also enabled threat actors to automate phishing, identity fraud and extortion campaigns with unprecedented speed and precision.

QBE warned that GenAI is lowering the technical barriers to entry for novice cybercriminals, leading to a broader, more capable threat landscape.

To mitigate the growing risk, QBE urged firms to strengthen their cyber resilience by mapping critical assets, defining acceptable risk levels, and stress-testing crisis management plans. It also recommended incorporating third-party expertise, encrypting sensitive data, enforcing strong identity and access management protocols, and continuously monitoring cloud environments.

“Cloud and AI tools are giving attackers more entry points and opportunities,” Warr said.

“Building resilience means embedding cyber risk management into technology lifecycles from the outset, so that businesses can make the most of innovation while protecting their operations, continuity and trust,” he added.

The full report, compiled by Control Risks, is available on the QBE website.