Ransomware attacks are set to escalate sharply, with the number of ransomware victims publicly named on leak sites expected to rise from 5,010 in 2024 to more than 7,000 by the end of 2026, according to the latest report from QBE. This increase represents a five-fold increase since 2020, when just 1,412 victims were shared on leak sites.
In addition, Canada experienced 30 significant cyber incidents over the past two years, making up 6.7% of the global total (447). North America as a whole, accounted for over 50% of incidents.
Compiled in conjunction with Control Risks, QBE’s cyber report Cloud cover: forecasting digital disruption in a cybercrime climate explains how cybercriminals are exploiting AI and cloud vulnerabilities to access sensitive data and disrupt systems.
It also shows government and administrative systems were the most targeted sector globally between August 2023 and August 2025, accounting for 19% of all incidents. IT and telecommunications followed at 18%, while manufacturing, logistics and transport sectors together represented 13%.
Successful cyberattacks, namely ransomware attacks, can cause financial losses, reputational damage and litigation for the businesses targeted, as well as for their customers and third-party suppliers.
QBE is urging companies to strengthen protective measures to match the evolving threat landscape.
Kyle Gray, Technical Underwriter Team Lead, Cyber, commented: “The risk landscape is shifting substantially as Canadian businesses expand their use of cloud infrastructure and AI tools. Catching up on evolving risks is just as important as preparing for the future. Outsourcing parts of a business is common and can create greater efficiency and save time. However, it is vital to have a clear knowledge of your suppliers and remain aware of their vulnerabilities. Each third-party connection creates new risk, and a single point of failure can halt business operations altogether.”
The report shows how businesses' quick adoption of AI and cloud platforms increases digital vulnerabilities. While these technologies boost efficiency, they also enable cybercriminals to launch ransomware, phishing and fraud campaigns with greater speed and precision. In 2024, deepfakes were implicated in nearly 10% of successful cyberattacks, with losses ranging from $250,000 to over $20m.
By 2025, the volume of data stored worldwide is projected to reach 200 zettabytes (200 trillion gigabytes) across IT and utility infrastructures, data centres, personal and connected devices.
Half of this data will be stored in the cloud, up from only 10% in 2015. This concentration of valuable data makes cloud providers and storage services appealing to attackers.
Throughout 2024, high-severity cloud alerts increased by 235% compared with the previous year, reflecting both the surge in adoption and the increasing capability of attackers.
Cloud platforms are now a prime entry point. Business email compromise (BEC) attacks exploiting Microsoft 365 and other services bypass traditional security checks and are harder to detect. Supply chain vulnerabilities are also increasing: a breach at single sign-on provider Okta in 2023 exposed 134 business clients and wiped $2bn off its market value, underlining how one compromised supplier can put hundreds of companies at risk.
One case study included in the report is MURKY PANDA. The prolific nation-state linked threat actor has been operating in China and exploiting zero-day vulnerabilities in software-as-a-service (SaaS) providers, gaining access to their network. The group represents a serious threat to government, technology and professional services entities in North America specifically.
Generative artificial intelligence (GenAI) is reshaping the cyber threat environment as its usage is expected to surge in Europe and North America over the next five years.
• ChatGPT has 755m users (their number increased by 33% between December 2024 and February 2025)
• Microsoft Copilot has 88m active users in 2025
• 78% of organizations deploy AI in at least one business function in 2025, up from 55% in 2024
Businesses use GenAI to gain productivity, but cybercriminals use the same technology for fraud and extortion. GenAI threats have manifested in automated phishing attacks, identity fraud and deepfake scams.
GenAI enables hackers to act with greater speed and precision, but it also lowers the technical barriers for entry-level cybercriminals, for instance assisting them in script development and malware coding. Businesses will likely face a rise in attacks from groups previously dismissed as too technically incompetent or resource-poor. This may result in operational downtime, financial loss or reputational damage.
Key findings from the QBE report include:
• Ransomware incidents almost tripled year-on-year – 1,537 in Q1 2025, up from 572 in Q1 2024
• High-severity cloud alerts surged 235% in 2024 compared to 2023, reflecting rapid cloud adoption and attacker sophistication
• Nearly half of corporate data stored in the cloud is classified as “sensitive”, making it a prime target for ransomware
• Global data volume to reach 200 zettabytes by 2025, with half stored in the cloud (vs. 43% in 2024, 15% in 2020)
• Deepfakes implicated in nearly 10% of successful cyberattacks in 2024, with fraud losses ranging from USD $250k to $20m per case
• Ransomware extortion cases publicly disclosed increased by 54% in Jan–Apr 2025 compared with the same period in 2024
• ChatGPT adoption soared to 755m users in early 2025, up 33% between Dec 2024 and Feb 2025; Microsoft Copilot reached 88m users
• 78% of organizations now deploy AI in at least one business function in 2025, up from 55% in 2024
• 20–40% of employees actively use AI in their daily roles (particularly programming)
• CrowdStrike outage in 2024 impacted 8.5m Windows devices, costing Fortune 500 companies an estimated USD $5.4bn.
To combat the growing cyber threat, QBE recommends business adopt the following measures:
1. Map and assess risk profiles to identify critical assets, threats, and vulnerabilities to gauge a clear overview of exposure to the business
2. Define acceptable organizational risk so leadership can explicitly set boundaries for risk and exposure to data
3. Prioritize mitigation strategies to direct resources towards the areas of greatest impact
4. Plan for worst-case scenarios with tested contingency plans and recovery protocols
5. Regularly stress test crisis management to evaluate decision making, communication and response
6. Incorporate third-party expertise into your cyber security strategy to help manage residual and emerging risks.
7. Continuously monitor and adapt cyber defences to stay ahead of evolving threats, new technology and changing business needs.
Cloud and AI tools are giving attackers more entry points and opportunities. Businesses need a robust strategy to anticipate and withstand cyber incidents, particularly those arising from third-party services and cloud environments. Building resilience means embedding cyber risk management into technology lifecycles from the outset:
1. Implementing strong identity and access management (IAM) protocols
2. Running regular configuration audits
3. Encrypting sensitive data across all cloud environments
Also, continuous monitoring, threat intelligence, and incident response plans help detect and contain threats before they escalate. In addition, businesses should evaluate the security posture of their third-party providers and establish clear protocols for managing supply chain exposure.
These practices will enable Canadian businesses to make the most of GenAI and cloud storage while protecting their operations, preserving continuity and maintaining trust.
The full report, compiled by Control Risks, is available on the QBE website.