One in seven businesses have experienced at least one day of disruption due to a cyber event in the past year, according to global research conducted for commercial insurer QBE.
The findings also highlight that a significant proportion of cyberattacks originate from vulnerabilities within a company’s supply chain.
A separate report by Control Risks for QBE indicated that successful, significant cyber incidents increased by 42% in Europe and North America between 2023 and 2024. Geopolitical tensions, including the war in Ukraine, are noted as key contributors to this rise.
On a global scale, the number of strategically disruptive cyberattacks doubled from 103 in 2020 to 196 in 2024, with projections suggesting a further increase of approximately 20% to 233 by the end of 2025.
According to another previous report from QBE, the surge in strategically significant global cyberattacks is expected to continue beyond 2024, with incidents forecast to more than double from 2020 levels.
Surveying businesses across nine Western countries, the research found that 52% of companies with 100 to 2,000 employees reported experiencing a cyberattack over the past 12 months. Among these, 14% stated the incident led to a work stoppage lasting a day or longer.
Additionally, 59% of affected businesses reported that at least one attack was linked to a supplier, while 49% experienced a loss in revenue as a result.
Supply chain vulnerabilities continue to pose a growing threat. Data show that between 2021 and 2023, supply chain cyberattacks surged by 431%, and forecasts indicate this trend is set to continue through 2025. These attacks often exploit the weakest links in a business’s network, impacting operations not only at the point of attack but across interconnected partners and clients.
Serene Davis (pictured above), global head of cyber at QBE Insurance, highlighted an important need for businesses today, especially those that are highly interconnected.
“For sure, they need to have safeguards within their own organisation, but they also need to consider their supply chain. If one of their suppliers has a vulnerability, it will likely affect them, so due diligence is absolutely crucial,” Davis said.
The financial services sector faces heightened risk from supply chain cyberattacks, according to QBE’s analysis. The sector’s dependence on third-party service providers means that a breach at a critical supplier could have far-reaching consequences, leading to broader disruptions across financial networks.
The study also found that 84% of businesses believe cyber events in their country have increased in the past year, with 32% saying they have risen significantly and 52% noting a slight increase. Businesses in the UK (38%), Italy (36%), and Canada (35%) were the most likely to report a significant rise in cyber incidents.
Looking ahead, 69% of businesses expressed concern about cyber threats over the next year, with 19% saying they are very concerned and 50% somewhat concerned. Concern was highest in the UK (31%) and Canada (25%). Meanwhile, 30% of respondents were not concerned, with Sweden (49%), Germany, and France (36% each) showing the highest levels of nonchalance.
Despite the growing risks, 43% of companies globally still operate without cyber insurance coverage. This gap points to a potential shortfall in risk management strategies, as businesses without coverage remain vulnerable to financial losses and operational disruption resulting from cyber incidents.
One-third of businesses (33%) plan to increase their cybersecurity budgets beyond inflation over the coming year. Spanish businesses were the most likely to do so, with 44% planning real-term budget increases.
Currently, 65% of businesses have cyber insurance, with coverage levels highest in the UK at 77% and lowest in Sweden at 55%.
Artificial intelligence (AI) is also shaping the cyber landscape. Cybercriminals have used generative AI tools in 10% of successful cyberattacks over the past year, including deepfakes. Attackers are also targeting AI systems by manipulating prompts and tampering with datasets.
Despite these risks, businesses are increasingly adopting AI technologies. Two-thirds (67%) reported using AI, with adoption highest in Germany (77%), followed by Canada and the UK (71% each). Italy reported lower adoption rates at 56%. The computing sector led AI use at 79%, followed by technology, media, and telecoms (75%), and financial services (71%).
A large majority (86%) of respondents believe AI will benefit their country’s economy over the next two years, with optimism highest in the Netherlands (90%). The same proportion (86%) expect AI to have a positive impact on their business, with the highest levels of optimism reported in Germany and Spain (89% each).
In terms of operational impact, 52% expect AI to improve efficiency, while others anticipate gains in innovation (47%), cost reduction (43%), and customer service (43%).
What are your thoughts on this story? Please feel free to share your comments below.
