6 Trends of the Evolving Cyber Landscape

Travelers umbrella logo.
By Travelers
3 minutes
Image of man sitting at a desk in front of a desktop computer while working on his laptop to the side

The cyber landscape is constantly evolving. Below are six reasons why.

1. Ransomware

Ransomware, a form of malware that targets critical data or computer systems for extortion, remains a significant threat to all businesses, regardless of size or industry. However, ransomware is evolving beyond merely encrypting files and demanding payment. Attackers are now employing harassment tactics such as double extortion, a multifaceted attack that combines encryption with data exfiltration. In this scenario, attackers threaten to leak sensitive information publicly if the ransom is not paid. Nearly one quarter of malicious attacks involving ransomware1 can significantly impact a business, leading to financial loss, reputational damage and operational disruption.

2. Attacks on IoT

The Internet of Things (IoT) is a rapidly expanding field and businesses are capitalizing on the latest trends in enhanced connectivity. With the rollout of 5G networks, businesses are unlocking new possibilities through faster data speeds and integrating IoT data with artificial intelligence and machine learning. This integration has enabled businesses to improve efficiency, gain valuable data insights and create new opportunities for growth and innovation. However, as the number of connected devices increases so does the risk. Many IoT devices lack robust security, leading to weak passwords, outdated software or unpatched vulnerabilities.

3. Artificial intelligence (AI)

Recent technological developments have introduced transformative possibilities for business operations. While AI can be a valuable tool for legitimate business purposes, threat actors can also use AI to enhance their attacks. Cybercriminals may use AI to identify vulnerabilities in software and systems, making it easier for them to find weaknesses to exploit. They may also use AI to craft more believable phishing emails. In the wrong hands, technological advancements like AI can significantly impact a business.   

4. Phishing

Phishing is the most common cybercrime, according to the Federal Bureau of Investigation's 2023 Internet Crime Report.2 Phishing is a type of social engineering attack where a fraudster attempts to trick someone into revealing sensitive information or induce them to click on a malicious link. Some phishing attacks use personal information obtained from data breaches or social media sites to craft highly targeted emails that appear to come from a trusted source, like a colleague or bank. Threat actors are constantly adapting their tactics and becoming more sophisticated, increasingly targeting users on messaging platforms, via text messages or even using malicious QR codes in emails, social media posts or physical locations to redirect users to phishing websites. Through these phishing tactics, threat actors can steal login credentials for online financial accounts or trick their victims into transferring large sums of money.

5. Unpatched vulnerabilities

Unpatched vulnerabilities are one of the easiest and most common areas for threat actors to gain unauthorized access, steal data or disrupt business operations. The federal Cybersecurity & Infrastructure Security Agency (CISA) maintains a catalog of the known and evolving vulnerabilities that threat actors are currently exploiting. Despite concerns about potential system downtime or the lack of dedicated IT resources or staff, it is critical to patch these vulnerabilities promptly.

6. Rising response costs

The costs associated with responding to a cyber incident continue to rise. According to the 2024 IBM Security Cost of Data Breach Report, the average cost of a data breach reached a record high of $4.88 million, representing a 10% increase from 2023.3 The complexity of breach investigations is leading to rapidly increasing costs related to forensic services, audit services, crisis management and notification, making it more expensive for organizations to respond to cyber events.

Sources
¹ Cost of a Data Breach Report 2023 – IBM Security (page 10)
2 2023 Internet Crime Report, Federal Bureau of Investigation, Internet Crime Complaint Center (page 8 & page 20)
3 Cost of a Data Breach Report 2024 – IBM Security (page 5)

Young businesswoman sitting on a park bench, logging in to laptop while holding smartphone with a security key lock icon on the screen.

Top stories

How Multifactor Authentication Can Help Protect Against Cyber Threats

Multifactor authentication (MFA) can help stop cyberattacks by requiring a second form of verification that can block most account-compromising attacks.

Related products & services

Travelers can help with cyber insurance solutions for your business.

Better together when it comes to cyber protection.

Broad cyber liability coverage customized to fit the needs of small businesses to Fortune 500 companies and every organization in between.

More Prepare & Prevent

How to Protect Your Company from Business Email Compromise

Business email compromise is a growing threat to companies, which unknowingly grant a hacker access to their business email account that can be used for wire transfer fraud.

Picture of a laptop with an urgent notification, Gone in a Keystroke: Inside a Business Email Hack.

More Prepare & Prevent

5 Cyber Readiness Practices to Boost Your Cybersecurity

Cyber risk is a top concern across all businesses. Improve your defense and explore five cyber safety best practices to help boost your company's security.

Illustration cyber security practices in place with a red padlock.

More Prepare & Prevent

Cybersecurity for Employees Working Remotely

There are potential cybersecurity risks when employees work from locations outside of the office. To help minimize these risks, consider these precautions.

Man sitting at desk working from home.