Hackers are beginning to extend their computer attacks to ever-larger organizations in their hunt for greater criminal profits, which could drive an anticipated increase in credit risk and push insurers to charge more for their policies, according to the “2025 Cyber Outlook” from Moody’s Ratings.
In Moody’s forecast, cyber risk will intensify in 2025 as attackers switch tactics in response to better corporate cyber defenses and as advances in artificial intelligence increase the volume and sophistication of their strikes. Meanwhile, the incoming Trump administration will likely scale back cyber defense regulations in the US, while a new UN treaty on cyber crime will strengthen the global fight against this threat, the report said.
“Ransomware perpetrators are now targeting larger organizations in search of higher ransom demands, leading to greater credit impact. This shift is likely to increase the cyber risk for entities rated by Moody's and could lead to increased loss ratios for cyber insurers, impacting premium rates in the U.S.," Leroy Terrelonge, Moody’s Ratings Vice President and author of the Outlook report, said in a statement.
The warning comes just weeks after global supply chain software vendor Blue Yonder was hit by a ransomware attack that snarled many of its customers’ retail, labor, and transportation platforms in the midst of the winter holiday shopping surge.
That successful attack shows that while larger businesses tend to have more advanced cybersecurity defenses, their risk is not necessarily diminished. According to Moody’s, their networks are generally more complex, making it easier to overlook vulnerabilities, and when they have grown in size over time, they are more likely to have older systems that are more difficult to secure.
Another factor fueling the problem is Generative AI, which will will enable attackers to craft personalized, compelling messages that mimic legitimate communications from trusted entities, thus turbocharging the phishing attacks which aim to entice a user into clicking a malicious link.
Complex supply chains further compound the problem, since cybercriminals often find the easiest attack path is through third-party software suppliers that are typically not as well protected as large companies. And by compromising one supplier, they can attack a wide swath of that supplier's customers.
In the face of that rising threat, a new Republican administration will likely soften U.S. cyber regulations, Moody’s said. The administration will likely roll back cybersecurity mandates and potentially curtail the activities of the US Cybersecurity and Infrastructure Security Agency (CISA), thus heightening the risk of cyberattack.
