The Industrialization of Cyber Crime

Quorum Cyber has published its 2026 Global Cyber Risk Outlook report[1], detailing a significant evolution in cyber threats driven by Artificial Intelligence (AI) and Ransomware-as-a-Service (RaaS) platforms. The analysis, based on incidents across more than 350 organizations worldwide in 2025, indicates that cybercrime has entered a more industrialized phase. This development allows even poorly skilled attackers to launch sophisticated operations, with nation-state actors automating up to 90% of intrusions using AI tools. The report highlights how AI-enabled tooling and accessible RaaS platforms have lowered entry barriers for criminals, expanding their reach and accelerating attack speeds. Organizations now confront shorter detection windows and heightened risks, as attackers move beyond traditional methods.[2]

The number of newly formed ransomware groups rose by 30% in the 12 months to October 2025, fueled by the emergence of white-label RaaS platforms that enable quick branding of criminal operations. This trend has professionalized cybercrime, allowing groups to operate like businesses. Early evidence points to a nation-state-backed group employing AI agents, such as those from Claude, to handle up to 90% of intrusion activities, marking a notable escalation in automated threats.

Quorum Cyber’s CEO, Federico Charosky, commented: “Over the past year, we have witnessed a marked acceleration in the capability and ambition of threat actors. The proliferation of AI-enabled tooling, combined with an increasingly professionalized cybercriminal economy, has lowered barriers to entry and expanded the reach of even modestly skilled actors.” The report draws from intelligence, incident response, and counter-extortion efforts to provide guidance on mitigating these risks.

Global vulnerability disclosures increased by 21%, exceeding 35,000 for the year to October 2025, amplifying opportunities for exploitation. Cybercriminals are increasingly abandoning slow encryption tactics in favor of faster, lower-cost data exfiltration attacks, which allow quicker monetization of stolen information. Average ransom demands have escalated sharply across sectors, with a 179% increase in financial services and a 97% rise in manufacturing. Nation-state actors linked to Russia, China, and Iran continue to pose major threats to the public sector through sustained espionage campaigns, while North Korea-associated groups are estimated to have generated over $2 billion from cybercrime in 2025.

The outlook includes companion reports for nine industries, tailoring insights to specific risks. In financial services, high-value data attracts financially motivated and state-linked actors. Healthcare and pharmaceuticals saw a 26% rise in cyber activity, driven by ransomware and access brokers targeting operational disruptions. Manufacturing faces vulnerabilities from operational technology and supply chains, with ransomware demand nearly doubling.

Higher education experienced a 73% increase in data breaches, pressured by open networks and valuable research data.
Professional services, including legal, noted a 43% uptick in ransomware targeting and 20% more data breaches.
Energy and utilities contend with geopolitical tensions, while public sector threats stem from service disruptions.
Housing and construction deal with sensitive tenant data, and retail faces risks from digital sales and customer information.

Threat actors from Russia, China, and Iran remain dominant in public sector attacks, supplemented by North Korean groups, organized crime, and hacktivists adapting their methods. Governments in the UK, US, Canada, and Australia have updated cybersecurity legislation to bolster national defenses.

Quorum Cyber advises shifting to proactive resilience, leveraging intelligence-led security. Defensive AI is maturing, aiding early anomaly detection and efficient investigations. This report emphasizes the need for organizations to anticipate threats through enhanced collaboration and managed services.

This article is shared at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com

Weekly Cyber Intelligence Briefings: