The threats snowballed in 2025. Cyberattacks stopped being episodic crises and instead became a persistent condition of doing business.
A persistent and costly condition. So much so that one of the world’s largest cyber insurance firms, Beazley, announced last month it was reducing its U.S. cyber business in order to maintain underwriting discipline and rate adequacy in the face of unsustainable rates in the cyber market following several high-profile breaches.
Still, Beazley may not have much luck elsewhere around the globe. In the U.K. alone, cyber insurance claim payouts are up 230% from the year prior.
There was the $2.5 billion-plus Jaguar Land Rover cyberattack this fall, which is thought to be the most economically damaging attack in the U.K.’s history; high-profile breaches across airlines, crypto platforms, cloud providers and blue-chip firms like Apple, Google and even McDonald’s.
For CFOs and CISOs alike, the lesson was not simply that attacks are growing more frequent or sophisticated. It was that traditional models such as annual audits, static controls, perimeter-focused defenses, and siloed ownership of risk are no longer aligned with how modern attacks unfold.
Fault Lines
The most consequential incidents of 2025 revealed common fault lines: AI-powered adversaries exploiting cloud complexity, fragile supply chains riddled with third-party exposure, and organizations that could not see, in real time, how risk was accumulating across their digital ecosystems.
Findings from PYMNTS Intelligence in the August edition of the 2025 Certainty Project report, “Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms,” found that attackers frequently compromise a vendor first, then use the trust relationship to infiltrate their target firm. The report found 38% of invoice fraud cases and 43% of phishing attacks stemming from compromised vendors.
That was the case across the freight economy this year, where the National Insurance Crime Bureau (NICB) estimated that criminals were absconding with $35 billion in cargo theft losses annually in just the U.S.
The NICB noted that attackers are using sophisticated social engineering to impersonate legitimate carriers, freight brokers and even shipper contacts. They trick carriers into downloading legitimate remote monitoring and management (RMM) tools under false pretenses, then leverage these compromised tools to unlock access to systems like load boards, dispatch platforms and fleet management software.
Elsewhere, a TransUnion third-party data breach affected more than 4.4 million customers this summer. The breach followed a series of cybersecurity incidents at big companies involving third-party vendors. For example, firms such as Google, Cisco and Workday have also seen thefts of customer data kept on Salesforce’s cloud recently.
In March, news broke that the FBI was probing a cyberattack at Oracle that led to the theft of 6 million records, taken from 140,000 Oracle cloud tenants.
This August, the luxury retailers Pandora and Chanel were also the victims of third-party data breaches; and in July, a system breach at Allianz Life impacted most of the insurer’s U.S. customers’ personal data. Adidas in the spring reported a data breach tied to a hacker group using voice phishing attacks to steal data from Salesforce CRM instances to power a wave of data breaches.
“In 2021, there were 400 data breach lawsuits filed,” Philip Yannella co-chair of the privacy, security and data protection practice at Blank Rome and the author of “Cyber Litigation: Data Breach, Data Privacy & Digital Rights,” 2025 edition, said in an interview with PYMNTS. “Last year, there were over 2,000. … Data breaches are always the biggest danger.”
Attacks on global brands like Air France, and security slip ups leading a data breach at McDonald’s, reinforced the paradox of 2025’s cybersecurity: Size and sophistication do not guarantee immunity.
Read more: Making Sense of Data Protection Assessments for B2B Firms
Continuous Monitoring
The cryptocurrency sector has long been a canary in the coal mine for cybercrime, and 2025 was no exception.
To kick the year off, the crypto exchange Bybit in February suffered a hack estimated at nearly $1.5 billion worth of tokens. Meanwhile Coinbase suffered a cybersecurity incident in May that could cost it as much as $400 million.
In both cases, attackers exploited a mix of social engineering, compromised credentials and cloud misconfigurations. What stood out was the speed: AI-assisted reconnaissance compressed attack cycles from weeks to hours. Defensive teams found themselves responding to threats that evolved faster than human-led processes could track.
Social engineering fraud has increased by 56% in the past year, according to the PYMNTS Intelligence report, “The State of Fraud and Financial Crime in the U.S. 2024: What FIs Need to Know.”
Research from the PYMNTS Intelligence report “The AI MonitorEdge Report: COOs Leverage GenAI to Reduce Data Security Losses” shows that 55% of companies are employing AI-powered cybersecurity measures.
Across nearly every major incident of 2025, one theme recurred: organizations lacked real-time visibility into how risk was evolving. Whether it was delayed detection of lateral movement, slow recognition of third-party compromise, or uncertainty about which assets were affected, time proved to be the most expensive variable.
Source: https://www.pymnts.com/