Ransomware is evolving into a more fragmented, data-driven, and unpredictable threat landscape than ever. That’s according to Check Point Research‘s latest quarterly report, covering the third quarter of 2025.
Ransomware remains stubbornly resilient, according to the report. When big Ransomware-as-a-Service (RaaS) brands fall, affiliates migrate or spin up new sites, keeping global activity at historic highs. It’s now a cartel-like ecosystem defined by rapid affiliate movement, brand churn, and constant reinvention, say the researchers. In terms of regions, the United States remains the top target, followed by western Europe. As for which sectors onf the economy are targets, manufacturing and ‘business services’ were the most targeted, while healthcare held steady at 8pc of total victims.
Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software, said: “In Q3 2025, ransomware proved that disruption doesn’t mean decline. We’re seeing a highly adaptive ecosystem where affiliates move freely between brands, new actors emerge weekly, and data-first extortion dominates the playbook. The future of ransomware lies in automation, intelligence sharing, and agility; and so must defenders’ strategies.”
AI agents
A survey from the Californian firm Rubrik Zero Labs addresses AI agents in the workplace, which it says equates to a surge of both non-human identities (NHIs) and agentic identities. The survey pointed to a gap between the expanding identity attack surface and organisations’ ability to recover from resulting data compromises. Non-human identities (NHIs) already outnumber human users, it’s estimated, and will continue to outpace the growth of human identities – by the billions.
Kavitha Mariappan, Chief Transformation Officer at Rubrik, said that the rise of identity-driven attacks is changing the face of cyber defence. She said: “Managing identities in the era of AI has become a complex endeavor, especially with the labyrinth of NHIs. We have an under-the-radar crisis on our hands where a single compromised credential can grant full access to an organization’s most sensitive data. Attackers are no longer breaking in, but logging in, and comprehensive Identity Resilience is absolutely critical to cyber recovery in this new landscape.”
BSI on ‘governance gap’
British Standards is pointing to an emerging ‘governance gap’ around AI, as businesses take up such tools and products, without processes. Chief Executive of BSI Susan Taylor Martin said: “The business community is steadily building up its understanding of the enormous potential of AI, but the governance gap is concerning and must be addressed. While it can be a force for good, AI will not be a panacea for sluggish growth, low productivity and high costs without strategic oversight and clear guardrails – and indeed without this being in place, new risks to businesses could emerge. Divergence in approaches between organizations and markets creates real risks of harmful applications. Overconfidence, coupled with fragmented and inconsistent governance approaches, risks leaving many organizations vulnerable to avoidable failures and reputational damage. It’s imperative that businesses move beyond reactive compliance to proactive, comprehensive AI governance.”
As for what risk and security concerns remain under-addressed, a survey by the standards body found that nearly a third of executives (32pc) felt AI has been a source of risk or weakness for their business, while a mere one in three (33pc) reported having a standardised process for employees to follow when introducing new AI tools. Capability in managing these risks appears to be declining, with only 49pc saying their organization includes AI-related risks within broader compliance obligations, down from 60pc in the last six months. A minority, 30pc reported having a formal risk assessment process to evaluate where AI may be introducing new vulnerabilities.
Annual reports
Judging by their annual reports, financial services (FS) businesses placed the highest emphasis on AI-related risk and security (25pc more focus than the next highest, the built environment). FS firms particularly highlighted the cybersecurity risks associated with bringing in AI. British Standareds suggested this was likely reflecting traditional consumer protection responsibilities and the reputational consequences of security breaches. In contrast, technology and transport companies placed significantly less emphasis on this theme, raising questions about sectoral divergence in governance approaches.
IT decision-makers surveyed
And a survey by the platform Splunk of 500 UK IT decision-makers (ITDMs) from companies of 250 ‘seats’ or more, found that 64pc of ITDMs are concerned that compliance is set to become even more challenging over the next three years. Petra Jenner, GM and SVP EMEA at Splunk said: “There’s no doubt that AI has huge potential to revolutionise workloads, scale human efforts, and become a core part of every business’s future roadmap. But it also brings potential complexity, especially when it comes to ensuring compliance with evolving regulations, and overseeing how data is governed and secured.
“On balance, the good news is that almost half (47pc) of UK ITDMs are ‘very certain’ that the data generated by their AI is compliant, suggesting many businesses have made confident strides in their compliance journey. But that still leaves more than half of UK businesses expressing some measure of doubt over whether the data created by their AI tools was compliant – suggesting some degree of business risk.”
The firm, part of Cisco, suggested that the real differentiator won’t necessarily be how fast companies adopt AI, but how well they embed trust, discipline, and compliance into their use of data.
Phishing
In a quarterly study of phishing, KnowBe4 suggests that simulated phishing emails personalised to appear from internal departments, particularly HR and IT, continue to drive the highest user interaction rates. According to KnowBe4, this is highlighting a persistent trend of employee vulnerability to techniques exploiting familiarity. The two most-clicked subject lines contained the recipients’ company name, while HR was cited in 45pc of the top ten most-clicked emails. Most, 70pc of simulated landing page interactions involved branded content. Microsoft was the most common brand, accounting for 25pc, followed by LinkedIn, X, Okta, and Amazon. And PDFs comprised 56pc of the top 20 attachments opened in simulated phishing emails, followed by Microsoft Word documents (25pc) and HTML files (19pc).
Erich Kron, CISO advisor at KnowBe4 said: “When a message seems routine, such as something from HR or IT, users are less likely to question it. The fact that this trend continues quarter after quarter tells us that this is not just about tricking users, it is about understanding human behaviour.”
