In addition, a Control Risks report[2] for QBE has found that successful, significant cyber incidents have grown 42% in Europe and North America between 2023 and 2024, driven by geopolitical factors such as the war in Ukraine. Globally, strategically disruptive cyber attacks doubled from 103 in 2020 to 196 in 2024, and are forecast to increase by ~20% to 233 by the end of 2025.

According to the research conducted in nine Western countries, more than half (52%) of businesses with 100 to 2,000 employees have experienced a cyber attack over the past year. For one in seven (14%), the cyber event resulted in an interruption of one working day or more.

Among those that experienced cyber attacks, three in five (59%) said that at least one of them was linked to a supplier, and almost half (49%) suffered a loss of revenue.

“Businesses are more interconnected than ever,” comments Serene Davis, Global Head of Cyber at QBE Insurance. “For sure, they need to have safeguards within their own organisation, but they also need to consider their supply chain. If one of their suppliers has a vulnerability, it will likely affect them, so due diligence is absolutely crucial.”

Overall, 84% of businesses think that cyber events in their country have increased over the past year (32% a lot and 52% a little). Businesses based in the UK (38%), Italy (36%), and Canada (35%) are the most likely to think that cyber events have increased a lot.

When asked about the next 12 months, 69% are concerned about cyber threats to their own business (19% very and 50% somewhat concerned), while 30% are not concerned. The “very concerned” share is highest in the UK (31%) and Canada (25%), while the “not concerned” share (including “not that concerned” and “not concerned at all”) is highest in Sweden (49%), Germany and France (36% each).

One in three businesses (33%) plan on increasing their cybersecurity budget beyond inflation in the coming year. Spanish businesses are the most likely to increase it in real terms (44%).

Two in three businesses (65%) have cyber insurance, with penetration highest in the UK (77%) and lowest in Sweden (55%).

According to the Control Risks report, successful, significant cyber incidents have grown approximately 50% year-on-year in Italy, the Netherlands, Poland, Germany, Spain, and France. This spike is largely linked to their support for Ukraine and active roles in European security. Cyber criminals and activists have targeted them through ransomware, website defacement, distributed denial of service (DDoS) and hack-and-leak campaigns.

Artificial intelligence

Cybercriminals have been leveraging Generative AI (GenAI) to defraud and extort businesses: they used deepfakes in 10% of all successful cyber attacks last year. Also, malicious actors are increasingly targeting the AI systems that businesses have been rolling out, for instance injecting prompts to bypass limitations or tampering with datasets.

Still, businesses are embracing AI with enthusiasm. Two thirds of businesses are already using AI (67%). Germany is ahead of the curve (77%), followed by Canada and the UK (71% each), while Italy is lagging a bit (56%). The sectors most likely to use AI are computing (79%), tech-media-telecom (75%), and financial services (71%).

A vast majority (86%) of respondents believe that AI will be good for their country’s economy over the next two years (90% in the Netherlands). And similar proportion (86%) say it will have a positive impact on their business (89% in both Germany and Spain).

A majority of businesses (52%) expect AI will make their operations more efficient. Many also expect greater innovation (47%), reduced costs (43%) and better customer service (43%).

[1] Opinium conducted the survey from 10 April to 6 May 2025. The sample included 3,600 IT, administration or insurance decision makers in businesses with 100-2000 employees, 400 each in the UK, Netherlands, Italy, France, Spain, Canada, Germany, Sweden and Denmark.

[2] Control Risks collated and analysed cyber trends to produce forecasts.