Cyber Risk: Shift to Data Theft Extortion
Published on Thursday, May 29, 2025
In the last few months, cyber risk indicators have worsened sharply. Sectoral reports showed record ransom payments, with a pivot from encryption to pure exfiltration: data theft is now the main lever. Threat groups are evolving fast (rebrands, double and multi-extortion tactics), often targeting identity systems and third-party IT providers.
For companies, the risk extends beyond IT: business stoppages, data leaks, fines, rising cyber insurance premiums, and ESG-related governance impacts. For Risk Management, priorities to consider may include: (1) strong identity and access controls; (2) rapid patching of common entry points; (3) incident playbooks covering negotiation, regulatory notification, customer communications, and business continuity; (4) executive tabletop exercises with various functions including legal, public relations, and operations; (5) contractual clauses for service providers on logging, patch timelines, and the sharing of indicators of compromise.
Insurers increasingly demand documented “reasonable diligence” (such as isolated tested backups) for coverage. Recent high-profile breaches in consumer goods and professional services confirm the cross-sectoral risk. Meanwhile, AI-powered phishing and reconnaissance tools are boosting attack frequency and sophistication, reinforcing the need for deception techniques and behavioral monitoring.
Depending on its business sector and the nature of its activities, your organization may be impacted, directly or indirectly, by this global risk over the coming years.
Whether you are a director, an executive or a manager, you may be wondering if your company is exposed to this global risk or other potential events. And if so, are you and your organization ready to face these challenges?
Should you need advice on the appropriate risk governance and enterprise risk management approach for your organization, please contact us.
Baldwin Global is an independent advisory group offering professional services, education and training in risk governance and enterprise risk management. We help our clients’ boards of directors and management teams attain their objectives by embedding sound risk oversight and management practices into their decision-making process to have a significant positive impact on their business.