October is Cyber Security Awareness Month, a timely reminder for businesses and employees to stay vigilant about cyber threats. One of the biggest dangers right now is ransomware, which continues to affect organizations all over the world, no matter their size or industry.
Jack Tolliday, a threat intelligence specialist at QBE, points out that cybercriminals are getting smarter. They use social engineering tricks to get into networks and steal sensitive data. Once inside, they move quickly, avoiding technical defenses and causing disruptions that can impact not just one organization but entire industries.
New threats are also emerging. Deepfakes and AI-powered fraud are becoming more common. In fact, a QBE report found that deepfakes played a part in nearly 10% of successful cyberattacks in 2024, with losses in fraud cases ranging from $250,000 to $20 million. So, how can companies protect themselves from these advanced attacks?
Tolliday says the answer starts with employee education. Workers need to learn how to spot AI and deepfake scams. Businesses should also have clear steps for verifying requests, like password resets or financial transactions. These simple actions can reduce the chances of falling victim to tricky AI-driven attacks.
From an insurance perspective, QBE is updating its policies to cover these new risks. Tolliday explains that QBE now offers special coverage endorsements for threats related to artificial intelligence and large language model (LLM) hijacking. This shows how insurance providers are adapting to keep up with the ever-changing cyber risk landscape.
QBE’s approach focuses on being proactive. They offer webinars and briefings to keep customers informed about the latest threats. The company also partners with experts who provide social engineering simulations and awareness training. This hands-on learning helps businesses build stronger defenses against cybercriminals.
Looking ahead to 2026, cybercrime is expected to evolve alongside AI technology. Just as AI can improve business strategies, it also gives cybercriminals new tools. This means companies need to rethink how they handle both cyber risk and cyber insurance.
Tolliday emphasizes the need for a proactive mindset. Understanding how attackers behave can help organizations strengthen their defenses—not just with technology but also through resilient people and processes. Basic security steps like multi-factor authentication, identity access controls, patch management, and advanced detection tools remain vital.
Insurance is not just about covering losses. According to Tolliday, it also helps organizations stay prepared and resilient. As threats change, having the right protection makes it easier to face new risks head-on.
With cyber threats growing more sophisticated, businesses will need to stay alert, educated, and ready. The message is clear: staying safe online means being proactive, informed, and supported by the right tools and coverage.