CyberCube warns of threat actors using AI to attack small businesses in 2025

By Mia MacGregor

April 2 - (The Insurer) - Cyber (re)insurers this year should remain vigilant about AI and its potential to enable threat actors to scale attacks against small and mid-sized businesses, according to a new report from CyberCube.

The biannual Global Threat Briefing cited data from Coverware, revealing that companies with 11 to 1,000 employees account for 75% of ransomware victims in response cases.

Due to limited cybersecurity defenses, small companies are particularly vulnerable to large-scale breaches, allowing attackers to compromise multiple businesses simultaneously, CyberCube warned.

Additionally, CyberCube noted that threat actors are beginning to leverage AI to automate key attack components and demand smaller ransoms that, while individually modest, accumulate significantly when executed at scale.

While AI is not expected to revolutionize cyber attacks against small businesses, CyberCube warned that it could theoretically accelerate the growth of threat actors targeting small businesses with lower- and mid-value ransoms by making attacks cheaper, more efficient and more scalable.

HIGH-RISK SECTORS: EDUCATION, HEALTHCARE

The report highlighted small education as one of the highest-risk sectors, requiring heightened scrutiny from underwriters.

Education and healthcare fall into the report’s “Highest Risk” category due to security vulnerabilities and exposure levels. Schools, in particular, face persistent attacks driven by constrained cybersecurity budgets and valuable student and employee data.

From 2024 through early 2025, cyberattacks on educational institutions worldwide have exposed sensitive information and caused operational disruptions, significantly impacting students and educators, according to the report.

The report also identified key technologies widely used by small education organizations, noting that half of the top ten critical technologies in the sector include student information and learning management systems. These platforms, which store coursework, grading and sensitive records, present substantial data breach and outage risks.

CyberCube advised underwriters to regard the small education sector as high-risk overall, given its concentration in lower-security maturity categories.

FINANCIAL SERVICES: MODERATE RISK, AGGREGATION CONCERNS

Financial services, while facing moderate security risks, present an opportunity for cyber brokers and (re)insurers to assess and price cyber policies effectively, according to the report.

While the financial sector falls into the “Moderate Risk” category, CyberCube warned that even well-secured small financial firms remain vulnerable to cyber aggregation events due to widespread reliance on common technology platforms.

“This protection gap presents both an opportunity and a responsibility for brokers and (re)insurers,” said William Altman, director of cyber threat intelligence services at CyberCube.

He emphasized that brokers play a critical role in expanding cyber coverage adoption among small businesses, while, (re)insurers can enhance market reach, diversify their portfolios, and contribute to broader economic resilience by extending coverage to small enterprises.

“When small businesses effectively prevent and recover from attacks, they protect jobs, sustain supply chains, and support their communities,” he added.