Artificial intelligence is making cyberattacks increasingly sophisticated and costlier for businesses, reinsurer Munich Re said Wednesday, warning of methods ranging from highly personalised phishing emails to computer-generated, convincing fake identities.
“If cybercrime were a country, it would be the third-largest economy in the world”, behind only the United States and China, the reinsurer said in a report.
Citing figures from market analysis firm Statista, Munich Re projected cybercrime will generate global losses of some $14 billion (12.07 bn euros) in 2028.
Martin Kreuzer, head of cyber risks at Munich Re, told AFP that “automation now plays a central role”, enabling attackers to operate “efficiently and in a more targeted way”.
“They rely on highly personalised phishing emails, automatically generated malware, and synthetic identities that appear deceptively real,” he said.
The trend of “agentic AI” means the advent of systems that can “act autonomously, make decisions, and even circumvent defensive mechanisms,” according to Kreuzer.
The most widespread cyberattacks are still ransomware, in which hackers lock systems and demand money to release them.
Munich Re’s study says that the number of publicly reported attacks of this kind “increased by nearly 50 percent in 2025 and… continue unabated in 2026”.
Coordinated attacks via networks of hijacked devices, used to overwhelm systems, also more than doubled in 2025 and are becoming more common thanks to services available for hire.
At a more advanced level, criminals are collaborate with states, concealing the origin of attacks and accelerating their global operations.
“Nation-state actors are among the most professional players in the cyber threat landscape,” said Kreuzer.
“Here we are seeing both an evolution of tools and methods, and the emergence of hybrid warfare driven by geopolitical motives,” he said, adding that “disinformation is increasingly being used as a weapon”.
The study notes that while attacks on large businesses attract most public attention, “the majority of cyber incidents and claims affect micro-companies and SMEs”.
Compared with risks from natural catastrophes, for which almost half of all losses were insured in 2025, Kreuzer said that “cyber risk coverage is still far too low, with only a fraction insured”.
