THE EVOLVING CYBER RISK LANDSCAPE IN NORTH AMERICA
R&C: What are the biggest cyber security risks today? How frequent and sophisticated are the cyber threats facing North American businesses?
Gottehrer: The biggest cyber security risks facing businesses today are shadow artificial intelligence (AI), ransomware attacks, social engineering and third-party vendor compromise. Fuelled by advances in AI, the frequency and sophistication of these cyber threats have increased dramatically. Shadow AI is a significant and growing threat to businesses because the unapproved and unvetted AI tools being used by employees expand companies’ attack surfaces and increase their cyber risk. AI has enabled threat actors to automate ransomware attacks, making it easier for them to target high-value data for which companies are likely to pay ransoms. AI-powered tools are also aiding the growth of ransomware as a service, making it possible for cyber criminals who lack extensive technical knowledge to create malicious code and launch ransomware attacks. AI has made social engineering tactics more effective by giving threat actors the tools to locate actionable information about businesses, their employees, and vendors from social media, company websites and other sources that they can use to generate personalised, effective phishing campaigns.
Francis: The biggest cyber risks are attacks that combine system outages and theft of sensitive data. Many of these attacks are partially automated by sophisticated criminals. Microsoft previously estimated there are 600 million cyber attacks per day around the globe, and North American businesses are a prime target. Perhaps the most serious attacks we have recently seen involved a mix of careful planning, social engineering to gain initial access, followed by the use of sophisticated technical skills to very quickly execute broad damaging attacks within a few hours of gaining access. These attacks are sometimes aided by AI to create deepfakes and other authentic-looking media and content.
Oct-Dec 2025 Issue
Gail Gottehrer Consulting LLC
Holland & Knight LLP