Better cyber controls means that criminals are targeting larger organisations looking to exploit complex networks with overlooked network vulnerabilities, and systems that are more difficult to secure.

Risk managers at large corporate organisations have been warned they are now in the crosshairs of cyber criminals with a surge in “big game hunting”.

Moody’s Ratings released its 2025 Cyber Outlook, highlighting growing concerns that the ability of criminals to use Artificial intelligence and ever more sophisticated strategies is putting larger corporations under increased credit risk.

ransomware hack cyber

“Ransomware perpetrators are now targeting larger organisations in search of higher ransom demands, leading to greater credit impact.

“This shift is likely to increase the cyber risk for entities rated by Moody’s and could lead to increased loss ratios for cyber insurers, impacting premium rates in the US,” said Leroy Terrelonge, Moody’s Ratings vice president and author of the Outlook report.

How the landscape is evolving

The company said risk managers needed to be alert to the rising threats particularly those in bigger organisations.

“In response to declining revenue per victim, cyber attackers are seeking to wring greater returns from their attacks by demanding higher ransoms,” Moody’s warned.

“We believe they are accomplishing this by targeting larger businesses that can afford higher ransom payments, increasing cyber risk for organisations that are more likely to have credit ratings. We expect this to increase cyber risk for Moody’s rated debt issuers.”

The report continued: “Ransomware attacks are increasing, both in number and size of ransom demand, but the share of victims paying the ransom is falling. This is likely due to greater adoption of cybersecurity measures and business continuity plans.

“In response, ransomware groups are prioritising attacks against larger organisations that can afford higher ransom payments. Because outstanding debt is concentrated in issuers with higher revenues, we expect this shift will increase the potential credit impact for a higher share of rated companies.”

The number of ransomware attacks globally grew by 70% between 2022 and 2023 to 4,399 from 2,581, according to cyber threat intelligence company Recorded Future. At the same time, blockchain researchers at Chainalysis report that ransom payments rose to $1.1 billion dollars in 2023, a new record, with 2024 on track to surpass that figure.

The maximum ransom payment is also rising, reaching $75 million in 2024, from $38 million in 2023. Ransom payments are rarely material on their own, but costs soar when combined with other cybersecurity charges, such as regulatory fines, legal settlements, and forensic investigations.

“In response to declining revenue per victim, cyber-attackers are trying to wring greater profit from their attacks by demanding higher ransoms,” Moody’s added. “We believe they are accomplishing this by shifting tactics and targeting larger businesses that can afford higher payouts.”

While larger businesses tend to have more advanced cybersecurity defences, their risk is not necessarily diminished. Their networks are generally more complex, making it easier to overlook vulnerabilities, and when they have grown in size over time, they are more likely to have older systems that are more difficult to secure.

The role of AI

Moody’s also fears that generative AI will fuel fraud.

“Phishing attacks, aiming to entice a user into clicking a malicious link, will be turbocharged by GenAI,” it explained. “GenAI tools will enable attackers to craft personalised, compelling messages that mimic legitimate communications from trusted entities.”

Traditional cyber checks on identities are also under threat, new ways in which criminals are seeking to access systems and steal both revenue and intelligence.

“Generative artificial intelligence techniques used to create written text and images, as well as audio and video content, are a boon to malicious actors who use GenAI tools to defraud organisations and their customers,” Moody’s said.

“These tools have proliferated in recent years, making GenAI capabilities accessible to large portions of the population. As a consequence, phishing attacks are soaring and companies are losing millions of dollars to GenAI-enabled scams.”

The report added know-your-customer checks for identity validation are also threatened. These checks, often conducted remotely, rely on document submission paired with face and/or voice matching.

They also involve “liveness” detection, where the user carries out specific actions in front of a camera. All of these steps are vulnerable to GenAI, with banks a preferred target. Reports of GenAI tools being used to try to fool banks’ systems increased by 84% in 2022, according to the most recent figures from anti-fraud organisation Cifas.

As larger organisations look to increase the cyber security cyber criminals will increasingly look to third parties in supply chain providers as a way into systems.

They are looking to exploiting the trust between software supplier and end user, and the privileged access many suppliers have to end users’ networks.

How to tackle the threats

“Cybercriminals often find the easiest attack path is through third-party software suppliers that are typically not as well protected as large companies,” Moody’s added. “Moreover, by compromising one supplier, they can attack a wide swath of that supplier’s customers.”

To mitigate this risk, organisations will need to conduct risk assessments of their vendors and suppliers.

Cyber experts say there are key steps business must take to respond to the threat.

  • Assess and update legacy systems to minimise vulnerabilities.
  • Strengthen third-party risk management, especially for AI-enhanced cyber risks.
  • Implement advanced threat detection and response strategies powered by AI.
  • Regularly conduct cybersecurity training to recognise AI-driven phishing and social engineering tactics.

“The cost of inaction is steep. With AI amplifying cyber threats, companies must address vulnerabilities with the same level of sophistication to ensure resilience and security in the face of rapidly evolving threats,” one expert added.