Moody's Ratings warned that global cyber risk will increase throughout 2026 as attackers leverage more effective artificial intelligence tools to scale and automate their tactics, according to its Global Cyber Risk Outlook 2026 report. The report notes that while AI-driven attacks are still in their early stages, platforms already exist capable of launching large-scale automated attacks and malware that dynamically adapts to evade detection. Nearly 90% of the value lost in attacks on DeFi platforms was linked to un-audited code implementations, while over 80% of the funds stolen came from off-chain compromises, such as failures in storage and digital asset management. Moody's also warns about systemic risks associated with cloud service dependency, following recent outages at major technology providers. The agency notes that this scenario will intensify the strategic game between attackers and defenders and transform the cybersecurity landscape. In the case of ransomware, the analysis shows that successful data encryption decreased in 2025, especially among small and medium-sized enterprises. Regulatory fragmentation, with overlapping audits and requirements, is diverting resources that could be used to strengthen cybersecurity, while regions continue on divergent paths in terms of regulation. Key report takeaways: AI Attacks: AI amplifies existing techniques and accelerates automated campaigns and adaptive malware. Ransomware: Less encryption overall, but a relatively greater impact on large enterprises. Cryptoassets: The largest losses stem from operational and governance failures, not the blockchain itself. Cloud: Technical outages show the potential for systemic events with high financial impact. Regulation: Lack of harmonization increases compliance costs without necessarily improving security. However, large organizations remain exposed due to the complexity of their networks, which hinders detection and rapid response, and their greater capacity to pay, which keeps them as attractive targets. The report also highlights that the rise in cryptocurrency theft is revealing significant weaknesses in the security of the digital financial ecosystem. According to a study cited in the report, a one-day outage at a major cloud provider can cost affected companies around 1% of their annual revenue. On the regulatory front, the agency points out that the global harmonization of cybersecurity standards is progressing slowly.
