Understanding cybersecurity

Understanding cybersecurity in today’s complex digital world begins with knowing the most common threats, the potential ‘bad actors’, and what we can do to shore up our defences.

What problems do we face today?The most common threats to cybersecurity include malware (including ransomware and botnets), malvertising, phishing, and application attacks.

Malware is the term used for malicious software intended to do any number of things ranging from stealing credentials, other information, or money to the general wreaking of havoc or denial of service. Some of the more typical types of malware include:

Ransomware. A type of malicious software designed to block access to a computer system until a sum of money is paid.
Botnets. Networks of interconnected computers that are infected with a “botnet agent” designed to do the attacker’s bidding.

Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and web pages. Malvertising is a serious threat that requires little or no user interaction.

Phishing usually involves an email designed to lure the reader into doing something ill-advised by masquerading as a trustworthy source or legitimate enterprise. Phishing requests to execute an email attachment or click on a link are designed to install malware on the user’s computer, generally for the purpose of stealing money. Phishing can also involve more direct requests to provide private information such as passwords, credit card account details, or other sensitive data.

Application attacks, such as SQL injections, are increasingly common in today’s complex environment. While varied in nature and design, application attacks usually have the same intents and purposes as malware attacks — stealing data from database servers, running attack scripts on other users’ computers, stealing user credentials, etc.

AI security incidents involve supply chain compromise, which includes compromised apps, APIs and plug-ins; also model inversions (the extraction and/or exploitation of data in an AI model); model evasions (the manipulation of input data to mislead the model); prompt injections (the injection of malicious instructions); and data poisoning (the introduction of corrupted data into a training dataset to impact the model’s decision-making).¹⁰

Cost of doing business in the digital age

$4.44 million — Average cost of a data breach, a return to 2023 levels after a spike in 2024

$10.22 million – The U.S. average, driven by higher regulatory fines and higher detection and escalation costs

53% of breaches involved customer personally identifiable information (PII); 33% involved intellectual property (IP).

20% reported breaches involving shadow (or unauthorized) AI, most often involving data stored across multiple environments.

$670 million – Added breach cost for incidents involving shadow AI

16% of breaches were AI-driven attacks; most often phishing (37%), and deepfake impersonation attacks (35%)

86% of businesses experiencing a breach reported operational disruption.

^Source:^IBM^{Cost of a Data Breach Report 2025}

Who are the bad actors? While hacker may have originated as a term describing especially talented computer programmers and systems designers and may still include those considered ‘curious’ hackers, the term has become much more widely used to describe computer intruders or criminals. In addition to basic thieves, these ‘bad actors’ can be outsiders (such as business competitors or nation-states). They can also be insiders (such as disgruntled or otherwise malicious employees). Risk of security vulnerabilities Cybersecurity vulnerabilities can be technical in nature or procedural. Technical deficiencies — including software defects and the failure to use security protections (such as encryption) adequately — expose sensitive functionality or information. Procedural deficiencies can be IT related, including system-configuration mistakes, or failure to keep up with software security updates. However, many procedural deficiencies are user related (such as poorly chosen passwords).

Shadow data and shadow AIShadow data — data that is often on personal devices or otherwise unmanaged because of the use of unauthorized applications or storage locations — is making it increasingly difficult to safeguard. This year, 20% of organizations reported breaches involving shadow AI — the use of AI without approval or oversight —driving both cost and the extent of compromised data.¹¹Whatever the cause, when exploited, these vulnerabilities can be costly and result in:

Down time. Loss of business production or revenue-generation opportunities

Tarnished reputation. Negatively affected company and brand value

Customer flight. Loss of customers, especially critical with increasing level of e-commerce

Legal consequences. Fines, lawsuit costs, and settlements, which can be staggering

Industry consequences. Exploiting vulnerabilities across an entire sector — Healthcare records breaches have been extensive.