Cyber attacks are growing in volume, speed and sophistication, as are AI models, with geopolitical instability fuelling the fire and leading to motivated aggressive players.
This is according to Siobhan Gorman, partner at global advisory firm Brunswick Group, who delivered a keynote address at the ITWeb Security Summit 2025 at the CTICC in Cape Town yesterday.
Gorman said geopolitical stability is at risk as cyber continues to be used as a political tool. “Stability is fractured within the geopolitical order, so to speak. It is an opening for adversaries and offers opportunities for them to exploit.”
Gorman said the disruption – including the US administration’s positioning on cyber security and warfare – exposes markets to rivals.
Although not directly referred to in Gorman’s presentation, the Trump administration made headlines in January this year after dismissing members of its advisory committees, including the Cyber Safety Review Board.
This development is relevant given that China, North Korea and Russia are weaponising cyber operations to launch attacks on critical infrastructure.
Gorman referenced the impact of Typhoon cyber groups that continue to target key sectors, including finance, government, energy and telecommunications.
Gorman has previously stated that the reality for business leaders is that the attack surface area has expanded – and it is not just organisations or governments at risk, it is any organisation that deals with data and operates in the supply chain.
Defenders gain speed and detection through AI, but attackers gain at least as much, if not more, Gormon told delegates.
“AI complicates the battlefield and is a challenge to defenders. It is also changing the nature of threat actors, making it easier than ever before to attack. It’s a force multiplier… and in the AI era, speed and scale favour threat actors who are willing to use it without rules,” Gorman added.
“AI makes the threat actor’s job easier,” she continued, adding that it accelerates phishing, social engineering and malware creation. GenAI reduces barriers (less-skilled hackers can now launch sophisticated attacks) and AI-driven automation makes attacks faster, cheaper and scalable.
For defenders, automated threat detection and response improves reaction times, AI-driven analytics help identify subtle and complex attacks, and predictive models anticipate attack trends and patterns.
Gorman added that attackers are now combining extortion, encryption and disruption to maximise pressure and payouts.
She said ransomware as a service (RaaS) has exploded (anyone can launch attacks without technical expertise), and that double, triple and re-extortion tactics are now standard (encrypt – steal – threaten to leak – pressure victims with public exposure and regulatory risk – return months later for re-extortion), and criminal groups operate like agile businesses (specialised roles make ransomware highly efficient and scalable).
Gorman advised business leaders to identify gaps across people, processes and technology, then build or strengthen crisis response teams, assign clear roles across IT, legal, communications and leadership, as well as conduct regular exercises and simulations to test response under pressure.
Share