Cyber Trends, Nation-State Collaboration, and Technology as a Target Discussed at Cyber Risk Summit in Miami Beach

The cybersecurity community gathered Feb. 9-11 at the NetDiligence Cyber Risk Summit in Miami Beach to exchange insights and learn about cybersecurity liability and risk management. Pondurance's Chair Niloofar Razi Howe and Assistant Vice President Will Gadzinski talked with James Thaler of The Insurer TV about the new, creative ways threat actors are targeting victims. They discussed trends in artificial intelligence (AI) and ransomware, threat actor collaboration with nation-states, technology as a target, and what's new at Pondurance.

AI and ransomware

The cybersecurity landscape is in constant flux, and AI and ransomware are at the forefront of the change. 

• AI. "With respect to artificial intelligence, attackers are using it much more proactively than the defenders are, and there's a reason for that," Niloo said. She explained that threat actors are not concerned with the problems that can arise with AI, but the defenders are. Defenders know it's important to keep humans in the cybersecurity loop. Humans must observe, make decisions, and know when to escalate an alert. 

Niloo also noted the increase in AI usage for social engineering exploits. As an example, she discussed the $26 million deepfake heist in 2025 against Arup. The exploit involved a video conference where every attendee except the victim — including the CEO and members of the financial department — were generated by AI.

• Ransomware. The volume and sophistication of ransomware attacks are on the rise, according to Will. He explained that threat actors are using AI in their overall attack life cycle, which speeds up the process and allows a lower barrier to entry so that a larger number of threat actors can use ransomware against victims. Many of these new threat actors are even less scrupulous than traditional cybercriminals. 

Nation-state collaboration

Typically, there have been two separate sets of cybercriminals: ransomware gangs and nation-state actors. But today, 75% of ransomware from Russian-language gangs is coordinating directly with Russian intelligence agencies, according to Niloo. The largest rise in activity is coming from Iran, Russia, and North Korea, and Niloo made the connection that these countries are currently under Western sanctions that are causing substantial economic stress. She discussed how Iran coordinates with Russian ransomware gangs through hubs such as Black Hat and launders money for Russia, Russia has released its own form of cryptocurrency, and North Korea funds its state missile programs through cybercrime such as crypto theft and IT worker fraud.

Technology as a target

Threat actors typically target specific industries, such as healthcare or manufacturing, but that pattern is changing. "What we find is that the ransomware gangs and the overall campaigns that are being carried out are more opportunistic and based around the technology that's in place," said Will. He discussed how, in earlier years, when a vulnerability in a network was exploited, the process of gaining a foothold in the network would take days or weeks, but today, that timeline has accelerated. 

"Exfiltration can happen within the first hour," Niloo said. She explained how this acceleration shifts the key metric from mean time to detection to mean time to containment, meaning that defenders no longer have time to figure out that a threat actor is in the network and how to contain the threat. "We can't stop this from happening," she continued. "But what we can make sure is that every organization can survive it, that it's OK, and they can make it through the attack."

"It's almost inevitable these days that you will be attacked," Will said. Prevention alone is not an effective total control. He suggested that organizations need a strategy for readiness with multiple layers of security including humans in the loop for quick detection and response to mitigate the impact of an attack. Will also emphasized that organizations often have the right technology for their environments, but they haven't fully adopted or correctly configured the technology, which is an area where organizations can improve.

What's new at Pondurance

Cybersecurity is evolving, and Niloo and Will discussed how Pondurance is implementing changes to continually improve its capabilities and offerings. In the first quarter of 2026, Pondurance will roll out three new solutions:

• AI-assisted security operations center - to improve automation for quick detection while keeping humans in the loop for smart decision-making

• Overall software and system inventory - to help clients keep track of technology within their environments

• Microsoft 365 configuration review - to provide insights to help clients properly configure and secure their environments

Conclusion

Threat actors are indeed finding creative ways to target victims, and organizations need to keep up with the latest developments in cybersecurity to properly respond to new threats. Watch the video to learn more.