By Edward Cooney and Bradley Watts
Cybersecurity is ever evolving as the way companies operate and do business changes. With more employees working remotely and using outside tools like AI assistants, the holes in many companies’ cybersecurity protocols are widening. Today, scams are being executed on a larger scale as bad actors become more sophisticated and leverage technology such as AI for greater efficiency. In this increasingly risky environment, companies across industries must zero in on the latest cybersecurity trends and implement key mitigation strategies to keep their systems and data protected.
AI and generative AI tools offer transformative potential for businesses across industries, but they come with data privacy and cybersecurity risks. Most public AI tools retain user inputs to train and improve their models, meaning any client data input may be retained and potentially exposed later.
Mitigation Strategies:
Classic attack types are as strong as ever. From ransomware and banking scams to phishing and smishing, attackers continue to prey on common weaknesses in companies’ cybersecurity. According to Verizon’s 2025 Data Breach Investigations Report, credential abuse accounted for 22% of breaches. The report identified exploitation of vulnerabilities as the initial point of access in 20% of breaches — with just over half of those vulnerabilities getting fixed via available patches over the course of a year. Additionally, the report noted that breaches involving ransomware increased from 37% in 2024 to 44% in 2025.
Mitigation Strategies:
Attackers are increasingly targeting vendors, applications and hardware, resulting in more effective and often larger-scale attacks. The Verizon report found that breaches involving a third party doubled from 15% to 30% between 2024 and 2025. Vendors often have access to a company’s private information, like banking accounts or employee data, and that information is at risk should the vendor’s system be breached.
Mitigation Strategies:
Traditional perimeter defenses used by many companies, such as firewalls and VPNs, are becoming less effective with the rise of cloud computing, remote work and mobile devices. These models are set up to keep external actors out, but once someone is given access to the network they have access to nearly all of it. As attackers continue to get better at breaching passwords and multi-factor authentication, zero trust polices are emerging as the next line of defense.
Zero trust policies are grounded in identity management and identity security, following the principle “never trust, always verify.” These policies grant least privilege access, giving users just enough access to perform a specific function rather than granting them full network access with a single sign-on. With a zero-trust approach, users are required to have unique logins and dual authentication for different apps and data access points within the network. This setup creates multiple layers of security so if one fails, not all is lost.
Cybersecurity programs are a critical investment for companies across industries. They protect data and systems as attackers get smarter and breaches bring significant monetary and reputational consequences. The right insurance broker can be a valuable resource for companies navigating the development of cybersecurity programs that protect them against a range of threats.
At Conner Strong & Buckelew, our in-house cyber task force helps organizations shore up their cybersecurity and protection by:
Ready to arm your company with a strong cybersecurity program? Contact us today to partner with experienced professionals committed to protecting your business, reputation and bottom line.
Partner, Managing Account Executive, Public Entity Practice Leader, Cyber Practice Leader
Bradley Watts
Vice President, Business Development Executive
