Chubb research shows cybersecurity and AI risks threaten business growth

Cybersecurity risks have emerged as a fundamental business issue, one that organizations cannot just brush aside. And it's not because security incidents have led to operational disruptions…it's because security has evolved into a critical business risk that significantly impacts long-term financial stability, growth and business reputation.

The 2025 Chubb risk report provides greater insight into why business leaders consider cybersecurity as their biggest organizational growth disruptor, resulting in the most unexpected financial burden on a business. Chubb research shows that 60% of executives believe cybersecurity threats pose the greatest geopolitical risk — outweighing concerns around global tensions among superpowers, climate change, trade wars and political instability.

AI-generated deepfakes raise major concerns

Generative AI apps, tools and platforms are enabling attackers to rapidly create synthetic videos, images and voice impersonations, and harvest these for phishing, social engineering and disinformation campaigns. In the United States alone, deepfake-induced fraud is predicted to reach almost $40 billion. Al-related risks present a serious issue, with some 50% of executives reporting some impact to their business from deepfakes in the past year.

Cybersecurity and AI risks have intensified over the past decade

Not surprisingly, the risk levels associated with cyberattacks, AI, climate change, and reputational damage from viral social media events have either escalated significantly in the past decade or were non-existent before. For example, a deepfake attack now happens every five minutes, and there's been a 244% increase in digital document forgeries — all thanks to AI, a technology that regular people did not have access to barely a few years ago.

Continuous monitoring of cyber incidents has become critical

Due to the increasing significance of cybersecurity incidents on businesses, 84% of executives confirm that ongoing monitoring of cyber incidents is the most commonly used risk mitigation tool, and 41% stated it is an essential function fully integrated in their organizations.

Cyber insurance has become vital for risk mitigation

Executives acknowledge that while carrying cyber insurance is not a silver bullet for risk mitigation, it has certainly become an important risk management tool. More than 89% of executives intend to increase their cyber insurance coverage or introduce new coverage to tackle growing cyber threats and technological vulnerabilities.

Key takeaways

Organizations have always faced business risks. However, today's risks, like organized cybercrime, cyber terrorism and nation-state threats, are far more dangerous, unpredictable and complex than what businesses have had to deal with historically. To stay protected, organizations must learn the ability to manage and thwart these risks round the clock. Listed below are some best practices that can help.

●       Deploy multi-layered security: Use multi-layered security controls such as firewalls, encryption, zero trust network access, endpoint detection and response, phishing-resistant multi-factor authentication, etc., each addressing specific vulnerabilities and attack vectors. Layering these defenses can create a safety net, ensuring that if one layer is breached, others remain intact for help in preventing unauthorized access or data loss.

●       Continuously test and monitor attack surfaces: Run vulnerability scans and penetration tests to identify weaknesses in systems, applications and networks before bad actors can exploit them. Implement AI-based security monitoring tools to track network traffic, system logs, user behavior, and device activity to quickly identify behavioral anomalies or unusual or unauthorized actions.

●       Train to strengthen the human element: Phishing is already the single biggest root cause for cyberattacks and with threats like AI and deepfakes on the rise, social engineering will likely grow in complexity and intensity. Employees need a clear understanding of common threats like phishing, ransomware and data breaches, as well as the potential consequences to the business. Phishing simulation exercises must be administered to help improve vigilance, agility and common sense in employees.

●       Leverage cyber insurance: Although cyber insurance does not equal cybersecurity, it does help offset a range of costs in the event of a cyber disaster, such as expenses associated with data recovery, legal fees, or ransomware payments. Some insurance carriers may mandate a security audit and require certain security controls and protocols prior to underwriting a policy, providing an incentive for companies to raise their cybersecurity posture in exchange for better coverage and lower premiums.

Cybersecurity is not exclusively an IT concern but something dire that can weigh heavily on growth and financial stability. To defend against emerging and AI-fueled cyber threats, organizations must take proactive steps, such as deploying multi-layered security, continuously testing and monitoring attack surfaces, and raising security awareness and behavior of staff members. Remember, robust cybersecurity isn't just a factor for long-term growth and success but also a strategic advantage for any organization.