AI is industrializing traditional cyberattacks (phishing, ransomware, identity theft) and creating new ones (voice cloning, hyper-personalization, swarming agent orchestration). The number of victims is rising along with the costs, and the integration of AI in businesses significantly expands attack surfaces. This article reviews the state of threats in 2026 within the current unique geopolitical context and how SMEs—primary targets for attackers—can navigate this new world. According to the experts we consulted during a keynote in our hometown Marseille, the situation is serious and requires both heightened vigilance and internal training.
All experts agree, and reports are multiplying: cyberattacks are on the rise worldwide.
A Global Overview of Cyberattacks
According to the IBM X-Force Threat Intelligence Index 2026, North America was the most affected region in 2025, accounting for 29% of attacks. The Asia-Pacific region, a global hub for manufacturing, logistics, and technological innovation, followed with 27%. Europe accounted for 25% of incidents.
According to Check Point’s annual report on the threat landscape in France, published in February 2026, with 13% of recorded attacks in Europe, France ranks just behind the United Kingdom (17%) and slightly ahead of Germany (13%).
According to the French Statistical Service of the Ministry of the Interior (SSMSI), over 17,500 cyberattacks were recorded in 2025, up 4% from 2024.
For ENISA, the European Union Agency for Cybersecurity, in Europe, DDoS attacks were the dominant type of incident, accounting for 77% of reported cases. Intrusions follow with 17.8%. It’s worth noting that 87.3% of these intrusions are a combination of ransomware, banking trojans, and infostealers.
Impacted Sectors
For IBM, the industrial sector remained the most targeted in 2025, representing 27.7% of all incidents.
Recently, there has been much discussion about attacks on OT systems and we have often reported on this topic. Long underprotected, OT systems are becoming prime targets for hackers who often infiltrate them weeks in advance before striking. This is due to the fact that OT systems in industry are largely legacy systems, designed primarily for production rather than security.
SMEs
Whether individuals, companies, institutions, or large corporations, no one is immune to attacks. In this article, we focus specifically on SMEs, which are currently the economic entities most targeted by hackers. Being less protected than large corporations, SMEs are prime targets, and the impact can be severe, as illustrated by the French company Coexis’ attack in December 2023.
According to the Hiscox Cyber Readiness Report 2025, which surveyed nearly 6,000 SMEs in the UK, France, USA, Germany, Spain, and Portugal, over the past 12 months, 59% of SMEs reported having faced a cyberattack. Ransomware attacks remain a particularly persistent threat for many of these businesses. 27% of them experienced a ransomware attack.
IMB also notes in its report a 49% increase in the number of active ransomware groups compared to 2024.
The Role of AI
And now comes AI. According to ENISA, the majority of human-targeted manipulation attacks are now AI-assisted in some way — whether that’s writing, targeting, translation, or personalization.
“By early 2025, AI-supported phishing campaigns reportedly represented more than 80% of observed social engineering activity worldwide.”
At the same time, recent developments in AI also allow SMEs to access tools and capabilities that were previously out of reach. These technologies can improve productivity, but they also introduce new risks.
According to Check Point, risky AI prompts increased by 97% in 2025, and 40% of analyzed Model Context Protocols (MCPs) were found to be vulnerable. For SMEs, AI is therefore a double-edged sword—it can be a powerful asset but also a direct source of enterprise risk.
You could be interested in this article
State of the Threat
So, let’s have a brief overview of the most common threats and incidents in 2026.
What Are the Threats and Incidents?
According to the ENISA Threat Landscape, phishing remains the dominant intrusion vector, accounting for 60% of incidents:
“The availability of phishing-as-a-service platforms demonstrates the industrialization of phishing operations, enabling adversaries of all skill levels to launch complex campaigns.”
21% of incidents concern vulnerabilities exploitation, while nearly 10% concern botnets. Malicious applications still represent 8%, a proof that compromised or trojanised software continue to play a role in system intrusions.
Who Are the Attackers?
There are three primary categories of cyber attackers:
Cybercriminals: These financially motivated actors seeking profit invest resources into attacks to maximize return on investment. For example, intrusions, such as those leading to ransomware attacks, are predominantly driven by cybercriminal activity.
As Benoît Zigo, Commercial Director at Orange Cyberdefense, explained during a conference organized in Marseille last week in the headquarters of the local newspaper La Provence:
“Hacking has become a business in its own right, with investments and returns at a calculated level of risk. In countries like North Korea, Russia, and certain Eastern European states, the cost of executing high-quality, rapid, and effective cyberattacks is dropping significantly, making the return on investment increasingly attractive.”
Hacktivists: These ideologically-driven cyber actors are not primarily seeking profit. They aim to raise awareness, protest, or influence policy. According to ENISA, hacktivist groups account for the majority of collected DDoS incidents.
State-Sponsored Threats: These are nations or affiliated groups seeking mass manipulation, espionage, or strategic disruption.
“These three types of threats, given the current cyber landscape, are at their peak,” according to this expert.
The current geopolitical context—with multiple conflict zones—is mirrored in cyberspace, where criminal and state actors are increasingly active. For example, since the outbreak of conflict in Iran, cyberattacks have significantly increased, demanding heightened vigilance.
According to CheckPoint Research:
“Threat activity in 2025 increasingly mirrored real-world geopolitical tensions, with cyber operations synchronized to physical and political events.”
AI: An Amplifier of Threats and Attacks
Let’s take a closer look at how AI is changing cyberattacks. Cyberattacks themselves are not new—we’ve been covering this topic for many years. What is new, however, is that generative AI, which arrived in our daily lives at the end of 2022, enables attacks that are faster, more numerous, more sophisticated, and cheaper, explains Benoît Zigo:
“The most obvious example is phishing emails. Today, anyone can craft a highly convincing phishing email in French, regardless of nationality. Cybercriminals use AI to dramatically increase their impact. AI clearly helps them become more effective in their operations.”
Romain Gemignani, Head of the Artificial Intelligence Laboratory in Marseille region, confirms that a simple email can be a powerful weapon in the 21st century:
“In ten minutes, you have the full toolkit to manipulate people. Today, there is no way to reliably distinguish a fraudulent email from a legitimate one. Even I was fooled recently.”
This is confirmed by the Hiscox Cyber Readiness Report 2025,
“The top three emerging AI-driven threats over the next five years are social engineering attacks (60%), AI malware and phishing attacks (60%), and AI taking control of company data (60%).”
Key AI-enabled Tools
And to do this, attackers have several key AI-enabled tools at their disposal. The ENISA report states that hackers can enhance their operational effectiveness through jailbroken models, synthetic media, and model poisoning techniques.
Jailbroken models: Attackers bypass safety rules in standard AI chatbots (like GPT variants) to generate manipulative, deceptive, or threatening content at scale.
Synthetic media: They can create deepfake audio or video of a CEO instructing an employee to transfer funds, or fake voice calls impersonating the CEO or IT staff.
Model poisoning: Attackers can corrupt an AI system’s training data so it behaves maliciously in specific situations, often for highly targeted attacks.
For Thomas Kerjean, CEO of mail protection solutions provider Mailinblack, many of these attack types that are now AI-generated enable,
“to create more professional and sophisticated attack chains. The phenomenon itself isn’t fundamentally new, but it has become far less costly.”
And with AI, systems containing vulnerabilities (as IT systems always do) are now discovered and exploited much more quickly than before, explains Pierre Boulogne, CEO of Campus Cyber.IA, a French platform that sources cybersecurity providers from the Southern ecosystem:
“Vulnerabilities used to take two years and three months to exploit in 2018. In 2025, it took 25 days. By 2026, it takes just 1.6 days—and that’s due to artificial intelligence. This means attackers can move much faster than defenders today.”
You could also be interested in this article
The Industrial Risks of AI
With AI now fully integrated into enterprises—especially since the rise of generative AI—it has become a risk amplifier inside an organization, increasing attack surfaces. Everyone in the company, from accountants to employees and business managers, is adopting AI to improve performance. But poorly managed or uncontrolled use of AI in companies creates new vulnerabilities that hackers are quick to discover and exploit.
Let’s take a look at the most important risks:
1. Granting Access
According to Benoît Zigo, essentially, AI increases the attack surface.
“To get meaningful results from AI in a business context, you need to provide it with quality data and privileged access. This means the AI can access confidential information. ”
In some companies, certain AI systems now have more privileges than human developers. Zigo recalls an anecdote of a large organization that deployed an AI system with access to sensitive data. A CEO’s payroll file was left on a server, and the AI shared it with all employees without distinction.
“When you give data to an AI, it does not discriminate between sensitive data that shouldn’t be shared and data that can be shared.”
2. Hallucinations and Technical Debt
Another potentially explosive problem is AI-induced technical debt, warns Romain Gemignani. AI technologies, rapidly adopted to boost performance, inherently carry systemic biases and are prone to errors—sometimes major ones. Economic-scale incidents illustrate how immature these systems still are:
“The goal of ChatGPT and other generative AI systems is not to provide correct information. They are often wrong. They are trained to create the impression of interacting with a human sharing a cognitive framework. Therefore, you lower your defenses, and trust the system. This introduces a bias that represents a major industrial risk: the accumulation of technical debt. We’ve already seen this in early-adopting fields like software development, where trust in error-prone systems generates additional technical debt.”
Besides, Gemignani adds that in some cases, companies may lack internal resources or expertise to resolve this technical debt, creating long-term vulnerabilities that hackers could exploit.
3. Delegation Without Governance and Manipulation
According to Thomas Kerjean, the adoption of agentic AI risks repeating mistakes made with early apps in the 2010s—downloading and using tools lightly, without governance or oversight:
“You are effectively delegating your knowledge and decision-making time without any governance, orchestration, or understanding of your own workflows. Our R&D lab is monitoring this carefully. It hasn’t caused major incidents yet, but inevitably it will. AI will aggregate everything we know about you—emails, contacts, addresses, quotes, habits—and combine it with even more intimate insights about employees through agentic systems. This increases the risk of manipulation.”
Zigo echoes this warning:
“Once you delegate responsibility for a decision or interface to an AI agent that can act on behalf of the company, you introduce risks that didn’t exist before. An AI can be manipulated like a human. If an agent responsible for something is manipulated, there are consequences for the company.”
4. Unpredictable Model Behavior
Finally, AI systems can act in unintended ways, creating additional risk for enterprises. The news is full of such anecdotes, and two recent ones are particularly striking.
In one case, an AI developed by a team affiliated with Alibaba Group spontaneously began mining cryptocurrency during training, without any instructions. In another, last February, Summer Yue, Head of AI Alignment at Meta, described how her autonomous agent OpenClaw disobeyed commands and deleted emails from her Gmail account without authorization. Investigations revealed that the system acted autonomously due to overload, making a poor decision.
The Cost of Cyberattacks
No matter what type of attack you face—or will face, because you inevitably will—there is a cost. First, a financial cost, explains Thomas Kerjean of Mailinblack:
“The cost of an attack for a micro or small business (TPE/SME) has remained relatively stable, ranging between €150,000 and €300,000. For micro-enterprises, the risk can be bankruptcy. For SMEs, it can mean major slowdowns, potential ransom payments, loss of revenue.”
For large corporations, the impact is not limited to the company itself; it extends to the entire supply chain and business ecosystem, making it much harder to quantify. Losses can reach millions or even tens of millions of euros.
According to research by Statista, in 2024, cybersecurity cost France an estimated €120 billion. On a global scale, the estimated cyberattacks cost was around $8 trillion, with projections reaching $15 trillion by 2029.
There are also social costs, explains Romain Gemignani:
“Reputational damage, the cost of sensitive data being exposed—once your data is out in the wild, all your knowledge is out there.”
And we can also add the loss of trust among partners and clients, which can have long-lasting effects on businesses.
The SME Situation
Cyberattacks are not only becoming more sophisticated and AI-enhanced, but also more economically efficient for attackers, making SMEs particularly vulnerable. While large corporations have protected their organizations with highly capable partners, in France, 90–95% of the economic landscape consists of micro and small businesses (TPE/SMEs), which often lack the resources to adequately defend themselves.
According to all our experts, the amplification of traditional attacks will only continue to grow, and SMEs—with far less training, fewer password management tools, and significantly weaker basic cybersecurity compared to France’s CAC 40 companies—are now the primary targets.
In response, cybersecurity companies are developing solutions tailored to smaller businesses, helping them navigate this new cyber landscape. These solutions are designed according to market size, defense posture, available services, and the client’s investment capacity, while also addressing the specific threats they face. Companies like Orange Cyberdéfense are providing such support, Benoît Zigo explains:
“We implement awareness modules focused on the need to protect data. We show executives how AI can be corrupted, how to protect identities, and how to secure AI systems—helping companies understand the potential impacts. Once awareness is raised, we assist them in securing these systems and detecting AI misuse. Access to company data by AI systems must be strictly controlled.”
Recommendations for SME Leaders
All the experts shared practical advice for business leaders—especially those running SMEs at higher risk.
1/ Adapt Continuously
For Benoît Zigo, the key is to remain in a constant state of adaptation:
“You must continuously adapt and never assume that deploying a security solution or conducting a one-time employee awareness session is enough. Cybersecurity requires a mindset of continuous improvement.”
2/ Assume You Will Be Compromised
Leaders must also accept that a breach is not a possibility but a likelihood—and prepare accordingly by anticipating crises and deploying detection capabilities:
“You have to assume that a crisis will happen and know what to do when it does. You also need to rely on trusted partners so you can react quickly and effectively when a serious incident occurs.”
3/ Focus on What Truly Matters: Data and Value
Romain Gemignani stresses the importance of understanding and protecting what creates value within the company:
“Focus on what holds value in the company—its knowledge. AI is just a toolbox that has existed for decades. Depending on your use case, you should choose the right tools. Large language models are not always the best solution.”
For example, we encountered an American company that prohibits employees from using generative AI tools on corporate accounts or with company data to minimize risk.
4/ Protect Critical Business Functions
For Pierre Boulogne from Campus Cyber.IA, securing the most critical parts of the business is both essential and achievable:
“Protecting the core and critical functions of a company is not necessarily expensive. Regulations like NIS2 should be seen as a real asset for businesses, helping them modernize and strengthen their information systems.”
5/ Integrate AI and Cybersecurity from the Start
AI projects should be designed with cybersecurity in mind from day one. Some of these experts therefore advocates for secure and sovereign AI, designed to serve the general interest while increasing productivity and helping companies reach higher levels of maturity and compliance.
In France, some companies are already turning to solutions like Mistral AI, while others, such as Dragon LLM, offer sovereign, smaller-scale models tailored to specific business needs.
6/ Leverage AI as a Defensive Tool
AI is not only a threat amplifier—it is also a powerful defense multiplier, according to Benoît Zigo:
“Our analysts and consultants test and challenge the robustness of defense systems. AI helps them become more efficient by providing tools that allow them to move faster, perform better, and gain perspective.”
Similarly, Thomas Kerjean develops AI solutions to counter malicious AI:
“We simulate attacks—phishing and ransomware scenarios—to train employees and ensure they develop the right reflexes. Today, we protect around 2.5 million users in France.”
7/ Raise awareness among employees
As we’ve seen before, research shows that the most common cyberattack originates from phishing—an email that is received, and an employee clicks on a fake link and provides their credentials. Training people to be more cautious is key for all our experts in maintaining protection.
8/ Prepare for the Next Wave of Threats
Finally, experts warn that the amplification of traditional attacks will continue to accelerate. For Benoit Zigo;
“Attacks will gain in quality and speed. Within the next 12 to 18 months, we expect AI-agent-driven attacks capable of penetrating multiple information systems simultaneously.”
Looking ahead, future threats may even extend to quantum-related risks, particularly in the area of encryption. The French group Thales has already taken the lead. They have recently obtained the first high-level security certification for a smartcard resistant to quantum attacks. A major milestone toward protecting the digital identities of tomorrow.
