“There are decades where nothing happens; and there are weeks where decades happen.” (Attributed to Lenin.)

It is as true now as it was in the early 20th century. If anything, “weeks” seems like a long time in the Age of Artificial Intelligence. “Days” feels more accurate. Yet the people who should be most excited about the AI race are, interestingly, the people who also fear it the most. This includes the heads of IT who say their jobs morph from building databases and developing the future into being security guards of client and sensitive enterprise data.

Ignoring the growth of cyber risk could be detrimental for companies. In early 2024, JP Morgan, one of the world’s biggest banks, reported a stunning 45 billion hacking attempts a day!

Malicious cyber incidents have been climbing almost exponentially since 2010. The risk of suffering a cyber-attack—and extreme losses from it—has increased:

Note. Panel 1: cyber events are classified according to Advisen. Delayed reporting may lead to the underestimation of cyber events in more recent periods. Panel 2 is based on the estimated posterior density function of the highest loss of all firms within a year. 

A growing concern

The more the world moves online, and the faster it develops, the more cybercrime becomes a concern. The International Monetary Fund (IMF) has highlighted the rising economic and financial stability risks from cybercrime in most of its recent publications, including its Global Financial Stability Report 2025.

AI can now replicate human voices, appearances and even crack passwords, endangering many traditional ways of verification.

Gartner, a research organisation, predicts that the world will be spending $240bn (roughly the GDP of Qatar) on cybersecurity, a staggering 25% rise in only two years. The AI revolution drives spending risks to the upside.

It’s not just banks or individual organisations that are at risk. Even with the best of individual efforts, system-wide attacks can still be detrimental for businesses.

Cyber-attacks on infrastructure, government records, and so on, can destabilise whole economies. Simple power outages can impair foreign exchange markets, creating liquidity constraints, rejecting settlements, cutting access to risk management tools and even triggering systemic stress and runs on banks.

In February 2025, a single hardware failure of T2 (formerly TARGET2), the European Central Bank’s financial market infrastructure, caused market chaos and delayed critical payments, including wages, pensions and financial settlements. A successful attack would likely have caused a lot more damage.

How can boards protect themselves?

• Make sure that they have easy access to cybersecurity expertise.

• Perform regular assessments of the cybersecurity landscape.

• Stress-test the capabilities of their own companies.

• Encourage cyber “maturity” among employees and management.

• Share information of incidents in-house, but also at a sector level.

• Work with governments and international bodies (such as the IMF) to inform and to make sure that state-led infrastructure is up to the task of protecting the nation’s businesses from outside threats.

The age of AI poses a challenge to every firm. The speed of new AI technology far outpaces the speed of development of new cybersecurity tools.

Leadership teams are faced with an impossible dilemma: ignore the AI revolution and become obsolete, or embrace it unconditionally and risk data and infrastructure breaches. The path between these options—if there is one—is a tightrope. Boards must muster all the expertise they can to balance opportunities and risks in what is fast becoming a digital-first world.

George Lagarias is chief economist at global consultancy Forvis Mazars

Forvis Mazars is hosting a cybersecurity event for established non-executive directors in London on February 5, 2026. Find out more information and register your interest here.