Ransomware Hits Near-Record Highs as AI Governance Gaps Widen Inside Organizations

The Travelers Q1 2026 Cyber Threat Report shows ransomware has settled into a new baseline rather than receding after last year’s record peak. With 2,405 victims posted to leak sites—a 7 percent increase over the same quarter a year ago—and an 80 percent rise in ransomware claims since 2022, the threat is clearly entrenched. More striking is the fragmentation of the ecosystem: 84 distinct ransomware groups operated in the quarter, the highest count since the dataset began in 2020, and churn continues as new actors emerge while others disappear. This diffusion makes dismantling any single gang far less effective.

At the same time, AI adoption inside enterprises is outpacing traditional technology rollouts, with 43 percent of U.S. workers already leveraging generative tools. The report warns that the speed of internal AI use creates a governance vacuum, exposing sensitive data on personal devices and enabling unmonitored experimentation. Without a formal oversight structure—such as an accountable AI committee, documented acceptable‑use policies, mandatory training, and human review of high‑risk AI decisions—organizations risk amplifying their own attack surface. Integrating AI‑specific risk criteria into vendor assessments and conducting privacy impact analyses are now essential safeguards.

Social engineering remains a potent vector, accounting for roughly 40‑50 percent of all cyber claims and rising more than 30 percent since 2023. Attackers are refining tactics, exemplified by the “mail bomb + ClickFix” scheme that overwhelms inboxes before posing as IT support to coax victims into executing malicious commands. Traditional phishing awareness programs, which focus on suspicious links, often miss this hybrid approach. The most reliable defense continues to be procedural: verify IT contacts through independent channels and treat any unsolicited request to paste code into a terminal as a red flag. Companies that harden these verification steps can blunt the most sophisticated social‑engineering attacks.