A recent analysis by CyberCube, a global leader in cyber risk analytics, indicates that the Manufacturing, Education, Information Technology, and Retail sectors are currently most vulnerable to attacks from Scattered Spider, a prolific extortion crew that has rapidly expanded its operations across various industries.Scattered Spider, which emerged in 2022 as a social engineering collective, has evolved into a significant ransomware and extortion threat actor. Since April, the group has targeted diverse sectors, including retail, insurance, and airlines, employing sophisticated social engineering tactics such as help desk impersonation and authentication bypass to gain access to high-value corporate networks, resulting in considerable financial losses.CyberCube utilized its Portfolio Threat Actor Intelligence (PTI) solution to assess risk exposure across a portfolio of approximately 15,000 companies from key global markets. This analysis, which segmented companies into risk tiers based on their technology footprint and observed security weaknesses, identified that 2% of firms with revenues exceeding $500 million across eight major cyber (re)insurance markets—the USA, UK, Canada, Australia, Germany, France, Japan, and Singapore—face the highest likelihood of a Scattered Spider attack.Specifically, CyberCube identified 287 high-risk companies (2%) that utilize three or more technologies frequently exploited by Scattered Spider, combined with security vulnerabilities known to be leveraged by the group. These companies also exhibit security conditions that could facilitate the threat actor’s progression through an attack lifecycle to achieve their objectives. Additionally, 1,037 companies (7%) were categorized as medium-risk, using at least one of the group’s preferred technologies and exhibiting security weaknesses that might allow partial progression of an attack. Further industry-specific breakdowns for high-risk companies were published in a CyberCube blog.William Altman, Head of Cyber Threat Intelligence Services at CyberCube, commented on the findings: “CyberCube’s analysis reveals a current cluster of elevated risk in the market and presents a strategic opportunity for cyber (re)insurers. They can act preemptively by managing exposure and incentivizing improved security before Scattered Spider launches further attacks. For portfolio managers, our findings underscore the importance of moving beyond broad sector assumptions and focusing on mapping technological and security posture overlaps across seemingly unrelated sectors and insureds.”The Portfolio Threat Actor Intelligence (PTI) solution, which leverages Artificial Intelligence (AI), maps cyber threat actor behavior and their most frequently targeted technologies. PTI is an integral part of the CyberCube Concierge Threat Intelligence service, a offering designed for the specific requirements of cyber (re)insurers, developed by experts in cyber threat intelligence, risk, and insurance.CyberCube, established in 2015 within Symantec and now operating as a standalone company, is a leading provider of software-as-a-service (SaaS) cyber risk analytics. The company quantifies cyber risk in financial terms, enabling clients to make informed decisions regarding cyber risk management and transfer. Its AI-supplemented, multi-disciplinary team translates complex cyber threats into actionable strategies, illustrating their financial impact on businesses, markets, and society. CyberCube serves over 100 insurance institutions globally, with investments from Forgepoint Capital, HSCM Bermuda, and Morgan Stanley Tactical Value.