2% of Large Firms Face High Risk from Scattered Spider

by

Estimated reading time: 2 minutes

When 2% is a lot –

Two percent might not sound like much. That’s until you realize it’s 287 global companies. It’s not a rounding error. That’s a buffet for Scattered Spider, which has reemerged as a significant cyber threat in 2025. The group now poses a serious challenge for cyber (re)insurance portfolios. This analysis, courtesy of CyberCube, shows that these firms operate in sectors such as aviation, retail, and insurance. The attackers exploit shared cybersecurity weaknesses and favored technologies like Okta and Microsoft Active Directory.

Attacks Surge Across Industries

Since April, Scattered Spider has launched 11 known cyberattacks. These include incidents at UK retailers Marks & Spencer and Co-op. Estimated combined losses reached up to $592 million. This follows previous high-profile breaches at MGM and Caesars in 2023.

The group’s strategy is precise. It targets companies with weak identity systems and large IT footprints. They often strike several firms within one industry before moving on.

CyberCube’s AI-Powered Warning System

Of the 15,000 firms assessed, 287 firms fall into the high-risk tier. These companies use three or more technologies that are often exploited by the group and exhibit notable security gaps.

Another 1,037 companies are considered medium risk. These firms could enable partial breaches. The remaining 91% are currently classified as low risk; however, CyberCube, even in this cohort, advises ongoing vigilance.

CyberCube offers cyber (re)insurers its Portfolio Threat Actor Intelligence (PTI) tool, which uses AI to map attack patterns and predict risk. It segments companies based on exposure to Scattered Spider’s known tactics.

See also  CyberCube Partners with HUB International to Offer Cyber Risk Analytics in North America
Industries in the Crosshairs

High-risk industries include IT, retail, manufacturing, and education. Many have already been hit. The attackers focus on sectors that depend on remote access and help-desk systems, where downtime is most damaging.

Scattered Spider’s return marks a critical moment for cyber (re)insurance. With attack frequency on the rise, the industry must act quickly to prevent correlated losses.

VIDEO – 3 Minute Watch – UK’s Cyber Monitoring Center Breaks Down Marks & Spencer Cyberattack

Martin Hinton

Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News and Information. With over three decades of journalism experience across six continents, his work encompasses investigative reporting, documentaries, and coverage of cultural, political, and business news. To learn more about his career, click on his name to visit his LinkedIn page.

×