Mid-Year Cyber Insights from the Ransomware Advisory Board
The NetDiligence® Ransomware Advisory Board is a quarterly private forum where senior incident response practitioners share candid insights from active cyber extortion and ransomware matters. Its discussions are grounded in real-world cases, giving brokers and their clients a practical view of how attacker tactics are evolving and where organizations remain most exposed.
What Cyber Brokers Need to Know About Identity-Based Attacks
Cyber brokers should be aware that attackers are increasingly bypassing security tools by targeting people, identities, and account recovery workflows instead of exploiting purely technical weaknesses. In the Q2 2026 Ransomware Advisory Board discussion, members highlighted identity compromise, help-desk impersonation, and SaaS access abuse as persistent paths into client environments.
This matters because the threat environment is getting busier, not quieter: 73% of board members reported ransomware/extortion case volume increased in the last 3 months, and no one reported a decrease. Board members attributed much of that rise to less-skilled attackers using AI and widely available tools to accelerate social engineering and credential theft.
For brokers, the takeaway is practical: clients may have MFA and security tools in place, but they are still exposed if password resets, MFA changes, and support requests are not tightly verified. A single mistaken approval or weak recovery process can give attackers access to email, cloud platforms, and sensitive business data.
3 Broker Talking Points for Clients:
- Treat account recovery as high risk — Password resets and MFA changes should require stronger identity verification.
- Verify support requests through trusted channels — Unexpected access-related calls, messages, or prompts should always be confirmed independently.
- Contain more than the password — If an account is suspected to be compromised, clients should review active sessions, reset access, and check for lingering connections.
The big message for insureds: today’s attackers often do not need malware or advanced exploits — they just need one person to trust the wrong message, prompt, or caller.
For more client-ready insights, log in to your eRiskHub® and visit the Insurance Insiders section to access the full Q1 and Q2 NetDiligence® Ransomware Advisory Board executive recaps. These summaries provide added context on ransomware, cyber extortion, identity abuse, and evolving attacker tactics — along with practical discussion points brokers can use in conversations with clients.
