A decade of transformation: the evolution of cyber security

Key takeaways: Cybersecurity has evolved from a technical afterthought into a strategic, board‑level priority, driven by rising digital dependence and escalating threats.  Ransomware, cloud adoption and geopolitical conflict have defined the past decade, reshaping how organisations manage cyber risk. AI, machine identity management and quantum‑safe security are setting the agenda for the next era, marking another shift in the landscape.

Twenty years ago, cyber security was largely seen as a technical safeguard, a necessary but often reactive function. Today, it is a strategic imperative and a dynamic investment frontier.

The evolution in the cyber landscape was catalysed by a series of high-profile breaches, most notably those involving Yahoo*[1] and Equifax*[2], which exposed the vast scale of digital vulnerabilities. 

The rise of ransomware, exemplified by the WannaCry attack in 2017, marked another turning point, demonstrating how cyberattacks can compromise essential systems worldwide and result in significant financial losses.[3]  

The emergence of Ransomware-as-a-Service (RaaS) has further escalated the risk, enabling even low-skilled actors to launch sophisticated attacks.[4] 

The pandemic accelerated digital transformation, expanding the attack surface and making cybersecurity a critical enabler of business continuity.

The evolution: 2015-2025

With the big picture in place, we now turn to a year-by-year breakdown. While not exhaustive, the examples highlight some of the most significant developments that have defined each year.

2015: The rise of ransomware and insider threats

• Ransomware emerged as a dominant threat.
• Insider threats accounted for over half of attacks, highlighting internal vulnerabilities.[11]
• Healthcare became a prime target, with major breaches at Anthem*, Premera* and others leading to nearly 100 million records being compromised.[5]

2016: Cyber threats became national priorities

• The Dyn distributed denial of service (DDoS) attack disrupted major websites and exposed the vulnerability of Internet of Things (IoT) devices and the fragility of internet infrastructure.[6] 
• State-sponsored attacks raised geopolitical concerns.[7] Governments began treating cyber defence as a national security priority. 
• The Yahoo breach affected over 1 billion users, making it one of the biggest single-company breaches ever.[8]

2017:  Ransomware evolves into RaaS

• WannaCry ransomware attacks caused global disruption.[9]
• Ransomware evolved into RaaS, enabling non-technical actors to launch attacks.[10] 
• Organisations moved away from centralised IT, accelerating cloud adoption and creating more complex, less controlled data environments. 

2018: Regulation and collaboration

• Cryptomining surged past ransomware: over 42% of organisations were affected globally.[11]
• Cloud infrastructure became a prime target: in 2018, 51% of organisations worldwide experienced cloud-based attacks.15
• GDPR came into effect. Under GDPR, organisations must inform authorities within 72 hours of learning that they may have been breached.[12]
• Threat intelligence sharing became strategic: cyber security vendors increasingly collaborated to share real-time threat intelligence.[13]

2019: From BEC and ransomware to cloud security advancements

• Business Email Compromise (BEC) attacks became more sophisticated, leveraging social engineering and impersonation tactics to defraud organisations.[14]
• Ransomware attacks surged, with attackers increasingly targeting municipalities and the healthcare and education sectors. Criminal groups diversified operations to include ransomware as a primary revenue stream.18
• In 2019, cybersecurity efforts focused on strengthening protection across networks, endpoints, gateways and devices.[15]

2020: Pandemic-driven vulnerabilities, remote working and Zero Trust

• Remote work expanded the attack surface. According to Kaspersky*, brute-force[16] attempts targeting Remote Desktop Protocol (RDP) surged by 242% in 2020.[17]
• Cybercriminal groups exploited the pandemic to launch widespread cyberattacks.[18]  
• Supply chain attacks: the SolarWinds* breach was one of the most significant incidents, compromising multiple US government agencies and corporations.[19]

2021: Cybersecurity’s new normal: supply chain attacks 

• In 2021, supply chain attacks became part of the ‘new normal’. Colonial Pipeline was hit by a ransomware attack, which disrupted fuel supply across the US East Coast.[20]
• Zero Trust architectures gained momentum as VPNs proved inadequate.[21]

2022: The Ukraine conflict redefined cybersecurity priorities

• The Ukraine conflict triggered global cyber warfare and hacktivism. During the early stages of the Ukraine conflict in February 2022, a destructive malware known as HermeticWiper was deployed against Ukrainian infrastructure. Unlike ransomware, HermeticWiper did not seek financial gain, but its sole purpose was to erase data and disable systems, particularly targeting government and critical sectors.[22]

2023: Operation Cookie Monster and the rise of AI-enhanced cybercrime

• Cybercrime and cyber insecurity were ranked as the eighth most severe global risk by the World Economic Forum.[23]
• In August 2023, the internet was hit by the largest-ever DDoS attack. It peaked at 398 million requests per second.[24]
• Generative AI transformed both attack and defence strategies. Attackers started to leverage AI for deepfakes, automated phishing and AI-powered malware.[25]

2024: The rise of AI defenders 

• A 17-year-old hacker breached Transport for London (TfL) systems, compromising customer data and disrupting services. The attack caused £30 million in damages, highlighting how even low-resource actors can inflict serious harm on public infrastructure.44
• AI-Powered defence: cybersecurity providers begin actively integrating AI and generative AI into their products.[26]

2025: Securing the future: AI, Machine Identity and Quantum-Safe trust

• Machine Identity management becomes a priority. The rapid rise of autonomous AI agents is creating a major cybersecurity blind spot. With over 45 billion non-human identities expected by year-end, most businesses lack strategies to secure them.[27]
• Post-quantum cryptography: urgent transition to quantum-safe encryption.
• AI enhancing Zero Trust by continuous authentication and authorisation based on real-time analysis of user behaviour, device posture and network conditions.[28]

Cybersecurity has evolved from a niche technical function into a cornerstone of modern enterprise strategy. Today, cybersecurity is not just about defence; it’s about resilience, trust and competitive advantage. 

Read the second part in the series to learn more about cybersecurity’s strategic potential.  

 

*For illustrative purposes only. Reference to a particular security is on a historic basis and does not mean that the security is currently held or will be held within an L&G portfolio. The above information does not constitute a recommendation to buy or sell any security.

[1] https://en.wikipedia.org/wiki/Yahoo_data_breaches
[2] https://www.csoonline.com/article/567833/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html
[3] https://www.ibm.com/think/x-force/wannacry-worm-ransomware-changed-cybersecurity
[4] https://www.ibm.com/think/insights/the-rise-of-raas
[5] https://www.digitalguardian.com/blog/top-4-cybersecurity-trends-2015

https://www.hipaajournal.com/2015-the-year-of-the-healthcare-data-breach-8239/
[6] In October 2016, hackers unleashed a massive DDoS attack using the Mirai botnet.

https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet
[7] CNN reported that US intelligence agencies concluded the Russian government was behind the Democratic National Committee (DNC) hack in 2016. 

https://edition.cnn.com/2016/12/26/us/2016-presidential-campaign-hacking-fast-facts
[8] The breach raised serious concerns about data security and had major implications for Yahoo’s reputation and its pending acquisition by Verizon.

https://www.yahoo.com/news/yahoo-says-hackers-stole-information-221214183.html
[9] https://www.cloudflare.com/learning/security/ransomware/wannacry-ransomware/
[10] https://www.sentinelone.com/blog/anti-ransomware-day-2025-10-years-of-raas/
[11] https://research.checkpoint.com/wp-content/uploads/2018/07/Cyber-Attack-Trends-2018-Mid-Year-Report.pdf
[12] https://gdpr-info.eu/art-33-gdpr/
[13] https://academic.oup.com/cybersecurity/article/4/1/tyy008/5245383
[14] https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf
[15] https://www.crn.com/slide-shows/security/the-10-hottest-new-cybersecurity-tools-of-2019
[16] A brute-force attack is a method where attackers use automated tools to try many combinations of usernames and passwords until they find the correct one.
[17] https://usa.kaspersky.com/about/press-releases/kaspersky-report-criminals-targeted-remote-work-in-2020
[18] https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-099a
[19] https://www.fortinet.com/resources/cyberglossary/solarwinds-cyber-attack
[20] https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years
[21] https://www.staysafeonline.org/articles/5-cybersecurity-trends-in-2021
[22] https://www.cyberark.com/resources/blog/hermeticwiper-what-we-know-about-new-malware-targeting-ukrainian-infrastructure-thus-far
[23] https://www.weforum.org/publications/global-risks-report-2023/
[24] https://www.weforum.org/stories/2023/10/internet-cyber-attack-record/
[25] https://commercial.allianz.com/content/dam/onemarketing/commercial/commercial/reports/Allianz-Commercial-Cyber-Security-Trends-2023.pdf
[26] https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-cybersecurity-providers-next-opportunity-making-ai-safer
[27] https://www.weforum.org/stories/2025/09/unsecured-ai-agents-cyberthreat/
[28] https://www.forbes.com/councils/forbestechcouncil/2025/04/16/the-future-of-ai-in-zero-trust-architecture-and-data-regulations/