Since emerging in 2022 as a social-engineering crew, Scattered Spider has rapidly evolved into one of the most formidable ransomware and extortion groups. “CyberCube’s analysis reveals both a current cluster of elevated risk in the market and a strategic opportunity for cyber (re)insurers to act preemptively by managing exposure and incentivizing better security before Scattered Spider strikes again,” said William Altman, Head of Cyber Threat Intelligence Services at CyberCube. Since April 2025, the group has targeted diverse sectors, including retail, insurance, and airlines, causing significant financial losses through sophisticated tactics like help desk impersonation and authentication bypass to breach high-value corporate networks.
CyberCube’s analysis of approximately 15,000 companies across eight key global markets—USA, UK, Canada, Australia, Germany, France, Japan, and Singapore—reveals that 2% (287 companies) with revenues over $500 million are at high risk of Scattered Spider attacks. These companies use three or more technologies frequently exploited by the group and exhibit security lapses that allow attackers to complete critical stages of the attack lifecycle. An additional 7% (1,037 companies) are at medium risk, utilizing at least one of Scattered Spider’s preferred technologies with weaknesses that enable partial attack progression. Manufacturing, Education, IT, and Retail stand out as the most vulnerable sectors due to their technological and security posture overlaps.
CyberCube’s Portfolio Threat Actor Intelligence (PTI) solution employs artificial intelligence to map threat actor behaviors and identify targeted technologies, enabling cyber risk exposure managers to pinpoint at-risk organizations. This AI-driven approach helps insurers and businesses proactively address vulnerabilities by focusing on specific technology footprints and security gaps exploited by Scattered Spider. The solution is part of CyberCube’s Concierge Threat Intelligence service, designed to meet the unique needs of cyber (re)insurers.
The findings highlight the need for organizations to move beyond broad sector-based risk assumptions and adopt targeted cybersecurity strategies. Scattered Spider’s ability to exploit seemingly unrelated sectors underscores the importance of understanding technology dependencies and security weaknesses. CyberCube’s analysis provides a roadmap for insurers and businesses to mitigate exposure by incentivizing stronger security practices, particularly in high-risk sectors like Manufacturing, Education, IT, and Retail.
CyberCube’s identification of Scattered Spider’s high-risk sectors serves as a critical wake-up call for industries reliant on vulnerable technologies. By leveraging AI-driven analytics and proactive risk management, organizations can strengthen their defenses against this aggressive cyber threat, minimizing financial and operational impacts in an increasingly volatile digital landscape.
CyberCube is the leading provider of software-as-a-service cyber risk analytics to quantify cyber risk in financial terms. Driven by data and informed by insight, we have harnessed the power of artificial intelligence to supplement our multi-disciplinary team. Our clients rely on our solutions to make informed decisions about managing and transferring cyber risks. We unpack complex cyber threats into clear, actionable strategies, translating cyber risk into financial impact on businesses, markets, and society as a whole.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.