The latest Global Risks Report 2026 by the World Economic Forum—based on a survey of more than 1,300 global leaders and consultations with risk experts—identifies geoeconomic confrontation, armed conflict, social polarization, and disinformation as the main short-term threats. These dynamics have a direct impact on threats in the digital world.

As organizations digitize, cyber threats such as data hijacking and leakage, identity theft, and IT disruptions rank as major business concerns. “It is therefore no surprise that cybercrime now generates more revenue than drug trafficking and prostitution combined. Moreover, online fraud is proliferating and growing exponentially year on year, outpacing offenses such as robbery and theft,” states Juan Manuel Muñoz Perales, Chief Security Officer (CSO) and Global CISO of Mawdy. 

Drivers of its evolution

Disruptive technologies are a key driver in this area. In the previous survey, artificial intelligence emerged as one of the risks with the greatest long-term impact. While offering clear advantages, the malicious use of AI enables the automation of phishing campaigns and the creation of manipulated videos, images, and audio (deepfakes). Another emerging battleground is quantum computing, which—with vastly higher information processing speeds—has the potential to compromise current cryptographic systems that protect communications, financial transactions, and critical infrastructure.

Additional external pressures include geopolitical instability and the growing generation of cyber activities by states, no longer limited to criminal organizations alone. These groups are also increasingly replicating corporate structures to carry out their illicit operations. Regulation is another key driver, particularly in Europe, with the introduction of new data protection frameworks designed to benefit consumers. Finally, the perspective of the customer and the increase in their demands for safety in products and services are key considerations.

Comprehensive customer protection

In the insurance industry, cybersecurity has developed significantly. “[The insurance industry] has always worked to maintain a robust level of security that enables it to balance business generation with protection. In fact, the insurance sector must place an even greater emphasis on security than other industries, given its highly regulated nature—providing an additional assurance for customers,” states the Global CSO and CISO of Mawdy. 

At Mapfre, in addition to having a Cyber Resilience Plan—a global, consolidated program which includes controls, vulnerability review, correction, and all activities intrinsic to security—the goal is to provide comprehensive protection for the customer. This means incorporating the customer into the protection framework, representing a clear evolution.

To safeguard their identity and ensure their data cannot be altered, insurance companies use two-factor authentication for access. They also advocate continuous awareness-raising efforts. “The weakest link in the security chain is always the person. In 99% of the attacks that occur, there is a human failure or error behind it, which can be corrected with proper awareness,” emphasizes Juan Manuel Muñoz.

Security in the value proposition

In terms of offering, insurance companies have been developing cyber insurance products for more than a decade, which have grown significantly in line with the rise in threats. According to data from The Geneva Association, global premiums increased tenfold between 2013 and 2023, rising from $1.5 billion to nearly $15 billion.

Mapfre already offers cyber risk insurance products, designed primarily to protect organizations, with cover including damage to IT systems, business interruption guarantees, and technological services to restore normal operations in the event of an attack, as well as protection against cyber extortion threats and preventive services such as antivirus solutions, vulnerability assessments, and data protection advisory.

More broadly, the insurance market is now at a stage where service offerings are becoming increasingly sophisticated, and security is emerging as a key value-added component, providing both individual and corporate clients with services related to digital identity protection, cyberbullying response, and antivirus tools in the event of infection. There are many possibilities.

It is here that Mawdy has a strong role to play, given its digital nature, the type of services it provides, and its handling of sensitive information such as medical data. “At our company, we are committed to embedding our distinctive approach to security within our value proposition,” emphasizes Juan Manuel, who also calls for greater involvement of security leaders in business development and their participation in commercial proposals.

Certifications: a guarantee of trust

Mawdy, along with the Mapfre Group, has numerous security standards and certifications that support the development of its functions and are an additional guarantee of trust for the customer. The company has also taken the step of having its level of security assessed by third parties, providing a further competitive advantage.

Although its cybersecurity strategy is global, the company has local teams that enable it to stay close to emerging threats and specific regulatory requirements across different markets. In addition, no new project is initiated without first undergoing a ‘Security and Privacy by Design’ process.

Looking ahead, external pressures are unlikely to ease. Cyber threats will become increasingly sophisticated, making it essential to continue investing in and advancing capabilities in this field. Another important aspect is cyber resilience—that is, the ability to restore operations and return to normal following an attack or disruption, as highlighted by the cloud outage at Amazon Web Services in October last year in the Northern Virginia region of the United States. “Fortunately, at Mawdy, we had resilience mechanisms in place that enabled us to continue operating in some cases within minutes and, in others, in less than four hours.”

Ultimately, the current trend in cybersecurity and cyber resilience is moving away from a traditional support-based model towards a new approach in which organizations position themselves as value providers within the business proposition, leveraging the competitive advantage of comprehensive customer protection.