The latest InsurSec Rankings from At-Bay reveal a worrying security trend. The 2025 report shows that organizations using VPN solutions from Cisco and Citrix are much more likely to fall victim to ransomware attacks than companies using other VPN solutions or no VPN solutions at all.
According to an analysis, companies with Cisco or Citrix VPNs are almost seven times more likely to be affected by ransomware. Companies with on-premise VPN devices are generally 3.7 times more likely to be targeted than organizations that use a cloud-based VPN or no VPN at all. This confirms a trend that has been evident for some time: local infrastructure is difficult to secure against rapidly evolving threats that penetrate via the internet. Cisco and Citrix are mentioned explicitly because their VPN devices are regularly targeted by attackers who exploit newly discovered vulnerabilities before patches are rolled out.
The risks associated with VPN technology are part of a broader analysis that also included email security and remote access tools. Together, these account for 60% of all cyber claims in 2024. If incidents caused by third parties or non-cyber-related events are excluded, that share rises to 90%. Criminals are increasingly targeting email and remote access. This is because these resources are widespread and difficult to secure completely.
GenAI poses an additional threat
The rise of generative AI is making the situation more complex. Attackers use AI to create credible phishing emails for financial fraud or identity theft. At the same time, many email security tools struggle to detect these sophisticated attacks. Although the frequency of email claims appears to be declining slightly in early 2025, there was still a 30 percent increase in 2024 compared to the previous year.
According to At-Bay, this shows that the current cyber landscape is characterized by an acceleration of threats that surpasses traditional security models. Email and remote access remain the primary attack vectors, but the threat landscape is changing rapidly. AI-driven fraud, complex ransomware, and vulnerabilities in VPN devices make it clear that lagging behind in security innovation is no longer a minor risk, but a direct threat to business continuity.
At-Bay’s CISO Adam Tyra emphasizes that the problem does not necessarily lie with Cisco or Citrix products, but with their growing technical complexity. Many organizations install these devices correctly but fail to maintain them adequately, resulting in missed patches and outdated configurations. According to Tyra, companies would do well to switch to modern, cloud-based solutions such as Secure Access Service Edge (SASE), which greatly reduce exposure to direct attacks.
According toThe Register, 80% of all ransomware attacks on At-Bay customers began via remote access, and in 83% of those cases, a VPN device played a role. SonicWall is also cited as an example of a vendor that experienced a sharp increase in Akira ransomware attacks due to the exploitation of vulnerabilities in SSLVPN configurations. According to Tyra, this shows that the maintenance of traditional firewalls and VPNs has become too complex for many organizations to use them safely.