At the 2025 Cyber Insurance Academy Bootcamp, Patrick Milnamow, Senior Manager at Ernst & Young LLP, delivered a sobering prediction about the cyber threat landscape for 2026. Patrick’s analysis highlighted that pressure, opportunity, and rationalization are now “far greater” and “multiples higher” due to technology, making cybercrime’s growth almost unstoppable.
The Cyber Threat Landscape in 2026
Speaking on “Aviation, Retail & Healthcare: Three Sectors to Watch in 2026,” Patrick revealed how the classic “fraud triangle” is being exploited in the digital age, creating enormous vulnerability in critical sectors.
Here are the three most compelling takeaways from his session about the Cyber Threat Landscape.
1. Healthcare Cyber Risk
Patrick stressed that the healthcare sector’s rapid digital transformation has created a “playground for bad actors” in the cyber threat landscape. The shocking reality is that criminals exploit the life-and-death nature of healthcare operations.
“The healthcare industry had the second-highest proportion of ransomware claims. For ransomware losses, business interruption (BI) accounts for the largest share of costs (51%) among all cost components.” (Munich Re, March 2025)
Patrick warned against adopting new tech without cybersecurity: “Implementing these new technologies without any consideration for cyber… I’ve always thought of it as buying a brand new car, but you’re not putting in any seatbelts.”
2. Retail Cyber Risk
When looking at the cyber threat landscape, retail is flagged as highly vulnerable due to the sheer volume and type of data it holds, making it a lucrative target for financial fraud and supply chain attacks. The ease with which criminals can rationalize these attacks is a major issue.
“In 2024, the Kroger data breach alone impacted over 50 million customers. This was followed in 2025 by Walgreens and Macy’s, with millions more records exposed in separate, high-profile incidents.”
Retail has more of an opportunity for bad actors because of the sheer amount of financial data, payment systems, customer PII, and loyalty programs, which create a big target. Retailers need to really embed cyber into the core of the business strategy in order to combat the cyber threat landscape.
3. Aviation Cyber Risk
Aviation, a sector often overlooked, presents unique and dangerous cyber exposures. Patrick underscored that disruption here causes a cascading effect across many other sectors, making the pressure to pay ransoms extremely high.
“The cost of a cyber attack costs $20 billion by 2021, and bad actors understand that airlines cannot afford downtime, which is a huge incentive for ransom.”
Due to the reliance on interconnected, often older systems, preparation must be exhaustive. From a preparedness perspective, airlines need to think about embedding contingency plans, insurance coverage, business interruption modeling, and proactive cyber hygiene into daily operations.
Conclusion
Patrick concluded with a unified message for all sectors: “Cybercrime is not slowing down anytime soon.” The key to survival is not technical innovation alone, but a fundamental shift in strategy.
Patrick Milnamow’s session took place at the 2025 Cyber Insurance Bootcamp. It brought together top industry minds for an intensive, no-nonsense learning experience focused on the trends that will shape cyber risk in 2026.
