Category: 3. Business

By Amy Hogan-Burney, Corporate Vice President, Customer Security & Trust

• In the first half of 2025, Microsoft data showed Canada ranked 6th globally among countries where customers were most frequently impacted by cyber activity.
• In the first half of 2025, Microsoft data showed Canada ranked second among countries where customers were most frequently impacted by cyber activity in the Americas (inclusive of North and South America).
• In the first half of 2025, Microsoft data showed Canada accounted for approximately 7.9% of customers impacted by cyber activity in the Americas (inclusive of North and South America).

In 80% of the cyber incidents Microsoft’s security teams investigated last year, attackers sought to steal data—a trend driven more by financial gain than intelligence gathering. According to the latest Microsoft Digital Defense Report, written with our Chief Information Security Officer Igor Tsyganskiy, over half of cyberattacks with known motives were driven by extortion or ransomware. That’s at least 52% of incidents fueled by financial gain, while attacks focused solely on espionage made up just 4%. Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit.

Every day, Microsoft processes more than 100 trillion signals, blocks approximately 4.5 million new malware attempts, analyzes 38 million identity risk detections, and screens 5 billion emails for malware and phishing. Advances in automation and readily available off-the-shelf tools have enabled cybercriminals—even those with limited technical expertise—to expand their operations significantly. The use of AI has further added to this trend with cybercriminals accelerating malware development and creating more realistic synthetic content, enhancing the efficiency of activities such as phishing and ransomware attacks. As a result, opportunistic malicious actors now target everyone—big or small—making cybercrime a universal, ever-present threat that spills into our daily lives.

In this environment, organizational leaders must treat cybersecurity as a core strategic priority—not just an IT issue—and build resilience into their technology and operations from the ground up. In our sixth annual Microsoft Digital Defense Report, which covers trends from July 2024 through June 2025, we highlight that legacy security measures are no longer enough; we need modern defenses leveraging AI and strong collaboration across industries and governments to keep pace with the threat. For individuals, simple steps like using strong security tools—especially phishing-resistant multifactor authentication (MFA)—makes a big difference, as MFA can block over 99% of identity-based attacks. Below are some of the key findings.

Critical services are prime targets with a real-world impact

Malicious actors remain focused on attacking critical public services—targets that, when compromised, can have a direct and immediate impact on people’s lives. Hospitals and local governments, for example, are all targets because they store sensitive data or have tight cybersecurity budgets with limited incident response capabilities, often resulting in outdated software. In the past year, cyberattacks on these sectors had real-world consequences, including delayed emergency medical care, disrupted emergency services, canceled school classes, and halted transportation systems.

Ransomware actors in particular focus on these critical sectors because of the targets’ limited options. For example, a hospital must quickly resolve its encrypted systems, or patients could die, potentially leaving no other recourse but to pay. Additionally, governments, hospitals, and research institutions store sensitive data that criminals can steal and monetize through illicit marketplaces on the dark web, fueling downstream criminal activity. Government and industry can collaborate to strengthen cybersecurity in these sectors—particularly for the most vulnerable. These efforts are critical to protecting communities and ensuring continuity of care, education, and emergency response.

Nation-state actors are expanding operations

While cybercriminals are the biggest cyber threat by volume, nation-state actors still target key industries and regions, expanding their focus on espionage and, in some cases, on financial gain. Geopolitical objectives continue to drive a surge in state-sponsored cyber activity, with a notable expansion in targeting communications, research, and academia.

Key insights:

• China is continuing its broad push across industries to conduct espionage and steal sensitive data. State-affiliated actors are increasingly attacking non-governmental organizations (NGOs) to expand their insights and are using covert networks and vulnerable internet-facing devices to gain entry and avoid detection. They have also become faster at operationalizing newly disclosed vulnerabilities.
• Iran is going after a wider range of targets than ever before, from the Middle East to North America, as part of broadening espionage operations. Recently, three Iranian state-affiliated actors attacked shipping and logistics firms in Europe and the Persian Gulf to gain ongoing access to sensitive commercial data, raising the possibility that Iran may be pre-positioning to have the ability to interfere with commercial shipping operations.
• Russia, while still focused on the war in Ukraine, has expanded its targets. For example, Microsoft has observed Russian state-affiliated actors targeting small businesses in countries supporting Ukraine. In fact, outside of Ukraine, the top ten countries most affected by Russian cyber activity all belong to the North Atlantic Treaty Organization (NATO)—a 25% increase compared to last year. Russian actors may view these smaller companies as possibly less resource-intensive pivot points they can use to access larger organizations. These actors are also increasingly leveraging the cybercriminal ecosystem for their attacks.
• North Korea remains focused on revenue generation and espionage. In a trend that has gained significant attention, thousands of state-affiliated North Korean remote IT workers have applied for jobs with companies around the world, sending their salaries back to the government as remittances. When discovered, some of these workers have turned to extortion as another approach to bringing in money for the regime.

The cyber threats posed by nation-states are becoming more expansive and unpredictable. In addition, the shift by at least some nation-state actors to further leveraging the cybercriminal ecosystem will make attribution even more complicated. This underscores the need for organizations to stay abreast of the threats to their industries and work with both industry peers and governments to confront the threats posed by nation-state actors.

2025 saw an escalation in the use of AI by both attackers and defenders

Over the past year, both attackers and defenders harnessed the power of generative AI. Threat actors are using AI to boost their attacks by automating phishing, scaling social engineering, creating synthetic media, finding vulnerabilities faster, and creating malware that can adapt itself. Nation-state actors, too, have continued to incorporate AI into their cyber influence operations. This activity has picked up in the past six months as actors use the technology to make their efforts more advanced, scalable, and targeted.

For defenders, AI is also proving to be a valuable tool. Microsoft, for example, uses AI to spot threats, close detection gaps, catch phishing attempts, and protect vulnerable users. As both the risks and opportunities of AI rapidly evolve, organizations must prioritize securing their AI tools and training their teams. Everyone—from industry to government—must be proactive to keep pace with increasingly sophisticated attackers and to ensure that defenders keep ahead of adversaries.

Adversaries aren’t breaking in; they’re signing in

Amid the growing sophistication of cyber threats, one statistic stands out: more than 97% of identity attacks are password attacks. In the first half of 2025 alone, identity-based attacks surged by 32%. That means the vast majority of malicious sign-in attempts an organization might receive are via large-scale password guessing attempts. Attackers get usernames and passwords (“credentials”) for these bulk attacks largely from credential leaks.

However, credential leaks aren’t the only place where attackers can obtain credentials. This year, we saw a surge in the use of infostealer malware by cybercriminals. Infostealers can secretly gather credentials and information about your online accounts, like browser session tokens, at scale. Cybercriminals can then buy this stolen information on cybercrime forums, making it easy for anyone to access accounts for purposes such as the delivery of ransomware.

Luckily, the solution to identity compromise is simple. The implementation of phishing-resistant multifactor authentication (MFA) can stop over 99% of this type of attack even if the attacker has the correct username and password combination. To target the malicious supply chain, Microsoft’s Digital Crimes Unit (DCU) is fighting back against the cybercriminal use of infostealers. In May, the DCU disrupted the most popular infostealer—Lumma Stealer—alongside the US Department of Justice and Europol.

Moving forward: Cybersecurity is a shared defensive priority

As threat actors grow more sophisticated, persistent, and opportunistic, organizations must stay vigilant, continually updating their defenses and sharing intelligence. Microsoft remains committed to doing its part to strengthen our products and services via our Secure Future Initiative. We also continue to collaborate with others to track threats, alert targeted customers, and share insights with the broader public when appropriate.

However, security is not only a technical challenge but a governance imperative. Defensive measures alone are not enough to deter nation-state adversaries. Governments must build frameworks that signal credible and proportionate consequences for malicious activity that violates international rules. Encouragingly, governments are increasingly attributing cyberattacks to foreign actors and imposing consequences such as indictments and sanctions. This growing transparency and accountability are important steps toward building collective deterrence. As digital transformation accelerates—amplified by the rise of AI—cyber threats pose risks to economic stability, governance, and personal safety. Addressing these challenges requires not only technical innovation but coordinated societal action.

Marsh’s Trade Credit Report 2025 discusses the UK’s trade credit landscape in detail.

Why credit insurance adoption is relatively low in professional services

Despite many businesses increasingly exposing themselves to greater risk than they are comfortable with to drive growth, not all opt for trade credit insurance. Marsh research found that only 62% of professional services firms hold trade credit insurance. This adoption rate is notably lower than in other sectors, with 80% of manufacturing firms, 70% of life science firms, and 66% of technology firms buying coverage.

Two key factors contribute to the relatively low uptake of trade credit cover among professional services companies.

1.       Limited awareness of trade credit insurance: Our survey revealed that 44% of professional services firms are only somewhat familiar with credit insurance and its benefits. Trade credit insurance remains an overlooked asset within the sector, with many businesses not prioritising this coverage as part of their growth strategy.

2.       Funding facilities are prioritised over insurance: Many professional services companies focus on sourcing funding facilities — the loans obtained by using trade debtors (outstanding customer invoices) as collateral — instead of insurance. Essentially, businesses borrow money based on the value of the payments they expect to receive from their clients. This allows them to access cash quickly without waiting for customers to pay. For many professional service companies that use trade debtors, these facilities represent the largest asset on their balance sheets.

How professional services firms can benefit from a trade credit policy

Trade credit insurance is delivering positive business outcomes across multiple industries in the UK, and the professional services and business sector stands to benefit in the same way. The benefits of trade credit insurance for professional services companies include:

Supports business growth: Trade credit insurance enables professional service firms to extend credit terms without fearing catastrophic losses, thereby facilitating growth and expansion. It provides a cushion against widespread payment failures, helping to maintain stability in uncertain times.

Covers debt collection costs: Many trade credit insurance policies include coverage for debt collection expenses. In 70% of debt collection cases within professional services firms, companies rely on third parties to manage the process, which involves chasing late payments, negotiating repayment plans, and escalating legal action if necessary.

This reliance is significantly higher than in other sectors, such as manufacturing (52%), construction (58%), and food and beverage (46%). The high dependence on external agencies increases the financial risk and burden, especially as collection costs rise. For the companies surveyed by Marsh, debt collection costs average £368,400 per year, with nearly all finance directors reporting that these costs are increasing.

Provides creditworthiness assessments of potential clients: Insurers provide creditworthiness evaluations of prospective clients, which, together with a firm’s own risk assessment checks, reduce the chance of entering into contracts with high-risk customers.

Facilitates negotiations with funding providers: The cover also supports negotiations with funding providers, helping to strengthen essential working capital requirements.

Trade credit insurance: Key to resilience in professional and business services

Professional services companies can maintain robust and up-to-date credit management procedures regardless of whether they have credit insurance. However, our research shows that leaders view trade credit insurance as a vital enabler for stability and growth. Companies without trade credit insurance may be missing out on significant benefits, as those with coverage in our survey reported fewer negative impacts from economic challenges.

In today’s risk environment, an increasing number of insurers offer tailored trade credit policies, particularly for larger businesses. Non-payment insurance provides greater confidence to pursue opportunities in uncertain times, making it a valuable consideration for professional services firms.

For more information on insuring your firm against non-payment risk, please contact your Marsh advisor.

IMF Staff Reaches Staff Level Agreement with Armenia on the Sixth Review of the 2022-25 Stand-By Arrangement (SBA) and request of a new 3-year SBA

October 16, 2025

• IMF staff and the Armenian authorities have reached a staff-level agreement on the sixth review under the current Stand-By Arrangement (SBA) as well as on policies under a new 3-year SBA.
• The new SBA, which the Armenian authorities intend to treat as precautionary, aims to support continuity in the government’s policy and reform agenda to maintain macroeconomic stability and foster sustainable and inclusive growth.
• Policy priorities include enhancing economic resilience, advancing a gradual fiscal consolidation by mobilizing tax revenues and prioritizing spending to maintain a moderate debt level, strengthening institutional frameworks, and continuing structural reforms to boost labor productivity, enhance trade diversification, and improve the overall business environment.

Yerevan, Armenia: An International Monetary Fund (IMF) team led by Alexander Tieman visited Yerevan from September 17-30, 2025, to conduct discussions for the Sixth review under the current Stand-By Arrangement (SBA) with Armenia and the authorities’ request of a new 36-month SBA. At the conclusion of the discussions, Mr. Tieman issued the following statement:

“The IMF team and the Armenian authorities have reached a staff-level agreement on policies for the completion of the sixth review under the three-year SBA as well as for a new 36-month, SDR 128.8 million (about US$175 million) SBA, which will continue to support Armenia’s economic reform program. The agreement is subject to approval by the IMF’s Executive Board later this year.  

“Armenia’s economic activity remains robust, with real GDP growth of 5.6 percent in the first half of the year, driven by buoyant consumption and investment as well as strong tourism arrivals. Employment growth has remained steady, and inflation has temporarily picked up to 3.7 percent y/y in September, driven largely by food and services prices. The current account deficit has remained stable, reflecting strong domestic demand and normalization of goods trade, offset by strong tourism. Prudent execution of the 2025 budget has resulted in a small overall fiscal deficit of 0.4 percent of GDP through June 2025, which was lower than projected on the back of robust tax revenue performance, buoyed by strong economic activity, alongside under-execution in both current and capital expenditures. Central government debt remains moderate at 48 percent of GDP at end 2024. The banking system is highly profitable and features strong capital and liquidity buffers.

“Real GDP growth is expected to remain strong reaching about 5 and 5.5 percent in 2025 and 2026, respectively. Inflation is expected to remain around the Central Bank of Armenia’s (CBA) target by end-2025. Risks to this outlook stem mainly from the uncertainty related to the ongoing global trade tensions and potential slowdown in the growth of trading partners, and regional geopolitical risks. On the upside, growth could exceed expectations if net exports perform better than anticipated and if transport links underpinning the peace declaration are implemented more swiftly.  

“The draft 2026 budget targeting a deficit of 4.5 percent of GDP, aims to preserve macro-fiscal stability while supporting Armenia’s priority spending needs, including on social protection, security, health, education, and infrastructure. Over the medium term, careful expenditure prioritization alongside tax policy efforts and strengthened revenue administration will continue to support a gradual fiscal consolidation to maintain debt at a moderate level. Reforms to strengthen medium-term fiscal planning, enhance public financial management—including through robust fiscal risk management and transparency—and bolster the public investment management framework remain critical to support fiscal efforts.

“Amid contained inflationary pressures and anchored inflation expectations, the current monetary policy stance is appropriate. In view of the significant uncertainty, the Central Bank of Armenia (CBA) should continue to monitor closely economic developments and inflation expectations and stand ready to adjust its policy rate as needed. The flexible exchange rate remains a key shock absorber, and the authorities’ commitment to maintaining adequate international reserve buffers is welcome. The CBA continues to vigilantly monitor financial sector risks and to upgrade its supervisory toolkit and capacity, including related to crypto assets.

“The government’s structural reform agenda appropriately focuses on strengthening economic resilience and fostering inclusive growth, including by boosting labor force participation among vulnerable populations, encouraging diversification in the country’s export basket and markets, and improving the business environment. Achieving these objectives requires timely and effective implementation of the authorities’ employment and export strategies, prioritizing governance reforms, and upgrading the insolvency framework to support quality investments.

“The IMF team thanks the Armenian authorities, private sector, development partners, and the diplomatic community for fruitful discussions and cooperation.”

 

 

 

The combination of teclistamab-cqyv (Tecvayli) and daratumumab and hyaluronidase-fihj (subcutaneous daratumumab; Darzalex Faspro) demonstrated an improvement in progression-free survival (PFS) and overall survival (OS) compared with subcutaneous daratumumab plus pomalidomide and dexamethasone (DPd) or subcutaneous daratumumab plus bortezomib and dexamethasone (DVd) in patients with relapsed or refractory multiple myeloma who received 1 to 3 prior lines of therapy, according to topline data from the phase 3 MajesTEC-3 trial (NCT05083169).¹

Additionally, the safety profile of teclistamab with daratumumab was consistent with the known safety profiles of each agent as monotherapy. Full results from the phase 3 study are expected to be presented at an upcoming medical meeting and submitted to global health authorities for review.

“[Teclistamab] is the most utilized BCMA[-targeted] bispecific [antibody] in later lines of myeloma treatment, supported by extensive clinical and real-world evidence. These results [from MajesTEC-3] demonstrate the clinical benefits of teclistamab in earlier lines when used in combination, as evidenced by meaningful PFS and OS outcomes,” Maria-Victoria Mateos, MD, PhD, a consultant physician in Hematology at the University Hospital of Salamanca, stated in a news release. ” [Teclistamab and subcutaneous daratumumab] uniquely work together to target both BCMA and CD38 simultaneously, priming and activating the immune system and eliminating myeloma cells.”

In October 2022, the FDA granted accelerated approval to teclistamab for the treatment of adult patients with relapsed or refractory multiple myeloma who have received at least 4 previous lines of therapy, including a proteasome inhibitor (PI), an immunomodulatory agent, and an anti-CD38 monoclonal antibody.²

Teclistamab Plus Daratumumab in R/R Multiple Myeloma

• MajesTEC-3 showed teclistamab plus subcutaneous daratumumab improved PFS and OS vs DPd or DVd in relapsed/refractory multiple myeloma after 1 to 3 prior lines of therapy.

• The safety profile of the combination was consistent with the known profiles of each agent as monotherapy.

• Full data will be presented at an upcoming medical meeting.

What was the design of the MajesTEC-3 trial?

The phase 3 MajesTEC-3 trial was a randomized, open-label study designed to evaluate the efficacy and safety of teclistamab plus subcutaneous daratumumab compared with DPd or DVd in patients with relapsed or refractory multiple myeloma.³

Eligible patients were required to have a confirmed diagnosis of multiple myeloma after 1 to 3 prior lines of therapy that included a proteasome inhibitor (PI) and lenalidomide (Revlimid). Those who received only 1 prior line of therapy needed to be refractory to lenalidomide. Other key inclusion criteria comprised evidence of progressive disease, an ECOG performance status of 0 to 2, and adequate laboratory values.

Participants were randomly assigned to receive either teclistamab/daratumumab or investigator’s choice of DPd or DVd. In the experimental arm, step-up doses of teclistamab were administered prior to the first full dose.

Along with the primary end point of PFS and key secondary end point of OS, other secondary end points included overall response rate, very good partial response or better rate, complete response or better rate, minimal residual disease–negativity rate, time to second disease progression, PFS on next line of therapy, time to next treatment, duration of response, and safety.

“The MajesTEC-3 study results of [teclistamab and daratumumab], two of our most important agents, demonstrate Johnson & Johnson’s leadership in developing regimens with complementary and synergistic mechanisms of action for patients with multiple myeloma. We are confident this combination is poised to be a new standard of care option,” Yusri Elsayed, MD, MHSc, PhD, global therapeutic area head of Oncology at Johnson & Johnson Innovative Medicine, added in a news release.¹ “The increase in PFS and OS is another example of how our portfolio is fundamentally transforming how patients with multiple myeloma are treated.”

References

1. Tecvayli plus Darzalex Faspro combination regimen significantly improves progression-free survival and overall survival versus standard of care. News release. Johnson & Johnson. October 16, 2025. Accessed October 16, 2025. https://www.jnj.com/media-center/press-releases/tecvayli-plus-darzalex-faspro-combination-regimen-significantly-improves-progression-free-survival-and-overall-survival-versus-standard-of-care
2. FDA approves teclistimab-cqyv for relapsed or refractory multiple myeloma. FDA. October 25, 2022. Accessed October 16, 2025. https://www.fda.gov/drugs/resources-information-approved-drugs/fda-approves-teclistamab-cqyv-relapsed-or-refractory-multiple-myeloma
3. A study of teclistamab in combination with daratumumab subcutaneously (SC) (Tec-Dara) versus daratumumab SC, pomalidomide, and dexamethasone (DPd) or daratumumab SC, bortezomib, and dexamethasone (DVd) in participants with relapsed or refractory multiple myeloma (MajesTEC-3). ClinicalTrials.gov. Updated October 10, 2025. Accessed October 16, 2025. https://clinicaltrials.gov/study/NCT05083169

When Chinese AI startup DeepSeek became a global sensation in January, it not only shocked Silicon Valley but also startled ByteDance, TikTok’s parent company. The Chinese tech giant had already launched Doubao, its own flagship AI assistant app with tens of millions of users. But when DeepSeek became the best-known Chinese AI company overnight, no one was talking about Doubao anymore.

Now, ByteDance has gotten its revenge. By August, Doubao regained the throne as the most popular AI app in China with over 157 million monthly active users, according to QuestMobile, a Chinese data intelligence provider. DeepSeek, with 143 million monthly active users, slipped to second place. The same month, venture capital firm a16z also ranked Doubao as the fourth-most-popular generative AI app globally, just behind the likes of ChatGPT and Google’s Gemini.

Doubao, which launched in 2023, was deliberately designed to be personable. Unlike most popular AI chatbots, Doubao’s app icon features a human-looking avatar—a female cartoon character with a short bob that greets people when they open the app for the first time. The name Doubao literally translates to “steamed bun with bean paste,” mimicking “the nickname a user would give to an intimate friend,” ByteDance vice president Alex Zhu said in a public speech in 2024.

Compared to Western AI apps, “there’s a warmer, more welcoming feel,” says Dermot McGrath, a Shanghai-based investor and technologist. “ChatGPT, for example, feels like a tool you open to complete a task and then close again. Doubao has more features and a more colorful user interface that keeps you interested longer.”

The Everything App

Doubao offers users a little bit of everything—it’s like ChatGPT, Midjourney, Sora, Character.ai, TikTok, Perplexity, Copilot, and more in a single app. It can chat via text, audio, and video; it can generate images, spreadsheets, decks, podcasts, and five-second videos; it allows anyone to customize an AI agent for specific scenarios and host it on Doubao’s platform for others to use. One of the most important things about the app, however, is that it’s deeply integrated with Douyin, the Chinese version of TikTok, allowing it to both attract users from the video platform and send traffic back to it.

Somehow, ByteDance’s ambitiously sprawling strategy for Doubao has turned out to be exactly what Chinese users wanted. A little over two years since its launch, Doubao has quietly become the AI app that Chinese people—particularly those who aren’t very AI savvy—are actually using. But it has almost no name recognition in the West.

“It’s marketed at people who are not the most technologically informed, people who may prefer voice chat and video interaction over text,” says Irene Zhang, a researcher at ChinaTalk, a newsletter about Chinese tech. “Some of the earliest Doubao users I heard of were my friends’ grandmothers and aunties.”

An IAEA meeting on the Generic RoadMap project, which supports nuclear newcomer countries in developing nuclear safety infrastructure, highlighted the critical role of capacity building in sustaining national safety infrastructure.

“As countries look for ways to address their energy needs,  nuclear power is attracting increasing attention,” said Anna Bradford, Director of the IAEA Division of Nuclear Installation Safety. “New modalities and initiatives are needed to support efforts to strengthen the global nuclear safety regime.”

The Generic RoadMap

Launched in 2020, the Generic RoadMap (GRM) is part of the IAEA’s efforts to strengthen nuclear safety infrastructure. The GRM guides countries embarking on a nuclear power programme with practical information on how to establish and maintain a comprehensive national nuclear safety infrastructure. This includes practical guidance and information on implementing actions recommended in SSG-16 (Rev.1) to establish and maintain the safety infrastructure for an initial nuclear reactor while meeting all applicable safety requirements.

The GRM is supported by training materials, peer review services and a series of topical publications that complement IAEA safety standards. These resources incorporate lessons learned, challenges identified and solutions implemented by countries that have embarked on or expanded nuclear programs.

Establishing and Integrating Safety Infrastructure

The draft GRM Safety Report, which provides guidance to member countries on meeting IAEA safety standards, was presented to global experts attending the event. The report takes a strategic approach that outlines priorities and associated tasks within a typical timeline from planning to operation. Discussions focused on how to establish and integrate safety infrastructure for a nuclear power plant programme, with presentations on all phases of nuclear reactor projects, from pre-planning to construction and operation. 

Designed to be flexible and scalable, the report’s guidance addresses the needs of both embarking and expanding countries. Member countries with established safety infrastructure were encouraged to conduct a tailored gap analysis to ensure that safety measures are adapted according to their specific contexts.

“The GRM can be utilized by Member States at various levels of ‘nuclear maturity’ and across different phases to establish or enhance their nuclear safety infrastructure,” said Idris Yau Usman, the meeting’s  Co-chair and Chairman of the Nigerian Nuclear Regulatory Authority, adding that “it supports the integration of lessons learned, helps avoid common challenges and promotes the harmonization of international regulatory practices.”