By Jessica Lyons
Publication Date: 2025-10-28 23:27:00
Organizations using Cisco and Citrix VPN devices were nearly seven times as likely to suffer a ransomware infection over a 15-month period, according to At-Bay, a provider of cyber insurance and a vendor of managed detection and response products.
“When compared to businesses without a VPN detected, organizations using Cisco or Citrix were 6.8X more likely to fall victim to an attack,” according to At-Bay’s 2025 InsurSec Report [PDF], which notes that Cisco and Citrix held the top spots in last year’s report, too.
We’re not suggesting these products are inherently insecure, but they are complex
These numbers reflect ransomware insurance claims made between January 2024 and March 2025, and the report’s overall findings come from At-Bay’s analysis of “more than 100,000 policy years of cyber claims data.” While it doesn’t say how many organizations this includes, the company has about 40,000 customers in the US.
Neither Cisco nor Citrix responded to The Register‘s requests for…
