Organizations using Cisco and Citrix VPN devices were nearly seven times as likely to suffer a ransomware infection over a 15-month period, according to At-Bay, a provider of cyber insurance and a vendor of managed detection and response products.

"When compared to businesses without a VPN detected, organizations using Cisco or Citrix were 6.8X more likely to fall victim to an attack," according to At-Bay’s 2025 InsurSec Report [ PDF ], which notes that Cisco and Citrix held the top spots in last year's report, too.

We're not suggesting these products are inherently insecure, but they are complex

These numbers reflect ransomware insurance claims made between January 2024 and March 2025, and the report's overall findings come from At-Bay's analysis of "more than 100,000 policy years of c

See Full Page