WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting
WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting

Top Cybersecurity Statistics for 2025

Dec 23, 2024
Est Read Time: 14 min
Jacob Fox

Our 2025 cybersecurity statistics show a continuation of trends we identified in our top cybersecurity statistics for 2024, with AI accelerating existing tendencies. As cybercriminals diversify and optimize their tactics, the cost of cybercrime keeps rising, on track to reach a staggering $15.63 trillion by 2029. Increasing ransomware attacks on key industries, sophisticated phishing schemes, and regulatory tightening serve as stark reminders of the need for vigilance and adoption of advanced technologies to stay ahead of emerging threats.

Below are over 100 cybersecurity statistics to provide a look at what we can expect in 2025 if current trends hold.

Cost and Frequency of Cyber Attacks

  1. Worldwide cybercrime costs are estimated to hit $10.5 trillion annually by 2025, emphasizing the need for enhanced cybersecurity measures (Statista).
  2. Cybercrime losses reported to the FBI's Internet Crime Complaint Center (IC3) increased 22% between 2022 and 2023 (Federal Bureau of Investigation).
  3. In 2024, the global average cost of a data breach was $4.88 M.(IBM).
  4. Breach costs increased 10% from 2023, the highest increase since the pandemic. (IBM)
  5. The second quarter of 2024 saw a 30% increase in cyberattacks compared to Q2 2023, the highest increase in the last two years (Check Point Research).
  6. 70% of data breaches caused significant or very significant disruptions. (IBM)
  7. Global cyber insurance premiums are projected to grow from $14 billion in 2023 to $29 billion by 2027 (Munich RE)
  8. When remote work is a factor in causing a data breach, the average cost per breach is $173,074 higher, underscoring the cybersecurity challenges in the evolving work landscape (IBM).

Ransomware Statistics

  1. 59% of all organizations were hit by ransomware attacks over the last year (Sophos).
  2. Ransomware costs are projected to reach around $265 billion USD annually by 2031, significantly up from $20 billion in 2021 (Cybersecurity Ventures).
  3. Ransomware attacks increasingly target organizations of all sizes, with 47% of organizations with revenue under $10 million reporting attacks over the past year (Sophos).
  4. Industries targeted by ransomware attackers are led by healthcare, financial services, industrial, technology, and energy (IBM).
  5. Ransomware attacks targeting manufacturers rose to 29% of publicly extorted victims globally in Q2 2024, a 56% year-over-year increase (Check Point).
  6. Nearly half (47%) of companies have a policy to pay ransoms associated with cybersecurity threats (CFO).
  7. 62% of C-suite leadership see ransomware as the number one concern (CFO).
  8. Ransomware recovery costs averaged $3.58 million (Sophos).
  9. 63% of ransomware attackers demanded $1 million or more, and 30% demanded over $5 million (Sophos).
  10. Ransomware bills increased five times over the last year (Sophos).
  11. Exploited vulnerabilities represented the most common ransomware attack vector, followed by compromised credentials and malicious emails (Sophos).
  12. 63% of organizations that involve law enforcement avoid paying ransomware costs (IBM).
  13. Organizations that involve law enforcement save an average $1 million in ransomware payments (IBM).

Phishing Statistics

  1. Phishing represents the most common email attack method, accounting for over a third of cyberattacks (Hornetsecurity).
  2. Phishing accounts for 33% of cloud-related security incidents, which typically deploy adversary-in-the-middle (AitM) attacks (IBM).
  3. Attackers most frequently impersonate shipping brands such as DHL and FedEx, with other brands seeing increased impersonations including DocSign, Facebook, Mastercard, and Netflix (Hornetsecurity).
  4. Malicious file types are led by HTML, PDFs, and archive files (Hornetsecurity).
  5. Use of malicious file types has decreased as attackers have shifted to reverse-proxy credential theft attacks that redirect users to fake log-in pages (Hornetsecurity).
  6. 25% of business email compromise (BEC) attacks in Q1 2024 targeted organizations that did not have multi-factor authentication (MFA), compared to 58% in 2023, reflecting both increased security measures by organizations and increasing attacker reliance on reverse-proxy credential theft to bypass MFA (ArcticWolf).

Business Interruption and Security Investments

  1. Cybersecurity is part of the core transformation team in 53% of organizations, indicating integration of cybersecurity in strategic business initiatives (Accenture).
  2. 53% of organizations require cybersecurity clearance before deploying any solution, showing a proactive approach to cyber risk management (Accenture).
  3. 35% of organizations embed security controls in all transformation initiatives from the beginning, while 18% deployed security after the event, indicating varying approaches to cybersecurity in digital transformation (Accenture).
  4. 44% of business leaders emphasize the importance of CISOs in translating technical aspects of cybersecurity to CEOs and Boards, reflecting the growing strategic importance of cybersecurity in organizational decision-making (Accenture).
  5. Business email compromise targets 70% of organizations and accounts for 25% of incidents, making it the top attack vector (Arctic Wolf).
  6. The rise of business email compromise attacks reflects attackers shifting tactics in response to law enforcement crackdowns on ransomware attacks (Arctic Wolf).
  7. Incidents involving data exfiltration doubled between 2019 and 2022 and continued to increase in 2023(Allianz).

Geopolitical Influences in Cybersecurity

  1. 97% of organizations saw an increase in cyber threats since the start of the Russia-Ukraine war in 2022, demonstrating the profound effect of geopolitical tensions on cybersecurity (Accenture).
  2. Following the escalation of the Russia-Ukraine conflict, 51% of organizations updated their business continuity and enterprise risk plans, indicating the need for revised strategies in the face of changing geopolitical dynamics (Accenture).
  3. In Q2 2024, cyberattacks increased most in Latin America (53% year-over-year), Africa (37%), and Europe (35%) (Check Point Research).
  4. North American experienced the majority of ransomware attacks (58%) (Check Point Research).

Industry-Specific Cybersecurity Statistics


Healthcare Industry Cybersecurity

  1. Healthcare data breaches have increased steadily over the last 14 years, with each year since 2021 exceeding the previous year's records (The HIPAA Journal).
  2. Healthcare was the third most targeted industry for cyberattacks in the second quarter of 2024 (Check Point Research).
  3. Data breach severity continues to increase, with 2023 seeing a record  133 million records exposed, stolen, or otherwise disclosed without authorization (The HIPAA Journal).
  4. 2023 breaches included 26 data breaches of over 1 million records and four breaches of over 8 million records, the largest affecting 11,270,000 individuals and representing the second-biggest healthcare breach ever. (The HIPAA Journal).
  5. Hacking has become the leading cause of healthcare breaches, accounting for 79.7% of all data breaches in 2023 (The HIPAA Journal).
  6. Healthcare breaches cost $10.93 million in 2023 (The HIPAA Journal).
  7. The average cost of a healthcare breach fell to $9.77 million in 2024, and 10.6% year-over-year decline from $10.93 million in 2023 (The HIPAA Journal).
  8. An estimated 90% of healthcare facilities will have migrated to the cloud by 2025 (DuploCloud).

Manufacturing

  1. Manufacturing was the most targeted industry in the first half of 2024, seeing a 41% increase in attacks (Ontinue).
  2. Manufacturing led all other industries in ransomware and database leak attacks in the first half of 2024. (Critical Start),
  3. Manufacturing accounted for 29% of global ransomware attacks in Q2 2024, a 56% year-over-year increase (Check Point Research).
  4. Attackers targeting manufacturing industry victims typically gained initial access through spearphishing attachments and exploitation of remote services and public-facing applications (Critical Start).

Finance and Insurance

  1. System intrusion, miscellaneous errors, and social engineering represent the top attack vectors in the finance and insurance industries (Verizon).
  2. Business email compromise attacks increasingly target the financial services industry, which led other industries in BEC attacks in the first quarter of 2024 (Arctic Wolf).
  3. The financial services industry reported 122 ransomware attacks in 2023 (Federal Bureau of Investigation).
  4. 78% of financial services organizations experienced ransomware attacks over the past year (Bridewell).
  5. The financial industry accounted for 7% of published ransomware attacks in the second quarter of 2024, a decline of 8% year-over-year (Check Point Research).
  6. Financial service providers have become prime targets for deepfake audio voice cloning attacks (Critical Start).
  7. 75% of financial and insurance attacks compromised clients' personal details (Verizon).
  8. Three in ten financial organizations face problems with cyberattack prevention (Picus).
  9. Cyberattack prevention effectiveness for financial organizations scored 68%, lagging behind the healthcare and manufacturing industries. (Picus).
  10. 100% of financial service organizations plan on adopting AI-driven tools (Bridewell).

Education

  1. Education experienced more cyberattacks than any other industry in the second quarter of 2024 (Check Point Research).
  2. System intrusion, social engineering, and miscellaneous errors account for 90% of educational breaches (Verizon).
  3. Over the past year, Microsoft Defender for Office 365 blocked over 15,000 emails per day targeting educational institutions with malicious QR codes (Microsoft).
  4. In the second quarter of 2024, the educational industry accounted for 6% of ransomware attacks, a decline of 3% year-over-year (Check Point Research)
  5. 83% of attacks on educational institutions target personal data (Verizon).
  6. Preparedness, staffing, and zero-trust implementation rank as the highest concerns for security professionals in the education industry (CDW).

Other Industries

  1. The top three targets for cyberattacks in the second quarter of 2024 were education/research, government/military, and healthcare (Check Point Research).
  2. In the retail industry, system intrusion, social engineering, and basic web application attacks account for 92% of breaches (Verizon).
    58% of retail attacks start with phishing (Trustwave).
  3. 47% of stolen retail user sessions leverage Amazon domains (Trustwave).
  4. 92% of retail credential access techniques use brute force attacks (Trustwave).
  5. 67% of third-party energy sector breaches stem from software and IT vendors, making this the biggest threat in the energy industry (SecurityScorecard).

IoT and DDoS Attacks

  1. Home networks face an average 10 attacks every 24 hours (Bitdefender).
  2. Smart home vulnerability risks are led by TV sets (34% of vulnerabilities), smart plugs (18%), and DVRs (13%) (Bitdefender).
  3. Denial of service attacks represent the most common type of smart home vulnerability, and buffer overflow and denial of service threats have the biggest impact on victims (Bitdefender).
  4. 99.3% of smart home attacks exploit common vulnerabilities and exposures (Bitdefender).
  5. The first half of 2024 saw a 111% increase in distributed denial of service mitigations (Imperva).
  6. The second quarter of 2024 saw a 20% year-over-year increase in DDoS attacks (Cloudflare).

AI and Cybersecurity

  1. 85% of cybersecurity professionals attribute the increase in cyberattacks to the use of generative AI by bad actors (CFO).
  2. 46% of security experts believe the integration of generative AI in business operations will increase vulnerability to cyberattacks (CFO).
  3. By 2027, 17% of cyberattacks will employ generative AI (Gartner).
  4. Concerns about AI in cybersecurity include the potential for increased privacy concerns (39%), undetectable phishing attacks (37%), and a general increase in the volume and velocity of attacks (33%) (CFO).

Read more AI-related cybersecurity statistics.

AI Pentesting

  1. Just 15% of stakeholders feel non-AI tools can detect and stop AI-generated threats (Darktrace).
  2. 70% of organizations find AI highly effective in detecting threats that were previously undetectable (Ponemon Institute).
  3. The number of pentest engagements in the U.S. and U.K. increased 31% in 2023 (Cobalt).
  4. 75% of U.S. and U.K. security practitioners adopted AI tools in 2024 (Cobalt).
  5. 53% of organizations say they're at the early stages of AI adoption, while 18% say they've completed adoption (Ponemon Institute).
  6. 57% of U.S. and U.K. security professionals say demand for AI is outpacing their ability to keep up (Cobalt).

GDPR Compliance and Violations

  1. In 2023, the General Data Protection Regulation (GDPR) imposed record fines exceeding €1.6 billion – more than the total fines imposed in 2019, 2020, and 2021 combined (Statista).
  2. Meta was fined $1.3 billion for GDPR violations in 2023 (Reuters).
  3. TikTok was fined $370 million for breaching a number of GDPR rules in 2023 (Forbes).
  4. Spotify was fined $5.4 million in 2023 (CyberNews).
  5. Uber was fined €290m in 2024 (Infosecurity Magazine).

General and Miscellaneous Statistics

  1. 55% of cybersecurity experts have reported increased stress levels due to heightened cybersecurity threats and challenges (CFO).
  2. 15.1% of organizations plan to increase spending on information security in 2025. (Gartner).
  3. Threat actors and malware families in the first half of 2024 were led by LockBit, Play, Black Basta, Akira, and 8Base, with RansomHub emerging as a major threat (Critical Start).
  4. Cybersecurity incidents now rank among the leading risks for companies of all sizes, including small, mid-size, and large companies (Allianz).
  5. Business email compromise attacks have expanded from large targets to smaller businesses (Critical Start).
  6. 48% of organizations report insider attacks becoming more frequent over the past year (Cybersecurity Insiders).
  7. Today's most prominent pro-Russian hacktivist group has focused 96% of its attacks on Europe, primarily Ukraine, Czech Republic, Spain, Poland, and Italy (Orange Cyberdefense).
  8. Ransomware cryptocurrency heists rose 2%, from $449.1 million to $459.8 million (Chainanalysis).

In closing, remember that knowing all the security statistics in the world won’t help you secure your assets. Instead, use these statistics to help receive buy-in from executives and team members trying to understand how investing in security pays dividends.

Cybersecurity Statistics FAQs

 

How many cyberattacks per day?

Microsoft reports its customers face 600 million attacks daily (Microsoft).

How many cyber attacks occur each year?

600 million attacks daily equates to over 219 trillion attacks each year.

What percentage of cyberattacks include a social engineering aspect versus a technical problem?

In the first quarter of 2024, 90% of attacks involved some type of social engineering (Avast).

Which year had the worst cyberattacks in history?

Cyberattacks grow worse every year. The FBI reports that 2023 set new records, seeing a 10% increase in complaints compared to 2022 and a 22% increase in losses suffered (Federal Bureau of Investigation). 2024 is on track to continue the trend, with a 75% increase in global attacks in the third quarter compared to 2023 (Check Point Research).

How to prepare for a cyberattack?

This is a difficult question to answer without more context but in general, cybersecurity best practices should be followed such as keeping software and operating systems updated, using strong passwords and two-factor authentication, avoiding clicking suspicious links, using encrypted communications, creating backup files, protecting your home Wi-Fi network, using antivirus software, and limiting the personal information you share online.

Read more about how to prepare for a cyberattack with a guide from FEMA.

What is the prediction for cybersecurity in 2025?

Predictions for 2024's cyber landscape include:

  • Next-gen security awareness programs geared toward generative AI in cyber threats.
  • Protection against deepfakes in cyber attacks, with attackers expected to use it for social engineering, creating false narratives, and impersonating individuals in videos or voice calls.

Explore more 2025 cybersecurity predictions created by the expert team at Cobalt.

How big is the cybersecurity market in 2025?

Gartner projects that global cybersecurity spending will reach $212 billion in 2025 (Gartner).

New call-to-action
Back to Blog
About Jacob Fox
Jacob Fox is a search engine optimization manager at Cobalt. He graduated from the University of Kansas with a Bachelor of Arts in Political Science. With a passion for technology, he believes in Cobalt's mission to transform traditional penetration testing with the innovative Pentesting as a Service (PtaaS) platform. He focuses on increasing Cobalt's marketing presence by helping craft positive user experiences on the Cobalt website. More By Jacob Fox

Related readings

Top Cybersecurity Statistics for 2024 Cover image
Top Cybersecurity Statistics for 2024
Cybersecurity Insights
Blog
Dec 8, 2023
Read more
Cover image Top 40 AI Cybersecurity Statistics
Top 40 AI Cybersecurity Statistics
Cybersecurity Insights , LLM Security
Blog
Oct 10, 2024
Read more
Cybersecurity statistics for 2023 cover image
Cybersecurity Statistics for 2023
Cybersecurity Insights
Blog
Dec 27, 2022
Read more
see more

Never miss a story

Stay updated about Cobalt news as it happens