Cybersecurity Statistics, Facts, Insights And Trends (2025)

Introduction

Cybersecurity Statistics: In simple terms, cybersecurity means protecting individuals in the digital space, and the scary part is that cybersecurity threats are accelerating at an unimaginable rate. Those days are gone when a simple firewall and antivirus software were enough to protect your digital well-being.

But today, we live in a world where every click you make, every transaction you conduct, is a potential target. So to avoid all these kinds of threats, we have to make sure all of our data is protected, so I’m going to walk you through all of the cybersecurity statistics to date. Let’s discuss everything we know till now. Let’s get into it.

Editor’s Choice

• The global cost of cybercrime is projected to reach $10.5 trillion annually by 2025, a 15% YOY increase, making it a larger economy than most countries.
• The average cost of a data breach is at an all-time high of $4.88 million as of 2024, showing a significant 10% jump from the previous year.
• Breaches that involve a remote work factor cost an average of $173,074 more than those that don’t, which directly links the shift to hybrid work to a greater financial risk.
• The healthcare industry has the highest average cost of a data breach for the 14th consecutive year, with costs ranging to $10.9 million per incident in 2023.
• Organizations with a high level of cybersecurity skills shortages experienced a 20% increase in breach costs, with the average cost reaching $5.36 million.
• It takes an average of 258 days for security teams to identify and contain a data breach, and this extended timeline is a major factor in the total cost.
• Businesses with fewer than 500 employees saw the average cost of a breach rise to $3.31 million, a 13.4% increase, which proves that small businesses are not safe from financial harm.
• The global cyber insurance market is projected to grow from $20.88 billion in 2024 to over $120 billion by 2032, demonstrating how businesses are increasingly relying on insurance to manage risk.
• The average ransom payment jumped to an alarming $2 million in 2024, and a shocking 94% of initial ransom demands were paid by organizations.
• 43% of businesses lost existing customers because of a cybersecurity attack, highlighting the significant reputational and long-term consequences beyond immediate financial losses.
• Phishing remains a primary attack vector, initiating a massive 80 to 95% of all human-associated breaches and accounting for nearly 30% of all global breaches.
• A new security vulnerability is identified and published every 17 minutes, with more than 30,000 new vulnerabilities recorded in 2024 alone.
• The use of AI in phishing attacks is a major trend, with 73% of phishing emails analyzed in 2024 using some form of AI, making them more difficult to detect.
• Ransomware accounted for 59% of all cyberattacks in 2024, with its frequency predicted to hit a business or consumer every 2 seconds by 2031.
• The manufacturing sector experienced 638 ransomware attacks in 2023, making it the most targeted industry for this type of assault.
• Over 6 billion personal records were compromised between 2021 and 2023, showing the scale of data at risk in today’s scenario.
• Supply chain vulnerabilities are emerging as the top ecosystem risk, with 45% of global organizations predicted to have faced an attack on their software supply chains by 2025.
• Cloud environment intrusions increased by 75% in 2023, and more than half of all data breaches are now cloud-based, underscoring the shift in attacker focus.
• 72% of respondents in a recent survey reported an increase in organizational cyber risks, with ransomware being a top concern, linked to the growing capabilities of generative AI.
• Adversarial advances powered by generative AI are a primary concern for 47% of organizations, making the technology’s potential to facilitate more sophisticated and scalable attacks.
• The human element, including errors and misuse, is involved in 68% of breaches, making it the weakest link in the security chain.
• 5 million cybersecurity positions are expected to remain unfilled globally in 2024, a critical shortage that directly contributes to higher breach costs and a greater risk to organizations.
• Only 14% of organizations are confident that they have the people and skills they need to meet their security requirements today, highlighting a massive confidence gap.
• The global cybersecurity market is projected to grow to $562.77 billion by 2032, which demonstrates the significant investment being made to combat the escalating threats.
• 85% of organizations plan to increase their cybersecurity budgets in 2024, with nearly 1 in 5 expecting a growth of 15% or more.
• Despite the clear threat, only 37% of organizations have processes in place to assess the security of AI tools before deploying them, creating a major security gap.
• The average time to resolve a cybersecurity incident across federal agencies was 20 days, but some agencies took as long as 168 days, which highlights a significant disparity in government-level preparedness.
• 75% of security failures in 2023 were attributed to poor management of identities, access, and privileges, underscoring the importance of a robust identity and access management (IAM) strategy.
• 55% of cybersecurity professionals report increased stress levels due to the pressure of managing the increasing volume and complexity of threats.
• Over 20% of organizations have started using generative AI security tools to help close the skills gap, showing how technology is being leveraged to combat the human resource shortage.

Rise of AI Threats

(Reference: darktrace.com)

• According to a 2025 report, 78% of CISOs now admit that AI-powered cyber threats are having a significant impact on their organization’s security posture.
• Voice phishing, or vishing, attacks surged by a massive 442% between the first and second halves of 2024, a trend largely attributed to the use of generative AI for creating more convincing and realistic voice clones.
• Deepfake attacks have also seen a rapid rise, with one report stating that 47% of organizations experienced a deepfake attack in 2024, which highlights the growing threat of synthetic identity fraud and impersonation.
• A 2024 survey reveals that 85% of cybersecurity professionals attribute the increase in cyberattacks to generative AI used by bad actors, who now have faster and smarter ways to exploit systems.
• More than 73% of phishing emails analyzed in 2024 used some form of AI, rising to over 90% for those with polymorphic elements that change their content to evade detection.
• The average cost of a phishing breach is $4.88 million, which is the third costliest initial threat vector, and the use of AI is making these attacks more effective and harder to spot.
• A report from the World Economic Forum revealed that 47% of organizations now rank adversarial generative AI developments as their most pressing concern, reflecting its potential to facilitate more advanced and widespread attacks.
• The Global Cybersecurity Outlook survey found that 72% of respondents reported an increase in cyber risks, especially social engineering and ransomware, linked to the growing capabilities of generative AI.
• Despite the clear threat, only 37% of organizations have processes in place to assess the security of AI tools before deploying them, creating a major security gap that attackers can easily exploit.
• The use of AI-powered security systems has been shown to reduce the time it takes to detect and contain a data breach by 108 days, leading to an average cost saving of $1.76 million per breach.
• The top concerns about AI in cybersecurity include an increase in privacy concerns (39%), undetectable phishing attacks (37%), and a general rise in the volume and velocity of attacks (33%).
• A 2025 report predicts that 17% of cyberattacks will employ generative AI by 2027, showing that this is a growing trend that will continue to shape the threat landscape for years to come.
• The number of deepfakes online has surged dramatically, with a 550% increase from 2019 to 2023, and by 2025, this figure is expected to surge to 8 million, reflecting the exponential growth of this technology.
• In 2024, 60% of IT experts globally identified AI-enhanced malware attacks as the most concerning AI-generated threat for the next 12 months, highlighting the immediate concern.
• While AI offers great potential for defense, the fact that only a tiny fraction of organizations are properly prepared for AI-driven threats means that we are currently losing the AI battle in cybersecurity.
• Business email compromise (BEC) attacks, often enhanced by AI to sound more authentic, are 64% of businesses in 2024, with a typical financial loss averaging $150,000 per incident.

Closer Look at Ransomware and Phishing

(Reference: statista.com)

Ransomware Attacks

• According to a 2024 Sophos report, ransomware accounted for 59% of all cyberattacks faced by organizations, with 32% of these attacks resulting from an unpatched vulnerability, making it the dominant threat.
• The frequency of ransomware attacks on businesses is predicted to reach one attack every two seconds by 2031, a sharp rise from one attack every 11 seconds in 2021, which shows the alarming acceleration of this threat.
• The manufacturing sector experienced 638 ransomware attacks in 2023, making it the most targeted industry, which is a significant shift from previous years.
• The healthcare sector experienced over 630 ransomware incidents in 2023, with the average cost of a data breach in this industry soaring to $10.93 million per incident.
• 94% of initial ransom demands were paid by organizations in 2024, with the average payment reaching $2 million, which only encourages more attacks.
• The majority of ransomware infections are caused by phishing (54%), followed by poor user practices (27%) and a lack of cybersecurity training (26%), highlighting the human element as the weakest link.
• Involving law enforcement in ransomware incidents can reduce breach costs by nearly $1 million on average, showing that working with authorities is a financially sound decision.
• Over 47% of companies have a policy to pay ransoms associated with cybersecurity threats, which contributes to the continued profitability of these attacks.
• A 2024 report found that 62% of C-suite leadership sees ransomware as their number one concern, a clear indication of the threat’s strategic impact.
• Ransomware attacks are increasingly targeting organizations of all sizes, with 47% of organizations with revenue under $10 million reporting an attack in 2024.
• In the first five weeks of 2025, the number of reported ransomware incidents in the U.S. increased by a shocking 149% year-over-year, with 378 attacks compared to 152 in the same period of 2024.
• A recent study found that 44% of data breaches in 2024 had a ransomware component, a 37% year-over-year jump, which shows how tightly ransomware is linked to other types of cyberattacks.

Phishing Attacks

• Phishing scams initiate a massive 80 to 95% of all human-associated breaches, making it the most common initial access vector for attackers.
• According to an IBM report, phishing and spoofing remained the top-reported cybercrime type in 2024, with over 193,000 complaints filed with the FBI.
• Phishing-related breaches often take up to 206 days to detect and contain, leading to significant operational and financial damage for the affected organizations.
• A Q4 2024 report recorded nearly 1 million phishing scams in that quarter alone, which averages around 330,000 attacks per month and reflects a consistent upward trend.
• The top three most exploited social media platforms for orchestrating phishing attacks are Telegram (1.1 million attacks), Facebook (692,000 attacks), and Steam (507,000 attacks).
• Microsoft is the most commonly imitated brand for phishing campaigns, impersonated in more than 51.7% of all phishing scams in 2024.
• Business email compromise (BEC) attacks accounted for 25% of all security incidents and targeted 70% of organizations, making it a top attack vector for financial fraud.
• Credential theft is the most common reason for breaches caused by the human element, accounting for 32% of all incidents, and phishing is a primary tool for stealing those credentials.
• A new trend is the use of HTTPS for phishing sites, with approximately 80% of phishing websites in 2024 featuring HTTPS to appear legitimate, making it harder for users to spot a fake site.
• QR code phishing, or “quishing,” attacks increased by 25% year-over-year, as attackers exploit physical spaces like posters or fake business cards to lure victims into scanning a malicious QR code.
• The average cost of a phishing breach is $4.88 million, a near 10% increase from the previous year, which shows the financial toll of these attacks.
• While the global volume of phishing attacks dropped by 20% in 2024, attackers are shifting their strategies, focusing on high-impact campaigns targeting high-value targets in HR, finance, and payroll to maximize their success rates.
• Organizations that invest in continuous cybersecurity training see a significant improvement in user-reported threats, with one study showing that after two years of training, the real threat detection rate increased to 71%.
• Phishing was the known initial access vector in 16% of the 2025 dataset of nearly 10,000 non-error, non-misuse breaches analyzed in a recent report.
• The number of brands that cybercriminals targeted with phishing attacks has decreased in 2024, with an average of 312 per month, compared to 506 per month in 2023.

Cyber Security Skills Gap and Market Trends

• There will be an estimated 3.5 million unfilled cybersecurity jobs globally in 2024, which is a number that shows a critical shortage of skilled professionals to defend against attacks.
• The skills gap is directly tied to the rising costs of breaches; organizations with insufficiently staffed security teams face an average breach cost that is $550,000 higher than those with sufficient staffing.
• The global cybersecurity market is projected to grow from $218.98 billion in 2025 to $562.77 billion by 2032, exhibiting a compound annual growth rate (CAGR) of 14.40%, which shows a clear investment response to the escalating threat.
• North America currently dominates the cybersecurity market with a valuation of $84.09 billion in 2024, and it is expected to continue its dominance in the coming years.
• Only 17% of the cybersecurity workforce is female, and the representation of ethnic minorities in senior roles is also very low, highlighting a major lack of diversity in the industry.
• The demand for entry-level candidates with less than one year of experience has fallen to 17% in 2024, which suggests that organizations are prioritizing experienced professionals, making it harder for newcomers to break into the field.
• The majority of cybersecurity businesses (63%) reported having skill gaps in advanced areas like digital forensics and penetration testing, which are critical for responding to sophisticated attacks.
• A recent survey found that 52% of all recruitment for cyber security roles came from the existing pool of professionals, rather than career starters, which indicates a reliance on a limited talent pool.
• The global cyber insurance market is predicted to grow from $20.88 billion in 2024 to $120.47 billion by 2032, at a CAGR of 24.5%, showing that businesses are increasingly turning to insurance to manage their risk.
• The cloud application security segment is projected to grow at the highest CAGR of 18.01% over the forecast period, showing the increasing focus on securing cloud environments.
• Large enterprises, with their complex IT environments and hybrid infrastructures, are expected to attain a 65.94% market share in the cybersecurity sector in 2025, as they are the biggest targets and have the most to lose.
• The financial services sector is set to hold 21.54% of the market share in 2025, while the healthcare sector is estimated to showcase the highest CAGR of 18.98%, as both are prime targets for cyberattacks.
• Identity and Access Management (IAM) solutions dominated the market with a share of 63.40% in 2024, highlighting a clear focus on controlling who has access to sensitive data.
• The average time to resolve a cybersecurity incident across federal agencies was 20 days, but some agencies took as long as 168 days, which highlights the varying levels of preparedness across the public sector.
• 75% of all security failures by 2023 were attributed to poor management of identities, access, and privileges, which further emphasizes the importance of a strong IAM strategy.
• 85% of organizations plan to increase their cybersecurity budgets in 2024, with 19% expecting growth of 15% or more, showing that companies are ready to invest more to protect themselves.
• The U.S. House Appropriations Committee’s Fiscal Year 2024 Homeland Security Appropriations Bill allocates $2.926 billion for cybersecurity efforts, including $810.8 million for cyber operations, a clear sign of a government-level commitment.
• A study found that the global cybersecurity workforce grew by 5% in 2024, which is a moderate acceleration, but it is not enough to keep up with the demand.
• Organizations are increasingly using automated tools to help with the skills gap; for instance, 81% of organizations with automated security tools saw a reduction in the time it took to contain a breach.

Biggest Data Breaches of 2024 to 2025

(Reference: superfast-it.com)

• In March 2024, a ransomware attack on Change Healthcare exploited the health records of over 100 million people, leading to a massive disruption in payments and healthcare facilities across the U.S.
• Ascension, one of the largest U.S. health systems, experienced a major cybersecurity attack in May 2024 that impacted their operations for two weeks, delaying care for 5.6 million patients.
• A China-linked group called Salt Typhoon breached telecom giants like Verizon, AT&T, and T-Mobile in August 2024, exploiting the data of millions of users and sensitive government communications.
• Russian-linked hackers attacked Synnovis, a London-based lab service provider, in June 2024, postponing over 700 appointments and 800 patient surgeries, and seriously impacting 97 cancer treatments.
• Hackers successfully stole the data of 560 million Ticketmaster users, including sensitive information like names, emails, phone numbers, and card details, in a breach that was not publicly disclosed until the data appeared for sale online.
• In June 2025, a cyberattack on United Natural Foods Inc. (UNFI), a major grocery wholesaler, crippled its electronic ordering systems and caused widespread grocery shortages across North America, highlighting the fragility of digital supply chains.
• The French telecommunications giant Orange SA confirmed a ransomware attack that led to the theft and publication of business customer data on the dark web, a significant event that highlights the global reach of these threats.
• A breach at TransUnion, a credit reporting agency, exposed the personal information of over 4.4 million individuals in July 2025, proving that even companies with a high level of security can be vulnerable to third-party attacks.
• In May 2025, a massive breach exposed the passwords of 184 million users of Google and Apple, a major event that demonstrates the scale of potential damage when attackers target widely used platforms.
• The breach of the compliance messaging app TeleMessage in May 2025 exposed the private communications of U.S. government officials, including their names, phone numbers, and email addresses, which poses a serious counterintelligence risk.
• A critical zero-day vulnerability in SAP NetWeaver was exploited in April 2025, with researchers identifying over 581 instances in active exploitation by state-linked groups, showing that even seemingly secure enterprise software can have major flaws.
• In June 2025, a hacking group stole over 12 terabytes of data, including 42 million customer records, from Bank Sepah in Iran, which represents one of the largest cyberattacks against a financial institution to date.
• A major cyberattack on the Australian Superannuation Funds in March 2025 exposed the data of millions of Australians, raising major concerns about the security of financial records.
• The breach of Synnovis, a major London lab service provider, impacted more than 700 appointments and 800 surgeries, directly harming patient care, which shows that cybersecurity is no longer just an IT problem; it’s a public safety issue.
• A cyberattack on Ascension in May 2024 was so severe that it delayed care for 5.6 million patients, proving that these attacks can have a real and devastating impact on people’s lives.
• The breach of Ticketmaster highlights the vulnerability of customer data stored by third-party services, with the sensitive information of 560 million users being exposed and sold online.
• In October 2024, hackers tried to overload Georgia’s absentee ballot site during the election, an incident that, while unsuccessful, raised significant concerns about the safety of election infrastructure.
• The ransomware attack on Change Healthcare in March 2024 was one of the largest in history, disrupting payments and healthcare facilities and directly affecting over 100 million people.
• In May 2025, a breach of TeleMessage exposed the data of U.S. officials, which shows that even secure communication platforms can be vulnerable to attack.

Conclusion

Overall, cybersecurity is getting more complex, more expensive, and more dangerous these days, but these cybersecurity statistics make it clear that we are in a constant battle against intelligent adversaries.

The key to winning this fight is not just to react to threats, but to anticipate them beforehand. These data show that investing in professionals, embracing automation and AI, and building a culture of cybersecurity awareness are key. They are the only way forward. I hope you like this piece of content. Thanks for staying up till the end. I appreciate your effort.

Jeeva Shanmugam

Jeeva Shanmugam is passionate about turning raw numbers into real stories. With a knack for breaking down complex stats into simple, engaging insights, he helps readers see the world through the lens of data—without ever feeling overwhelmed. From trends that shape industries to everyday patterns we overlook, Jeeva’s writing bridges the gap between data and people. His mission? To prove that statistics aren’t just about numbers, they’re about understanding life a little better, one data point at a time.

More Posts By Jeeva Shanmugam

Cybersecurity Statistics, Facts, Insights And Trends (2025)

How Many SaaS Companies Are There? (2025)

How Many People Work At OpenAI? (2025)

How Many People Work at Meta?