Cybersecurity statistics are getting more alarming than ever in 2025, with data breaches and hacking attempts skyrocketing across industries.
From financial and healthcare services grappling with relentless threats to remote work threats, forcing companies to adapt to the growing risks of workers scattered around the world, no corner of the internet is safe.
As cybercriminals refine their tactics, every sector is feeling the heat—will your organization be ready to withstand the next wave?
Cybersecurity Key Stats
- In 2024, phishing attacks were responsible for more than 40% of social engineering incidents (Verizon).
- Between April and June 2024, an average of 11,500 unique malware instances targeted Blackberry’s customer base daily (Blackberry).
- The average cost of a data breach globally rose to $4.88 million in 2024, marking a 10% increase since the pandemic (IBM).
- In 2024, the cybersecurity technology market was valued at $185.7 billion, encompassing $97.3 billion in services and $88.4 billion in solutions (Statista).
- Between January and June 2024, IoT malware attacks surged by 107% compared to the same period in 2023 (Sonic Wall).
Cybersecurity Statistics by Attack Type
Analyzing cybersecurity statistics in 2024 provides insight into areas at high risk in 2025.
The FBI’s Internet Crime Report for 2023 revealed that the public reported a total of 800,418 cybercrime complaints.
Phishing/spoofing attacks were the top type of cyber issues, with 298,878 complaints reported. The total losses due to these cybersecurity attacks exceeded $18.7 billion.
Phishing Attack Data
Cybersecurity statistics in 2024 indicate that phishing attacks remain the most common cyber attack, with approximately 46% of all emails sent worldwide being spam (Securelist).
These cybersecurity threats encompass various deceptive techniques to trick individuals into revealing sensitive information or engaging in malicious activities through disguised emails or websites.
In 2024, phishing attacks were responsible for more than 40% of social engineering cybersecurity incidents (Verizon).
Phishing Type | Details | Purpose |
---|---|---|
Email phishing | Attackers impersonate trusted entities and create convincing emails that often appear urgent or important. |
|
Spear phishing | Attackers personalize their attack techniques to make fraudulent emails or messages appear highly legitimate and trustworthy. |
|
Clone phishing | Involves creating a fraudulent copy, or clone, of a legitimate email or website. |
|
Whaling | Targets high-level executives or individuals in positions of authority within an organization. |
|
Pop-up | Occurs through the use of deceptive pop-up windows or dialogue boxes. |
|
According to Proofpoint’s cybersecurity attacks statistics, 71% of organizations experienced at least one successful phishing attack in 2023, down from 84% in 2022.
However, although successful phishing attacks have decreased, the negative consequences have sharply increased. Recent cybersecurity trends show that reports of financial penalties, like regulatory fines, rose by 144% year-on-year, and reports of reputational damage from phishing incidents increased by 50%.
According to cybersecurity statistics in 2024, a Q3 report published by Check Point Research revealed a list of the top brands ranked by their overall appearance in brand phishing attempts.
Microsoft was still the most imitated brand, making up 61% of all brand phishing attempts in the third quarter (Check Point Research).
775 million email messages contained malware for the period from July 2023 to June 2024 (Microsoft).
Apple stayed in second place with 12%, and Google moved up to third with 7%. Alibaba appeared in the top 10 for the first time in seventh place, while Adobe returned to the rankings in eighth, its first time since Q2 2022.
With the rise of remote work, there has been an increase in business email compromise (BEC) scams.
Remote work cybersecurity statistics reveal that scammers employ phishing email-based tactics to deceive individuals into disclosing confidential company information or making unauthorized money transfers. Robust cybersecurity systems are essential to prevent BEC scams.
In 2023, the IC3 recorded 21,489 complaints related to BEC, resulting in reported losses amounting to $2.9 billion.
Distributed Denial of Service (DDoS) Data
A distributed denial of service (DDoS) attack is a malicious attempt to disrupt the normal functioning of a network, service, or website by overwhelming it with a flood of internet traffic.
A DDoS attack aims to disrupt or incapacitate the target’s resources and infrastructure, leading to service downtime and potential financial losses.
In 2023, Microsoft’s cyber protection mitigated an average of 3,500 DDoS attacks daily (Microsoft).
Microsoft got 78 trillion security signals per day in 2024 (an extra 13 trillion from 65 trillion signals in 2023) from the cloud, endpoints, software tools, and partner ecosystem to understand and protect against digital threats and criminal cyberactivity.
There has been a change in where attacks are coming from:
- China is responsible for 42% of attacks and the USA for 18%.
- Other countries together account for 40% of attacks.
- This is different from last year when both China and the USA were equally represented as the top sources.
According to a report released by Cloudflare, ransom DDoS attacks saw a year-on-year increase of 17%, but a quarter-on-quarter decrease of 42% in Q3 2024.
Current cybersecurity trends reveal a rise in application-layer DDoS attacks for online industries, with a quarter-on-quarter increase of 61% and a year-on-year increase of 68%.
In June 2022, a record-breaking DDoS global cyber attack targeted Google services, peaking at 46 million requests per second (Rps) (Google Cloud).
The DDoS attack was linked to the Mēris botnet, which is known for launching huge attacks by using unsecured proxies to hide its origin. Google’s cybersecurity system spotted the attack early and sent an alert with a suggested protective rule.
The customer applied this rule, letting Google’s network block the harmful requests before they could reach the customer’s service. This early action kept the customer’s service running smoothly despite the massive scale of the attack.
One of the most significant DDoS attacks occurred in March 2023.
The website of the French National Assembly experienced a temporary outage due to a DDoS attack orchestrated by Russian hackers.
In a Telegram post, the hackers attributed the attack to the French government’s support for Ukraine. This attack highlighted the risks associated with cyber terrorism and politically motivated cyber hacking.
Malware Data
Between April and June 2024, an average of 11,500 unique malware instances were targeting Blackberry’s customer base a day (Blackberry).
Almost half (49%) of unique malware targeted critical infrastructure organizations, a 17% increase from the previous period. Also, 41% of the cyberattacks found by BlackBerry’s cyberprotection tools were aimed at critical infrastructure.
In fact, Proofpoint end users reported 52,646 unique malware threats in 2023.
Between January and June 2024, malware-related cybersecurity attacks increased by 30% compared to the same period last year (Sonic Wall).
Cybersecurity threats like IoT malware rose sharply by 107% as attackers focused more on connected devices.
Encrypted threats also went up by 92%, with cybercriminals using TLS encryption to spread malware.
Ransomware Data
Ransomware stands out as a specific type of malware that holds targeted data or systems hostage until the victim makes a ransom.
Comparitech reported the following key findings for confirmed ransomware attacks in 2024 (January – November) and 2023:
Ransomware Stats | 2024 | 2023 |
---|---|---|
Number of attacks | 936 | 1,424 |
Average ransom demand | $3.7 million | $4.4 million |
Total records affected | 182 million | 241 million |
Top ransomware strain | LockBit (77 attacks) | LockBit (221 attacks) |
Ransomware attacks and ransom demands dropped from 2023 to 2024 (Comparitech).
However, the high number of records impacted, despite fewer attacks, shows that each incident in 2024 had a large effect on the amount of compromised data, meaning each breach now has a greater impact.
It’s also worth noting that, at the time of writing, there are still two months left for 2024 to reach or exceed the 2023 figures.
Types of Ransomware Attacks in Cybersecurity Statistics
In 2023, the IC3 received 2,825 complaints, resulting in losses amounting to $59.6 million.
Ransomware attackers often use social engineering techniques to access a victim’s environment.
As per the same report, the leading causes of ransomware incidents were phishing, the exploitation of Remote Desktop Protocol (RDP), and software vulnerabilities.
The table below lists the most common types of ransomware responsible for severe cyber attacks.
Ransomware Type | Details |
---|---|
Lockers |
|
Scareware |
|
Encryption ransomware |
|
LockBit, ALPHV/Blackcoats, and Akira were the three predominant ransomware variants reported to the IC3 that targeted members of critical infrastructure sectors.
Password Cracking Attack Data
In 2023/2024, 16% of data breaches were due to compromised credentials (IBM and the Ponemon Institute).
Simple passwords of up to seven characters can be cracked almost instantly, even if they use a mix of letters and symbols (Oberlin College).
However, using 12 characters with more complexity gives much better security, taking hundreds of years to break.
It might be surprising, but “123456” is still one of the most popular passwords, appearing at the top of the most common passwords list every year (NordPass).
A 2023 study by NordPass, which looked at over four million leaked passwords, highlights this worrying cyber safety trend.
Bitwarden’s World Password Day survey in 2024 revealed some key insights:
- 25% of people reuse passwords across 11–20+ accounts, and 36% include personal information in their passwords, which weakens security.
- Almost half (48%) admit to using weak or personal information-based passwords at work, creating a higher security risk.
- Many still rely on memory (54%) or pen and paper (33%) for managing passwords, both of which are insecure methods.
- 40% of people use 2FA for most personal accounts, showing an increase in using this extra layer of security.
The most prominent methods used in password attacks include:
Password Attack Type | Details |
---|---|
Brute Force |
|
Dictionary |
|
Hybrid |
|
Credential Stuffing |
|
In September 2024, Meta was fined $101.5 million by the Irish Data Protection Commission for keeping user passwords in plain text without proper encryption.
The issue, first found in 2019, exposed gaps in Meta’s data security and led to one of several recent fines under GDPR rules, making it a notable incident regarding password management.
Internet of Things (IoT) Hack Data
The Internet of Things (IoT) refers to a network of interconnected physical devices or objects.
Unlike traditional hacking of servers and systems, IoT targets devices that are connected to the internet. For example, smart home appliances like televisions, speakers, security cameras, and medical devices face attacks.
Many IoT devices have weak security, which makes them easy targets for attackers.
The TP-Link Command Injection Vulnerability (CVE-2023-1389) became a major threat in 2024, affecting 21.25% of small to medium-sized businesses (Sonic Wall).
This flaw has been widely used by Mirai malware, which takes over IoT devices to launch large-scale Distributed Denial-of-Service (DDoS) attacks.
Another critical flaw was the Zyxel Remote Code Execution Vulnerability, the fourth most common attack in 2024 (Sonic Wall).
This impacted 20.5% of small businesses and also contributed to Mirai’s spread.
Costs of Cybersecurity Data
Value of Cybersecurity Technology Market
In June 2024, the cybersecurity technology market was worth $185.7 billion (Statista).
This encompassed $97.3 billion in cyber protection services and $88.4 billion in cyber solutions.
Price of Cybersecurity Data Breaches
As per IBM’s Cost of a Data Breach Report, the average cost of a data breach worldwide rose to $4.88 million, a 10% increase and the biggest rise since the pandemic.
- Malicious insider attacks were one of the most expensive cyber issues, averaging $4.99 million per breach.
- Meanwhile, breaches caused by compromised credentials cost an average of $4.81 million per incident.
- They were followed by phishing attacks, which cost around $4.88 million on average.
In 2024, the average price per compromised record in a data breach globally increased to $169 globally.
Employee personal information was one of the most costly types of data breached, at $189 million, highlighting just how important cyber safety measures at work are.
Despite efforts in cyber safety improvements, over the past five years, the FBI IC3 has consistently received an average of 758,000 complaints annually.
Cybersecurity Spending Statistics
Due to the wide array of services and products, the cost of cybersecurity for businesses can vary significantly depending on various factors.
For example, the size and nature of the organization, the level of security measures implemented, and the extent of potential threats all influence the costs.
According to a survey conducted by Ponemon Institute, $26 million was allocated to cybersecurity investments in 2024.
These cybersecurity spending statistics revealed that companies focused on three main factors to decide how much to invest in cybersecurity:
- The effectiveness of past investments in reducing cybersecurity incidents (61% of respondents)
- The specific cybersecurity threats and risks the organization faces (53%)
- The overall cost of ownership (48%)
Only 36% of respondents said there is no formal method for setting the cybersecurity budget.
As per IBM’s Cost of a Data Breach study, these investments are worthwhile.
Organizations using advanced cybersecurity technology, such as AI and automation, experienced breaches that were $2.2 million cheaper than those without such deployments (IBM and Ponemon Institute).
This significant difference in average breach cost highlighted substantial cost savings, with fully deployed organizations averaging $3.84 million while non-deployed organizations faced an average price of $5.36 million.
In addition, companies with fully deployed security AI and automation experienced a nearly 100-day reduction in breach identification and containment compared to those without such implementations.
Fully deployed organizations had an average breach lifecycle of 209 days, while non-deployed organizations took 307 days.
Cybersecurity Statistics by Country
According to Check Point Research, global cyberattacks have reached record levels in 2024. Organizations faced an average of 1,876 weekly attacks, a 75% increase compared to the same period in 2023.
Region | Avg. Weekly Cyber Attacks per Organization in Q3 2024 | Increase Since Q3 2023 |
---|---|---|
Africa | 3,370 | 90% |
APAC | 2,863 | 55% |
Latin America | 2,844 | 72% |
Europe | 1,557 | 86% |
North America | 1,298 | 55% |
Ransomware also continued to be a major threat in Q3 2024, with over 1,230 incidents reported globally.
North America was the hardest hit, making up 57% of ransomware cases, followed by Europe (24%) and APAC (13%).
United States
In the US, cyberattacks rose by 56% year-over-year, with an average of 1,300 attacks per week per organization.
The education and research sector was the most targeted, with an average of 2,239 attacks per week, more than double the number from the previous year.
The healthcare sector saw a 110% increase, reaching 2,170 attacks per week.
Meanwhile, the utilities sector had the biggest growth, with attacks rising by 234% to an average of 1,339 per week.
Africa
In Q3 2024, Africa was the most affected region, with organizations facing 3,370 weekly cyber attacks on average, a 90% increase compared to the previous year.
In terms of ransomware incidents, Africa only accounted for 2% of global ransomware attacks.
Europe
Europe experienced an 86% increase in cyber attacks in Q3 2024 compared with Q3 2023, with organizations reporting 1,557 cyber attacks per week on average.
Europe also accounted for 24% of global ransomware attacks in Q3 2024.
Latin America & APAC
Latin America and APAC (Asia-Pacific) were also heavily targeted in Q3 2024. The cyber attack frequencies in Latin America increased by 72% compared with Q3 2023.
Organizations faced an average of 2,844 attacks per week.
Furthermore, in the first half of 2024, Mexico experienced 31 billion cybercrime attempts. This accounted for 55% of all cyber threats in Latin America.
The APAC region saw cyber attack frequencies increase by 55% compared with Q3 2023. The APAC region also accounted for 13% of global ransomware attacks in Q3 2024.
Cyberwarfare Data – Russia & China vs. the United States
According to the 2024 World Cybercrime Index, Russia leads in global cyber attack activity, followed by Ukraine, China, and the United States (University of Oxford).
These nations harbor the most active cybercriminal networks, focusing on various types of cybersecurity attacks, including data theft, ransomware, and infrastructure targeting.
- Russia: Leading the index with a WCI score of 58.39, Russia is known for frequent ransomware attacks and phishing campaigns. Financial services cybersecurity statistics show that these attacks tend to target Western financial and government sectors.
- Ukraine: With a score of 36.44, Ukraine ranks second, with cybercrime activity linked to ongoing regional conflicts.
- China: Ranked third with a score of 27.86, China’s cyber activity often involves cyber terrorism through state-sponsored espionage, often aimed at stealing intellectual property and sensitive information.
- United States: In fourth place, with a WCI score of 25.01, the US also hosts a substantial amount of cyber activity, including threats to international entities, government targets, and critical industries.
In 2024, Russia and China continue to be major players in global cyber attack activity, with recent incidents showcasing their involvement.
Cybersecurity Statistics by Industry
The IC3 registered 1,193 complaints in 2023 that reported ransomware attacks targeting organizations within critical infrastructure sectors.
IC3 reporting revealed that 14 of the 16 critical infrastructure sectors had at least one member who fell victim to a ransomware attack.
Healthcare cybersecurity statistics show that the industry has been the costliest for ransomware breaches for 12 consecutive years, with an average data breach cost reaching $10.10 million.
Patient data is immensely valuable for cybercriminals, especially in electronic health records (EHR). These records encompass information about individuals, including their names, social security numbers, financial details, past and present addresses, and medical histories.
Major Cybersecurity Data Breaches by Industry
In 2024, several major cybersecurity incidents impacted key industries worldwide:
- Healthcare: In January 2024, HealthEC reported a data breach affecting over 4.5 million people. Hackers accessed patient information and healthcare provider data (TennCare).
- Telecommunications: AT&T suffered two major data breaches in 2024. The first, in March, exposed over 70 million records, and the second, in August, affected another 40 million records. Customer data was compromised, raising security concerns.
- Technology: In November 2024, Amazon confirmed a breach exposing 2.8 million records of employee data linked to the 2023 MOVEit vulnerability.
- Manufacturing: In November 2024, Schneider Electric reported a cyberattack, with hackers claiming to have stolen over 40 GB of critical data. This was the company’s second breach of the year, highlighting risks in manufacturing (Bleeping Computer).
The Bottom Line
As these cybersecurity statistics reveal, the stakes have never been higher.
With financial services cybersecurity statistics showing soaring costs from data breaches, and remote work cybersecurity statistics highlighting the vulnerabilities of modern work setups, it’s clear that no organization can afford to ignore the risks.
Cyber threats are evolving rapidly. Will your company invest in the protections needed to stay one step ahead or become the next headline in the world of cybercrime?
FAQs
What are the most significant cybersecurity threats predicted for 2025?
How has the volume of cyberattacks changed from previous years?
What is the estimated financial impact of cybercrime in 2025?
Which types of cyberattacks are on the rise (e.g., ransomware, phishing)?
What are the biggest cybersecurity challenges for businesses in 2025?
References
- Federal Bureau of Investigation Internet Crime Report (Ic3)
- Home Page – Internet Crime Complaint Center (IC3) (Ic3)
- Significant Cyber Incidents | Strategic Technologies Program | CSIS (Csis)
- Cost of a data breach 2024 | IBM (Ibm)
- 2023 SonicWall Cyber Threat Report (Sonicwall)
- Msp Threat Report (Info.connectwise)
- The Impact of Cybercrime on the Economy | UpGuard (Upguard)