As we go past the middle of the year, and writing as I do for assorted cybersecurity blogs and publications, I find myself with a growing collection of 2025 cybersecurity statistics and the most up-to-date reports that make for some interesting (and frankly terrifying) reading. Nonetheless, this collection of recent security facts and figures illustrates strong arguments when seeking internal security funding or as statistical support for cybersecurity training, so here’s some of the latest cybersecurity statistics that have come across my desktop in the first half of 2025.

Sixty 2025 Cybersecurity Statistics

1. Cloud Environments at Risk: 82% of breaches now involve data stored in the cloud, making a clear call for access management strategies. [IBM]
2. The Human Factor in Breaches: 74% of data breaches involve the “human element,” meaning human error, social engineering, or misuse by insiders, with people playing a decisive role in the majority of incidents and calling for comprehensive access management strategies. [Verizon]
3. A Record Number of Victims: The number of breach victims exploded in 2024 due to several mega-incidents. 1.73 billion personal records were exposed, a 312% increase from the ~419 million records affected in 2023. [HIPAA]
4. Mega-Breaches Dominate Impact: Six mega-breaches last year (each involving over 100 million records) accounted for about 85% of all data breach victims that year. This shows how a few extremely large attacks drove the year’s cyber impact. [InfoSec Mag]
5. The Rise of “Shadow Data”: Approximately 1 in 3 data breaches in 2024 involved “shadow data” - information stored outside of official company IT systems (e.g., in unsanctioned cloud apps) that isn’t monitored by central IT. [iapp]
6. External vs. Internal Threats: External attackers are behind the vast majority of breaches (83%), while 19% of breaches are caused by internal actors (employees or insiders). [Verizon]
7. Personal Data Exposure: Nearly 46% of breaches expose customers’ personal identifiable information (PII) such as names, addresses, emails, or Social Security numbers. [IBM]
8. And Employee Data Targeted: The share of breaches involving employees’ personal data is increasing. In 2023, 40% of all compromised records were employee PII (up from 26% in 2022). This can include HR records, payroll info, and other sensitive employee data. [HR Mag]
9. Slow Breach Detection: It takes organizations an average of 204 days to identify a data breach and another 73 days on average to contain it. In other words, a typical breach can go undetected for about 7 months. [UKGov]
10. Stolen Credentials = Longer Dwell Time: Breaches caused by stolen credentials are particularly hard to detect, taking an average of 292 days to identify and contain, the longest of any attack vector (since attackers logging in with valid credentials blend in as legitimate). [Pantera]
11. Rising Breach Costs: The average cost of a data breach reached an all-time high of $4.88 million in 2024, a 10% increase from the year prior. Breach costs have been on an upward trend due to factors like more complex IT environments and expensive incident response. [IBM]
12. Higher Notification Expenses: Breach notification alone cost companies $370,000 on average in 2023, up 19.4% from notification costs in 2022. Much of this expense comes from legal requirements to alert victims and regulators. [Ponemon Institute]
13. Third-Party Breach Risk: 98% of organizations have at least one third-party vendor that has suffered a breach, illustrating the supply-chain risk exposure where a partners’ breach can lead to your data being compromised and clear call for access lifecycle management. [Cyentia Institute]
14. Industries in the Crosshairs: Manufacturing was the most-attacked sector in 2023, accounting for over 25% of observed incidents. Meanwhile, the financial services sector saw a huge surge in attacks with interactive intrusions on financial organizations jumping over 80% year-on-year. [UK Gov]
15. US Still Leads 2025 Cybersecurity Statistics: Driven by its dominance in technology, finance, and military power, with threats ranging from ransomware against businesses and government agencies to state-sponsored espionage by China, Russia, and North Korea, and financial fraud aimed at banks and cryptocurrency platforms. [DeepStrike]
16. Credentials at the Center of Breaches: 86% of data breaches involve the use of stolen or compromised credentials, with user passwords remaining a common entry point for attackers. [Verizon]
17. Identity Breaches Are the Norm: Around 80% of all breaches are now identity-driven, involving threat actors leveraging stolen login credentials to gain unauthorized access. [SecurityMag]
18. Explosion in Credential Attacks: Cyberattacks using stolen or valid user credentials jumped 71% year-over-year, making credential abuse the single biggest jump among attack vectors recently observed. Threat actors increasingly prefer logging in with stolen creds over exploiting software flaws. [Hacker News]
19. Top Initial Access Method: Using valid accounts (logins) has become the most common initial breach vector. Valid credential compromise accounted for roughly one-third of all observed breaches, more than any other entry technique. [HIPAA]
20. Phishing Incidents Decline as Attackers Opt for Logins: As attackers pivot to credential theft, phishing is slightly less prevalent (but still leading the field). The number of phishing-related cyberattack incidents was 44% lower than the previous year, indicating hackers are finding stolen passwords more effective than tricking users via email. [AAG]
21. Web App Attacks = Stolen Passwords: 79% of all web application compromises in 2023 were the result of breached credentials (rather than exploiting web app vulnerabilities). This means that weak or reused cybersecurity passwords are a bigger risk to web apps than technical bugs. [OWASP]
22. Infostealers Surge in Popularity: The use of infostealer malware (which silently harvests saved passwords, cookies, and tokens from victims’ devices) increased by 266% in 2023, flooding the 2025 criminal market with stolen logins. [eSecurityPlanet]
23. Infostealers Fueling 2025 Cybersecurity Breaches: In fact, information-stealing malware was responsible for about 75% of all the 3.2 billion credentials stolen in 2024 (approximately 2.1 billion creds). These infostealers have become a primary engine for credential theft at scale. [Forbes]
24. Dark Web Credential Markets Boom: Each month, over 1,000,000 new stolen login records (logs) are now uploaded to dark web marketplaces, and an estimated 3–5% of those logs contain corporate credentials (username/password combos for work accounts). [BlackFog]
25. Billions of Credentials Compromised: In total, threat actors obtained 3.2 billion credentials in 2024, a 33% increase from the number stolen in ’23. The troves of passwords available to criminals continue to grow, driving credential-stuffing and account takeover attacks. [GBHackers]
26. Snowflake Breach: No MFA: Huge Impact: One major 2024 campaign targeted 165 companies’ Snowflake cloud accounts using stolen credentials. A full 80% of the compromised accounts had credentials that were obtained via infostealer malware (and many lacked MFA), leading some experts to call it one of the largest B2B breaches ever. [CSA]
27. Session Hijacking Rising: Attackers increasingly bypass login security by hijacking session tokens. Microsoft detected 147,000 token-based session hijacking attempts in 2023 – a 111% increase over the prior year . By stealing valid session cookies, attackers can impersonate users without needing passwords. [HackerNews]
28. Session Attacks as Common as Password Attacks: Google’s security researchers note that attacks involving stolen session cookies now happen at roughly the same scale as traditional password-based attacks . This means session hijacking (through infostealers or Man-in-the-Middle phishing sites) is becoming as frequent as credential theft in the wild. [TechTarget]
29. Brute-Force Cloud Attacks Soar: The volume of password attacks on cloud user accounts has skyrocketed. Early 2023 saw a tenfold increase in password spraying and brute-force attempts on cloud logins, reaching an average of about 4,000 attacks per second hitting Microsoft accounts. This “password storm” reflects attackers’ automated efforts to break into online services. [Microsoft]
30. A Surge in Breach Incidents: By the end of 2023 (the most recent report on the matter) there were 3,205 publicly reported data compromises in the U.S., a 78% increase from the previous year. These incidents affected approximately 353 million individuals in total. [ITRC]
31. MFA Lapses Enable Breaches: Lack of multi-factor authentication remains a critical weakness. Four of the largest breaches in 2024, including the massive Ticketmaster and AT&T incidents, were initiated using stolen passwords on accounts that had no MFA enabled, exposing a combined 1.24 billion records. Studies show that enabling MFA can block over 99% of automated account takeover attempts, which indicates these breaches were largely preventable. [InfoSecurityMag]
32. Cloud Access Token Theft: Cloud infrastructure is a prime target for identity attacks. Attempts to steal cloud instance credentials (for example, AWS access keys or Azure tokens via metadata APIs) increased by 160% in 2023. Attackers are actively probing cloud environments for ways to extract credentials and pivot into corporate cloud assets. [GitHub]
33. MFA Adoption Gaps: Smaller enterprises are lagging in protecting identities. Nearly 65% of SMBs do not use multi-factor authentication for their users, and 58% of SMB owners/operators are not even aware of MFA’s benefits. This low adoption at the SMB level (which often includes third-party vendors) increases supply chain risk for larger organizations. [Cyber Readiness Institute]
34. “Malware-Free” Attacks Prevail: The majority of cyberattacks today do not rely on traditional malware files. Seventy-five percent of observed attacks were “malware-free,” employing techniques such as credential abuse or “living off the land”. Additionally, attackers deliberately targeting specific cloud services (to abuse their features) increased by 110%, showing a pivot to cloud-native attack methods. [ResearchGate]
35. Ransomware Growth Slows but Steady: Ransomware attacks continued to rise in 2024 by about 10% compared to 2023. This was a minor increase from the massive surge seen in 2023 (which was +84% from 2022), but it indicates ransomware remains a growing and persistent threat for 2025. [NHS UK]
36. Concentrated Ransomware Activity: Just a few criminal groups are responsible for a big slice of ransomware attacks. In 2024, the top five ransomware gangs (e.g., LockBit, Akira, etc.) were behind 47% of all reported ransomware incidents. Ransomware-as-a-Service operations have enabled a small number of bad actors to carry out attacks on a massive scale. [NCA]
37. A Shift to Data Extortion: Many attackers now skip encryption and go straight to data theft for extortion. Pure extortion (stolen data leak) incidents have more than doubled. Overall, 24% of breaches were related to extortion demands (up from 21% in 2022), showing the trend of “steal and blackmail” in lieu of ransomware encryption. [InfoSec]
38. Living-off-the-Land Tactics: Attackers are leveraging legitimate IT tools and admin features, like Breakglass, to carry out attacks without malware. In 32% of the incidents investigated, threat actors used legitimate software or system tools for malicious purposes (for example, using PowerShell, PSexec, remote desktop, etc. to move laterally or steal data). These “living-off-the-land” methods make detection harder since they blend in with normal admin activity. [IBM X-Force]
39. Abusing Remote IT Tools: The misuse of Remote Monitoring & Management (RMM) tools by cybercriminals spiked dramatically. The volume of intrusions where attackers harnessed legitimate RMM software increased 312%. Trusted IT tools, such as remote support software, are being repurposed by attackers to persist undetected in networks. [Proofpoint]
40. Phishing Still #1 Vector: Social engineering remains a leading way in. While phishing is being slowly replaced by other tactics, approximately 18.5% of breaches were attributed to phishing, smishing, or Business Email Compromise (BEC) scams, which still make them the most common initial attack vector overall. By comparison, the next largest categories were ransomware (10.4%), malware infections (4.9%), and exploits of vulnerabilities (4.6%). [Kroll]
41. Common Tactics After Breach: Once attackers break in, malware deployment is the most common next step. 43% of incidents saw attackers deploy malware on victim systems (often ransomware or spyware). Other frequent attacker actions included credential harvesting, data exfiltration, establishing backdoors, and running internal scans for further opportunities. [UKGov]
42. BEC Scams on the Rise: BEC, where scammers impersonate executives or partners via email, now accounts for over half of all social engineering incidents. BEC has become popular due to high financial payoffs. In 2021 BEC attacks caused $1.8 billion in reported losses, and that trend has only continued. [Microsoft]
43. Pretexting Doubles: Attackers are getting more sophisticated in social engineering by using pretexting (creating elaborate fake scenarios to trick victims). Pretexting-based attacks nearly doubled in frequency. This method is commonly used in BEC scams (e.g., posing as a CEO instructing a wire transfer), which has driven the overall increase in social engineering success. [Frontiers]
44. Customer Churn After Breaches: Cyberattacks don’t just cause direct losses, they can drive customers away. 43% of businesses report losing existing customers due to the repercussions of a cyber incident. Reputational damage and erosion of trust that breaches can inflict on organizations are a hidden but critical cost to consider. [Yahoo]
45. Cost of Ransomware Incidents: The average cost of a ransomware attack (including downtime, recovery, etc.) was a reported $5.13 million in 2023. That’s a 13% increase over the average cost in the previous year. Ransomware attacks are extremely costly, often exceeding the cost of other types of breaches due to business interruption and ransom payments. [IBM]
46. Law Enforcement Improves Outcomes: Engaging law enforcement during a ransomware attack has measurable benefits. 63% of ransomware victims involved law enforcement, and those who did not ended up paying 9.6% more in costs and experienced breaches that lasted 33 days longer on average (due to extended downtime). Involving authorities can aid in negotiation, asset recovery, and guidance, reducing overall impact. [UKGov]
47. Working With Authorities Reduces Costs: Companies that collaborated with law enforcement during cyber incidents lowered their breach costs by nearly $1 million on average (excluding any ransom paid) compared to those that handled incidents without involving authorities. [IBM]
48. Data Theft by Departing Employees: Insider behavior remains a persistent concern. 12% of employees admit to taking sensitive intellectual property (customer data, company files, etc.) with them when they leave a job. Such insider-driven data leakage can lead to breaches or competitive losses, highlighting the need for access lifecycle management and exit audits. [Ponemon Institute]
49. Adoption of AI Cyber-Defense: To cope with threats, 61% of organizations now use some level of security AI and automation in their cyber defenses. Tools like AI-based threat detection and automated incident response are increasingly deployed to identify and counter attacks amid the cyber skills shortage quickly. [ProofPoint]
50. Rising Security Budgets: Companies are ramping up investment in cybersecurity. 85% of organizations planned to increase their cybersecurity budgets in 2024, and about 19% expect those budgets to grow by 15% or more . This reflects the board-level recognition of cyber risks and the need for greater resources. [Infosec Europe]
51. Cyber Insurance Growth: Businesses are also hedging risk via cyber insurance. The global cyber insurance market is projected to grow from $20.9 billion in 2024 to about $120.5 billion by 2032, indicating a rapid uptick as organizations transfer some cyber risk to insurers. Many companies now view cyber insurance as a component of their incident response strategy. [Swiss Re]
52. Identity Fraud Losses Climb: Outside of enterprise breaches, identity-related fraud is hitting consumers hard. In 2024, U.S. consumers lost $27.2 billion to identity fraud (identity theft, account takeovers, etc.), a 19% increase over the previous year. These fraud losses often trace back to stolen personal data and credentials, reinforcing why businesses must protect customer data. [FTC]
53. Deepfake and AI Scams Emerge: The misuse of AI is a growing concern with 47% of organizations in 2023 encountering malicious deepfakes or AI-generated content used in scams or impersonation attacks. This new breed of threat (e.g., fake executive voices, videos, or messages) makes phishing and fraud even harder to detect. [Homeland Security]
54. Generative AI as a Threat Multiplier: About 85% of cybersecurity professionals believe that generative AI tools have led to an increase in cyberattacks, enabling threat actors to craft more convincing phishing lures and automate attacks. Attackers’ use of AI is speeding up attack cycles, forcing defenders to adapt with AI of their own. [Cybersecurity Dive]
55. Zero Trust is Gaining Traction: Nearly 96% of security leaders now consider adopting a Zero Trust security model (which strictly verifies each user and device) as crucial for their organization’s security, and 73% plan to increase spending on Zero Trust initiatives going forward. This is a strategic shift toward “never trust, always verify” approaches in enterprise security. [Microsoft]
56. CEO Cyber Awareness: Cybersecurity is firmly on the executive agenda with 74% of CEOs concerned about their organization’s ability to withstand cyber attacks and manage cyber risks effectively. Leadership focus on cyber resilience is at an all-time high in response to high-profile breaches and regulatory scrutiny. [WEF]
57. Recovering Stolen Funds: On a positive note, more than half of the organizations hit by business email compromise schemes succeeded in recovering at least 82% of the funds stolen. Quick incident response, bank cooperation, and law enforcement involvement can often claw back a large portion of fraudulent transfers if acted upon immediately. [NCSC]
58. Multiple Breaches Are Common: Breaches are not a one-time event for most companies. 83% of organizations experienced more than one data breach in a single year. Many enterprises suffer repeat breaches, which further emphasizes the need for continuous security improvements and incident response readiness. [IBM/Ponemon]
59. Skyrocketing Global Cybercrime Costs: The global cost of cybercrime is projected to reach $10.5 trillion annually in 2025, growing around 15% per year and up from about $3 trillion a decade ago. If cybercrime were measured as an economy, it would be the world’s third-largest in terms of GDP. [Sentio]
60. The Security Skills Shortage: A majority of organizations still struggle with cyber staffing, which seriously exacerbates risks. Over half of breached organizations reported having significant cybersecurity staff shortages, a problem that grew by 26% compared to the previous year. This talent gap makes it harder to prevent, detect, and respond to attacks, and is driving investments in security automation and training. [UKGov]

Each of these statistics is drawn from recent research reports and plainly shows the challenges and trends that cybersecurity teams and CISOs are grappling with every day in 2025. The data underscores (with a big red crayon) the importance of an identity-centric security approach, rigorous access management (like automated JIT access, MFA, and zero standing privileges), and the need for both technological and human-focused defenses to mitigate the ever-evolving cyber threats.

‍