80+ Cybersecurity Statistics for 2025

Cybersecurity has evolved from an IT issue into a fundamental imperative that impacts the entire business. Organizations may be evolving into sophisticated digital entities, but threat actors are keeping pace. The result is a cybersecurity landscape defined by soaring costs, a crippling talent gap, and the ever-present risk of human error. In this article, we present some of the most eye-catching cybersecurity statistics for 2025.

First, some headline numbers:

• Only 3% of organizations globally have “mature” cybersecurity resilience.
• Small businesses (<100 employees) experience 350% more phishing attacks than large enterprises.
• The probability of cybercriminal detection and prosecution in the United States is 0.05%. 
• Security breaches have increased 75% year-over-year (average 1,876 attacks per quarter).
• Organizations with revenues exceeding $5B experience a 67% attack rate. 
• 93% of ransomware is Windows-based executables.
• 90% of ransomware attacks either fail or result in zero financial losses.
• Phishing attacks have increased 4,151% since the introduction of ChatGPT in November 2022.

Ensuring your systems are secure is expensive, but the cost of failure is astronomical. As organizations strive to stay ahead of persistent threats, cybercrime itself has become a major global industry.

• Global spending on cybersecurity is forecast to reach $212 billion this year, a 15.1% increase from $184 billion in 2024. 
• The cybersecurity market is expected to be worth more than $434.76 billion by 2029.
• The cybersecurity market leaders are:
  • IBM (21%)
  • Microsoft (16%)
  • Rapid7 (10%) 
• The Cloud Security Posture Management (CSPM) market — a segment of the cybersecurity industry focused on software and services for addressing misconfigurations and compliance gaps in cloud environments like IaaS, PaaS, and SaaS — is expected to be worth $15.6 billion by 2033 (12.3% CAGR from 2023) 
• The worldwide cost of cybercrime is projected to hit $10.5 trillion annually by the end of 2025.  
• The remote work factor increases the average cost of a data breach by $173,074.

The cybersecurity employment scene is buoyant. However, challenges remain in attracting and retaining skilled professionals. 

• In 2024, 5.47 million people were employed in the cybersecurity industry (0.1% increase from 2023)
• Regional breakdown of cybersecurity employment between 2023-2024:

• • Middle East/Africa: 7.4% rise
  • Asia-Pacific: 3.8% rise
  • North America: -2.7% fall
  • Latin America: -0.9% fall

• It’s estimated that there are 3.5 million unfilled cybersecurity positions.
• The employment of Information security analysts in the United States is forecast to grow 35% from 2021-2031.
• 76% of security professionals in Europe lack formal qualifications or certified training.
• 54% of organizations struggle to retain cybersecurity professionals.
• Women are expected to represent 35% of the cybersecurity workforce by 2031.

Data breaches are a subcategory of cyberattacks that focus on exposing, stealing, or compromising sensitive information. The most common data breach attack method is phishing, which is also the most common type of social engineering attack.

• The average breach lifecycle in 2025 has fallen to a nine-year low — 241 days (down from 258 days in 2024). This improvement is largely attributed to the increased use of AI and security automation tools. 
• Breaches involving stolen credentials have a 292-day lifecycle.
• This year, 50% of breaches were identified by the organization’s security teams (up from 42% in 2024 and 33% in 2023).
• 88% of all data breaches are attributed to human error.
• In the first five weeks of 2025, U.S. attacks increased 149% compared with the same period in 2024 (378 incidents vs. 152).
• It is predicted that there will be a cyberattack every two seconds by 2031.

As more victims refuse to pay cybercriminals and law enforcement officials target gangs, ransomware payments are falling. However, the size of the payments that are made shows no sign of shrinking.

• Recorded ransom payments in 2024 totalled $813.55 million (35% drop from 2023’s $1.25B).
• The median ransom payment made in 2024 was $2 million (500% increase from 2023’s $400K).
• The average ransom demand last year was $4.32 million.
• The highest recorded ransom demand in 2024 was $70 million.
• 63% of victims this year refused to pay a ransom (up from 59% in 2024).
• 49% of victims with encrypted data paid a ransom.
• Law enforcement was involved in 40% of ransomware cases in 2025.
• Just 46% of 2024 victims who paid a ransom received access to their data.
• 80% of 2024 victims who paid the ransom suffered a subsequent attack.
• 97% of organizations with encrypted data recovered it.
• The average downtime following an attack is 24 days.
• In 2025, 50% of attacks resulted in data encryption.

The effects of an attack can be far-reaching. As well as the time and resources required to restore normal services, organizations may also have to contend with lost revenue and reputational damage.

• 34% of organizations take longer than a month to recover from a cyberattack.
• However, 35% recover within a week.
• 60% of victims lost revenue.
• 53% experienced brand damage.
• The healthcare sector experienced a 50% YoY increase in cyberattacks between 2023 and 2024, accounting for 30% of ransomware and making it the most targeted industry.
• In 2024, 59% of manufacturing organizations experienced a cyberattack, with 70% of these attacks resulting in data encryption.
• 91% of U.K. higher education institutions and 85% of further education colleges reported experiencing a cyberattack in the previous 12 months.

Given the prevalence of cyberattacks and the damage they can cause, you might assume that cloud security is imperative across all industries. However, the statistics don’t bear that out. 

• In 2024, 61% of organizations faced a public cloud security incident, a substantial increase from 24% in 2023.
• 32% of cloud assets are not monitored.
• Each cloud asset carries ~115 known vulnerabilities.
• There are an average of 43 misconfigurations per account.
• Approximately 9% of all publicly accessible cloud storage environments contain sensitive data.

As the world’s dependence on digital infrastructure intensifies, organizations face increased pressure to maintain cybersecurity. Here are some of their key concerns: 

• 96% worry about their capacity to address security risks.
• 91% consider AI a priority for developing effective cybersecurity strategies.
• 91% are concerned about zero-day attacks (cyberattacks that exploit unknown or unaddressed security vulnerabilities).
• 76% cite a shortage of skilled professionals.
• 72% highlight underlying infrastructure compromise as a primary concern.
• 54% have difficulties with compliance/cloud governance.
• 49% struggle to integrate cloud into legacy systems.
• 45% claim that cloud security requires considerable engineering resources.
• 44% of corporate data exfiltration attempts originate from personal cloud apps.
• 41% of organizations highlight a lack of security awareness as their primary concern.
• 40% receive at least 40 daily security alerts.
• 36% admit to poor integration/interoperability.

As cyberattacks become increasingly sophisticated, you might think that preventing vulnerabilities is a highly complex undertaking. However, human error lies at the heart of most successful attacks.

• 88% of all data breaches are attributable to employee mistakes.
• The causes of cloud breaches are broken down into:

• • Misconfiguration: 31%
  • Exploitation of known vulnerabilities: 28%
  • Exploitation of zero-day vulnerabilities: 24%
  • Failure to use MFA for privileged accounts: 17%

• Compromised privileged accounts are responsible for 33% of identity-related breaches.
• 37% of organizations reported the theft of credentials.
• 80% of incidents involve compromised/misused credentials
• 53% of organizations claim it is harder to identify insider threats since migrating to the cloud.

AI is something of a double-edged sword when it comes to cybersecurity: Although it helps bolster defense through advanced threat detection and automated responses, it also provides criminals with more sophisticated tools for phishing and malware development.

• In 2025, 16% of breaches involved AI-driven attacks.
• However, security AI cut the cost of breaches by 34% ($1.9M savings)
• 84% of companies adopted AI in cloud environments
• By 2028, multi-agent AI in threat detection is expected to grow from 5% to 70% of AI applications. 

Here are some of the solutions that organizations are leveraging successfully to combat cybercrime:

• Organizations that adopt Zero Trust (assume that no user or device is inherently trustworthy, verify every access request, and use principles like micro-segmentation and least privilege access) save an average of $1.76 million, compared with those that don’t.
• Organizations with incident response teams save $248,000 annually
• Identity Access Management (IAM) solutions save organizations up to $223,000 annually.
• Organizations that use AI and automation in cybersecurity save an average of $2.22 million on data breaches compared to those that do not.

• More than 60% of companies factor a company’s cybersecurity posture into their decision to move forward with an M&A deal.
• Cyber insurance premiums are likely to surpass $23 billion by the end of 2026.

Faced with a plethora of threats in an increasingly digital world, it is easy to feel overwhelmed by the challenge of maintaining effective cybersecurity. However, adopting a risk-based strategy that blends technical safeguards, a robust security culture, and a comprehensive incident response plan will optimize your defenses. Identify and prioritize your critical assets, train employees to recognize threats, implement simple measures like strong passwords and multi-factor authentication, and have a plan for effective incident recovery. Regardless of how sophisticated cybercrime becomes, your biggest threats arise from human mistakes.