Sign in Subscribe
27 min read 2025

284 Cybersecurity Statistics Published in 2025

It's now 2026 (at time of publishing this blog anyway) but we still think that these 284 cybersecurity statistics published during 2025 are useful for informing cybersecurity planning and strategy this year.

We've got 2025 cybersecurity statistics on topics ranging from AI cybersecurity risks (bad) to Gen Z's cybersecurity attitudes (not great) which are still highly relevant.

Each data point is linked back to source.

If you want regular fresh cybersecurity statistics in your inbox and access to a database with thousands more cybersecurity stats you should subscribe to CyberSecStats.

2025 cybersecurity statistics:

AI
Fraud
Fraud and Airline Fraud
Bots and authentication
Budgets and hiring
Cybersecurity Insurance
DDOS
Defense Industry
Email security and phishing
Pen Testing and remediation
Gen Z cyber risks and attitudes
Healthcare
UK cybersecurity trends

AI

  • 40% of agentic AI early adopters saw a good return on strengthening security operations, compared to only 30% of average users. (source) Google Cloud
  • Nearly half of financial services organizations (49%) operate without formal AI policies. (source) HCLTech
  • Due to the concerns and confusion around safety, 86% of organizations are planning to invest in AI data privacy solutions over the next 1–2 years. (source) Perforce Software
  • In Japan, concern about AI compromising security increased from 31% in 2024 to 74% in 2025 (a 43 percentage point increase). (source) Yubico
  • Data privacy and security are among the top three LLM provider considerations for 37% of respondents, followed by integration with existing systems and cost. (source) Google Cloud
  • Data privacy and security are among the top three LLM provider considerations for 37% of respondents, followed by integration with existing systems and cost. (source) Google Cloud
  • When choosing Large Language Model (LLM) providers, executives' top concern is now privacy and security. (source) Google Cloud
  • 78% of organizations express high concern about the theft or breach of model training data. (source) Perforce Software
  • In Sweden, concern about AI compromising security increased from 37% in 2024 to 68% in 2025 (a 31 percentage point increase). (source) Yubico
  • In the UK, concern about AI compromising security increased from 61% in 2024 to 81% in 2025 (a 20 percentage point increase). (source) Yubico
  • In the US, concern about AI compromising security increased from 61% in 2024 to 77% in 2025 (a 16-point increase). (source) Yubico
  • 91% of organizations believe that sensitive data should be allowed in AI training. (source) Perforce Software
  • Nearly half of financial services organizations (49%) operate without formal AI policies. (source) HCLTech
    91% of payment leaders express concern regarding the risks associated with AI. (source) HCLTech
    60% of payment leaders find the current AI fraud detection tools ineffective. (source) HCLTech

Fraud and Airline Fraud

  • Synthetic identity fraud resulted in more than $47 billion in losses in 2024. (source) National Insurance Crime Bureau (NICB)
  • The use of identity theft in insurance crime is expected to rise 49% by the end of 2025. (source) National Insurance Crime Bureau (NICB)
  • Nearly a quarter of insurance claims processed with identity theft as a reason for referral to NICB involved a synthetically generated identity. (source) National Insurance Crime Bureau (NICB)
  • An analysis of thousands of questionable insurance claims from 2022 through June 30, 2025, showed a significant year-over-year increase in claims involving identity theft. (source) National Insurance Crime Bureau (NICB)
  • Europe experienced the largest drop in fraud pressure, a 50% year-over-year decrease. European routes now account for just 12% of all attempted fraud worldwide, down from 24% in the first half of 2024. (source) Accertify
  • In the United States, fraud rates on domestic and international travel dropped 38% to one fraud attempt in every 556 bookings (0.18%). (source) Accertify
  • Bangkok's Suvarnabhumi Airport rose 47% in fraud pressure. (source) Accertify
  • EuroAirport Basel Mulhouse Freiburg saw a drop of approximately -50% in fraud attempt rates. (source) Accertify
  • Haneda Airport (Tokyo, Japan) achieved a 72% year-over-year drop in fraud pressure. (source) Accertify
  • Overall, fraud pressure for Australian departures rose 21.4% compared to the first half of 2024. (source) Accertify
  • Among smaller but still significant airports, Kuala Lumpur International (Malaysia) recorded a 114% increase in fraud pressure. (source) Accertify
  • Tokyo and Singapore both saw decreases of 27% in fraud presure. (source) Accertify
  • Perth, Australia, saw a +136% increase in fraud pressure. (source) Accertify
  • Miami International's fraud rate decreased compared to last year. (source) Accertify
  • Overall fraud pressure on departures from the Asia Pacific region declined 6% year-over-year. (source) Accertify
  • Seattle-Tacoma International rose 40% in fraud pressure. (source) Accertify
  • Naples-Capodichino International (Italy) posted the steepest drop in fraud attempt rates at -57%. (source) Accertify
  • Cairns, Australia, saw a +230% increase in fraud pressure. (source) Accertify
  • Dallas Love Airport saw a -69% drop in fraud pressure. (source) Accertify
  • San Diego International saw a -68% drop in fraud pressure. (source) Accertify
  • Daniel K. Inouye International in Honolulu experienced a 175% increase in fraud pressure. (source) Accertify
  • Global airline fraud rates dropped 30% year-over-year in the first half of 2025, to 0.25%, meaning one fraud attempt occurred in every 400 bookings. (source) Accertify
  • Auckland Airport (New Zealand) experienced a +50% increase in fraud pressure. (source) Accertify
  • Chicago Midway saw a -67% drop in fraud pressure. (source) Accertify

Bots and authentication

  • In the UK, 37% of respondents believe hardware security keys and device-bound passkeys are the most secure authentication methods, up from 17% in 2024 (a 20-point increase). (source) Yubico
  • In the US, 34% of respondents identify hardware security keys/passkeys as the most secure option, up from 18% last year (a 16-point increase) (source) Yubico
  • 29% of respondents still do not have MFA set up for their personal email accounts. (source) Yubico
  • 47% of respondents use personal email accounts lacking MFA to log in to social media accounts. (source) Yubico
  • 34% of respondents use personal email accounts lacking MFA to log in to mobile phone carriers. (source) Yubico
  • 41% of respondents use personal email accounts lacking MFA to log in to banking services. (source) Yubico
  • Only 48% of respondents said their company uses Multi-Factor Authentication (MFA) across all apps and services. (source) Yubico
  • In France, the adoption of MFA for personal accounts surged from 29% in 2024 to 71% in 2025, marking a 42-percentage point increase. (source) Yubico
  • Only 26% of respondents consider usernames and passwords to be the most secure authentication method. (source) Yubico
  • Usernames and passwords are used by 60% of respondents as an authentication method for personal accounts. (source) Yubico
  • Usernames and passwords are used by 56% of respondents as an authentication method for work accounts. (source) Yubico
  • In Asia Pacific, just 1.6% are fully protected against bots. (source) DataDome
  • 61% of enterprises with 10,001+ employees were completely unprotected against bots. (source) DataDome
  • Among enterprises with 10,001+ employees, just 2.2% had full protection against bots. (source) DataDome
  • Government, Non-Profit, and Telecoms sectors have the weakest protection against bots. (source) DataDome
  • Latin America had the highest share of protected websites against bots. (source) DataDome
  • In Latin America, only 3.5% of websites were fully protected against bots. (source) DataDome
  • Nearly 6 in 10 domains in Latin America were completely exposed to bots. (source) DataDome
  • In Latin America, 38.5% of websites were partially protected against bots. (source) DataDome
  • LLM crawler traffic rose from 2.6% of verified bot traffic in January to over 10.1% by August. (source) DataDome
  • 88.9% of domains disallow GPTBot in their robots.txt files. (source) DataDome
  • DataDome alone detected nearly 1.7 billion requests from OpenAI crawlers in a single month. (source) DataDome
  • LLM crawler traffic quadrupled across DataDome’s customer base in 2025. (source) DataDome
  • In North America and Europe, over 60% of websites lack any bot protection. (source) DataDome
  • Travel & Hospitality, Gambling, and Real Estate led the way with the highest combined rates of full and partial protection against bots. (source) DataDome
  • Only 2.8% of websites were fully protected against bots in 2025, which is down from 8.4% in 2024. (source) DataDome
  • Only 2% of domains with over 30M monthly visits were fully protected against bots. (source) DataDome
  • In 2025, 64% of AI bot traffic reached forms. (source) DataDome
  • In 2025, 23% of AI bot traffic reached login pages. (source) DataDome
  • In 2025, 5% of AI bot traffic reached checkout flows. (source) DataDome
  • In 2025, anti-fingerprinting bots were only blocked by ~7% of websites. (source) DataDome
  • In 2025, fake Chrome and curl bots were detected just 21% of the time. (source) DataDome
  • AI bot and crawler traffic now makes up more than 1 in 10 verified bot requests. (source) DataDome

Budgets and hiring

  • SecOps solutions represent the largest share of software budgets at 16%. (source) Ians Research & Artico Search
  • Software accounts for roughly 30% of security budgets, making it the second-largest line item after staff and compensation. (source) Ians Research & Artico Search
  • 18% of survey respondents believe their cybersecurity budgets will decrease in the next 12 months, compared to 13% last year. (source) ISACA
  • Only 41% of respondents believe their cybersecurity budgets will increase in the next 12 months, compared to 47% last year. (source) ISACA
  • The top three most important soft skills needed by security professionals are critical thinking (57%), communication (56%), and problem solving (47%). (source) ISACA
  • The top method to address technical skill gaps is increasing usage of contract employees or outside consultants (30%), which is a decline from 36% last year. (source) ISACA
  • Soft skills are the largest reported skill gap in cybersecurity, increasing from 51% in 2024 to 59% in 2025. (source) ISACA
  • High work-stress levels, limited promotion and development opportunities, and recruitment by other enterprises are the top reasons cybersecurity professionals leave their current roles. (source) ISACA
  • The complex cyber threat landscape is cited as the main reason for stress by 63% of respondents in 2025, down from 81% in 2024. (source) ISACA
  • 66% of respondents indicate that their cybersecurity roles are significantly or slightly more stressful now than five years ago. (source) ISACA
  • Prior hands-on cybersecurity experience is considered very important by 60% of respondents, marking a decline from 73% last year. (source) ISACA
  • 61% of respondents indicate that adaptability is very important in determining a cybersecurity applicant's qualifications. (source) ISACA
  • Professional development training is the most common employer benefit at 60%, three percentage points higher than last year. (source) ISACA
  • Employer-paid employee certification fees dropped to the second most common benefit, offered by only 54% of respondents, a decrease from 65% in 2024 (source) ISACA

Cybersecurity Insurance

  • Other insuring agreements (average) were triggered as the main driver of loss in 1.6% of claims, triggered with some loss impact in 1.4%, triggered with no loss impact known in 0.5%, and not triggered in 96.6%. (source) AXA XL
  • Extortion coverage was triggered in 11.9% of all claims, showing a significant difference between primary claims(15.6%) and excess claims (3.3%), indicating it is far more common at the primary layer. (source) AXA XL
  • Business interruption coverage was triggered in 17.5% of all claims, occurring more frequently in excess claims(23.3%) than in primary claims (15.1%). (source) AXA XL
  • Privacy and cyber security coverage was triggered in 13.2% of all claims, with a higher prevalence in excess claims(22.2%) compared to primary claims (9.4%). (source) AXA XL
  • 2021: 29.7% of large losses came from other causes, 23.7% from data breaches, and 46.6% from ransomware. Ransomware overtook all other causes and drove nearly half of the biggest cyber claims. (source) AXA XL
  • 2018: 46.2% of large losses came from other causes, 37.9% from data breaches, and 15.9% from ransomware. Ransomware started to emerge as a meaningful driver of big cyber claims. (source) AXA XL
  • 2020: 27.3% of large losses came from other causes, 29.2% from data breaches, and 43.4% from ransomware. Ransomware remained a dominant source of costly claims. (source) AXA XL
  • Average initial ransom demand (based on all cases with ransom demand) in 2023: $32.25 million. (source) AXA XL
  • In 2020, victims paid on average 37.4% of the initial ransom demand. (source) AXA XL
  • In 2021, victims paid on average 33.9% of the initial ransom demand. (source) AXA XL
  • In 2022, victims paid on average 42.0% of the initial ransom demand. (source) AXA XL
  • In 24.6% of large ransomware claims, attackers used phishing to infiltrate systems. (source) AXA XL
  • The average duration business operations were affected by ransomware in retail was 32 days. (source) AXA XL
  • In 2023, only 11.1% of backups were affected by ransomware. (source) AXA XL
  • On average, businesses across all industries experienced 69 days of operational disruption due to ransomware attacks. (source) AXA XL
  • 2019: 28.1% of large losses came from other causes, 29.2% from data breaches, and 45.1% from ransomware. Ransomware surged and became the leading cause of major cyber claims for the first time. (source) AXA XL
  • Ransomware incidents often lead to significant business interruptions, with some level of systems shutdowns occurring in approximately 92% of these cases. (source) AXA XL
  • For data breach cases where the attackers themselves disclosed the breach, it took an average of 38 days to notice the attacker prior to 2019. (source) AXA XL
  • Across all data breach cases combined, the average time to notice an attacker was 45 days since 2019. (source) AXA XL
  • Across all data breach cases combined, the average time to notice an attacker was 90 days prior 2019. (source) AXA XL
  • Between 2019 and 2023, professional services experienced large losses primarily from ransomware (75.0%), followed by data breaches (14.3%) and other causes (10.7%). (source) AXA XL
  • Companies with revenues up to $250M had an average relative frequency of large claims on primary policies of 0.45. (source) AXA XL
  • Before 2023, 62.8% of backups were affected by ransomware. (source) AXA XL
  • 2010–2017: 62.3% of large cyber losses came from other causes, 37.7% came from data breaches, and ransomware caused 0.0% of major losses. At this stage, ransomware claims were rare, and most large claims stemmed from breaches and miscellaneous incidents. (source) AXA XL
  • Average initial ransom demand (based on all cases with ransom demand) in 2020: $11.25 million. (source) AXA XL
  • Average initial ransom demand (based on all cases with ransom demand) in 2022: $21.46 million. (source) AXA XL
  • The average duration business operations were affected by ransomware in financial services was 33 days. (source) AXA XL
  • In 2021, organizations took an average of 77 days to restore operations after a ransomware attack. (source) AXA XL
  • In 2023, organizations took an average of 32 days to restore operations after a ransomware attack. (source) AXA XL
  • The average duration business operations were affected by ransomware in technology was 57 days. (source) AXA XL
  • In 7.1% of cases prior to 2019, the hackers themselves revealed the breach. (source) AXA XL
  • The average duration business operations were affected by ransomware in other industries was 44 days. (source) AXA XL
  • In 35.7% of data breach cases prior to 2019, the company’s own IT team or outsourced service providers detected the attack. (source) AXA XL
  • In 42.9% of cases prior to 2019, breaches were first flagged by outside parties such as security firms, regulators, or customers. (source) AXA XL
  • For data breach cases where the attacker was detected by a third-party, it took an average of 136 days to notice the attacker prior 2019. (source) AXA XL
  • Between 2019 and 2023, other sectors experienced large losses primarily from ransomware (53.1%), followed by data breaches (25.0%) and other causes (21.9%). (source) AXA XL
  • Business interruption was triggered as the main driver of loss in 17.5% of claims (primary 15.1%, excess 23.3%), triggered with some loss impact in 12.6%, triggered with no loss impact known in 7.3%, and not triggered in 62.6%. (source) AXA XL
  • Privacy & cyber security was triggered as the main driver of loss in 13.2% of claims (primary 9.4%, excess 22.2%), triggered with some loss impact in 14.6%, triggered with no loss impact known in 3.3%, and not triggered in 68.9%. (source) AXA XL
  • Data recovery was triggered as the main driver of loss in 1.3% of claims, triggered with some loss impact in 17.5%, triggered with no loss impact known in 5.0%, and not triggered in 76.2%. (source) AXA XL
  • Average initial ransom demand (based on all cases with ransom demand) in 2021: $17.39 million. (source) AXA XL
  • In 14.3% of cases prior to 2019, the source of detection was miscellaneous or unknown. (source) AXA XL
  • In 66.0% of data breach cases since 2019, the company’s own IT team or outsourced service providers discovered the attack. (source) AXA XL
  • In 17.0% of cases since 2019, breaches were first reported by external parties. (source) AXA XL
  • In 6.4% of cases since 2019, the attackers themselves disclosed the breach. (source) AXA XL
  • For data breach cases where the attacker was detected by internal IT staff or an outsourced cybersecurity provider (OCP), it took an average of 61 days to notice the attacker prior 2019. (source) AXA XL
  • The average duration business operations were affected by ransomware in health care was 70 days. (source) AXA XL
  • For data breach cases where the attackers themselves disclosed the breach, it took an average of 17 days to notice the attacker since 2019. (source) AXA XL
  • Between 2019 and 2023, retail experienced large losses primarily from ransomware (50.0%), followed by other causes (30.0%) and data breaches (20.0%). (source) AXA XL
  • Between 2019 and 2023, healthcare experienced large losses primarily from ransomware (57.1%), followed by data breaches (28.6%) and other causes (14.3%). (source) AXA XL
  • Between 2019 and 2023, financial services experienced large losses primarily from data breaches (40.9%) and ransomware (40.9%), followed by other causes (18.2%). (source) AXA XL
  • Between 2019 and 2023, manufacturing experienced large losses primarily from ransomware (86.7%), followed by other causes (10.0%) and data breaches (3.3%). (source) AXA XL
  • Between 2019 and 2023, technology experienced large losses primarily from other causes (38.0%), followed by ransomware (32.0%) and data breaches (30.0%). (source) AXA XL
  • Companies with revenues between $250M and $500M had an average relative frequency of large claims on primary policies of 1.19. (source) AXA XL
  • Companies with revenues between $500M and $750M had an average relative frequency of large claims on primary policies of 1.40. (source) AXA XL
  • Companies with revenues between $750M and $2B had an average relative frequency of large claims on primary policies of 1.80. (source) AXA XL
  • Companies with revenues above $2B had an average relative frequency of large claims on primary policies of 1.86. (source) AXA XL
  • 88% of all incurred losses from AXA XL cyber claims over the last decade arise from claims that surpass $1 million, suggesting that a relatively small number of large claims are responsible for the majority of cyber losses. (source) AXA XL
  • Ransomware claims accounted for 54.3% of cyber claims in the sample for the period of 2019 and onwards. (source) AXA XL
  • 2023: 24.0% of large losses came from other causes, 13.3% from data breaches, and 62.8% from ransomware. Ransomware reached a record high, driving almost two-thirds of the largest cyber insurance payouts. (source) AXA XL
  • Average initial ransom demand (based on all cases with ransom demand) in 2019: $7.77 million. (source) AXA XL
  • 37.2% of large losses came from other causes, 16.0% from data breaches, and 46.6% from ransomware. While other causes ticked up, ransomware continued to generate nearly half of the most expensive claims. (source) AXA XL
  • In 2022, organizations took an average of 43 days to restore operations after a ransomware attack. (source) AXA XL
  • In 2019, victims paid on average 56.9% of the initial ransom demand. (source) AXA XL
  • In 2019, organizations took an average of 76 days to restore operations after a ransomware attack. (source) AXA XL
  • Before 2023, 37.2% of backups were not affected by ransomware. (source) AXA XL
  • The average duration business operations were affected by ransomware in professional services was 85 days. (source) AXA XL
  • In 10.6% of cases since 2019, the source of detection was unknown or other. (source) AXA XL
  • In 10.2% of large ransomware claims, the attack vector was either different or unknown. (source) AXA XL
  • In 49.2% of large ransomware claims, attackers gained access by exploiting system vulnerabilities. (source) AXA XL
  • In 2023, victims paid on average 39.1% of the initial ransom demand. (source) AXA XL
  • In 16% of large ransomware claims, attackers leveraged compromised or weak credentials to gain entry. (source) AXA XL
  • In 2023, 88.9% of backups were not affected by ransomware. (source) AXA XL
  • The average duration business operations were affected by ransomware in manufacturing was 62 days. (source) AXA XL
  • Businesses typically required around two full months to restore operations following a ransomware attack. (source) AXA XL
  • In 2020, organizations took an average of 54 days to restore operations after a ransomware attack. (source) AXA XL
  • For data breach cases where the attacker was detected by internal IT staff or an outsourced cybersecurity provider (OCP), it took an average of 35 days to notice the attacker since 2019. (source) AXA XL
  • For data breach cases where the attacker was detected by a third-party, it took an average of 91 days to notice the attacker since 2019. (source) AXA XL
  • Data breach response / crisis management was triggered as the main driver of loss in 24.5% of claims (primary 23.6%, excess 26.7%), triggered with some loss impact in 27.5%, triggered with no loss impact known in 3.6%, and not triggered in 44.4%. (source) AXA XL
  • Extortion was triggered as the main driver of loss in 11.9% of claims (primary 15.6%, excess 3.3%), triggered with some loss impact in 11.6%, triggered with no loss impact known in 9.6%, and not triggered in 66.9%. (source) AXA XL
  • Data breach response / crisis management coverage was triggered in 24.5% of all claims overall, with a slightly higher incidence in excess claims (26.7%) compared to primary claims (23.6%). (source) AXA XL
  • Healthcare experienced extortion demands as high as $4 million. (source) Resilience
  • Healthcare, retail, and manufacturing remained the most targeted sectors. (source) Resilience
  • Healthcare, retail, and manufacturing remained the most targeted sectors. (source) Resilience
  • The average cost of an individual ransomware attack rose by 17% in the first half of 2025. (source) Resilience
  • Manufacturing faced several ransomware incidents, generating cyber insurance claims averaging over $1 million in severity. (source) Resilience
  • Vendor-driven cyber insurance claims notifications fell from 37% to 26% of all claims, representing a 30% drop. (source) Resilience
  • Despite a drop in notifications, vendor-related claims still accounted for 15% of incurred losses estimated so far in 2025. (source) Resilience
  • Financially motivated social engineering, particularly tailored attacks enhanced by AI-powered phishing content, fuelled a disproportionate share of incurred losses (88%). (source) Resilience

2025 cybersecurity statistics about DDOS

  • Targeted sectors by DDoS attack in the first half of 2025: Defense (23% - an increase of 14%), retail & e-commerce (18% - an increase of 8%), logistics & transport (15% - an increase of 9%), public sector (11%), education (9%), finance (6%), healthcare (5%), telco (5%), technology, IT, Internet (4%), and other (4%). (source) Link11
  • The Link11 network recorded 225% more DDoS attacks in the first half of 2025 compared to the same period last year. (source) Link11
  • The cumulative DDoS attack volume rose from 110 TB in the first half of 2024 to 438 TB in the first half of 2025. 438 TB is equivalent to over 7 years of uninterrupted Netflix streaming in 4K. It is enough data for more than 1,700 years of uninterrupted audiobook playback. (source) Link11
  • The longest documented DDoS attack in the first half of 2025 lasted 12,388 minutes (8 days and 14 hours). (source) Link11
  • The longest DDoS attack in the first half of 2024 lasted 1,523 minutes (approximately 1 day and 1 hour). (source) Link11
  • In 2025, 98% of DDoS attacks routed malicious traffic through the US. (source) Link11
  • Attack success rates demonstrate that 40% to 50% of systems are still inadequately protected against politically motivated attack tactics. (source) Link11
  • Targeted sectors by DDoS attack in the first half of 2025: Defense (23% - an increase of 14%), retail & e-commerce (18% - an increase of 8%), logistics & transport (15% - an increase of 9%), public sector (11%), education (9%), finance (6%), healthcare (5%), telco (5%), technology, IT, Internet (4%), and other (4%). (source) Link11
  • The largest DDoS attack between January and July 2025 reached a maximum bandwidth of over 1.2 Tbit/s. This is double the largest attack in the first half of 2024, which was 694 Gbit/s. (source) Link11
  • The highest maximum number of packets transmitted per second recorded was 207,090,400 packets per second in the first half of 2025. 207 million packets per second can paralyze firewalls, servers, and entire networks within seconds. (source) Link11
  • The maximum DDoS attack duration in June 2024 was only 73 minutes. (source) Link11
  • Backbone DDoS attacks (targeting Internet service provider or data center infrastructure) increased by 143% compared to the first half of 2024. (source) Link11
  • One observed Layer 7 DDoS attack used around 20,000 legitimate HTTP requests per minute to disrupt sensitive areas. This is compared to 200 million packets per second for brute force attacks, indicating that precision can be more dangerous if unnoticed. (source) Link11
  • In 2025, 31% of DDoS attacks routed malicious traffic through Germany. (source) Link11
  • Targeted Sectors (Web Application and API Protection - WAAP) The analysis shows a shift in affected sectors between the first half of 2024 and the first half of 2025: (source) Link11
  • Targeted sectors by DDoS attacks in the first half of 2024: Finance (17%), public Sector (11%), retail & e-Commerce (10%), defense (9%), telco (8%), healthcare (7%), education (6%), media (6%), food (6%), energy (6%), logistics & transport (6%), other (10%). (source) Link11

Defense Industry

  • Only 22% of organizations actively pursuing CMMC 2.0 certification implement contractual security requirements with suppliers. This is below the 27% industry average. (source) Kiteworks
  • The challenge of data inventory accuracy affects 27% of organizations actively pursuing CMMC 2.0 certification. It ranks sixth among seven key challenges. (source) Kiteworks
  • 11% of organizations actively pursuing CMMC 2.0 certification are in Europe. (source) Kiteworks
  • 20% of organizations actively pursuing CMMC 2.0 certification are in Asia-Pacific. (source) Kiteworks
  • 7% of organizations actively pursuing CMMC 2.0 certification are in Middle East/Africa. (source) Kiteworks
  • 51% of all organizations actively pursuing CMMC 2.0 certification managing international data flows report increased complexity in policy development and control implementation. (source) Kiteworks
  • 63% of organizations actively pursuing CMMC 2.0 certification are in North America. (source) Kiteworks
  • 59% of mid-market firms (5,000-9,999 employees) actively pursuing CMMC 2.0 certification achieve top-tier encryption (76-100% coverage). (source) Kiteworks
  • Only 56% of organizations have fully implemented end-to-end encryption for all sensitive data. (source) Kiteworks
  • Only 38% of organizations over 20,000 employees actively pursuing CMMC 2.0 certification achieve top-tier encryption (76-100% coverage). (source) Kiteworks
  • Organizations without governance tracking show 5 percentage points higher rates of low-encryption outcomes (20% vs. 15%). (source) Kiteworks
  • While 95% of organizations actively pursuing CMMC 2.0 certification track some governance tracking effectiveness metrics, only 38% have instituted comprehensive governance control and tracking systems. (source) Kiteworks
  • Just over half of organizations have centralized governance processes. (source) Kiteworks
  • 39% of organizations actively pursuing CMMC 2.0 certification cite vendor compliance as a top concern. This is 7 percentage points higher than non-CMMC organizations. (source) Kiteworks
  • Vendor compliance ranks as the second-highest challenge for the organizations actively pursuing CMMC 2.0 certification (scoring 73 out of 100). (source) Kiteworks

Email security and phishing

  • Email remained the top vector for delivering malware, accounting for 61% of threats caught by HP Sure Click in Q2 2025. This was a 1 percentage point drop compared to Q1 2025. (source) HP Wolf Security
  • In Q2 2025, 13% of malicious emails (phishing, malware, etc.) were not blocked by the email gateway security system. This is 1 percentage point higher than in Q1 2025. (source) HP Wolf Security
  • 47% of IT leaders based in Australia cite managing external threats (such as phishing and spoofing) as their top security challenge. (source) Exclaimer
  • 42% of IT leaders based in Germany cite managing external threats (such as phishing and spoofing) as their top security challenge. (source) Exclaimer
  • 43% of UK IT leaders cite managing external threats (such as phishing and spoofing) as their top security challenge. (source) Exclaimer
  • 64% of US IT leaders want to automate parts of their email infrastructure, but only 17% say they are fully prepared to implement automation. (source) Exclaimer
  • 46% of US IT leaders cite managing external threats (such as phishing and spoofing) as their top security challenge. (source) Exclaimer
  • 86% of US IT leaders indicate that more than half of their business communication flows through email. (source) Exclaimer
  • 62% of organizations in the finance sector experienced email incidents, yet only 42% feel very confident in their compliance posture. (source) Exclaimer
  • 58% of organizations in the healthcare sector experienced email incidents, yet only 36% feel very confident in their compliance posture. (source) Exclaimer
  • 86% of US IT leaders agree that professional email signatures build trust. (source) Exclaimer
  • Only 18% of US organizations use centralized signature management solutions. (source) Exclaimer
  • 41% of US organizations still rely on employees to manage their own email signatures. (source) Exclaimer
  • 73% of US organizations experienced an email-related security incident in the past year. (source) Exclaimer
  • 60% of organizations in the legal sector experienced email incidents, yet only 41% feel very confident in their compliance posture. (source) Exclaimer
  • 59% of organizations in the technology sector experienced email incidents, yet only 39% feel very confident in their compliance posture. (source) Exclaimer
  • Professionals in high-email-volume sectors like legal and finance send 20-30+ emails daily. (source) Exclaimer
  • 70% of respondents believe phishing attempts have become more successful due to the use of AI. (source) Yubico
  • 78% of respondents believe phishing attempts have become more sophisticated due to the use of AI. (source) Yubico
  • The percentage of respondents who could correctly recognize a phishing attempt was similar across generations: Gen Z - 45%, Millennials - 47%, Gen X and baby boomers - 46% (both groups). (source) Yubico
  • Gen Z is the most susceptible demographic to phishing, with 62% reporting engagement (e.g., clicking a link or opening an attachment) with a phishing scam in the past year. (source) Yubico
  • When shown a phishing email, 54% of respondents either believed it was an authentic message written by a human or were unsure. (source) Yubico
  • 44% of all participants admitted to having interacted with a phishing message in the last year. (source) Yubico
  • Only 27% of enterprises test smishing. (source) Dune
  • Just 15% of CISOs at enterprises test voice phishing. (source) Dune
  • Just 18% of enterprises tailor phishing simulations by both role and behavior. (source) Dune
  • Only 27% of CISOs at enterprises simulate SMS phishing. (source) Dune
  • 100% of enterprises test email phishing. (source) Dune
  • AI-personalized phishing now drives 300% more user interaction than traditional, templated variants. (source) Dune
  • 59% of CISOs at enterprises fear voice phishing (vishing). (source) Dune
  • 71% of CISOs at enterprises worry about SMS phishing (smishing). (source) Dune
  • 91% of enterprises say tailoring phishing simulations by both role and behavior is essential. (source) Dune
  • Only 15% of enterprises simulate vishing. (source) Dune
  • Only 12% of CISOs at enterprises believe their current Security Awareness Training (SAT) program is sufficient. (source) Dune
  • 64% of surveyed enterprises confirmed social engineering attacks via encrypted or informal channels in the past 12 months. (source) Dune

Pen Testing and remediation

  • The Median Time to Remediation (MTTR) for serious findings is 61 days in the financial services industry. This ranks financial services 11th of 13 industries measured. (source) Cobalt
  • 78% of financial services firms report fixing critical vulnerabilities in business-critical assets within 14 days, indicating they narrowly meet strict internal SLA requirements. (source) Cobalt
  • 70% of financial services firms report that delays in scheduling pentests sometimes impact compliance or business timelines. (source) Cobalt
  • 68% of financial services leaders highlight GenAI-related risks as a top concern. (source) Cobalt
  • 46% of financial services leaders highlight insider threats as a top concern. (source) Cobalt
  • 76% of financial services leaders highlight third-party software vulnerabilities as a top concern. (source) Cobalt
  • Approximately one-third of serious issues are never resolved by the organizations in the financial services industry, contributing to backlog and systemic risk. (source) Cobalt
  • The half-life for serious findings is 147 days in the financial services industry. This metric, which accounts for unresolved vulnerabilities, places FS ninth overall out of the thirteen measured industries. (source) Cobalt
  • Financial services firms demonstrate strengths in avoiding common, code-level flaws due to mature security programs and automated scanning (SAST/DAST). However, they struggle with vulnerabilities that require human-led testing. (source) Cobalt
  • Cross-site scripting (Web/API): 5.0% in the financial services industry (versus 9.7% average in other industries). (source) Cobalt
  • Server-side injection (Web/API): 4.2% in the financial services industry (versus 5.3% average in other industries). (source) Cobalt
  • Business logic flaws: 2.9% in the financial services industry (versus 2.3% average in other industries). (source) Cobalt
  • Server security misconfigurations: 34.9% in the financial services industry (versus 27.9% average in other industries). (source) Cobalt
  • Sensitive data exposure: 10.5% in the financial services industry (versus 8.0% average in other industries). (source) Cobalt
  • Components with known vulnerabilities: 6.1% in the financial services industry (versus 5.5% average in other industries). (source) Cobalt
  • Industries like hospitality resolve serious findings significantly faster than the financial services industry (61 days vs 20 days). (source) Cobalt
  • The financial services industry resolves about two-thirds (66.7%) of serious findings. This ranks the industry 10 out of the 13 industries Cobalt researched. (source) Cobalt

Gen Z cyber risks and attitudes

  • Of business leaders that said Gen Z employees leaked confidential information, 52% reported client loss or damaged relationships. (source) PasswordManager.com
  • Of business leaders that said Gen Z employees leaked confidential information, only 10% said the leak resulted in no serious consequences. (source) PasswordManager.com
  • 23% of business leaders report Gen Z employees using real customer data in skits. (source) PasswordManager.com
  • A quarter (25%) of business leaders report seeing Gen Z employees use company logos, contracts, or pay stubs in videos. (source) PasswordManager.com
  • 25% of business leaders say Gen Z employees posted screenshots of sensitive Slack or Teams chats online. (source) PasswordManager.com
  • 58% of companies have increased training due to concerns about Gen Z leaking company data. (source) PasswordManager.com
  • About 23% of business leaders have seen Gen Z employees share inbox screenshots as “corporate cringe”. (source) PasswordManager.com
  • 21% of business leaders report encountering “rage videos” where private details were deliberately exposed. (source) PasswordManager.com
  • Of business leaders that said Gen Z employees leaked confidential information, 47% reported legal issues. (source) PasswordManager.com
  • Of business leaders that said Gen Z employees leaked confidential information, 42% reported financial losses. (source) PasswordManager.com
  • 28% of business leaders say Gen Z employees shared Zoom clips or screenshots from confidential meetings. (source) PasswordManager.com
  • Of business leaders that said Gen Z employees leaked confidential information, 42% reported financial losses. (source) PasswordManager.com
  • Of business leaders that said Gen Z employees leaked confidential information, only 10% said the leak resulted in no serious consequences. (source) PasswordManager.com
  • 29% of business leaders report seeing Gen Z employees filming in front of whiteboards or strategy decks. (source) PasswordManager.com
  • Of business leaders that said Gen Z employees leaked confidential information, 47% reported legal issues. (source) PasswordManager.com
  • Of business leaders that said Gen Z emplouyes leaked confidential information, 54% reported reputational damage. (source) PasswordManager.com
  • 18% of business leaders say a Gen Z employee has leaked confidential information. (source) PasswordManager.com
  • 47% of business leaders think it’s likely Gen Z employees would intentionally share confidential details on social media for content or engagement. (source) PasswordManager.com
  • 41% say Gen Z employees have gossiped or shared private information with unauthorized people. (source) PasswordManager.com
  • 18% of companies are considering increasing training and education on confidentiality due to Gen Z leaking company data. (source) PasswordManager.com
  • 18% of business leaders say a Gen Z employee has leaked confidential information. (source) PasswordManager.com
  • Nearly 45% of business leaders believe Gen Z employees are more likely than other generations to leak company information. (source) PasswordManager.com
  • 24% of business leaders have seen Gen Z employees post behind-the-scenes product demos before launches. (source) PasswordManager.com
  • 19% of business leaders admit they don’t trust Gen Z workers to handle confidential information. (source) PasswordManager.com
  • About 34% of business leaders have seen Gen Z employees record “day in the life” TikToks that revealed sensitive details. (source) PasswordManager.com
  • 30% of companies are avoiding hiring Gen Z employees. (source) PasswordManager.com
  • 30% of companies are avoiding hiring Gen Z employees. (source) PasswordManager.com
  • 52% of business leaders believe Gen Z employees pose a security risk. (source) PasswordManager.com

2025 Cybersecurity Statistics About Healthcare

  • The 2025 breach at DaVita compromised over 900,000 patients' personal and clinical data. (source) Cobalt
  • More than 1.6 million patient records were compromised across all analysed email-related healthcare incidents that occurred in the first half of 2025. (source) Paubox
  • The average healthcare email breach exposed nearly 16,000 individual records in the first half of 2025. (source) Paubox
  • Incidents involving Proofpoint email customers accounted for 6% in healthcare. (source) Paubox
  • The Episource breach affected 5.4 million individuals (source) Paubox
  • 79% of breached healthcare organizations have ineffective DMARC protection. This is up dramatically from 65% in 2024. (source) Paubox
  • 81% of healthcare email breaches were classified as hacking or IT incidents. (source) Paubox
  • Microsoft 365 environments now account for 52% of all healthcare email breaches. This represents a dramatic surge from 43% just one year ago. (source) Paubox
  • Incidents involving Barracuda email customers accounted for 5% in healthcare. (source) Paubox
  • 41% of healthcare organizations are now classified as high-risk. This compares to just 31% last year. (source) Paubox
  • Business associates (including billing vendors, imaging firms, and outsourced IT providers) were involved in 17 of the 107 email-related breaches in healthcare. This represents 16% of all incidents. (source) Paubox
  • IT leaders estimate that only 5% of known phishing attacks in healthcare are actually reported by employees to security teams. (source) Paubox
  • The largest single email breach, affecting United Seating and Mobility, exposed over half a million records. (source) Paubox
  • Incidents involving Mimecast email customers accounted for 8% in healthcare. (source) Paubox
  • The sharp rise in Microsoft 365 email breaches in healthcare represents a 21% increase year-over-year. (source) Paubox
  • Cyberattacks are cited as the leading cause of critical workflow disruptions by 50% of healthcare organizations. (source) Paubox
  • 71% of healthcare leaders cited GenAI as the top risk. (source) Cobalt
  • 71% of healthcare leaders cited GenAI as the top risk. (source) Cobalt
  • Just 13.3% of healthcare pentest findings qualify as “serious”. This ranks healthcare 6th-best out of 13 industries. (source) Cobalt
  • 37% of healthcare organizations resolve critical findings in business-critical assets within four to seven days. (source) Cobalt
  • Healthcare resolved only 57.4% of serious pen test findings. This ranks healthcare 11th of 13 industries. By comparison, transportation led with 80.2%. (source) Cobalt
  • Nearly 40% of healthcare SLAs require serious findings in business-critical assets to be fixed within three days. Another 40% require resolution within four to 14 days. (source) Cobalt
  • 14% of healthcare organizations resolve critical findings in business-critical within eight to 14 days. (source) Cobalt
  • Healthcare’s half-life for serious pen test findings was 244 days. This ranks healthcare 11th of 13 industries. Transportation had a half-life of 43 days. (source) Cobalt
  • Healthcare’s median time to resolve serious pen test findings was 58 days. This ranks healthcare 10th of 13 industries. Hospitality led with 20 days. (source) Cobalt
  • 43% of healthcare organizations resolve critical findings in business-critical assets in one to three days. (source) Cobalt
  • 68% of healthcare leaders cited third-party software as the top risk. (source) Cobalt
  • 68% of healthcare leaders cited third-party software as the top risk. (source) Cobalt
  • 63% of UK IT leaders in the tech sector say they've adopted email filtering. (source) Exclaimer
  • 36% on average (over a third) of all security incidents reported by IT leaders are email-driven. (source) Exclaimer
  • 92% of Government bodies in the UK reported an email-related breach. (source) Exclaimer
  • Nearly half (49%) of UK IT leaders report being hit by an email-related security incident in the past 12 months alone. (source) Exclaimer
  • 75% of UK IT leaders in the tech sector faced inbox breaches. (source) Exclaimer
  • 52% of all organisational communication in the UK flows through the inbox. (source) Exclaimer
  • 56% of Government bodies in the UK reported a breach in the past year alone. (source) Exclaimer
  • 89% of UK IT leaders agreed that well-managed email signatures directly contribute to professionalism and client confidence. (source) Exclaimer
  • 53% of UK IT leaders in the tech sector say they've adopted AI detection. (source) Exclaimer
  • 87% of UK IT leaders in the finance sector report exposure to email-related incidents. (source) Exclaimer
  • 85% of UK IT leaders in the legal sector report exposure to email-related incidents. (source) Exclaimer
  • 42% of respondents of UK IT leaders cited external threats (such as phishing, spoofing, and spam) as their bigest email security challenge. (source) Exclaimer
  • 39% of respondents of UK IT leaders cited difficulty of balancing security with ease of use as their bigest email security challenge. (source) Exclaimer
  • 38% of respondents of UK IT leaders cited ensuring strong encryption as their bigest email security challenge. (source) Exclaimer
  • 47% of UK IT leaders cited employee security awareness training as the most common defence against email-related incidents. (source) Exclaimer
  • 44% of UK IT leaders in the public sector say they've adopted MFA. (source) Exclaimer
  • 83% of UK IT leaders report suffering at least one email-related security incident. (source) Exclaimer
  • 87% of UK IT leaders expect email to remain Britain’s primary business channel for at least the next five years. (source) Exclaimer
  • 81% of UK IT leaders view one-to-one email as a critical communications channel, on par with IM and collaboration tools. (source) Exclaimer
  • 38% of UK IT leaders cited AI-driven threat detection as the most common defence against email-related incidents. (source) Exclaimer
  • 46% of UK IT leaders cited email filtering as the most common defence against email-related incidents. (source) Exclaimer
  • 41% of UK IT leaders cited multi-factor authentication (MFA) as the most common defence against email-related incidents. (source) Exclaimer
  • 45% of UK IT leaders said stronger security and encryption standards is a trend that will have the biggest impact by 2030. (source) Exclaimer
  • 41% of UK IT leaders said that tighter integration with real-time collaboration tools is a trend that will have the biggest impact by 2030. (source) Exclaimer
  • 41% of UK IT leaders said that AI-driven automation is a trend that will have the biggest impact by 2030. (source) Exclaimer
  • 59% of UK IT leaders in the tech sector say they've adopted email security training. (source) Exclaimer
  • 53% of UK IT leaders in the tech sector say they've adopted MFA. (source) Exclaimer
  • 27% of UK IT leaders in the public sector say they've adopted email security training. (source) Exclaimer
  • 26% of UK IT leaders in the public sector say they've adopted AI detection. (source) Exclaimer

Get more UK cybersecurity statistics here.