CyberSecStats #17 - Insights from CISOs, hiring trends, and network investments

Hello! 👋🏼 Laura from CyberSecStats here with a weekly email of the latest cybersecurity statistics from vendor reports and research. 

All the data below was published between June 9th - June 15th, 2025. 

General cybersecurity trends

Trellix Mind of the CISO: Closing the gap between reaction and readiness

Insights from over 500 CISOs worldwide on the evolving threat landscape and perceived risks to their organizations

Key stats:

• 98% of CISOs face barriers when acting on threat intelligence.
• 85% say the volume of nation-state threats influence their cybersecurity budgets.
• 28% struggle to integrate tools into their threat intelligence platforms due to limited automation.

Read the full report here.

Kroll 2025 Global Business Sentiment Survey: Resilience, Risks, and Preparedness

Insights from 1,200 C-suite executives in financial services, technology, and other industries across more than 20 countries, providing an unparalleled view of the international business landscape.

Key stats:

• 74% of organisations report increased cybersecurity and data privacy concerns.
• Cybersecurity threats rank among the most significant business challenges to organisations (47%).
• At least 4 in 10 business leaders are increasing budgets, expanding teams, upskilling, and/or hiring external help for cybersecurity challenges and data privacy concerns. 

Read the full report here.

Industry-specific data (Healthcare, FSI, and Transportation)

Paubox Healthcare IT is dangerously overconfident about email security

Report on email breach preparedness in healthcare. Based on first-party data from 150 U.S.-based healthcare IT leaders. 

Key stats:

• 86% of healthcare IT leaders say their current email security tools create workflow friction, causing staff to bypass security processes.
• 56% spend less than 10% of their security budget on email.
• 89% say AI-powered email threat detection is critical.

Read the full report here.

FS-ISAC & Akamai Technologies From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector

A joint annual report analyzing the strategic threat posed by the escalating number and sophistication of distributed denial-of-service (DDoS) attacks and their impact on customer trust, operations, and profitability in the financial services sector.

Key stats:

• In 2024, the financial services sector was the top target of volumetric DDoS attacks.
• App-layer DDoS attacks on this sector rose 23% year-over-year.
• APAC accounted for 38% of such attacks, up from 11% in 2023. 

Read the full report here.

Aryaka 2025 State of Network Security in Transportation & Logistics 

A report exploring networking and security challenges and trends in the transportation and logistics industry. 

Key stats:

• 70% of transportation and logistics organizations indicated that simplifying and lowering network costs is their top networking and network security priority over the next 12 months.
• 51% aim to reduce the workload on IT teams.
• Only 28% have begun implementing solutions to mitigate GenAI network and security challenges.

Read the full report here.

Security operations (including hiring and network security)

NCR Atleos Challenges IT decision-makers face around enterprise network investments

Survey about the factors IT leaders consider when making investment decisions about enterprise networking, including domains like LAN, WAN, and network security. This study encompassed 120 US-based enterprises in the manufacturing, retail, banking, and energy industries. 

Key stats:

• 48% of IT leaders said security concerns was a top challenge with enterprise networking. 
• 46% said the complexity of network management was a top challenge. 
• 66% of activities performed by third-party network technology service providers involve more complex tasks, such as network testing and optimization.

Read the full report here.

Sumo Logic 2025 Security operations insights

A report on the evolving priorities of security leaders as they evaluate the next generation of SIEM solutions. Based on a survey of more than 500 IT and security leaders. 

Key stats:

• 73% of security leaders are reassessing their SIEM solutions.
• 90% cite AI as a key driver in selecting new solutions (SIEM or alternatives).
• 9 out of 10 still consider SIEMs relevant for safeguarding their organisation.

ISC2 2025 Cybersecurity Hiring Trends Report

A cybersecurity hiring trends report based on insights from 929 hiring managers across organizations of all sizes in Canada, Germany, India, Japan, the U.K., and the U.S.

Key stats:

• 90% of cybersecurity hiring managers would consider candidates with prior IT work experience only.
• 56% of cybersecurity hiring managers stated that training entry-level cybersecurity team members to handle tasks independently typically takes 4–9 months.
• Cybersecurity hiring managers spend between U.S. $1,000 and $4,999 to train entry-level (45%) and junior-level (38%) team members to handle tasks independently.

Read the full report here.

Identity threats (phishing, scams, deepfakes)

Malwarebytes 2025 Mobile Scam Report

Research into mobile scams. 

Key stats:

• 75% of users encountered social engineering attempts like phishing and impersonation scams.
• Two-thirds of people are worried about the future of AI and how realistic scams are going to become.
• 52% of scam victims suffer financial loss or fraud.

Read the full report here.

Pindrop 2025 Voice Intelligence and Security Report

A deep dive into pressing security issues and future trends in the enterprise, including within contact centers serving financial and non-financial institutions.

Key stats:

• Deepfake fraud attempts rose by more than 1,300% in 2024. 
• There was a +173% increase in synthetic voice calls between Q1 and Q4 2024.
• Overall fraud attempts increased by +26% in 2024, which exceeded Pindrop's projected 4% rise.

Read the full report here.

Sumsub Q1 2025 identity fraud trends

Identity fraud trends based on Sumsub’s internal data. 

Key stats:

• Synthetic identity document fraud increased by 311% in North America compared to Q1 2024, making it the region's most alarming growth vector.
• Deepfake fraud jumped by 1100% in North America, indicating the use of generative AI to bypass facial recognition and biometric checks.
• Attempted healthtech fraud rose by 384%.

Read the full report here.

Communication trends

Exclaimer State of Business Email 2025

Insights from 4,000+ IT leaders into communication channels and why email remains essential in 2025. 

Key stats:

• 48% of global IT leaders say that the majority of their internal and external communication still relies on direct email, more than any other channel.
• 89% of global IT leaders say video conferencing is pivotal to their digital operations.
• 49% of global IT leaders use email for IT and security alerts.

Read the full report here.

DDos

Arelion DDoS Threat Landscape Report 2025

Arelion’s detailed analysis of Distributed Denial-of-Service (DDoS) attack trends observed throughout 2024 on its #1 ranked global Internet backbone, AS1299

Key stats:

• Average Volumetric DDoS Attack Size (2024): 23.0 Gb/s.
• DNS Amplification Dominance (2024): Accounted for 55% of all amplified traffic.
• Largest Single-Target Campaign (Cloudflare 2024): 4.2 Tb/s.

Read the full report here.