Sign in Subscribe
5 min read

CyberSecStats #18 - Monthly statistics round-up May/June 2025

Hello! Laura from CyberSecStats here with a monthly email of 100+ cybersecurity statistics pulled from vendor reports and research papers.

All of the statistics and data points below were published by cybersecurity vendors in the past month (May/June 2025) and include direct links back to their publisher/source.

Cybersecurity incident experiences

  1. 88% of CIOs faced cybersecurity incidents in the last 12 months. (Logicalis)
  2. 43% of CIOs suffered multiple breaches. (Logicalis)
  3. 78% of CIOs say breach frequency is steady or rising. (Logicalis
  4. 76% of CISOs reported major impacts from breaches. 36% faced downtime, 30% had data exposed, and 28% incurred financial loss. (Pentera)
  5. 75% of incidents involve unmanaged assets. (Trend Micro

Ransomware trend data

  1. The number of unique ransomware groups that reported a victim has risen from 41 in 2023 to 77 in 2024, an increase of nearly 88%. 
  2. Ransomware attacks rose 25% in 2024. (Bitsight)
  3. The number of ransomware leak sites increased by 53%. (Bitsight
  4. Ransomware cyber insurance claims frequency dropped 3%. (Coalition)
  5. The number of publicly disclosed victims rose 25% (Apr 2024–Mar 2025), after an 81% surge prior. (Black Kite)
  6. 96 ransomware groups are now active. (Black Kite)
  7. SMBs in the $4M–$8M range were hit most often. (Black Kite)
  8. Ransomware caused 67% of known third-party breaches. (Black Kite)
  9. Ransom payment values declined by 35%. (Black Kite)

Cybersecurity concerns

  1. Only 58% of CIOs are confident in their ability to identify potential security gaps. (Logicalis)
  2. Top concerns for CIOs regarding cybersecurity risk include: malware and ransomware (42%), data breaches (37%), AI-driven attacks (34%), and phishing (33%). (Logicalis
  3. 68% say media reports of high-profile breaches have elevated cybersecurity on the C-suite agenda. (LevelBlue)
  4. 58% view external threats (like malicious actors and state-affiliated groups) as more significant than internal threats (42%). (Cisco)

DDoS attacks

  1. 50%+ teams struggle to coordinate teams during DDoS attacks. (Corero)
  2. 68% report challenges showing the ROI of DDoS protection to leadership. (Corero)
  1. On average, organizations detect 17 cloud vulnerabilities weekly. (Prowler)
  2. Teams sift through ~7,000 alerts to find one real cloud threat. (ARMO
  3. 45% report frequent false positives from cloud tools. (ARMO
  4. 63% use over five runtime cloud security tools. (ARMO
  5. ~1/3 of cloud assets are neglected, each with ~115 vulnerabilities. (Orca Security)
  6. 36% of organizations have at least one cloud asset with 100+ attack paths. (Orca Security)
  7. Top tech expected to impact cloud security in the next three years: AI/ML analytics (27%), open-source tools (17%), and automated threat response (16%). (Prowler)
  8. Expected gaps (in the next 12 months): budget (45%), talent (42%), and automation (34%). (Prowler)
  9. 37% failed audits due to cloud security issues in the past year.  (Prowler)

AI-driven attack data

  1. AI-driven attacks now occur as frequently as phishing, placing AI firmly among the top three cybersecurity threats. (Logicalis)
  2. 42% of executives believe AI-powered threats will happen. (LevelBlue)
  3. 59% say AI is making threats harder for employees to spot.  (LevelBlue)
  4. Only 49% believe staff fully understand AI-related risks.  (Cisco)

Vulnerabilities and vulnerability management

  1. 57% say automation speeds up vulnerability response. (Optiv)  
  2. 74% identify a lack of understanding of every potential source of vulnerability as their biggest challenge to effective vulnerability management. (Optiv)  
  3. 91% face delays in remediation. (Seemplicity)
  4. 61% measure vulnerability remediation success by number of fixes; 54% by fewer breaches. (Seemplicity)
  5. 1 in 5 organizations take 4 or more days to fix critical vulnerabilities. (Seemplicity)
  6. Nearly 40% still rely on manual workflows for most of their vulnerability remediation processes. (Seemplicity)
  7. Total number of software vulnerabilities rose 61% YoY in 2024.(Action1)
  8. Critical vulnerabilities rose by 37.1% in 2024. (Action1)
  9. Known exploited vulnerabilities surged 96%. (Action1)
  1. 79% of companies are adjusting their cybersecurity budgets; 71% report increases.(Optiv
  2. Average enterprise security budget: $24M. (Optiv
  3. 67% of companies now use risk/threat assessments to guide budgets, up from 53% in 2024. (Optiv
  4. 30% say limited budget blocks adoption of new solutions. (Seemplicity)
  5. U.S. enterprises spend ~$187K yearly on pentesting - 11% of a $1.77M average security budget. (Pentera)
  6. 85% of CISOs say the volume of nation-state threats influence their budget. (Trellix)
  7. Among SMBs with fewer than 50 employees, more than half allocate less than 1% of their annual budget to cybersecurity. (CrowdStrike)

Security tool opinions from CIOs

  1. 50% of CIOs say they've overinvested in unnecessary tools.  (Logicalis)
  2. 50% admit they're not using all features of their security tools. (Logicalis)
  3. 50% of tech leaders lack tools that fit their business needs.  (Logicalis)
  4. 41% of CIOs don't believe their current security investments fully meet their organization's needs. (Logicalis)

AI cybersecurity tool adoption and benefits 

This post is for subscribers only