Sign in Subscribe
9 min read

CyberSecStats #2 - Email security, insider threats, budgets, and more...

CyberSecStats #2 February 2025 cybersecurity statistics - Email security, insider threats, budgets, and more...

Hello! 👋🏼 Laura from CyberSecStats here with a monthly email of the latest cybersecurity statistics pulled from recent vendor reports and research papers. 

All of the stats below were published by cybersecurity vendors in the past four months, with most being from the past two months (i.e., 2025).

✉️ Email Security

  1. Email was the primary method for delivering malware to endpoints, accounting for 52% of threats in Q3 2024. (HP Wolf Security)
  2. Manufacturing, Finance, and Law Firms were the top three most targeted industries for email crime in 2023 and the first half of 2024. (At-Bay)
  3. 56% of respondents are engaging managed services for email security/anti-phishing. (Fortra)
  4. Only 34% of email incidents are formally reported. (Zivver)
  5. 67% of IT leaders claim that email doesn’t get the security attention it deserves. (Zivver)

Insider threats/outbound email breaches 

  1. Two-thirds of IT leaders acknowledge that outbound breaches from human errors cause more data loss than social engineering attacks. (Zivver)
  2. 73% of employees are aware of email security policies, but just 52% adhere to them. (Zivver)
  3. Employees frequently send the wrong attachment (33%), misaddress emails to unintended recipients (32%), or misuse CC and BCC fields (20%). (Zivver)

🎣 Phishing

  1. Phishing is a dominant threat, accounting for over 80% of reported security incidents in 2024. (Zivver)
  2. More than 8 out of every 1,000 users clicked on a phishing link each month, up 190% from last year. (Netskope)
  3. Enterprise users clicked on phishing lures at a rate nearly three times higher in 2024 compared to 2023. (Netskope)
  4. 45% of ransomware incidents were delivered via phishing. (Illumio)
  5. 83% of organisations identified Phishing/Smishing as a top security concern. (Fortra)

Phishing tactics

  1. URL redirection was the most employed tactic regarding phishing links (51%), followed by compromised websites (19%) and newly created domains (7%). (Vipre)
  2. The use of QR codes for phishing peaked at 12% in Q4 of 2024. (Vipre)
  3. Voice phishing increased by 442% between H1 and H2 2024. (Crowdstrike)
  4. Criminals used 'Impersonation' as a tactic in an average of 88% of all BEC cases. (Vipre)

Use of AI in phishing 

  1. AI can increase phishing profitability by up to 50 times if attackers can recover the initial development costs. (Harvard University
  2. AI-assisted Open Source Intelligence (OSINT) and email creation with human-in-the-loop took an average of 2 minutes and 41 seconds, whereas manual methods took approximately 34 minutes per target. (Harvard University
  3. Click through rates for control group emails (arbitrary phishing emails): 12% vs emails generated by human experts: 54% vs fully AI-automated emails: 54% vs AI emails with human-in-the-loop: 56%. (Harvard University

🦹‍♀️ Ransomware

  1. The number of active ransomware groups increased from around 60 in 2022 to almost 100 by 2024. (ReliaQuest)
  2. The number of unique ransomware groups that reported a victim has risen from 41 in 2023 to 77 in 2024, an increase of nearly 88%. (eSentire)
  3. After initial access, "breakout time" typically takes just 48 minutes, with some groups achieving lateral movement in as little as 27 minutes. (ReliaQuest)
  4. In the breakout phase of attacks using an "assembly line" strategy, threat actors move from one technique to the next in an average of just 7 minutes. (ReliaQuest)
  5. Ransomware gangs took an average of 18 actions before executing their final attack in 2024. (Huntress)
  6. Exfiltration-only ransomware attacks are 34% faster than those involving encryption. (ReliaQuest)

Ransomware payments

  1. The median ransom payment rose from $199,000 in 2023 to $1,500,000 in 2024. (ReliaQuest)
  2. The average time-to-ransom (TTR) was just under 17 hours in 2024. (Huntress)
  3. 51% of ransomware victims paid a ransom demand. (Illumio)
  4. Only 13% of respondents said all impacted data was recovered after paying a ransom. (Illumio)
  5. 40% of respondents said that the data was still leaked following payment. (Illumio)
  6. 32% revealed the attackers demanded further payment or threatened more attacks. (Illumio)
  7. Of the 49% of ransomware victims that did not pay a ransom, the main reasons were: compromised data wasn't critical (49%), having an effective backup strategy (48%), company policy (47%), lack of trust in the provision of a decryption key (46%), and law enforcement advice (40%). (Illumio)

Ransomware impact 

  1. 58% of organisations hit by ransomware in 2024 were forced to shut down operations to recover. This is an increase from 45% in 2021. (Illumio)
  2. The proportion of respondents reporting a significant revenue loss as a result of a ransomware attack nearly doubled from 22% in 2021 to 40% in 2024. (Illumio)
  3. 35% of organisations experienced brand damage as a consequence of a ransomware attack in 2024, up from 21% in 2021. (Illumio)
  4. Data exfiltration was the most common tactic used by ransomware groups to exert pressure (47%), followed by DDoS attacks (45%), data encryption (43%), and communicating with stakeholders/customers (34%). (Illumio)

💻 API Security 

  1. 99% of respondents experienced API security issues in the past 12 months. (Salt Security)
  2. 98.9% of AI vulnerabilities are API related. (Wallarm
  3. API-related data breaches tripled in 2024. (Wallarm
  4. There was an average of three API-related breaches per month in 2024, with some months seeing as many as five to seven. (Wallarm
  5. Newly published API endpoints are discovered by attackers in a mere 29 seconds. (Wallarm
  6. Attackers can exfiltrate sensitive data in as little as 6 seconds in API attacks. (Wallarm
  7. More than 50% of all recorded CISA exploited vulnerabilities were API-related for the first time, a 30% increase from the year before. (Wallarm
  8. Modern APIs represent over 33% of exploited vulnerabilities in CISA KEV. (Wallarm
  9. 57% of AI-powered APIs were externally accessible. (Wallarm
  10. 54% of organizations say APIs are a security risk because they expand the attack surface across all layers of the technology stack. (Wallarm
  11. 53% of organizations say traditional security solutions are not effective in distinguishing legitimate from fraudulent activity at the API layer, compared to 57% in 2023. (Traceable)
  12. 54% of organisations consider preventing API sprawl as one of their top three challenges to securing APIs. (Traceable)
  13. Only 21% of organizations rate their ability to detect attacks at the API layer as "high ability". (Traceable)

🔍 Vulnerabilities

  1. SMB vulnerabilities declined by 72%. (CISA)
  2. 52% of respondents said systems with unpatched vulnerabilities are targeted for lateral movement and privilege escalation, a significant rise from 33% in 2021. (Illumio)
  3. 47% of respondents are engaging managed services for vulnerability management. (Fortra)
  4. 40% of vulnerabilities exploited in 2024 were from 2020 or earlier. (GreyNoise)
  5. 10% of vulnerabilities exploited in 2024 were from 2016 or earlier, with some dating back to the late 1990s, such as CVE-1999-0526. (GreyNoise)
  6. Attackers are getting quicker at exploiting newly found CVEs, with exploitation observed within hours of disclosure in 2024. (GreyNoise)
  7. The average time to fix security flaws has increased from 171 days to 252 days over the past five years. (Veracode)
  8. 50% of organisations now carry critical security debt, which is defined as flaws left open for longer than a year. (Veracode)
  9. 70% of security debt stems from third-party code and the software supply chain. (Veracode)

🔧 Data Breaches and the Dark Web

  1. The breach rate for organisations with any form of dark web exposure was 3.7% over four years. (Searchlight Cyber
  2. The presence of compromised user accounts linked to an organisation raised the risk of a breach by 2.56 times. (Searchlight Cyber
  3. Dark web market listings, where an organisation or its data is mentioned, heightened breach risk by 2.41 times. (Searchlight Cyber

🖥️ SaaS Security

  1. There was a 300% year-over-year increase in SaaS breaches between September 2023 and 2024. (Obsidian Security)
  2. The fastest time from initial access to data exfiltration was as little as 9 minutes. (Obsidian Security)
  3. The average cost of a SaaS breach has risen to $4.88 million. (Obsidian Security)
  4. 85% of SaaS breaches began with a compromised identity. (Obsidian Security)
  5. 85% of employees use SaaS apps that are unknown and unmanaged by the organizations. (Grip Security)
  6. In 2023, 82-90% of new SaaS applications that were onboarded were unmanaged. (Grip Security)

🤖 AI 

  1. ​​66% of organisations expect AI to have the most significant impact on cybersecurity in the year to come, but only 37% report having processes in place to assess the security of AI tools before deployment. (World Economic Forum)
  2. 47% of organisations cite adversarial advances powered by generative AI (GenAI) as their primary concern. (World Economic Forum)
  3. 95% of respondents agree that GenAI is changing their organisation’s priorities, with security and privacy being a primary concern. (Nutanix)
  4. 67% of MSPs reported an increase in AI-driven cyberattacks over the past 12 months. (Datto)

AI and data security 

  1. 45.77% of sensitive data input into GenAI tools was customer data. (Harmonic Security)
  2. 63.8% of ChatGPT users used the free tier, with 53.5% of sensitive prompts entered into it. (Harmonic Security)
  3. When asked if they agree with the statement "We are concerned about data leakage as employees increasingly use GenAI tools," 43% of organizations surveyed strongly agree, 39% said they agree. (Harmonic Security)

💰Budgets

  1. 9 out of 10 respondents said the teams/resources responsible for IT security in their organizations are better funded than they were a year ago. (Omada)
  2. 59% of organisations cited Budgetary Constraints as a top concern. (Fortra)
  3. UK organisations are significantly increasing their cybersecurity budgets, with an average predicted rise of 31% in the next 12 months, which is more than double the 15% that Gartner had forecast. (Infosecurity Europe)
  4. IT leaders expect AI to account for nearly 20% of tech budgets in 2025. (Lenovo)
  5. 40% of respondents in the US, Canada, and EMEA only expect to spend 20% or less of their overall budget on cybersecurity this year. (ITPro)
  6. Cost-saving measures reported by CISOs include reduced security solutions and tools (50%), security hiring freezes (40%), and decreased or eliminated security training (36%). (Splunk)
  7. The need to generate return on investment (ROI) is one of the most important drivers for their security budget and investment decisions, cited by 49% of organizations. (Traceable)
  8. The need to reduce the Total Cost of Ownership (TCO) is one of the most important drivers for their security budget and investment decisions, cited by 45% of organizations. (Traceable)

🪪 Identity Security

  1. 95% of leaders view identity security as a critical component of their overall cybersecurity strategy. (Omada)
  2. More than 86% of leaders expressed concern about the risks of identity-related threats. (Omada)
  3. 50% of hands-on-keyboard incidents in 2024 used valid or exposed credentials for initial access. (ReliaQuest)
  4. Over 330 million compromised credentials were linked to infostealer malware. (Kela)

🧑🏽‍⚖️ Compliance and Regulations 

  1. 77% of UK CISOs feel that their IT budget is not completely reflected by their board’s objectives to meet regulatory requirements. (Rubrik)
  2. 30% of CISOs spend less than $100,000 annually on compliance. (RegScale)
  3. 38.3% of CISOs cited cost as a challenge in implementing new or updated compliance frameworks. (RegScale)
  4. When asked about their primary email security focus for the next two to three years, 31% prioritized compliance with data protection regulations. (Zivver)
  5. 53.7% of CISOs pointed to skilled staff as a major challenge in implementing new or updated compliance frameworks. (RegScale)
  6. 42% of CISOs are challenged by data and system silos as a challenge in satisfying regulatory requirements. (RegScale)
  7. 90% of professionals surveyed report conformance with DORA, the NIS2 Directive, and/or the EU AI Act will impact their workload. (AuditBoard)
  8. 83% of professionals are concerned about third-party AI use in regard to compliance with the EU AI Act. (AuditBoard)

☁️ Cloud

  1. 56% of executives cite cloud security as their biggest challenge. (Cyber Defense Group)
  2. Malicious content downloads from popular cloud apps occur in 88% of organizations every month. (Netskope)
  3. The overwhelming majority of users (88%) use personal cloud apps each month, with 26% uploading, posting, or otherwise sending data to personal apps. (Netskope)
  4. New and unattributed cloud intrusions increased by 26% YoY. (Crowdstrike)
  5. 59% of respondents did not move to the cloud due to security concerns. (Fortra)

February 2025 Cybersecurity Reports

🗒️ Security reports that were published in February 2025. 

General

Industry-specific 

Ransomware 

API, software security, supply chain 

AI

Cloud

OT Security

Voice spam and fraud & deepfakes

Other