CyberSecStats #23 - Monthly statistics round-up (June/July 2025)

Hi there!

We’ve been busy since our June digest. 

Over 1,000 new statistics have been added to our internal database from 70+ cybersecurity reports and will soon be available in our revamped public-facing database. 

But what’s trending?

Here's what dominated the cybersecurity narrative across the latest industry reports (published in the last month):

• AI was the core topic of ~15 reports. 
• Identity & access management (IAM) ~10 reports. 
• Ransomware and cyber extortion ~8 reports. 
• Regulatory compliance and risk management ~8 reports. 
• Cloud and SaaS security ~6 reports. 
• Phishing and social engineering ~6 reports. 
• Critical infrastructure and OT security ~5 reports. 

We also noted the following emerging/niche topics: Web3 security, printer security, cybersecurity in specific regions (Moldova, Latin America snapshot), and SSL certificate risks. 

Generally relevant data about the cybersecurity landscape

TL;DR: AI is a concern for many security teams, despite improvements in ransomware outcomes. SaaS and third-party incidents rise sharply. Average patch lag > 2 months while exploit timelines shrink. 

AI is top worry

Over half of security pros now say AI-powered threats, such as deepfakes and automated malware, are their #1 nightmare.

When Bitdefender asked 1,200 security professionals to name their top concerns right now:

• 51% said AI-generated threats, including deepfakes, automated malware, and malicious code.
• 44.7% said phishing and social engineering. 
• 37% said software vulnerabilities and zero-days. 
• 35% said ransomware.

51% also said that AI-enhanced social engineering is a fairly or extremely significant concern, indicating that classic attack vectors are becoming increasingly sophisticated. (Source)

Ransomware outcomes get better

Ransomware payments and attack numbers drop. 

• June 2025 was the fourth month in a row that ransomware attacks dropped globally.
• Median ransom payments have dropped 50% to $1M, down from $2M in 2024. 
• 44% of companies stopped the attack before encryption, a six-year high. 

Despite some improvements in mitigation, data encryption still occurred in half of all attacks, and ransom demands remain steep, particularly for large enterprises.

Additionally: 

• Only 54% of data was restored from backups, the lowest rate in six years. 
• 63% of organizations cite resource limitations as a key factor in falling victim. 

Exploited vulnerabilities still top cause of ransomware

Over 83 zero-day vulnerabilities were actively exploited last year.

For the third year in a row, exploited vulnerabilities were the #1 cause of ransomware attacks.

Infostealers rise to 35% of all malware

There has been a 156% increase in cyberattacks specifically targeting user logins, largely due to info-stealing malware and advanced phishing kits. Infostealers are projected to account for 35% of detected malware threats in 2025. (Source)

Lumma Stealer is currently the top type of malware, responsible for over 25% of infostealer attacks worldwide.

Impersonation scams saw a staggering 148-percentage-point increase year-over-year, becoming the top reported scam type to the Identity Theft Resource Center. 

7 in 10 firms hit via a third-party partner

Organizations are only as secure as their weakest link, and increasingly, that link lies within the supply chain.

88% of cybersecurity leaders are concerned about supply chain cyber risks.

Their fears are not unfounded: over 70% of organizations have experienced at least one material third-party cybersecurity incident in the past year alone. (Source)

You patch in 84 days. They exploit in 5

• The average application now contains 30 serious vulnerabilities.
• Developers fix just 6 vulnerabilities per month while attackers exploit new ones in only 5 days.
• It takes 84 days on average to patch even the most critical flaws. (Source)

Cloud still hard to see 

As organizations scale cloud and API usage, visibility and security often fall behind.

13.6% of cloud assets have known vulnerabilities. Most affected industries: Professional Services (25%) and Retail (23.3%).

20.8% of APIs are vulnerable. Highest-risk sectors: Education (37.7%) and Retail (29.8%). (Source)

Most companies feel the pain of mobile app security incidents

62% of organizations have experienced mobile app security incidents, averaging nine per year, with the average cost reaching $6.99 million in 2025. (Source)

SaaS incidents up by 33% this year

75% of organisations experienced a data breach or security incident in their SaaS environment in the last year, a 33% increase over 2024.

41% of SaaS incidents stemmed from permission issues, and 29% from misconfigurations.

Despite 91% confidence in their SaaS security posture, 89% of compromised organisations believed they had "appropriate visibility".

96% of respondents agree that SaaS security is becoming more important. (Source)

Confidence vs. capability. Security in practice

TL;DR: Internal alignment, awareness, and readiness lag behind spending. 

Leadership under more pressure to keep silent about attacks

In one survey, over half (57.6%) of surveyed IT/security professionals reported being pressured to keep a breach confidential, even when they believed it should be reported to authorities. 

This represents a 38% increase compared to the same company’s report last year. 

Confidence in preventing attacks is low

Many security teams feel unprepared. 

• Only 48% of employees say their company is very prepared to prevent cyberattacks.
• Just 51% feel very aware of their company’s cyber efforts.
• A mere 45% know where sensitive data is actually stored. (Source)

A third of security leaders admit their tools are too complex to manage

You know that complexity is the enemy of security. Most of your peers do, too. Nearly a third of security pros (31%) say tool complexity is a challenge. 

Plus:

• 29% are struggling to extend protection across increasingly fragmented environments - from on-prem to cloud to edge.
• And 28% cite a shortage of internal skills as a core obstacle to making their security tools work effectively. (Source)

Civilian cyber hygiene is improving

Employees are increasingly proactive about organizational cybersecurity.

88% would engage in more cybersecurity training if offered. And 81% are already taking steps to protect data, including:

• Keeping software updated (73%).
• Using multi-factor authentication (65%).
• Backing up their data regularly (56%). (Source)

Who’s really ready for AI? 

TL;DR: Every organization wants AI in security (and almost everyone says they are prepared), but few report having safeguards in place to manage it responsibly. 

Blue team confidence is high, control is loose

A full 85% of organizations say they’re "ready for AI in security", and over half already use AI to detect threats.

Sysadmins are increasingly using AI for troubleshooting (41%) and log analysis (35%).

Among cybersecurity professionals who have adopted AI security tools, 70% report that these tools have had a positive impact on their team's overall effectiveness. 

But despite the enthusiasm:

• 85% lack proper security controls for AI agents.
• Fewer than 50% monitor access or behavior of the AI systems they deploy.
• Only 30% map AI agents to critical assets, leaving blind spots in the infrastructure.
• And just 6% of security leaders see securing non-human identities (like AI agents) as a top concern. (Source)

Attackers on cutting edge

Generative AI (genAI) is accelerating faster than teams can keep up:

• 36% of security leaders and practitioners admit genAI is moving faster than their teams can manage.
• 72% now cite genAI-driven attacks as their top IT risk.
• 48% believe a “strategic pause” is needed to recalibrate defenses. (Source)

The concerns are both immediate and long-term:

• 76% of security executives and 68% of practitioners are worried about long-term threats, such as adversarial attacks.
• 45% of practitioners and 36% of leaders are concerned about short-term risks, such as inaccurate outputs.
• 46% worry about sensitive information disclosure.
• 42% are concerned about model poisoning.
• 37% flag risks around training data leakage. (Source)

Yet defenses lag. 

33% still don’t perform regular security assessments on their Large Language Model (LLM) deployments. The resolution rate for serious LLM vulnerabilities is just 21%, compared to 69% across all pen tests. (Source)

Mega-deals driving security funding boom and accelerating MSP adoption 

TL;DR: The cybersecurity market is experiencing a boom driven by large deals, while smaller rounds are shrinking, and mid-sized organizations are increasingly turning to MSPs for help with tool integration, strategy modernization, and 24/7 coverage, with most willing to pay a premium.

25% increase YoY in funding 

The cybersecurity investment landscape showed renewed strength in Q2 2025, with $4.2 billion raised, marking a 25% increase over Q2 2024 and nearly double the amount raised in Q1 2025. 

This signals growing confidence among investors amid rising digital threat levels and sustained market demand for innovative security solutions.

So far in 2025, the sector has amassed $6.4 billion in year-to-date (YTD) funding, reflecting a 13% increase compared to the same period in 2024. 

A closer look reveals a clear trend toward larger, more concentrated investments:

• Eight funding rounds exceeded $100 million in Q2 2025.
• These mega-deals accounted for 55% of total funding during the quarter.
• Average deal sizes increased significantly compared to prior quarters.

Meanwhile, early-stage funding (Seed and Series A) remains an important focus area. Though it saw a 6% decline from Q1, it still represented 56% of all funding rounds in Q2. (Source)

Mid-market embracing Managed Security Service Provider (MSP) options

As cybersecurity threats become increasingly complex and persistent, managed service providers (MSPs) have become indispensable partners, particularly for mid-sized organizations. In fact, 73% of companies with up to 2,000 employees rely on MSPs to handle their security challenges.

The trend is expanding fast, with 96% of respondents either already working with an MSP or actively considering it.

Organizations are turning to MSPs to solve some of their biggest security pain points:

• 52% seek help managing an increasingly fragmented tool stack.
• 51% look to evolve and modernize their security strategies.
• 48% prioritize gaining 24/7 security coverage.

And customers are willing to pay for that value. A significant 92% of organizations are open to paying a premium for advanced support, particularly for tool integration services, and are prepared to spend up to 25% more for better services and support. 

However, the stakes for MSPs are high: 45% of customers would switch providers if their current MSP lacks true 24/7 security expertise. (Source)

Threats and Trends to Watch for

☎️ TOAD attacks. A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, employing Telephone-Oriented Attack Delivery (TOAD) or callback phishing. (Talos)

🖥️ LLMs recommending phishing sites. 29% of the suggested incorrect domains given by an LLM in return to a query were unregistered, parked, or had no active content, leaving them vulnerable to takeover by malicious actors. (Netcraft) 

🛑 ClickFix fake error attacks. This new deceptive fake error attack vector surged by over 500% compared to H2 2024. (ESET)

Want to feature your company’s report in CyberSecStats?

Contact us at laura@contentvisit.com.