Sign in Subscribe
9 min read

CyberSecStats #24 - Cost of a data breach, latest ransomware trends, and PQC readiness

Hello! 

Laura from CybersecStats here.

Reports about data breaches are rarely positive. So it's great to note that average data breach costs have fallen in the last year, according to IBM’s Annual Cost of a Data Breach Report. 

This is the first decline in breach costs (which now cost victims an average of “just” $4.44 million) in half a decade. The same data suggests breach lifecycles have shrunk too - by over 17 days.

Yet other data from the same time period reports that the day-to-day reality of working in cybersecurity has not improved. 

In one vendor survey in this week's CyberSecStats issue, we note that 90% of surveyed cybersecurity and cyber risk leaders say that they find managing cyber risks harder today than five years ago.

And AI is apparently not helping. In the same report, AI is cited by 39% of cybersecurity and cyber risk leaders as a core reason why their jobs have gotten harder.

Elsewhere in this week's bumper report (we note 25 reports published this week - making it the busiest week of the year so far), we found two separate surveys on attitudes towards the UK upcoming ban on ransom payments, fresh data on evolving AI data exposure risks, a report on new quadruple extortion ransomware tactics, and lots more. 

BTW, if you have information your company would like to share with our growing audience of over 300 cybersecurity practitioners, researchers, founders, and marketers, please contact us now to avoid a backlog.

General cybersecurity trend reports 

Cost of a Data Breach Report 2025 (IBM)

Annual report by IBM. 

  • The global average cost of a data breach fell to $4.44 million, marking the first decline in five years.
  • The global average breach lifecycle (mean time to identify and contain a breach, including restoring services) dropped to 241 days, a 17-day reduction from the year prior.
  • The average cost of an extortion or ransomware incident remains high, particularly when disclosed by an attacker ($5.08 million).

Read the full report here.

Threat Intelligence benchmark: Stop reacting; Start anticipating (Google Cloud)

The threat intelligence practices of more than 1,500 IT and cybersecurity leaders from eight countries and across 12 industries. 

This post is for subscribers only