CyberSecStats #25 - Mid-year threat reports, security budgets, and shadow AI

Hello! 

Laura from CyberSecStats here.

Last time you had a medical scan or procedure, who else got the results?

You’d hope that any medical data goes directly to a very small number of people, such as your doctor. But according to some data we shared this week, there's an increasingly strong chance that unknown third parties could have access to extremely sensitive information. 

According to a report from Modat, over 1.2 million internet-connected healthcare devices and systems are exposed and findable on the open web. These include everything from MRI and X-Ray machines to patient monitoring systems, and are actively exposing millions of PII records. 

Other data we share this week might help you understand where your upcoming 2026 security budget stands compared to industry averages. One report we read (and share here) says that while security budgets are still growing, growth has slowed to 4% annually.

Elsewhere, we share more data on AI (of course). Plus, a new report looking at the percentage of companies suffering reputational damage following ransomware attacks (almost half) and the surprising factor making those attacks worse - too many security tools. 

BTW, if you have information your company would like to share with our rapidly growing audience of over 400 cybersecurity practitioners, researchers, founders, and marketers, please contact us now to avoid a backlog.

General cybersecurity trends reports 

CrowdStrike 2025 Threat Hunting Report (CrowdStrike)

Insights into threats based on frontline intelligence from CrowdStrike’s threat hunters and intelligence analysts tracking more than 265 named adversaries.

Key stats:

• Cloud intrusions increased by 136% in H1 2025 compared to all of 2024.
• 81% of interactive (hands-on-keyboard) intrusions were malware-free.
• Scattered Spider moved from initial access to encryption by deploying ransomware in under 24 hours in one observed case.

Read the full report here.

2025 Midyear Threat Report: Evolving Tactics and Emerging Dangers (KELA)

A comprehensive overview of the most significant cyber threats observed in H1 2025.

Key stats:

• KELA tracked 3,662 ransomware victims globally in H1 2025, a 54% YoY increase from H1 2024. For all of 2024, KELA recorded 5,230 victims.
• 2.67M machines were infected with infostealer malware, exposing over 204M credentials.
• Clop ransomware experienced a 2,300% increase in victim claims, driven by the exploitation of a vulnerability in Cleo software.

Read the full report here.

2025H1 Threat Review (Forescout)

Insights based on an analysis of more than 23,000 vulnerabilities and 885 threat actors across 159 countries worldwide during the first half of 2025.

Key stats:

• Ransomware attacks are averaging 20 incidents per day.
• Published vulnerabilities rose 15% in H1 2025.
• 76% of breaches in H1 2025 stemmed from hacking or IT incidents.

Read the full report here.

2025 Threat Detection Report (Red Kanary)

Analysis of the confirmed threats detected from the petabytes of telemetry collected from Red Canary customers' endpoints, networks, cloud infrastructure, identities, and SaaS applications in H1 2025.

Key stats:

• Roughly 5 times as many identity-related detections were observed in the first half of this year compared to all of 2024.
• Two new cloud-related techniques(Data from Cloud Storage and Disable or Modify Cloud Firewall) have entered Red Canary's top 10 techniques for the first time.
• Malicious Copy Paste (T1204.004) did not make the top 10 technique list.

Read the full report here.

2025 OPSWAT Threat Landscape Report (OPSWAT)

Key insights from over 890,000 sandbox scans in the last 12 months.

Key stats:

• There has been a 127% rise in malware complexity.
• 1 in 14 files, initially deemed 'safe' by legacy systems, were proven to be malicious

Read the full report here.

Budgets

2025 Security Budget Benchmark Report (IANS)

Research into security budgets based on a diverse range of companies across different sizes, industries, and geographies participated in the study.

Key stats:

• Average security budget growth has slowed to just 4% year over year, the lowest rate in five years, and a decline from 8% in 2024.
• Security budget as a percentage of IT spend declined from 11.9% to 10.9%. This decline breaks a five-year upward trend.
• Only 11% of CISOs report being adequately staffed. The remaining 89% describe their teams as stretched thin or understaffed.

Read the full report here.

Ransomware

The Ransomware Insights Report 2025 (Barracuda Networks)

A report on the state of ransomware based on an international survey of 2,000 IT and security decision-makers.

Key stats:

• 31% of ransomware victims were affected multiple times in the last 12 months.
• 74% of repeat ransomware victims report juggling too many security tools.
• 41% of successful ransomware attacks resulted in reputational harm.

Read the full report here.

AI

How AI Is Shaping the Modern Workspace (Menlo Security) 

The latest trends in enterprise GenAI use.

Key stats:

• Web traffic to GenAI sites increased by 50%, from 7 billion visits in February 2024 to 10.53 billion in January 2025.
• 68% of employees use free-tier AI tools like ChatGPT via personal accounts.
• 57% of employees input sensitive data into free-tier AI tools.

Read the full report here.

Email threats

Email Threat Trends Report: Q2 2025 (VIPRE)

Email threat landscape report for Q2 2025 based on an examination of worldwide real-world data. 

Key stats:

• 58% of phishing sites use unidentifiable phishing kits.
• The manufacturing sector was the prime target for email-based attacks in Q2 2025, accounting for 26% of all incidents.
• Impersonation is the most common technique in BEC scams, with 82% of attempts targeting CEOs and executives.

Read the full report here.

Cloud threats

Cloud and Threat Report: Shadow AI and Agentic AI 2025 (Netskope)

Fourth Netskope Cloud and Threat Report dedicated to the emerging field of generative AI. 

Key stats:

• There has been a 50% spike in genAI platform usage among enterprise end-users in the three months ended May 2025.
• Over half of all current app adoption among enterprise users is estimated to be shadow AI.
• Grok has entered the top 10 most-used applications for the first time.

Read the full report here.

Passwords

4 in 10 Workers Hack Former Employers’ Passwords for Personal Use (PasswordManager.com)

A new survey exploring how U.S. workers handle workplace passwords.

Key stats:

• 40% of workers admit to using login credentials from a previous job.
• 3 in 5 workers were able to log in to their former employer accounts because the password had not been changed.
• 1 in 10 workers say they have been using old work logins for more than four years.

Read the full report here.

Industry-specific 

Exposed to the Bare Bone: When Private Medical Scans Surface on the Internet (Modat) 

Research into misconfigured internet-connected devices in the healthcare industry. 

Key stats:

• Over 1.2 million internet-connected healthcare devices and systems are exposed. 
• 174,000+ of these exposed devices and systems are in the US, 172,000+ in South Africa, 111,000+ in Australia, 82,000+ in Brazil, 81,000+ in Germany, 81,000+ in Ireland, 77,000+ in Great Britain, 75,000+ in France, 74,000+ in Sweden, and 48,000+ in Japan. 
• Examples of data being leaked through exposed internet-connected healthcare devices and systems include brain scans and X-rays, stored alongside protected health information and personally identifiable information of the patient.

Read the full report here.

Security at Issue: 2025 State of Cybersecurity in Law Firms (Fenix24)

A deep dive into the current cybersecurity practices, gaps, and risks facing legal organizations worldwide.

Key stats:

• 50% of law firms cited phishing as the top cybersecurity concern, surpassing ransomware and user behavior.
• Just 27% of law firms rank backups as a top-three security control.
• Only 38% of law firms consider themselves "very secure," which is down from 50% in 2023.

Read the full report here.