Sign in Subscribe
3 min read

CyberSecStats #29 - New data on the ROI of Security AI, file-related breach costs, airline fraud and more

Hello! 

Laura from CyberSecStats here. 

What percentage of companies see a return on investment from using Generative AI tech (LLMs) in security operations?

According to a large-scale (3,000+ person) survey of security leaders published by Google Cloud this week, the answer is between 30% and 40%, on average.

So, roughly one in three companies that bring Gen AI into security ops say they see a positive ROI.

What is the core differentiator for success right now? According to Google, agentic AI. 

Other data we share this week shows what happens when you pen-test a decade’s worth of healthcare IT applications, dropping airline fraud rates, and the average cost of a file-related breach (almost $3 million). 

SPONSORED By US
CTA Image

BTW, if you have information your company would like to share with our rapidly growing audience of over 500 cybersecurity practitioners, researchers, founders, and marketers, please contact us now.

General

State of File Security (OPSWAT)

Research conducted by the Ponemon Institute into file-related breaches claims that file security risks and costs are increasing.

Key stats: 

  • 61% of organizations suffered file-related breaches in the past two years. These file-related breaches were caused by negligent or malicious insiders.
  • The average cost of file-related breaches was $2.7 million per incident.
  • Fewer than half of organizations report confidence in protecting files at critical points such as uploads, transfers, and third-party sharing.

Read the full report here.

Social engineering 

CISOs on the Emerging Threats Redefining User Cyber Risk (Dune)

A combination of survey responses from enterprise CISOs (Chief Information Security Officers) and behavioral telemetry from Dune’s simulation engines reinforces the fact that humans remain the primary cause of breaches in 2025. 

Key stats: 

  • 64% of enterprises faced off-channel attacks in the past year.
  • 71% of CISOs at enterprises worry about SMS phishing.
  • Only 27% of CISOs at enterprises simulate SMS phishing.

Read the full report here.

AI

The ROI of AI 2025 (Google Cloud)

Google Cloud’s second-annual global study sheds light on the return on investment (ROI) of Gen AI across various use cases and includes some interesting security-specific data points.

Key stats: 

  • "Agentic AI early adopters" report a higher likelihood of achieving a positive ROI from using Gen AI in security operations (40% for early adopters vs. a 30% average across all organizations).
  • Security operations and cybersecurity is one of the most common cross-industry applications for AI agents.
  • 49% of companies report positive security impacts from using Gen AI overall. However, this is down from 56% last year.

Read the full report here.

Industry-specific

State of Pentesting in Healthcare 2025 (Cobalt)

A broad report on healthcare exploitability based on a decade of pen testing data, along with survey insights from healthcare leaders.

Key stats: 

  • Just 13.3% of healthcare pentest findings qualify as “serious”. This ranks healthcare 6th-best out of 13 industries.
  • Healthcare’s median time to resolve serious pen test findings was 58 days. This ranks healthcare 10th of 13 industries. 

Read the full report here.

2025 mid-year email breach data reveals there's no slowing down (Paubox) [healthcare]

Findings from Paubox’s analysis of 107 email-related healthcare data breaches that occurred in the first half of 2025. 

Key stats: 

  • Microsoft 365 environments now account for 52% of all healthcare email breaches compared to 43% just one year ago.
  • More than 1.6 million patient records were compromised across all analysed email-related healthcare incidents that occurred in the first half of 2025.
  • Cyberattacks are now cited as the leading cause of critical workflow disruptions by 50% of healthcare organizations.

Read the full report here

Airline fraud rates are dropping — but new risks are still emerging (Accertify)

A niche study with data on airline fraud rates in the first half of 2025.

Key stats: 

  • Global airline fraud rates dropped 30% year-over-year in the first half of 2025, to 0.25%, meaning one fraud attempt occurred in every 400 bookings.
  • Europe experienced the largest drop in fraud pressure, a 50% year-over-year decrease. 
  • In the United States, fraud rates on domestic and international travel dropped 38% to one fraud attempt in every 556 bookings (0.18%).

Read the full report here

NICB Projects 49% Rise in Insurance Fraud Linked to Identity Theft in 2025 (National Insurance Crime Bureau (NICB))

Analysis of thousands of questionable insurance claims that were submitted by policyholders to their insurance companies from 2022 through June 30, 2025.

Key stats: 

  • The use of identity theft is expected to be a feature in 49% of all insurance crimes by the end of 2025.
  • An analysis of thousands of questionable insurance claims from 2022 through June 30, 2025, showed a significant year-over-year increase in claims involving identity theft.
  • Synthetic identity fraud resulted in more than $47 billion in losses in 2024.

Read the full report here