Sign in Subscribe
4 min read

CyberSecStats #30 - The $ cost of IT disruption, 2025 security spend data, and Gen Z data breaches

Hello! 

Laura from CybersecStats here. 

Security and usability are a balancing act, but what's the actual cost of slow devices, multiple logins, poor app performance, and other bad digital employee experiences (DEX)?

One report published last week (the 2025 Digital Employee Experience Report from Ivanti) claims that a company with 2,000 employees is losing $4 million per year as a result of bad DEX.

They say (based on a survey of >900 office workers) that DEX issues like employees getting logged out unwillingly cost companies an average of 1.6 hours of lost productivity per employee per month.

Multiply that by $100 per hour (fully weighted cost of employees) and average working hours, and you get a $4 million annual loss figure.

Other data shared in this week's issue of CyberSecStats tells you:

  • What a major insurance company (AXA XL) is seeing in the cyber market right now (reduced ransomware payments!)
  • Where security budgets are being spent (30% goes on software).
  • How business leaders feel about Gen Z’s attitude towards data exposure (not great).
  • And more, including data on DDOS attacks in Europe and CMMC 2.0 compliance.
SPONSORED By US
CTA Image

BTW, if you have information your company would like to share with our rapidly growing audience of over 500 cybersecurity practitioners, researchers, founders, and marketers, please contact us now.

As always, thank you for subscribing.

General

Threat Insights Report September 2025 (HP Wolf Security) 

Malware campaigns, trends, and techniques identified from HP Wolf Security’s customer telemetry in Q2 2025.

Key stats: 

  • Email remained the top vector for delivering malware, accounting for 61% of threats caught by HP Sure Click in Q2 2025. 
  • In Q2 2025, 13% of malicious emails (phishing, malware, etc.) were not blocked by the email gateway security system. 
  • Malicious web browser downloads made up 23% of threats in Q2 2025 (no change compared to Q1 2025).

Read the full report here.

2025 Digital Employee Experience Report (Ivanti)

Real-world tech challenges faced by office workers and IT professionals, with some interesting cybersecurity-related statistics around disruption costs and attitudes. 

Key stats: 

  • Office workers experience 2.7 security update disruptions per month.
  • Employees lose an average of 1.6 hours of productivity per month due to slow network connections, login channels, and other digital experience issues.  For a company of 2,000 employees with an average fully loaded hourly cost of $100, this translates to $320,000 in lost productivity per month, or nearly $4 million annually.
  • 72% of companies have automated basic IT operations, such as security patch management

Read the full report here.

Cyber insurance

2025 Midyear Cyber Risk Report (Resilience)

Trends in hacking activity and industry responses during the first half of 2025, as observed by Resilience’s Risk Operations Center (ROC) and insurance claims portfolio, indicate that phishing is becoming a significant driver of losses. 

Key stats: 

  • The average cost of an individual ransomware attack rose by 17% in the first half of 2025.
  • Financially motivated social engineering, particularly tailored attacks enhanced by AI-powered phishing content, fuelled a disproportionate share of incurred losses (88%).
  • Vendor-driven cyber insurance claims notifications fell from 37% to 26% of all claims, representing a 30% drop.

Read the full report here.

In-depth analysis of 300+ cyber claims from one of the world’s largest insurance companies.

Key stats: 

  • Ransomware claims accounted for 54.3% of cyber claims in the sample for the period of 2019 and onwards.
  • In 2023, victims paid on average 39.1% of the initial ransom demand, compared to 56.9% in 2019.
  • On average, businesses across all industries experienced 69 days of operational disruption due to ransomware attacks.

Read the full report here.

Data leakage

Nearly Half of Business Leaders Say Gen Z Would Leak Company Secrets for Likes (PasswordManager.com)

Business leaders' concerns about Gen Z employees and confidential information, including “day in my life” videos and Instagram posts that feature client data. 

Key stats: 

  • Nearly 45% of business leaders believe Gen Z employees are more likely than other generations to leak company information.
  • 47% of business leaders think it’s likely Gen Z employees would intentionally share confidential details on social media for content or engagement.
  • Of business leaders who reported that Gen Z employees leaked confidential information, 54% stated that it caused reputational damage.

Read the full report here.

Compliance

Blind Spots Exposed: Navigating AI, Third-Party Risks, and Compliance in 2025 (Kiteworks)

The governance challenges defense contractors face as they prepare for CMMC 2.0 requirements.

Key stats: 

  • Only 38% of organisations with over 20,000 employees that are actively pursuing CMMC 2.0 certification achieve top-tier encryption (76-100% coverage).
  • 59% of mid-market firms (5,000-9,999 employees) actively pursuing CMMC 2.0 certification achieve top-tier encryption (76-100% coverage).
  • Vendor compliance ranks as the second-highest challenge for the organizations actively pursuing CMMC 2.0 certification (scoring 73 out of 100).

Read the full report here.

Security software spending (IANS)

A great security software spending review from a leading cybersecurity research firm about what's happening within security budgets right now.

Key stats: 

  • Software accounts for roughly 30% of security budgets, making it the second-largest line item after staff and compensation.
  • SecOps solutions account for the largest share of software budgets, at 16%.
  • Two-thirds of security programs use Managed Security Service Providers (MSSPs).

Read the full report here.

Geography-specific 

European Cyber Report, Midyear 2025 (Link11)

Research into DDoS attack trends in Europe reveals a significant increase in DDoS rates between Q1 2025 and the same period in 2024, as well as a notable trend in politically motivated attacks. 

Key stats: 

  • The Link11 network recorded 225% more DDoS attacks in the first half of 2025 compared to the same period last year.
  • The longest documented DDoS attack in the first half of 2025 lasted 12,388 minutes (8 days and 14 hours) compared to 1,523 minutes (approximately 1 day and 1 hour) in 2024.
  • Attack success rates demonstrate that 40% to 50% of systems are still inadequately protected against politically motivated attack tactics.

Read the full report here.