CyberSecStats #32 - Recovery costs, API security and AI disclosures

Hello

Laura from CybersecStats here.

This week, 20 newly published reports hit our database, covering everything from the latest ransomware threat landscape trends to healthcare cybersecurity.

As always, thank you for subscribing.

This Month's Cybersecurity Eye-Openers

But before we get into the full breakdown, I want to spotlight three stats this week that jumped out at me:

1. Overconfidence is everywhere: Over 80% of organizations believe they're overly confident in their ability to recover from cyber incidents. Self-awareness is the first step, I suppose.
2. Manufacturing is the top ransomware target: Manufacturing has been ransomware's #1 target for four consecutive years, with a 9% increase in attacks this year alone.
3. Deepfake attacks have gone mainstream: 85% of organizations faced deepfake-related incidents in the past year, with average losses exceeding $280,000 per incident.

Big Picture Reports

11:11 Cyber Trends Report – 2025 (11:11 Systems)

Survey of over 800 senior IT professionals on the mounting complexity of cyber recovery planning.

Downtime is getting more expensive:

• 82% experienced a significant cyberattack in the past year.
• 48% report $100K-$250K losses per hour of downtime.
• Over 80% believe they're overconfident in their recovery capabilities.

Read the full report here.

The State of Observability Report 2025 (Dynatrace)

A survey of 842 CIOs, CTOs, and senior tech leaders on IT operations and DevOps management.

Investment is going into observability:

• 70% expect observability budgets to increase next year.
• 57% now use observability for security incident response.
• Only 32% currently use AI for observability.

Read the full report here.

Ransomware

GRIT Q3 2025 Ransomware & Cyber Threat Report (GuidePoint Security)

Quarterly analysis from the GuidePoint Research and Intelligence Team tracking the RaaS ecosystem and emerging cybercrime trends.

RaaS is still a dominant ransomware trend:

• 1,576 total public ransomware victim posts in Q3 2025.
• 77 active ransomware groups operating in Q3.
• 56% of global victims are U.S.-based organizations.

Read the full report here.

Fraud and Scams

Digital Guardians: The CSP Advantage in Delivering Consumer Cybersecurity (F-Secure & India)

Why communication service providers should be offering cybersecurity services to their customers.

Cybersecurity is becoming a consumer wishlist item:

• SMS scams jumped 70.3% from 2024 to 2025.
• Email scams increased 44.2% year-over-year.
• 61% of consumers would buy security services from their ISP.

Read the full report here.

The New Reality of Deepfake Attacks (IRONSCALES)

Survey of 500 IT professionals in mid-to-large organizations on deepfake attack prevalence.

The deepfake problem is getting very real:

• 85% of organizations were hit by deepfake incidents in the past year.
• 10% year-over-year increase in deepfake-related incidents.