Sign in Subscribe
5 min read

CyberSecStats #53 - 6-second DDoS, 97% AI-agent breach fear, and 14x jump in open source malware

Hello, 

Laura from CyberSecStats here.

This week was a pretty normal one in terms of the velocity of cybersecurity statistics hitting the web - 13 newly published reports. That said, we still came across some pretty interesting nuggets of data. 

I’ve highlighted the ones that caught my eye just below this section. Almost 100% of security leaders expecting an AI-agent-driven incident soon certainly made me blink twice, but further down, we have tons of really interesting data on topics ranging from open-source malware to bank fraud.

Plus, we share a rare sectoral report on retail and hospitality, as well as new data on what's driving Canadian security incidents.

As always, thank you for subscribing.

Partner - Splitsecure
CTA Image

30-minute PAM deployment?

SplitSecure offers the simplest to use and deploy, and most secure, access control tool on the market. SOC 2, ISO 27001, and FIPS-140 compliant, it protects admin and infra accounts, encryption and wallet keys, and PKI or SSH, and can be deployed (without a security team) in 30 minutes.

Learn more

This Week's Cybersecurity Eye-Openers

Changing DDoS tactics, phishing getting obviously hard to detect (I have noticed this myself), and the unsurprising statistic that basically everyone thinks AI agents are dangerous caught my eye this week.

1. DDoS attacks now strike faster than humans can respond

Six-second pulse DDoS attacks eliminate the window for reactive intervention, rendering traditional detection and response mechanisms obsolete.

2. AI agents are expected to cause security incidents this year

97% of enterprise leaders expect a material AI-agent-driven security or fraud incident within 12 months, yet organizations allocate just 6% of their security budgets to AI-agent risk.

3. Workers notice AI is making phishing better

72% of desk-based workers say phishing attempts are more convincing than a year ago, thanks to AI-generated language.

Big Picture Reports

2H 2025 Threat Intelligence Report (Ontinue)

More data from last year confirms that ransomware is not going anywhere. Ransomware groups proliferated. Also, DDoS campaigns reached unprecedented scale last year. 

Fewer ransomware payments, but no slowdown in ransomware:

  • 129 ransomware groups were active during 2025.
  • Global traceable ransomware payments fell from $892 million in 2024 to $820 million in 2025.
  • Distributed denial-of-service campaigns reached a peak of 31.4 Tbps.

Read the full report here.

2026 Threat Intelligence Report (Corero Network Security)

DDoS attackers are blending into normal traffic and focusing on faster strikes, so your load balancer won't stop them. 

DDoS getting shorter and sharper:

  • Over half of sub-1 Gbps DDoS attacks are under 200 Mbps and blend into normal traffic while probing defenses.
  • More than 90% of DDoS attacks last less than 10 minutes.
  • Peak DDoS attack sizes increased by 262% year over year, with terabit-scale attacks occurring in seconds.

Read the full report here.

AI Security and Risks 

2026 Sagiss Managed Security Report: AI Phishing In The Workplace (Sagiss)

It’s obvious to almost everyone now that phishing attacks have gotten harder to detect. Click-through rates are rising, too. 

AI phishing is getting more dangerous:

  • 72% of desk-based workers say phishing attempts are more convincing than a year ago because of AI-written language.
  • 64% say an AI-generated message could likely impersonate someone they work with.
  • 63% clicked a work-related link in the past year and later felt they should have double-checked it first.

Read the full report here.

Open Source Security

Malware in Open Source Ecosystems (Endor Labs)

Open-source malware advisories are growing rapidly.

A 14x jump in open source malware advisories:

  • In 2025, more than 90% of open source vulnerability (OSV) malware advisories were reported, a 14x increase over the past two years.
  • In 2025, 92% of npm account takeovers occurred. 
  • 88% of IT professionals say the first few days after a package release are the riskiest.

Read the full report here.

Data Security

The Rise in Unstructured Data and AI Security Risks (Cloud Security Alliance and Thales)

Most data in most enterprises is unstructured. And according to this report, most of it is either invisible or unprotected.

Unstructured and unprotected:

  • Unstructured data accounts for between 70% and 90% of enterprise data.
  • 68% of organizations report that less than 80% of their unstructured data is protected.
  • 56% have only partial visibility into where their data is stored.

Read the full report here.

89% of IT Leaders Fear AI-Powered Cyberattacks Will Cost Them Their Data (Object First)

Interesting report that says IT leaders are particularly worried that AI-powered attacks will compromise their backups, yet a large minority report their organizations aren't following basic protection rules.

Last line of defense is top concern:

  • 89% of US IT and security professionals say AI-powered cyberattacks make them more concerned about their organization's data safety.
  • 79% say AI-powered attacks gaining access to backups is their top concern.
  • 31% report their organization does not fully follow the 3-2-1 backup rule.

Read the full report here.

Consumer Trust

2026 Digital Trust Index (Thales)

The unsurprising casualty of a race to adopt AI that went a little too fast is that consumers don't trust your organization to use AI responsibly around their data.

Most people trust banks, but every other sector is suspect:

  • Only 23% of consumers trust companies to use AI responsibly with their data.
  • 77% are concerned about AI agents acting on their behalf online.
  • Banking has 57% consumer trust, while retail has only 10%, social media 9%, and entertainment 7%.

Read the full report here.

SMBs Security

2026 Cyber Protect Report (SonicWall)

Compared to larger organizations, SMBs face disproportionate ransomware risk as automated bots scan for vulnerabilities tens of thousands of times per second.

New risks flow downhill:

  • In 2025, 88% of SMB breaches involved ransomware, more than double the rate at large enterprises.
  • Bad bot traffic accounts for 37% of all global internet traffic.
  • The average breach goes undetected for 181 days.

Read the full report here.

Enterprise Data 

The Future of AI-Driven Networks 2026 (Globalgig)

As with every other kind of AI deployment, enterprises are racing to deploy AI networks faster than they can secure them.

AI networks are here, but who's securing them:

  • 78.5% of enterprises are already deploying AI-driven networks.
  • 27.8% of enterprises have moved to fully autonomous operations.
  • 67% say their biggest fear is deploying AI without proper expertise.

Read the full report here.

The 2026 Agentic AI Security Report (Arkose Labs)

Nearly all enterprise leaders expect AI agent-related incidents within a year, yet only a single-digit percentage of security budgets is dedicated to AI agent security.

Funding for AI agents is easy to find, but not their security: 

  • 97% of enterprise leaders expect a material AI-agent-driven security or fraud incident within 12 months.
  • 49% anticipate a material AI-agent-driven security or fraud incident within six months.
  • Organizations allocate an average of about 6% of security budgets to AI agent risk.

Read the full report here.

Industry-Specific 

2026 CISO Benchmark Report (Retail & Hospitality Information Sharing and Analysis Center and IANS)

Cybersecurity spending in retail and hospitality is climbing as AI responsibilities land on CISOs' plates.

Playing catch-up:

  • In 2025, security spending increased from 0.57% to 0.75% of revenue in the retail and hospitality industry.
  • 70% of retail and hospitality CISOs report that AI has been added to their scope of responsibility.
  • 71% identify AI as a primary concern, citing risks such as data leakage, insider misuse, and insufficient governance controls.

Read the full report here.

2026 Risk Survey (Bank Director)

Least-surprising finding of the week: bank leaders are concerned about fraud. Interesting to read that many see concentration risk in their own operations.

Fraud concerns and concentration risks:

  • 84% of bank leaders are concerned about fraud and scams targeting their customers.
  • 89% of bank CEOs and technology executives say their bank conducted a tabletop exercise of its cybersecurity incident response plan in the prior 12 months.
  • 36% cite overreliance on one individual or function as a common gap found in tabletop cybersecurity exercises.

Read the full report here.

Regional Spotlight 

2026 Canadian Cybersecurity Study (CDW Canada)

Canadian enterprises are facing a surge in cyberattacks as cloud infection rates reach the highest level ever recorded.

Big jump in Canadian-related incidents:

  • Average incidents per enterprise in Canada increased from 191 to 342 year-over-year.
  • In 2026, enterprise cloud infection rates reached the highest level ever recorded in the study's history.
  • Average enterprise cloud downtime per incident increased from 16 days to 20 days.

Read the full report here.