Sign in Subscribe
7 min read

CyberSecStats #9 - Monthly stats round-up [March/April 2025]

Hello!👋🏼Laura from CyberSecStats here with a monthly email of the latest cybersecurity market statistics pulled from recent vendor reports and research papers. 

All of the statistics and data points below were published by cybersecurity vendors in the past month (March/April 2025). 

🦠 Ransomware

  1. Ransomware payloads in phishing attacks rose by 22.6% over 6 months, with a 57.5% increase in just 3 months. (KnowBe4)
  2. Only 29% of security professionals are prepared for ransomware attacks. (Ivanti
  3. Global levels of ransomware attacks increased month-on-month and year-on-year in February 2025. (NCC Group)
  4. Cl0p was responsible for 330 attacks in February 2025, a 460% increase from January (59). (NCC Group)
  5. 83% of all ransomware cases globally took place in North America and Europe in February 2025. (NCC Group)
  6. Ransom payments declined by 35% in Q1 2025. (Ontinue)
  7. Most ransomware claims in 2024 started with threat actors compromising perimeter security appliances (58%), like virtual private networks (VPNs) or firewalls. (Coalition)
  8. Remote desktop products were the second-most exploited vector for ransomware attacks in 2024, at 18%. (Coalition)
  9. Across all ransomware claims in 2024, the most common initial access vectors (IAVs) were stolen credentials (47%) and software exploits (29%). (Coalition)

📬Email threats

  1. 11% of email threats evaded gateway security in Q4 2024. (HP Wolf Security
  2. 53% of threats targeting endpoints were delivered by email in Q4 2024. (HP Wolf Security

💀 Phishing 

  1. 82.6% of all phishing emails analysed exhibit some use of AI. (KnowBe4)
  2. 57.9% increase in phishing attacks sent from compromised accounts getting through traditional detection. (KnowBe4
  3. 76.4% of all phishing campaigns use polymorphic phishing tactics. (KnowBe4
  4. 81.9% of phishing victims had their emails leaked in previous breaches. (KnowBe4
  5. New starters typically receive a phishing email after 3 weeks. (KnowBe4
  6. The top three words used in phishing emails: Urgent, Review, Sign. (KnowBe4
  7. There has been a 130% increase in zero-hour phishing attacks in 2024. (Menlo Security
  8. There has been a 140% increase in browser-based phishing attacks in 2024 compared to 2023. (Menlo Security
  9. Secure Email Gateways (SEGs) are missing an average of 67.5 phishing emails per 100 mailboxes every month. (IRONSCALES)
  10. Each missed phishing email costs an average of $36.29 to investigate and remediate. (IRONSCALES)
  11. Each missed phishing email takes 27.5 minutes of analyst time. (IRONSCALES)
  12. 11% of employees have fallen for smishing. (KnowBe4)
  13. 11% of employees have fallen for vishing. (KnowBe4)

🤖 AI

  1. 86% of security teams use some type of AI within their security tool stack. (Seemplicity)
  2. 56% of security teams say the use of AI has become crucial to their team’s operations. (Seemplicity)
  3. 46% of security teams primarily depend on AI that is embedded in their security tools and delivered by their vendors vs. building their own. (Seemplicity)
  4. The top 3 most common security use cases for AI: endpoint security (52%), basic vulnerability scanning (47%), and antivirus/anti-malware (40%). (Seemplicity)
  5. The top use case where security leaders say AI will offer most value: vulnerability and risk management, named by 74% of respondents. (Seemplicity)
  6. The #1 security issue respondents are most hopeful AI will help fix: prioritization of disparate results from scanning tools. (Seemplicity)
  7. Approximately 56% of respondents reported that at least half of their security vendors tout AI capabilities. (Seemplicity)  
  8. 77% of respondents report that one or more of those vendors had overhyped their AI performance or are underdelivering on their promises. (Seemplicity)  
  9. Security tech categories where AI is thought to be the most overhyped: endpoint security (34%), antivirus/anti-malware (31%), and malware analysis (31%). (Seemplicity)  
  10. No. 1 way organizations evaluate the efficacy of AI in security: false positive and negative rates (named by 66% of respondents). (Seemplicity
  11. Biggest obstacle to the effective use of AI in cybersecurity today: Lack of skilled personnel (cited by 55% of respondents). (Seemplicity
  12. Nearly a third of respondents reported that their team spends 4+ hours per week training AI models within their own tools or within commercially available AI functionality. (Seemplicity
  13. 33% of security teams are worried about the time required to train their teams on AI capabilities. (Tines)
  14. 27% of security teams cite compliance as a key blocker to AI adoption. (Tines)

☁️Cloud AI workloads

  1. Approximately 70% of cloud AI workloads contain at least one unremediated vulnerability. (Tenable)
  2. 66% of cybersecurity professionals identified cloud security as a domain where cybersecurity professionals expect defensive AI to have the biggest impact in the future. (Darktrace)

💰Security spending 

  1. Global security spending is expected to grow by 12.2% this year (2025). (IDC)
  2. The bulk of global security spending (70%) will be in the US and Europe.  (IDC)
  3. More than half of the security spending will go on security software, with a 14.4% year-on-year growth rate. (IDC)

📊Budgets 

  1. IT budget allocations are anticipated to nearly double in the coming year. (Cisco)
  2. 99% of respondents anticipate reallocating resources from privacy budgets to AI initiatives in the future. (Cisco)
  3. 70% of IT professionals expect growth in their IT budgets this year. This number (70%) is down from the 86% who saw budget increases last year. (Auvik)
  4. 96% of companies are increasing their AI security budgets in 2025. (HiddenLayer)

🕵️‍♂️Identity attacks

  1. There were four times as many identity attacks compared to 2024. (Red Kanary)
  2. Identity fraud costs organisations an average of $7 million annually. (Entrust and Docusign)
  3. 51% of respondents said fraud is more common when using username and password alone. (Entrust and Docusign)

🔐Credentials

  1. 48% of organisations report ineffective password health monitoring. (Bitwarden
  2. Employees take an average of 9 days to update weak or compromised credentials. (Bitwarden
  3. 68% of IT managers say employee motivation is the biggest challenge in remediating at-risk credentials. (Bitwarden
  4. 60% of IT managers report their strategies for quickly updating at-risk credentials to be only somewhat effective or completely ineffective. (Bitwarden
  5. 53% of IT managers want to take a proactive approach to credential security. (Bitwarden
  6. Only 33% of IT managers are currently able to take a proactive approach to credential security. (Bitwarden
  7. 66% of organisations that do not alert employees to update at-risk credentials say they lack the tools or resources to do so effectively. (Bitwarden
  8. 90% of IT admins rely on employees to update their own credentials. (Bitwarden
  9. 46% of IT leaders suggest that simplified workflows for non-technical users would facilitate easier and timelier password updates. (Bitwarden
  10. A majority (74%) of IT leaders feel that AI poses an increased threat to password security. (Dashlane)
  11. Half of users (50%) are still sharing passwords through insecure methods, like email or Slack. (Dashlane
  12. 65% of enterprises still rely solely on passwords to access corporate systems, despite increased adoption of multifactor authentication (MFA). (Bitwarden)
  13. 55% of enterprises identify strong MFA as the most effective defense against ransomware and malware, yet many still rely on passwords as the primary authentication factor. (Bitwarden)

🔑Passwordless

  1. 76% of IT leaders say their C-Suite is pushing for passkey adoption. (Dashlane
  2. 77% of IT leaders believe that passwordless technologies will be common practice within the next 3 years. (Dashlane

🔍Vulnerabilities 

  1. Despite 98% of organisations using vulnerability scanning, only 34% find it highly effective due to false positives. (NodeZero)
  2. Over half of practitioners (53%) and more than a third of security leaders (36%) admit to delaying patches due to operational constraints. (NodeZero)
  3. The total number of published software vulnerabilities will increase to over 45,000 in 2025. (Coalition)

🧑‍🧒‍🧒Third-party breaches

  1. 35.5% of all breaches in 2024 were third-party related. (SecurityScorecard)
  2. 41.4% of ransomware attacks now start through third parties.  (SecurityScorecard)

🏢SMBs

  1. A successful cyberattack would force nearly 1 in 5 SMBs to close. (VikingCloud)
  2. For nearly a third of SMBs, a cyberattack with minimal financial impact – less than $10,000 – would cause them to shut down.  (VikingCloud)
  3. Cybersecurity has emerged as the second highest business concern for SMBs. (VikingCloud)
  4. 74% of SMBs are self-managing cybersecurity or relying on untrained family members or friends. (VikingCloud)
  5. SMB tech stacks include antivirus (50%), network scanning (47%), firewalls (44%), endpoint security (29%), dark web monitoring (22%), and penetration testing (18%). (VikingCloud)
  6. Only 15% of SMBs hired an internal IT person or outsourced to a Managed Security Service Provider (MSSP). (VikingCloud)
  7. 55% of SMBs believe AI will be most useful in identifying threats before they impact business operations. (VikingCloud)

👤Privacy 

  1. 86% of privacy and security professionals support privacy legislation. (Cisco)
  2. 96% of privacy and security professionals confirm that privacy investments provide returns exceeding costs. (Cisco)
  3. Security and privacy risks were a reason for turning off AI functionality, cited by 55%. (Seemplicity)

📝Reporting 

  1. 38% of employees still hesitate to report security concerns because they don't know how. (KnowBe4)
  2. 31% of employees still hesitate to report security concerns because they find it too difficult. (KnowBe4)
  3. 20% of employees still hesitate to report security concerns because they didn't want to bother the security team. (KnowBe4)
  4. 31% of IT teams take more than 5 hours to respond to a security issue. (KnowBe4)
  5. 45% of organisations opted not to report an AI-related security breach due to concerns over reputational damage. (HiddenLayer)

🤺Security training

  1. Only 45% of employees receive ongoing security awareness training. (Dashlane
  2. Of those who receive security awareness training, one in five (22%) admit they would rather be stuck in rush-hour traffic than attend it. (Dashlane
  3. One in ten (11%) of those receiving security awareness training say they would prefer a root canal. (Dashlane

🧑🏽‍💻Security and IT teams

  1. 60% of security teams are small, with fewer than 10 members. (Tines)
  2. 46% of organisations are unclear about who holds ultimate responsibility for cybersecurity incidents. (Fastly)
  3. Only 36% of IT decision makers have clearly delineated roles and responsibilities within their teams. (Fastly)

⚙️Tools

  1. Most security teams (55%) typically manage 20 to 49 tools.  (Tines)
  2. 24% of security teams struggle with poor integration of their tools. (Tines)
  3. 84% of cybersecurity professionals reported that they prefer solutions that don't require external data sharing. (Darktrace)
  4. 87% of cybersecurity professionals indicated they prefer a platform approach over implementing a collection of point solutions. (Darktrace)
  5. 64% of cybersecurity professionals reported that they plan to add AI-powered solutions to their security stack in the next year. (Darktrace)
  6. 56% of cybersecurity professionals admitted they do not fully understand the AI techniques used in their existing security stack. (Darktrace)

➖Tech debt

  1. Among security and leadership professionals, 1 in 3 consider tech debt a serious concern. (Ivanti
  2. 37% of executive leaders and cybersecurity professionals report an inability to uphold basic security practices due to tech debt. (Ivanti
  3. 43% of executive leaders and cybersecurity professionals say their systems are more susceptible to security breaches due to accumulated tech debt. (Ivanti