110 Top Cybersecurity Stats and Facts for 2025

“There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.”

This quote by John Chambers emphasizes that no organization is safe from cyber-attacks in today’s digital landscape. Cyberattacks are a constant threat, with a new attempt every 39 seconds.

From large enterprises to small businesses, everyone is at risk. As we look toward 2025, it’s clear that staying ahead of these threats is more important than ever.

In this blog, we will explore top cybersecurity statistics and facts that every business should know to stay secure in an ever-evolving digital world.

Statistics/Data on Cybercrime in the United States

Cybercrimes in the U.S. are growing at an exponential rate. As the figure below suggests, IC3 received 3.79 million total complaints from 2019 to 2023, and estimated losses from these cybercrimes are around $37.4 billion.

Let’s look at some alarming cybercrime statistics to understand the dire need for businesses to invest and upgrade their cyber defenses.

1. According to Cybersecurity Ventures, cybercrime will cost the world $10.5 trillion annually by 2025.
2. There’s a cyberattack every 39 seconds. (University of MaryLand)
3. 95% of cybersecurity breaches are due to human error. (IBM)
4. The FBI reported that ransomware incidents increased by 22% in 2023, and the related costs rose by 74% compared to 2022. (The White House)
5. In 2023, the IC3 received a record 880,418 complaints from the public. These complaints pointed to potential losses of over $12.5 billion. (Internet Crime Complaint Center)
6. Investment scam losses grew by 38%, from $3.31 billion in 2022 to $4.57 billion in 2023. (Internet Crime Complaint Center)
7. Last year, investment fraud was the most expensive crime tracked by IC3. Losses from investment scams increased from $3.31 billion in 2022 to $4.57 billion in 2023. (Internet Crime Complaint Center)
8. Last year, people filed over 298,000 complaints about phishing schemes, about 34% of all reported complaints. (Internet Crime Complaint Center)
9. In 2023, the IC3 received 21,489 BEC complaints, resulting in over $2.9 billion adjusted losses. (Internet Crime Complaint Center)
10. 92% of federal endpoints now use Endpoint Detection and Response (EDR), moving closer to Zero Trust Architecture. (The White House)

Cyberattack Statistics by Industries

Cybercriminals don’t target everyone equally. Some industries face far more attacks than others.

Let’s look at the most affected sectors:

Source: IBM Security X-Force Threat Intelligence Index 2024

11. 43% of all cyberattacks target small businesses. (IBM)
12. 62% of retail consumers don’t trust that their data is secure. (Fortinet)
13. Financial services face the most expensive breaches, averaging $5.86 million per incident. (IBM)
14. Cyberattacks target 24% of retailers. (Fortinet)
15. The largest healthcare data breach in the United States exposed 100 million records from Change Healthcare’s database. (Statista)
16. In 2023, healthcare organizations faced a record number of cyberattacks. 725 data breaches were reported to the OCR, exposing or improperly disclosing over 133 million records. (The HIPAA Journal)
17. In 2023, cyberattacks on healthcare organizations hit two record highs. From 2009 to 2023, 5,887 healthcare data breaches involving 500 or more records were reported to the OCR. (The HIPAA Journal)
18. IBM Security’s 2024 Threat Intelligence Index shows that manufacturing faces the most cyberattacks, with malware and ransomware leading the threats.
19. Verizon’s 2023 Data Breach Investigation Report shows that 34% of data breaches in finance and insurance come from insider actions.
20. Over 80% of attacks on critical infrastructure start with IT system compromises, says Rockwell Automation.

Data Breaches Statistics

Data breaches have become one of the most severe cybersecurity challenges. Personal information, corporate secrets, and even entire databases are at risk of exposure.

21. The average cost of a data breach in 2024 is $4.35 million (IBM).
22. 22% of companies experienced at least one data breach last year (GreatHorn).
23. Over 36 billion records were exposed in data breaches during the first half of 2023 (Cybersecurity Dive).
24. Human error is the leading cause of data breaches, accounting for 82% of incidents (IBM).
25. Healthcare data breaches have cost the most for 14 straight years. (IBM)
26. In 2023, 65% of data breaches were caused by internal actors, while 35% were caused by external ones. (Verizon)
27. Organizations that use threat intelligence detect threats 28 days faster, on average. (IBM)
28. Data breaches in the U.S. have risen sharply, growing from 447 in 2012 to over 3,200 in 2023 (Statista).
29. In 2021, 98% of point-of-sale data breaches in the hospitality industry were driven by financial gain (Verizon).
30. In 2024, data breaches cost the most in the United States, with an average total of $9.36 million. The Middle East follows closely at $8.75 million (IBM).

Ransomware Statistics: A Persistent and Costly Threat

Ransomware attacks have been surging, becoming one of the biggest threats to organizations worldwide. Attackers gain access to a company’s data, lock it up, and demand payment for its release.

Here are some alarming ransomware statistics:

31. The banking sector had the highest number of detected ransomware attacks in 2023. (Trend Micro)
32. Healthcare experienced over 630 ransomware attacks worldwide in 2023. (HHS)
33. In 2024, the average ransom is $2.73 million, nearly $1 million higher than in 2023. (Sophos)
34. Ransomware attacks increased by 13% over the past five years, with the average cost of an attack reaching $1.85 million in 2023. (Astra)
35. Ransomware makes up almost 24% of malware incidents (Verizon).
36. In the last three years, U.S. government organizations have faced 246 ransomware attacks, costing an estimated $52.88 billion. (Sungard AS)
37. Larger organizations are more likely to face ransomware attacks that start with an unpatched vulnerability (Sophos).
38. Ransomware attackers received $449.1 million in crypto payments in the first half of 2023, an increase of $175.8 million compared to the same period last year. (Reuters)
39. U.S. organizations were the most targeted by ransomware, making up 47% of attacks in 2023. (AAG)
40. Since 2020, 1,681 higher education institutions have faced 84 ransomware attacks. (Emsisoft)

Phishing Attack Statistics

Phishing remains one of the most common methods of cyberattack. It’s cheap, easy to execute, and can trick even the most tech-savvy individuals.

Here are some interesting facts and statistics on Phishing attacks:

41. Vishing incidents have surged by 260% from 2022 to 2023, according to the APWG.
42. In 2022, a global survey of working adults and IT professionals found that 85% of organizations faced bulk phishing attacks, making it the most common cyber threat. (Statista)
43. 68% of breaches were caused by human error or social engineering, where someone either made a mistake or fell for a scam. (Verizon)
44. IBM’s X-Force Threat Intelligence Index reveals that scammers spend 16 hours creating a phishing email by hand. With AI, they can now generate much more convincing messages in just five minutes.
45. Around 1 million unique phishing sites were identified worldwide in Q1 2024. (Statista)
46. Microsoft remains the most targeted brand, with malicious messages linked to its products. (Proofpoint)
47. 63% of security professionals consider users with access to critical business data the biggest cybersecurity risk. (Proofpoint)
48. 3 in 4 organizations globally encountered smishing attacks in 2023. (Statista)
49. 89% of security professionals believe MFA fully protects against account compromise. (Proofpoint)
50. 86% of companies worldwide experienced bulk phishing scams in 2023. (Statista)

Email Security Statistics

Email remains one of the top entry points for cyberattacks. Hackers use phishing, malware, and other tactics to target businesses and steal sensitive information.

Source: OPSWAT

Here are some key email security stats:

51. Nearly 80% of critical infrastructure organizations faced an email security breach in the past year. (OPSWAT)
52. Two out of three organizations face 61% to 100% of cybersecurity threats through email. (OPSWAT)
53. 48% of critical infrastructure organizations in this study lack confidence in their email security to stop email-based attacks. (OPSWAT)
54. Only 34.4% of organizations fully comply with email-related regulations like GDPR and other privacy laws. (OPSWAT)
55. Between 65% and 80% of organizations in critical infrastructure faced an email-related security breach in the past year. (OPSWAT)
56. Nearly 64% of organizations in critical infrastructure sectors use email security that is not best-in-class. (OPSWAT)
57. Only 28% of critical infrastructure organizations in EMEA are fully compliant with their regulatory obligations. (OPSWAT)
58. On average, 50% of organizations expect the threat from various email attack methods to grow in the next 12 months. (OPSWAT)
59. More organizations aim to reach the highest level of confidence in their email security within the next 12 months. (OPSWAT)
60. Only 52% of organizations are confident in their current email security protections. (OPSWAT)

Cloud Security Statistics

With businesses rapidly adopting cloud technologies, ensuring cloud security is a critical concern.

The convenience of cloud services comes with its own set of risks, particularly when configurations are handled poorly.

61. 79% of organizations experienced at least one cloud security incident in 2023. (Security Magazine)

62. Misconfigurations remain the number one vulnerability in cloud environments. (CrowdStrike)

63. 55% of organizations identify securing multi-cloud environments as a primary challenge. (ISC2)

64. CrowdStrike observed a 75% increase in cloud environment intrusions from 2022 to 2023. (CrowdStrike)

65. 44% of respondents view the risk of security breaches in public clouds as higher than on-premises environments. (Fortinet)

66. Ensuring data protection across environments (55%) and lacking skills for deployment (51%) are key challenges. (Fortinet)

67. 61% of organizations plan to increase their cloud security budgets, with a projected 37% average increase. (Fortinet)

68. Scalability (56%), cost savings (47%), and faster deployment (46%) are top motivators for cloud security adaptation. (Fortinet)

69. 60% of organizations prioritize cloud and application security skills, followed by IAM (59%) and GRC (58%). (Fortinet)

70. 96% of organizations are moderately to extremely concerned about public cloud security. (Fortinet)

Interesting Facts and Statistics About Hacking

Hackers launch thousands of attacks every day, targeting businesses, individuals, and governments. These facts and statistics reveal just how widespread and dangerous hacking has become.

71. In 1994, after multiple attacks by Russian hackers, Citigroup (then Citicorp) created a dedicated cybersecurity division and hired the first-ever CISO. (Cybercrime Magazine)
72. Nearly 91% of cyberattacks start with a phishing email sent to an unsuspecting victim. (Deloitte)
73. In 2022, women held 17% of CISO roles at Fortune 500 companies, with 85 women in those positions. (Cybercrime Magazine)
74. Cybercriminals will likely use generative AI for their activities in 2024 (CrowdStrike).
75. 70% of organizations report that their users see malware-infected ads while browsing (Cisco).
76. More than 75% of targeted cyberattacks in 2024 begin with an email, making phishing a leading method used by cybercriminals (Norton Antivirus).
77. Over half of users (53%) haven’t updated their passwords in the past year, according to LastPass.
78. In North America, 73% of companies still use outdated web browsers (source: Statista).
79. Human mistakes cause 95% of data breaches (Mastercard).
80. 43% of small and medium businesses lack a cybersecurity plan. (Forbes)

Data Breaches Cost Statistics and Facts

Businesses and governments are taking cybersecurity more seriously as attacks become more frequent and sophisticated.

Organizations are investing heavily in tools, systems, and personnel to protect themselves from evolving threats.

81. The United States had the highest average breach cost at USD 9.36 million. (IBM)
82. The average cost of a breach involving shadow data was USD 5.27 million. (IBM)
83. 67% of businesses plan to further increase their cybersecurity budgets in 2024. (IBM)
84. The healthcare sector had the highest average breach cost at USD 9.77 million. (IBM)
85. The global average cost of a data breach in 2024 is USD 4.88 million. This is a 10% increase from last year and the highest amount ever. (IBM)
86. The cyber skills shortage grew by 26.2%, leading to an average increase of USD 1.76 million in breach costs. (IBM)
87. Malicious insider attacks were the costliest, averaging USD 4.99 million. (IBM)
88. Involving law enforcement in ransomware attacks helped save almost USD 1 million in breach costs. (IBM)
89. The industrial sector saw the largest cost increase, averaging USD 830,000 more per breach. (IBM)
90. Organizations that used AI in security and automation for prevention saved an average of USD 2.22 million compared to those that didn’t. (IBM)

Cybersecurity Workforce Statistics

The demand for skilled cybersecurity professionals is outpacing supply. As the threats become more complex, businesses are struggling to fill key positions, leaving them vulnerable.

Here are some key stats that highlight the bridging skills gap in cybersecurity:

91. There will be 3.5 million unfilled cybersecurity jobs by 2025. (Cybersecurity Ventures)
92. 20% of employers take over six months to hire qualified cybersecurity candidates. (Cybersecurity Ventures)
93. 80% of organizations experienced at least one breach in the past year due to a lack of cybersecurity skills. (Fortinet)
94. Cybersecurity jobs are among the highest-paying roles in the tech industry, with salaries averaging over $100,000 per year. (University of San Diego)
95. The global cybersecurity job vacancies have leveled off at 3.5 million since 2021, expected to persist until 2025. (eSentire)
96. The number of unfilled cybersecurity jobs remained at 3.5 million in 2023, with over 750,000 of those positions in the U.S. (eSentire)
97. As per the U.S. Bureau of Labor Statistics, median pay of Information Security analysts is around $57.87 per hour and $120,360 per year.
98. The gap between demand and supply in cybersecurity jobs is expected to persist through at least 2025. (eSentire)
99. The number of jobs for information security analysts is expected to increase by 33% from 2023 to 2033, much faster than the average growth for all jobs. (U.S. Bureau of Labor Statistics)
100. Every IT position now includes a cybersecurity component, requiring staff to be trained in modern threat awareness and defense tactics. (eSentire)

Small Business Cybersecurity Statistics

For small businesses with fewer than 500 employees, the average cost of a data breach is $2.98 million, according to IBM and the Ponemon Institute.

101. As per the U.S. Chamber of Commerce, 60% of small businesses rank cybersecurity threats, such as phishing, malware, and ransomware, as a top concern.
102. Retailers are the most at risk, with 34% saying they are one crisis from closure, compared to 22% in the services sector. (U.S. Chamber of Commerce)
103. 55% of Americans are less likely to do business with companies after a data breach. (U.S. Chamber of Commerce)
104. Phishing causes most ransomware attacks targeting small businesses. (Comcast Business)
105. According to Verizon’s Data Breach Investigations Report, 46% of cyber breaches target businesses with fewer than 1,000 employees. However, only 17% of these businesses are properly prepared to defend against attacks.
106. Small businesses saw a 349% spike in ransomware disguised as software downloads in late 2023. (Comcast Business)
107. 92% of industries cite ransomware as a top threat. (Verizon)
108. Human error causes 95% of cybersecurity breaches. (World Economic Forum)
109. 15% of breaches involve supply chain vulnerabilities, a 68% year-over-year increase. (Verizon)
110. 42% of small businesses hit by cyberattacks reported revenue loss and 32% lost customer trust. (Comcast Business)

Conclusion

Cyberattacks aren’t going away. They’re likely to become even more sophisticated as technology evolves. However, organizations can make informed decisions about protecting their data and systems by understanding current cybersecurity statistics.

From phishing to ransomware to cloud security, every part of the business must be considered when creating a cybersecurity strategy. The numbers speak for themselves – the threats are real, and the consequences are severe.

Now is the time to prioritize security at every level of the organization, whether investing in the right tool, such as managed EDR, training employees, or hiring skilled professionals to oversee your defenses.

With the right approach, you can stay ahead of the attackers and keep your data safe in 2025 and beyond.

Got questions? Book a free consultation with our security experts today!