Cyber Attack Statistics to Know in 2025

Cyberattacks are malicious attempts to gain unauthorized access to a person’s or organization’s computer systems, networks, or data. The intention is to steal, ransom, or destroy private information. Recently, cyberattacks have become more sophisticated and robust, making it easier for attackers to penetrate a vulnerable system and cause significant damage.

This article provides a comprehensive understanding of the current cyberattack landscape. We’ll cover various statistics and news related to cyberattacks, including the most common attack types, targeted industries, and the effects of a successful attack. We’ll also discuss how to protect your organization from cyberattacks and invest strategically in cybersecurity.

Cybersecurity Statistics by Type of Cyber Attack

Organizations should be aware of various cyberattacks, including malware, ransomware, phishing, and DDOS/IoT attacks. These are some of the most common cyber attacks you’ll need to know to protect yourself.

Malware

Malware attacks involve malicious software designed to disable systems, enabling attackers to access sensitive information. These attacks can include viruses, worms, Trojans, and rootkits, and can be very difficult to detect and remove.

• In 2025, CrowdStrike reported that 79% of detections were malware-free, indicating that attackers are increasingly relying on hands-on keyboard activity rather than immediately dropping malware.
• In 2025, Verizon’s DBIR dataset analyzed 22,000+ security incidents and 12,000+ confirmed breaches, reinforcing just how large the modern attack landscape has become.
• Verizon reported that stolen credentials were present in 22% of breaches, which is one of the most common starting points for malware delivery and secondary compromise.
• Verizon reported that exploited vulnerabilities were involved in 20% of breaches, underscoring how quickly unpatched systems can become a pathway for malware.
• Microsoft reported that phishing-resistant MFA can block over 99% of identity-based attacks, helping organizations cut off a major route that malware campaigns rely on.
• Microsoft reported screening roughly 5 billion emails per day for malware and phishing, highlighting the scale of daily malware-delivery attempts via email channels.

Ransomware

Ransomware is malware that encrypts data, rendering it unusable to the victim until they pay a ransom. It is one of the most destructive cyber threats and has become increasingly common in recent years. Hackers have attacked hospitals, schools, and businesses with ransomware, leaving victims with the option to pay a ransom or lose access to their data.

• In 2025, Verizon’s DBIR reported that ransomware was present in 44% of breaches, showing ransomware remains one of the most common breach patterns.
• In 2024, the FBI reported that ransomware was again the most pervasive threat to critical infrastructure, with complaints rising 9% from 2023.
• In 2025, Chainalysis reported that ransomware payments fell 35.82% year-over-year in 2024, suggesting more victims are refusing to pay or that disruptions are impacting attackers’ revenue.
• Chainalysis also reported that attackers extorted $813 million in ransomware payments in 2024, including a record outlier $75 million payment tied to the Dark Angels group.
• ENISA identified ransomware as one of the top cybersecurity threats, second only to threats to availability, based on ananalysis of thousands of publicly reported incidents and events.
• In 2025, TRM Labs reported that illicit crypto volume in 2024 was approximately $45 billion, reinforcing why ransomware groups still rely on crypto-heavy laundering ecosystems even when payments decline.

Phishing

Phishing is a cyberattack in which attackers send malicious emails that appear to be legitimate. They then trick users into providing sensitive information or downloading malware. Phishing emails are often used to access an organization’s systems or assets. From there, attackers can spread malware, steal data, and gain access to other targets using the organization’s private information.

• In 2025, Verizon’s DBIR reported that the human element remains involved in breaches at ~60%, showing how often phishing and social engineering still play a role.
• In 2024, Microsoft reported that password-based attacks accounted for over 99% of the 600 million daily identity attacks, reinforcing that credential phishing enables account takeovers at a massive scale.
• Proofpoint reported that organizations ran 183 million phishing simulations over 12 months, showing how heavily companies now test and train against phishing risk.
• Proofpoint also found that link-based phishing tests accounted for 59% of simulations, highlighting how often attackers rely on “click the link” tactics.
• Cofense reported that it identified over 1.5 million malicious emails bypassing secure email gateways (SEGs) over two years, showing how phishing frequently slips past perimeter defenses.
• In 2025, Verizon’s DBIR reported that stolen credentials were present in 22% of breaches, reinforcing how phishing-driven credential theft remains a core breach driver.

DDoS and IoT

Cybercriminals use Distributed Denial-of-Service (DDoS) attacks to cripple online systems, networks, and applications by flooding them with excessive traffic. As a result, these services are overwhelmed and rendered unusable or inaccessible. The attack uses a network of compromised Internet-connected devices, such as computers or IoT (Internet of Things) devices. This results in disruptions to online services and possibly the loss of customer data.

• Cloudflare reported blocking 21.3 million DDoS attacks in 2024, showing DDoS remains one of the most common large-scale disruption threats.
• In Q4 2024, Cloudflare blocked 420 hyper-volumetric DDoS attacks exceeding 1 Tbps, a 1,885% quarter-over-quarter increase, underscoring that DDoS attacks are growing dramatically in size.
• In 2024, NETGEAR’s threat research found that IoT devices on home networks were targeted an average of 10 times per day, reinforcing that IoT endpoints are constantly probed for compromise.
• In September 2024, the U.S. Department of Justice announced it disrupted the “Raptor Train” botnet, which had compromised over 200,000 devices worldwide, many of which were IoT devices.
• In 2024, Akamai reported that UDP flood attacks remained one of the most common DDoS attack vectors, reflecting the frequency with which attackers rely on high-volume network-layer methods to overwhelm targets.
• In 2024, the FBI warned that botnets built from compromised IoT devices are frequently used to launch DDoS attacks, reinforcing why insecure IoT hardware is a persistent DDoS fuel source.

Cybersecurity Statistics by Industry

Healthcare

• In 2025, at least 642 large healthcare data breaches occurred (500+ records), impacting 57+ million people.
• More than 35 million people were impacted by large healthcare breaches reported to the HHS OCR portal in 2025.
• UnitedHealth confirmed the Change Healthcare ransomware attack impacted ~190 million people.
• An AHA survey found 94% of hospitals reported disruption from the Change Healthcare cyberattack.
• The 10 largest healthcare data breaches reported to OCR in 2025 affected 20+ million individuals.
• Yale New Haven Health reported a breach affecting ~5.6 million patients 

Finance

• In 2024, the average cost of a data breach in the financial industry was $6.08 million, making the sector one of the most expensive to recover from.
• The FBI reported $6.57 billion in investment fraud losses, much of it tied to online scams impacting consumers and financial platforms.
• In 2024, the FBI reported $16.6 billion in total cybercrime losses, showing how financial fraud and cyber-enabled theft continue to scale.
• The FTC recorded 2.6 million fraud reports, totaling $12.5 billion in losses, reflecting how often financial crime overlaps with cyber-enabled attacks.
• The FTC reported 1.1 million identity theft reports, reinforcing that identity-based attacks remain a major driver of financial account compromise.
• Verizon found that ransomware was present in 32% of breaches, indicating that financial organizations remain exposed to ransomware and extortion tactics.

Government

• In 2024, the FBI reported that ransomware remained the most pervasive threat to critical infrastructure, and ransomware complaints increased 9% year-over-year.
• The FBI received 880,418 cybercrime complaints through IC3, showing the volume of cyber-enabled crime impacting citizens and public services.
• The FBI reported that total cybercrime losses reached $16.6 billion, underscoring the financial scale of cybercrime affecting public-sector operations and constituents.
• In 2024, the U.S. Department of Justice disrupted the “Raptor Train” botnet, which had compromised 200,000+ devices worldwide, demonstrating how botnets can enable DDoS and intrusion activity against public targets.
• CISA reported that many of the most exploited vulnerabilities were used in real-world attacks, reinforcing how quickly government systems can be targeted when patching lags.
• In 2024, CISA warned that ransomware actors increasingly use data theft + extortion, meaning organizations may still suffer breach fallout even if they restore from backups.

Education

• CIS/MS-ISAC’s 2025 K-12 report analyzed 18 months of data from 5,000+ K-12 organizations.
• The UK government’s Cyber Security Breaches Survey 2025 publishes dedicated findings for education institutions (schools/colleges/higher ed) and compares against 2024 results.
• Sophos’ State of Ransomware in Education 2025 includes 441 education-sector respondents (survey conducted Jan–Mar 2025), enabling education-specific ransomware benchmarking.
• The Sophos education report is based on a broader 3,400-respondent survey of orgs hit by ransomware in the prior year, with education as a named sector cut.
• Microsoft reported 15,000+ malicious QR code messages targeting the education sector daily (Defender telemetry).
• RAND reported 60% of K-12 principals said their schools experienced at least one cybersecurity incident across the 2023–2024 and 2024–2025 school years.

Energy

• NERC’s CIP-008 annual filing states that three reportable cybersecurity incident reports were submitted to E-ISAC in 2024 (all “attempts to compromise”).  
• That NERC filing covers E-ISAC reports received from January 1–December 31, 2024, under CIP-008-6 reporting rules.
  NERC’s 2025 RISC Report frames cyber threats as a top risk priority for Bulk Power System reliability (strategic risk emphasis).
• Reuters/Fast Company reported U.S. utilities averaged 1,162 cyberattacks through August 2024 vs 689 in 2023 (Check Point data cited).
• DOE describes CRISP as a DOE/industry co-funded program managed with E-ISAC to share threat information and build situational awareness for the energy sector.
• NERC maintains a central hub for ERO reliability risk priorities reporting (where the RISC report series is published/maintained).

The Costs and Consequences of Cyber Attacks

Cyberattacks devastate businesses of all sizes and across all sectors. Not only do they put your data at risk, but they can also lead to financial losses, reputational damage, and operational disruption. Below, we’ll further explore the potential costs and repercussions of a cyber attack.

Financial Cost of a Cyber Attack

The direct costs of responding to a cyber attack include hiring security experts to assess the damage and resolve the issue, notifying customers of a breach and any potential data exposure, investing in system updates or replacements to prevent similar attacks in the future, and offering customers identity theft protection or other remedies.

• The global average cost of a data breach in 2024 was US$4.88 million.
• Cybercrime costs the global economy nearly $600 billion per year, which is roughly 0.8% of global GDP.
• It takes organizations an average of 258 days to identify and contain a data breach.
• Companies that use security AI and automation save an average of $2.22 million in data breach recovery costs.
• Of organizations that have experienced more than one data breach, 57% have passed incident costs onto their consumers, while only 51% have increased security investments.
• The indirect costs of a cyber attack may be even more significant than the direct costs. A data breach can lead to lost customers, decreased revenue, and long-term damage to your company’s reputation. Moreover, you may have to pay regulatory fines and legal costs if the attack leads to a class-action lawsuit.
• In 2024, IBM reported that lost business was the largest component of breach costs, showing how reputation damage and customer churn are often the biggest financial hit.

Even though a cyber attack can be costly, the costs of launching one are surprisingly low. For instance, there are even CaaS (Cyber-as-a-Service) providers that offer sophisticated phishing kits for less than $6 per day; these packages include multiple layers of complexity and anonymization features designed to evade most detection or prevention systems. 

Therefore, it is essential to take all the necessary steps to protect your business from costly cyberattacks before they happen. 

Impact on Reputation and Trust

Customers are increasingly aware of cybersecurity threats and data protection standards. When a company suffers a breach, the public is less likely to trust it going forward. This can lead to customer losses and decreased revenue.

• 58% of companies view cybersecurity as a main concern when assessing new technology initiatives.
• IBM reported that the global average cost of a data breach reached $4.88 million in 2024, underscoring how financial consequences—including trust-related fallout—continue to rise.
• IBM reported that the average breach takes 258 days to identify and contain, extending reputational damage and customer disruption for months.
• IBM reported that lost business (customer churn, downtime, and reputational impact) is one of the largest components of breach costs.
• IBM found that companies using security AI and automation saved $2.22 million per breach on average, helping reduce downtime and trust erosion.
• IBM reported that among organizations experiencing multiple breaches, 57% passed incident costs on to consumers, often through higher prices or fees.

Individual Consequences

A cyberattack can expose the personal information of millions of individuals, including names, addresses, Social Security numbers, and more. This data can be used to commit identity theft and fraud, leading to financial losses. In addition, individuals may also have difficulty gaining credit in the future due to their compromised data.

• In 2024, the FTC’s Consumer Sentinel Network received 6.5 million consumer reports, covering fraud, identity theft, and related issues.
• Consumers reported losing more than $12.5 billion to fraud in 2024, a major jump year-over-year.
• Investment scams caused $5.7 billion in reported losses in 2024—the biggest loss category tracked by the FTC.
• In 2024, the FTC received 2.6 million fraud reports, showing how widespread cyber-enabled deception has become.
• The FTC received 1.1 million identity theft reports, reinforcing that stolen personal data remains a major U.S. consumer risk.
• The FBI reported $16.6 billion in total cybercrime losses across reported incidents, underscoring the significant impact on consumers and businesses.

Physical Consequences

The physical consequences of cybercrime can be severe. In some cases, a breach may disrupt essential services. For example, in 2015, Ukraine suffered a grid hack attack that caused a blackout for 230,000 people.

These disruptions can cause physical damage and lead to costly repairs. In addition, sophisticated cybercriminals may be able to access physical assets, such as air traffic control systems or medical devices. This can pose a significant danger to users and others.

• The FBI reported ransomware remains the most pervasive threat to U.S. critical infrastructure, showing how cyberattacks increasingly affect essential services—not just IT systems.
• In 2024, the U.S. Department of Justice reported disrupting a botnet of 200,000+ compromised devices worldwide, demonstrating how IoT compromise enables large-scale disruption.
• CISA maintains a live Known Exploited Vulnerabilities (KEV) Catalog, tracking vulnerabilities actively used in real-world attacks—including attacks against operational and public-sector environments.
• CISA warned that ransomware attacks increasingly involve data theft and extortion, raising the risk of service disruption and public harm even if systems are restored from backups.

The Role of Human Error in Cybersecurity

In 82% of cybersecurity breaches, the human element is to blame. A 2023 study of self-identified technology professionals from over 90 countries found that 64% of respondents could notidentify best practices for reducing phishing attacks. 

Social engineering plays an integral role in compromising our vital data and systems. And employees can accidentally expose sensitive data or fall victim to phishing scams. Organizations need to ensure their employees are adequately trained in cybersecurity best practices to minimize the risk of data breaches. Below are the most common causes of cybersecurity incidents.

Clicking on malicious links in an email or on a website

Cybercriminals can access an organization’s systems by sending malicious links to emails or websites. Employees need to be aware of the risks of clicking links and should only do so if they are sure it is safe. Ensure you have a policy for identifying and handling suspicious emails.

Weak passwords

Employees should be encouraged to use strong, regularly changed passwords and not share them with anyone. Organizations may also consider using two-factor authentication to further protect their systems.

Falling for phishing scams

Phishing scams are common for cybercriminals to access an organization’s systems. Businesses should train employees on the risks of phishing emails and the importance of not providing personal information or clicking on suspicious links.

Sharing sensitive information over unsecured channels

Ensure employees know the importance of sharing sensitive information over secure VPNs or encrypted messaging apps. In no case should they share sensitive information over unsecured channels such as email or instant messaging apps.

Protecting Against Cyber Attacks

Organizations should take proactive steps to protect against cyber attacks. This includes developing an incident response plan, regular security audits, and multi-phased cybersecurity training. Additionally, organizations should use a multi-layered security approach that combines technology, processes, and people. This will help ensure maximum protection for your organization and mitigate the risks associated with a data breach.

Best Practices for Individuals and Businesses

Strong and unique passwords

Make sure passwords are strong and unique. Avoid using easy-to-guess words like “password” or “123456.” Also, combine uppercase and lowercase letters, numbers, and special characters. You’ll also want to reset your passwords regularly.

Regular software updates

Continually update software and applications. This will help ensure you have the latest security patches to protect against vulnerabilities.

Avoiding suspicious emails and websites

Steer clear of suspicious emails and websites. If something looks fishy, don’t click on any links or provide personal information.

The Role of Cybersecurity Professionals and Technologies

Organizations should consider investing in a cybersecurity professional or technology solution to help prevent and detect cyber attacks. Only 50% of small businesses have cybersecurity measures in place.

However, average security response times are improving. The average response time to a cyberattack went from 29 days in 2021 to 21 days in 2022. Additionally, 73% of organizations that partnered with managed security services and managed detection and response providers saw a reduction in the impact of disruptive cyber incidents. 

Many organizations are increasing their cybersecurity focus amid rising threats. 75% of cybersecurity professionals reported an increase in cyberattacks in 2023, and 55% reported increased stress levels as a result. Gartner predicts that by 2026, 70% of boards will include at least one cybersecurity expert to develop more effective defense strategies. 

AI is also affecting the way cybersecurity professionals do their jobs. 75% of cybersecurity professionals had to change their strategies in 2024 due to AI-powered cyber threats. 

Cybersecurity professionals can help identify potential threats and develop strategies to protect against online attacks. Additionally, various software solutions are available to help organizations detect cyber threats.

Firewalls

Firewalls are a powerful tool for preventing malicious traffic from entering or leaving an organization’s systems. Firewalls can be configured to detect and block known threats and monitor for suspicious activity.

Antivirus software

Antivirus software scans your system for potential malware or viruses. Then, it will show you how to take the necessary steps to remove them. Roughly 450,000 viruses are detected worldwide daily, underscoring the importance of this software.

Network Security

Organizations may consider investing in additional network security solutions such as Intrusion Detection Systems (I.D.S.s). I.D.S.s are designed to detect suspicious activity on an organization’s network and alert the appropriate personnel.

Penetration testing

Penetration testing is another valuable resource for organizations. It involves penetrating an organization’s systems to identify potential vulnerabilities. It’s a simulated attack that enables organizations to evaluate their security posture and identify areas for improvement.

Artificial Intelligence Tools

While they’re still new to the market, AI tools have huge potential for the cybersecurity industry. Artificial intelligence technology in the cybersecurity market is expected to reach $60.6 billion by 2028. As of early 2024, 51% of businesses were using AI to support cybersecurity and fraud management. 

Cyber Attack F.A.Q.s