Key Cybersecurity Statistics
⦁ The largest ransomware payment ever recorded was $75 million in 2024. (1)
⦁ 74% of U.S. hospitals reported cybersecurity incidents in 2024 that directly impacted patient care.
⦁ 87% of CISOs believe their organization is at risk of a material cyber-attack. (2 – need to find statista link)
.png)
⦁ The annual cost of cybercrime in the U.S. was $452.3 billion in 2024. This figure is projected to reach $639 billion in 2025.
Estimated annual cost of cybercrime in the United States from 2017 to 2028 (in billion U.S. dollars)
Ransomware
⦁ Exploited vulnerabilities (32%) and compromised credentials (29%) were the top causes of ransomware attacks in 2024.These initial access vectors highlight that businesses should prioritize vulnerability patching, enforce MFA, and dark web monitoring in 2025. (Download Report)
Root causes of ransomware attacks in organizations worldwide as of February 2024.
⦁ 32% of U.S. organizations paid a ransom to recover data in 2024. This sharp decline from 85% in 2019 reflects improved recovery strategies and greater resilience. In 2025, businesses should continue strengthening data backups and testing incident response plans to eliminate the need for ransom payments. (Coveware)
Quarterly share of ransomware attacks at organizations in the United States resulting in ransom payment from 1st Quarter 2019 to 3rd quarter 2024
⦁ The largest ransomware payment ever recorded was made in 2024, totaling a staggering $75,000,000. Businesses should prioritize ransomware prevention strategies, offline backups, and MFA in 2025 to avoid the need for ransom payments. (Download Report)
⦁ Create table showing highest ransomware payment each year.
⦁ 43% of organizations that paid a ransom in 2024 faced additional demands from attackers. 15% of organizations that paid a ransom in 2024 didn’t recover their data after refusing to pay additional demands from attackers. Going into 2025, businesses should focus on strengthening backups, implementing robust data recovery solutions, and avoiding reliance on ransom payments as a fallback.
Consequences of ransomware attacks for organizations following ransom payments worldwide in 2023.
Financial Statistics
⦁ The average cost of a U.S. data breach in 2024 was $9.36 million. With breach costs continuing to rise, companies should invest in faster detection tools, 24x7x365 monitoring, and custom incident response plans to minimize the impact of a successful attack. (Statista)
⦁ 87% of CISOs believe their organization is at risk of a material cyber attack. 1,392 out of 1,600 CISO’s expressed this concern and it should be a signal that businesses need to re-evaluate budget for proactive security measures. (Download Report)
⦁ 66% of CISOs report into technology functions of the business, such as the CIO or CTO. Businesses should ensure the CISO reports outside the technology function to avoid conflicts that compromise cybersecurity oversight. (Download Report)
⦁ The global cyber insurance market is projected to grow to $20 billion in 2025. The market is expected to reach $29 billion by 2027. Businesses should evaluate their insurance coverage to ensure it aligns with evolving risks, particularly for ransomware, data breaches, and operational downtime. (Munich Re)
Global cyber insurance market size from 2019 to 2023 with forecast till 2027
⦁ Cyber incidents were ranked as the top business risk in 2024, according to non-technical risk management professionals. Heading into 2025, businesses should align their cybersecurity and incident response protocols with broader organizational risk management strategies. (Download Report)
.png)
Manufacturing Cybersecurity Incident Statistics
⦁ Manufacturing was the most targeted sector for cyberattacks in 2024, with 80% of companies having critical vulnerabilities. For the fourth consecutive year, manufacturing has topped the list of targeted industries, driven by outdated systems and unpatched vulnerabilities. Heading into 2025, manufacturing organizations should prioritize modernizing legacy systems, patching vulnerabilities, and adopting zero-trust architectures to protect their operations from cyber threats. (Black Kite – Download Report)
.png)
⦁ Manufacturing accounted for 41% of cyber incidents in H1 2024, a 105% increase from H1 2023. (Security Magazine)
⦁ The June 2024 CDK Global ransomware attack cost over 15,000 auto dealerships a total of $1 billion. This massive financial impact highlights the critical need for businesses to strengthen supply-chain security. In 2025, organizations must enhance vendor risk management strategies to mitigate third-party vulnerabilities. (TechTarget)
⦁ 85% of CIS devices in use are 10–15 years old, leaving them unpatchable and highly vulnerable. Manufacturing companies must prioritize securing industrial infrastructure such as SCADA systems by replacing legacy systems when possible, implementing network segmentation, and deploying other compensating controls in 2025. (Download Report)
Healthcare Cybersecurity Incident Statistics
⦁ 67% of Healthcare Organizations Worldwide Faced Ransomware Attacks in 2024. Going into 2025, healthcare organizations must improve their defenses with 24x7x365 monitoring, tested incident response plans, and by implementing network segmentation to mitigate the impact of a successful ransomware attack. (Sophos)
⦁ The U.S. healthcare sector recorded 677 data breaches in 2024, affecting 182.4 million people. (Gov Info Security)
⦁ The largest healthcare data breach in 2024 was the Change Healthcare breach, which impacted 100 million people. This surpasses the 2015 Anthem breach, which affected 78.8 million individuals. The scale of this breach highlights the need for healthcare providers to strengthen data protection and incident response heading into 2025. (Cybersecurity Dive)
.png)
⦁ The Change Healthcare cyberattack in 2024 resulted in a $2.5 billion total impact. The attack included $1.7 billion in direct response costs, emphasizing the importance of robust incident response strategies and optimized cyber insurance coverage for businesses heading into 2025. (Cybersecurity Dive)
⦁ A ransomware attack caused a 96% drop in blood donations in London hospitals in 2024. This left O-negative blood stocks critically low at just 1.6 days' supply across England. (Gov Info Security)
⦁ 74% of U.S. hospitals reported cybersecurity incidents in 2024 that directly impacted patient care. (Download Report)
Finance Industry Cybersecurity Incident Statistics
⦁ The average cost of a data breach in the financial industry was $6.08 million in 2024. (⦁ Download Report)
Average total cost of a data breach in financial industry worldwide from 2019 to 2024 (in million U.S. Dollars)
⦁ The finance industry was the most targeted sector for web application attacks in 2024. This is due to the sensitive nature of financial transactions and is a core reason that the finance industry should prioritize 2025 efforts that secure APIs & web application’s underlying cloud infrastructure. (Download Report)
Global industry sectors most targeted by basic web application attacks from November 2022 to October 2023
⦁ The largest financial data breach to date is the 2019 First American Financial incident. This breach exposed 885 million credit card applications due to a web application vulnerability. (UpGuard).
.png)
⦁ 65% of financial organizations worldwide were hit by ransomware attacks in 2024. This was nearly double the 34% reported in 2021. (Sophos)
Share of financial organizations worldwide hit by ransomware attacks from 2021 to 2024
⦁ Security of personal data is the top priority for consumers when choosing a financial institution. This finding highlights how crucial data protection has become in building trust with customers. Financial institutions heading into 2025 should prioritize transparent communication about their security measures to maintain consumer confidence. (Verint)
.png)
Data Privacy and Regulatory
⦁ The largest GDPR fine ever issued was €1.2 billion, given to Meta in May 2023. This record-breaking penalty highlights the increasing enforcement of data privacy regulations. Heading into 2025, organizations should ensure compliance with relevant data privacy laws by conducting regular data audits, improving consent management, and addressing cross-border data transfer risks. Companies should also evaluate their cyber insurance policy coverage. (Enforcement Tracker)
.png)
⦁ 80% of the global population is now covered by modern data privacy regulations as of December 2024. This marks a dramatic rise from just 10% in 2020, emphasizing the urgency for businesses to adapt their privacy compliance strategies. (International Association of Privacy Professionals)
⦁ 59% of companies doing business in the U.S. struggle with tracking the various state privacy laws. 52% report budget challenges and 43% face difficulties understanding their own data.
Small and Medium Sized Businesses Cybersecurity Statistics
⦁ 60% of small businesses shut down within six months of a cybersecurity incident. In 2025, small businesses must prioritize purchasing cyber insurance and investing in backup / recovery solutions. (BusinessDIT)
⦁ 28% of SMB’s that faced a cyber attack in 2024 had a financial impact of $500,000 - $1,000,000
⦁ 37% of companies hit by ransomware in 2024 had fewer than 100 employees. (StrongDM)
ChatGPT and AI GPT Cybersecurity Statistics
⦁ The AI cybersecurity market is expected to grow to $39.8 billion in 2025. This represents a 57% increase from 2024’s $25.4 billion, highlighting the rapid adoption of AI-driven security solutions. (Download Report) ***Make sure that the correct numbers are displayed in bar chart for 2024 – the data below was partially incorrect
⦁ The biggest cybersecurity concern about AI is the advancement of adversarial capabilities, cited by 46% of CISOs in 2024. This reflects fears of AI-powered attacks like phishing, malware, and deepfakes, emphasizing the need for advanced threat detection and mitigation strategies in 2025. (World Economic Forum)
What are you concerned about in regards to generative AI's impact on cyber?
⦁ 78% of IT and security professionals believe ChatGPT will be able to develop its own cyberattack by Q1 2025. 51% believe it’s already happened. Heading into 2025, organizations must prioritize employee training to recognize AI-driven threats, strengthen incident response plans, and monitor advancements in AI capabilities to stay prepared.
⦁ 29% of legal professionals believe data security is the highest concern related to AI (Download Report)
.png)
⦁ 55.9% of security professionals believe generative AI will give attackers the advantage in 2025. Only 8.9% believe it will benefit defenders. This highlights the urgency for organizations to adopt AI-driven defensive strategies and invest in threat detection tools to counter the growing weaponization of generative AI. (World Economic Forum)
⦁ ChatGPT falsely accused a professor of sexual harassment by generating a fabricated story, citing a non-existent Washington Post article. As we head into 2025, organizations and individuals must strengthen their awareness of misinformation by implementing advanced detection tools and promoting media literacy to identify false narratives. (The Washington Post)
Cloud Security Statistics
⦁ 37% of IT leaders identified external actors, such as hackers, as the biggest risk to cloud security in 2025. Followed by 31% pointing to internal employees. (Netwrix)
Biggest risk to data security in the cloud worldwide in 2024
⦁ 51% of organizations cited a lack of IT/security team expertise as the biggest cloud security challenge in 2024, up from 36% in 2023. (MissionCloud)
Main data security challenges in the cloud in 2023 Versus 2024
⦁ 61% of global organizations experienced a security incident related to public cloud usage in the last 12 months. Businesses need to secure their cloud environments in 2025 by implementing robust access controls, regular vulnerability assessments, and continuous monitoring of cloud activity. (Cybersecurity Insiders)
Share of organizations who experienced a security incident related to public cloud usage in the last 12 months worldwide in 2024
⦁ 865.3 million customers and individuals were impacted by the Snowflake breach, including those from AT&T, Ticketmaster, and Santander Bank. (Cyber Scoop)
FAQ
