Cybersecurity Statistics 2026: What the Numbers Really Tell Us

As 2025 draws to a close, the cybersecurity landscape has reached new heights of complexity and cost. Global cybercrime damages areprojected to hit $10.5 trillion annually, making it one of the world’slargest economic burdens (VikingCloud 207 Cybersecurity Stats 2025). At the same time, cyberattacks are happening at industrial scale, with estimates of around 4,000 attacks per day, or roughly one every three seconds (NordLayer Cybersecurity Statistics of 2025).

What stands out most in 2025 is that the threat environment is not only growing, it is becoming harder to defend against. A large proportion of organisations report increases in both attack frequency and severity, while executive concern around sophisticated adversaries, including nation-state capability, remains high (VikingCloud 207 Cybersecurity Stats 2025). Industry reporting continues to show that attackers rely heavily on identity compromise, public-facing applications, and vulnerability exploitation as primary intrusion paths (Verizon DBIR 2025).

The defining cybersecurity trends of 2025 

Through 2025, cyber risk continued to rise for most organisations, with 72% reporting an increase in cyber risks over the past year (World Economic Forum Global Cybersecurity Outlook 2025). Many organisations cite the sheer complexity of the modern threat landscape as their greatest barrier to cyber resilience (World Economic Forum Global Cybersecurity Outlook 2025).

Human behaviour continues to dominate the root cause of incidents. Reports consistently show that the majority of breaches involve some form of human element, including error or social engineering (VikingCloud 207 Cybersecurity Stats 2025)(World Economic Forum Global Cybersecurity Outlook 2025). Despite ongoing investment in awareness training, phishing and business email compromise remain highly effective attack techniques (IBM Cost of aData Breach Report 2025).

At a technical level, vulnerability volume continues to rise sharply. The Verizon DBIR highlights sustained growth in exploitable vulnerabilities and the increasing linkage between vulnerabilities and active threat actor campaigns (Verizon DBIR 2025). This is compounded by large-scale platform lifecycle events such as Windows 10 end-of-support in October 2025, which leaves hundreds of millions of devices exposed if not upgraded.

The true cost of cybercrime in 2025

costs are reported at approximately $4.88 million, withsome sectors significantly exceeding that figure (IBM Cost of a DataBreach Report 2025). Healthcare remains the most expensive sector to suffer a breach, with reported costs ranging between $9.77 million and $10.93 million per incident.

Beyond direct breach response, organisations continue to face secondary costs such as operational disruption, regulatory penalties, reputational damage, and customer churn (World Economic Forum GlobalCybersecurity Outlook 2025). Several sources indicate that involving law enforcement and deploying AI-enabled security tools can materially reduce breach costs and speed up detection (NordLayer Cybersecurity Statistics of 2025).

Ransomware’s evolution and persistence

Ransomware remains one of the most damaging threats in 2025. Average ransomware incidents are cited at approximately $1.85 million prevent, with ransom demands increasing sharply year-on-year in several datasets. Downtime continues to amplify the impact, with some reports estimating costs of $53,000 per hour during operational disruption (VikingCloud 207 Cybersecurity Stats 2025).

Industry reporting shows attackers increasingly using multi-extortion tactics, including data theft and attacks against backup infrastructure, rather than relying solely on encryption (Verizon DBIR 2025). As a result, ransomware continues to be ranked as a top organisational risk by security leaders (World Economic Forum Global Cybersecurity Outlook 2025).

Phishing in the age of AI

Phishing remains the most common initial access vector in 2025, but its sophistication has increased significantly with the use of generative AI. Large proportions of phishing content are now reported to beAI-generated, making attacks more convincing and scalable (VikingCloud). Email continues to be the dominant entry point for targeted attacks (IBM Cost of a DataBreach Report 2025).

Voice-based phishing, or vishing, represents one of the fastest-growing techniques. One of the most notable recent trends is a 442% increase in vishing activity between the first and second half of 2024, with the operational impact becoming fully apparent during 2025 (IBM). Meanwhile, the Verizon DBIR highlights continued growth in infostealer malware and cloud-hosted phishing infrastructure.

Data breaches at scale

Data breaches in 2025 continued to grow both in frequency and scale. In the United States alone, 3,205 incidents affected 353 million individuals, with average identification and containment times of 258 days (IBM). These prolonged dwell times allow attackers to exfiltrate data, harvest credentials, and prepare extortion campaigns.

 Reporting also shows that breaches often result in long-term commercial damage. A significant proportion of organisations report customer loss following major incidents (World Economic Forum GlobalCybersecurity Outlook 2025).Credential harvesting and extortion-related incidents continue to displace traditional data theft as primary breach outcomes.

Cloud security and misconfiguration risk

Cloud security failures in 2025 are overwhelmingly driven by customer-side misconfiguration rather than provider compromise. Many cloud incidents are linked to human error, overprivileged identities, and poor visibility (VikingCloud 207 Cybersecurity Stats 2025). The World EconomicForum continues to reinforce that most cloud security failures result from customer mistakes within the shared responsibility model.

Some industry analysis attributes 99% of cloud security failures to customer error, underscoring how identity sprawl and misconfiguration remain systemic risks (Orca Security Top 5 CloudSecurity Risks 2025).

Supply chain attacks as a multiplier threat

Supply chain attacks more than doubled during 2025, with projected global losses of $60 billion (CleanStart Securing the Software Supply Chain in 2026).Attackers increasingly targeted CI/CD pipelines, dependencies, and third-party software components as efficient entry points.

The World Economic Forum reports that most organisations experienced at least one supply chain-related incident, often originating from unmonitored partners, resulting in financial, data, reputational, and operational damage. IBM also attributes tens of millions of victims to supply chain breaches, highlighting the scale of downstream impact.

AI’s dual role in cybersecurity

Artificial intelligence now plays a central role on bothsides of cyber operations. A very high proportion of organisations report GenAI-related security issues, while a growing number are using AI to support incident response (VikingCloud 207 Cybersecurity Stats 2025). Many organisations also link rising cyber risk directly to adversarial GenAI capabilities.

At the same time, AI-driven security tools are associated with faster breach detection and lower overall costs (NordLayer). Concerns arounddeepfakes, AI-driven fraud, and lack of visibility into AI systems remain high, with some fraud-focused reporting citing deepfake growth exceeding 2,000% (Signicat AI Fraud Report 2025).

Living off the land and malware-free attacks

A defining shift in modern attacks is the rise of malware-free techniques. An estimated 79 to 84% of incidents now rely on legitimate administrative tools rather than custom malware, with PowerShell appearing in a large proportion of intrusions (CrowdStrike Global Threat Report 2025). These Living off the Land techniques allow attackers to evade traditional detection and extend dwell time, often remaining undetected for weeks or months.

Sector risk and uneven exposure

Risk in 2025 is not evenly distributed. Manufacturing remains the most targeted industry, accounting for 26% of incidents in the Verizon DBIR and ranking first in multiple datasets (Verizon DBIR 2025) (IBM Cost of a Data Breach Report 2025). Financial services face sustained ransomware and phishing pressure with high breach costs across regions (NordLayer Cybersecurity Statistics of 2025) (IBM Cost of a Data Breach Report 2025).

Healthcare continues to experience severe disruption, high breach costs, and patient safety impacts, while education remains heavily affected by phishing and ransomware campaigns (World Economic Forum Global Cybersecurity Outlook 2025)(VikingCloud 207 Cybersecurity Stats 2025).

Spending, skills, and preparing for 2026

Cybersecurity spending increased again in 2025, with global growth estimates exceeding 12% year-on-year, alongside rapid expansion in the cyber insurance market (NordLayer Cybersecurity Statistics of 2025). However, workforce challenges continue to worsen. The World Economic Forum reports a growing skills gap and a low proportion of organisations confident in their cybersecurity talent coverage.

The statistics from 2025 make one thing clear: threats are accelerating faster than most organisations can adapt. Artificial intelligence, supply chain complexity, and evasion-focused attack techniques now define the threat landscape. To prepare for 2026, organisations must prioritise active defence strategies, employee training, zero-trust architectures, and continuous validation of third-party integrations. Cybersecurity is no longer a static prevention problem, it is an ongoing resilience challenge.

‍

‍

‍

‍

‍

‍