45 Cybersecurity Statistics and Facts for 2025

The cybersecurity landscape has rapidly transformed in recent years. With remote work now a standard practice and an increasing shift toward cloud-based solutions, the complexity and frequency of cybersecurity attacks have increased. As these threats continue to evolve, the demand for robust cybersecurity measures intensifies. Coupled with a persistent shortage of skilled cybersecurity professionals, this presents a unique opportunity for those in the field.

To provide a comprehensive overview of the current state of the industry, we have compiled a variety of insightful cybersecurity statistics and facts.

Cybersecurity Landscape: Top Cybersecurity Threats

While there are a variety of concerns in the cybersecurity landscape, many center around the growing complexity of modern cyberattacks. Cyberattacks can occur in any location and on any device that has access to the internet. Emails, private and public clouds, devices connected through the internet of things (IoT) and unsecured networks all present vulnerabilities for cybercriminals to exploit. As technology advances, so do virtual attacks.

Some of the top cybersecurity threats and trends include:

1. Generative artificial intelligence: Generative AI can boost all manner of campaigns, including social engineering and phishing attacks. “Security leaders need to prepare for the swift evolution of GenAI, as large language model (LLM) applications like ChatGPT and Gemini are only the start of its disruption.” [Gartner]
2. The evolution of ransomware: “Ransomware isn’t a new threat — it’s been around for about two decades — but it is a growing one. It’s estimated that there are now over 120 separate families of ransomware, and hackers have become very adept at hiding malicious code.” [Kaspersky]
3. Zero Trust framework: In this type of model, every access request must be treated as a potential threat and therefore verified. “The transition to a Zero Trust framework in 2025 represents a paradigm shift in cybersecurity, focusing on continuous verification and minimal access rights to reduce vulnerabilities and enhance overall network security.” [Splashtop]

The Cost of Cybercrimes

The cost of cybercrimes has been rising steadily and is expected to keep escalating. Here are a few stats that highlight the impact.

1. The cost of cybercrime is expected to reach $13.82 trillion per year by 2028. [Statista]
2. The average cost of a global data breach is $4.45 million. [Morgan Lewis]
3. The cost of cybercrime in the United States totaled more than $12.5 billion in 2023 — a 22% increase over the previous year. [SC Media]

Cyberattack Statistics by Type

Phishing

In a phishing attack, a cybercriminal will pose as a trusted institution or individual to trick their target into sharing personal information. Most phishing attacks occur via email, but they’ve become increasingly common via text, voicemail and social media.

1. “Phishing is the most common form of cyber crime, with an estimated 3.4 billion spam emails sent every day.” [AAG IT Services]
2. Unfortunately, only 13% of targeted employees report phishing attempts. “Employee failure to report phishing attempts limits the organization’s ability to respond to the intrusion and alert others to the threat.” [CISA]
3. Nevada is the state that’s most affected by phishing scams; Kansas is the least. [Forbes]
4. “Smishing” — a combination of short message service (SMS) and phishing — is on the rise with three-quarters (75%) of organizations experiencing smishing attacks in 2023. [IBM]

Ransomware

In a ransomware attack, a person or company’s data is stolen until a ransom is paid to get it back. If not paid, a cybercriminal may erase the data, share it or sell it on the web.

1. “Ransomware attacks have risen by 13% in the last five years, with an average cost of $1.85 million per incident. By 2031, statistics predict a ransomware attack every two seconds.” [Astra]
2. “Ransomware comprises 10% of all breaches.” [Spin.ai]
3. “62% of financially motivated incidents involved ransomware or extortion, with a median loss of $46,000 per breach.” [Verizon]

Malware

A malware attack occurs when a malicious code or file is shared to a computer, network or server and gains unauthorized access to information. Malware is often used to steal or delete sensitive data, access credentials and administrative passwords and more.

1. “Every day, the AV-TEST Institute registers over 450,000 new malicious programs (malware) and potentially unwanted applications (PUA).” [AV-TEST]
2. The number of malware attacks reached 6.06 billion in 2023, which is a 10% increase compared to the previous year. [Statista]

Data Breaches

When a data breach occurs, sensitive or protected data is compromised and often released or sold.

1. The United States ranks first when it comes to the average cost of a data breach ($9.48 million). The Middle East is second at $8.07 million and Canada is third in the ranking at $5.13 million. [Statista]
2. In 2023 more than 353 million people were affected by compromised data events, including data breaches, data leaks or data exposure. [Statista]
3. Companies that were affected by data breaches in 2024 include Prudential Financial, Ticketmaster and Evolve Bank and Trust.

Stalkerware

Stalkerware is any monitoring or spying software used for cyberstalking. According to Jakub Vavra, Threat Operations Analyst at Avast, the number of stalkerware incidents is on the rise — and it’s a big concern. “Stalkerware is often installed secretly on mobile phones by abusive spouses, ex-partners, so-called friends or concerned parents, and has the capacity to inflict serious physical and psychological harm on those affected,” he explained. “This is not only about stealing personal data; there are also tangible implications concerning the safety of the individual targeted.”

1. In 2023, approximately 31,000 individuals around the world were affected by stalkerware, which was an almost 6% year-on-year increase from 2022. [Kaspersky]
2. Twenty-three percent of people around the world said they had experienced some form of online stalking from a person they had recently started dating. [Kaspersky]

DDoS

DDoS, or distributed denial-of-service, is a malicious attack to disrupt the normal operations of a network or server by flooding it with a large amount of internet traffic.

1. Hackers can “rent” online resources that launch digital attacks for as little as $5 per hour; conversely, online businesses lose anywhere from $8,000 to $74,000 per hour of downtime. [G2]
2. The finance and telecommunications industries account for approximately 60% of all DDoS targeted attacks. [StationX]

Cyberattack Statistics by Organization Size and Industry

Cybercriminals are not selective about who they target, which means that no industry is safe. Companies and organizations of every shape and size must take precautions and employ cybersecurity tactics and strategies to help prevent and navigate data breaches and attacks.

Healthcare

1. “Health care organizations are particularly vulnerable and targeted by cyberattacks because they possess so much information of high monetary and intelligence value to cyber thieves and nation-state actors. The targeted data includes patients’ protected health information (PHI), financial information like credit card and bank account numbers, personally identifying information (PII) such as Social Security numbers, and intellectual property related to medical research and innovation. In fact, stolen health records may sell up to 10 times or more than stolen credit card numbers on the dark web.” [American Hospital Association]
2. “In 2023, an average of 1.99 healthcare data breaches of 500 or more records were reported each day, and on average, 364,571 healthcare records were breached every day.” [The HIPAA Journal]
3. “In 2023, the healthcare industry reported data breaches costing an average of $10.93 million per breach — almost double that of the financial industry, which came in second with an average cost of $5.9 million.” [World Economic Forum]
4. More than 540 healthcare organizations reported a data breach to the HHS Office for Civil Rights in 2023. A total of approximately 112 million individuals were impacted. [Health IT Security]

[RELATED] Why the Need for Cybersecurity Experts in Healthcare is Critical >>

Finance

1. The financial sector has suffered more than 20,000 cyberattacks between 2004 and 2023, which has resulted in $12 billion in losses. [International Monetary Fund]
2. In 2023, the finance sector overtook healthcare as the most breached industry, accounting for 27% of all data breaches handled by Kroll. [Kroll]
3. The most common types of data breaches for financial institutions include weak security or stolen data; social engineering; malware; ransomware and DDoS. [Finextra]

Government

1. “Government facilities were the third largest critical infrastructure sector targeted by ransomware attacks in 2023.” [Nextgov]
2. The U.S. government has suffered at least 1,283 data breaches since 2014, affecting more than 200 million records. These breaches have cost government entities almost $30.4 billion from 2014 to 2023. [Comparitech]

Education

1. “2023 was the worst ransomware year on record for Education: according to original ThreatDown research, the sector witnessed a staggering 70% surge in attacks in the past year, increasing from 129 incidents in 2022 to 265 in 2023.” [ThreatDown]

Small Businesses

1. One in five small businesses have been the victim of a ransomware attack. [NinjaOne]
2. “46% of all cyber breaches impact businesses with fewer than 1,000 employees.” [StrongDM]
3. “On average, SMBs spend between $826 and $653,587 on cybersecurity incidents.” [Astra]

Cyberattack Statistics by Devices & Platforms

Since technology has evolved exponentially, so has cybercriminals’ access to online devices.

Mobile Devices and Apps

1. There were approximately 33.8 million attacks on mobile devices in 2023, which is a 50% increase from the previous year. [Kaspersky]
2. “One of the most common disguises for 2023 were fake investment apps that relied on social engineering tactics to extract personal data from users, primarily phone numbers and full names, which were later added to databases used for phone fraud. Another prevalent vector of attacks observed was malicious WhatsApp and Telegram mods designed to steal user data.” [Kaspersky]

IoT Devices

1. “In the first six months of 2023, IoT malware globally was up by 37%, resulting in a total of 77.9 million attacks, compared to 57 million attacks in the first six months of 2022.” [IoTAC]
2. “On average, every week 54% of organizations suffer from attempted cyber attacks targeting IoT devices.” [Check Point Software Technologies]

Social Media

1. An average of 1.4 billion social media accounts are hacked per month. [StationX]
2. Common social media threats include identity theft, cyberbullying, fake giveaways, likejacking, phishing scams, data breaches, malware, brand impersonation and affiliate scams. [Panda Security]
3. Phishing on social media can take the form of emails, fake LinkedIn jobs, malicious direct messages, crypto scams, fraudulent quizzes and customer support scams. [Infosecurity Magazine]

The Cybersecurity Job Landscape

1. There are approximately 470,000 cybersecurity job openings in the United States. [Cyberseek]
2. Around 1.3 million cybersecurity professionals are employed in the United States. [Cyberseek]
3. Industries with high demand for cybersecurity professionals include banking and finance, healthcare, government and defense, retail and eCommerce, energy and utilities, information technology and education. [LinkedIn]

[RELATED] How to Land One of the 9 Best Jobs in Cybersecurity >>

How to Protect Yourself from Cyberattacks

• Educate your staff: Require employees to take periodic training on common types of cyberattacks and how to protect themselves.
• Hire the right talent: Make sure there is a cybersecurity professional on your IT team who is qualified and has the knowledge to protect your company.
• Have the right security measures: One of the easiest ways to protect yourself from an attack is to prevent them. This means making sure there are no vulnerabilities in your network or server, enabling multi-factor authentication, working on a closed network and more.
• Control admin access: Limit admin access only to those who need it; have a way to remove or restrict admin privileges.

Given the current situation, there is a great opportunity for those interested in cybersecurity to enter the field and help prevent cyberattacks. There are a variety of educational training and certificates available, including bachelor’s and master’s degree programs.

Article Sources

University of San Diego, “Cybersecurity and the Internet of Things (IoT), https://onlinedegrees.sandiego.edu/cybersecurity-iot/.”

University of San Diego, “Top Cybersecurity Threats in 2023, https://onlinedegrees.sandiego.edu/top-cyber-security-threats/.”

Gartner, “Gartner Identifies the Top Cybersecurity Trends for 2025, https://www.gartner.com/en/newsroom/press-releases/2024-02-22-gartner-identifies-top-cybersecurity-trends-for-2024.”

Kaspersky, “Top Ten Cybersecurity Trends, https://usa.kaspersky.com/resource-center/preemptive-safety/cyber-security-trends.”

Splashtop, “Top 10 Cyber Security Trends And Predictions For 2025, https://www.splashtop.com/blog/cybersecurity-trends-and-predictions-2024.”

Statista, “Cybercrime Expected To Skyrocket in Coming Years, https://www.statista.com/chart/28878/expected-cost-of-cybercrime-until-2027/.”

Morgan Lewis, “Study Finds Average Cost of Data Breaches Continued to Rise in 2023, https://www.morganlewis.com/blogs/sourcingatmorganlewis/2024/03/study-finds-average-cost-of-data-breaches-continued-to-rise-in-2023.”

SC Media, “FBI: Cybercrime cost Americans over $12.5B in 2023, https://www.scmagazine.com/news/fbi-cybercrime-cost-americans-over-12-5b-in-2023.”

AAG IT Services, “The Latest 2025 Phishing Statistics (updated June 2025), https://aag-it.com/the-latest-phishing-statistics/.”

CISA, “Phishing, https://www.cisa.gov/sites/default/files/2023-02/phishing-infographic-508c.pdf.”

Forbes, “Phishing Statistics By State In 2025, https://www.forbes.com/advisor/business/phishing-statistics/.”

IBM, “What is smishing (SMS phishing)?, https://www.ibm.com/topics/smishing.”

Astra, “100+ Ransomware Attack Statistics 2025: Trends & Cost, https://www.getastra.com/blog/security-audit/ransomware-attack-statistics/.”

Spin.ai, “Alarming Ransomware Facts & Stats To Know, https://spin.ai/blog/alarming-ransomware-facts-stats-you-need-to-know/.”

Verizon, “2025 Data Breach Investigations Report, https://www.verizon.com/business/resources/reports/dbir/.”

AV-Test, “Malware, https://www.av-test.org/en/statistics/malware/.”

Statista, “Annual number of malware attacks worldwide from 2015 to 2023, https://www.statista.com/statistics/873097/malware-attacks-per-year-worldwide/.”

Statista, “Average cost of a data breach worldwide from March 2022 to March 2023, by country or region, https://www.statista.com/statistics/463714/cost-data-breach-by-country-or-region/.”

Statista, “Annual number of data compromises and individuals impacted in the United States from 2005 to 2023, https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/.”

TechRadar, “Prudential Financial reveals millions of customers affected by data breach, https://www.techradar.com/pro/security/prudential-financial-reveals-millions-of-customers-affected-by-data-breach.”

Newsweek, “Ticketmaster Data Hack Update: What Does it Mean for Millions of Customers, https://www.newsweek.com/ticketmaster-data-breach-hack-risk-1920166.”

TechCrunch, “Startups scramble to assess fallout from Evolve Bank data breach, https://techcrunch.com/2024/06/27/startups-scramble-to-assess-fallout-from-evolve-bank-data-breach/.”

Avast, “Stalkerware Grows 239% Worldwide Over the Past Three Years, https://press.avast.com/stalkerware-grows-239-worldwide-over-the-past-three-years.”

Kaspersky, “The State of Stalkerware in 2023–2025, https://securelist.com/state-of-stalkerware-2023/112135/.”

G2, “35 DDoS Attack Statistics that Explain Its Rise in 2025, https://learn.g2.com/ddos-attack-statistics.”

StationX, “Top +35 DDoS Statistics (2025), https://www.stationx.net/ddos-statistics/.”

American Hospital Association, “The importance of cybersecurity in protecting patient safety, https://www.aha.org/center/cybersecurity-and-risk-advisory-services/importance-cybersecurity-protecting-patient-safety.”

The HIPAA Journal, “Healthcare Data Breach Statistics, https://www.hipaajournal.com/healthcare-data-breach-statistics/.”

World Economic Forum, “Healthcare pays the highest price of any sector for cyberattacks — that’s why cyber resilience is key, https://www.weforum.org/agenda/2024/02/healthcare-pays-the-highest-price-of-any-sector-for-cyberattacks-that-why-cyber-resilience-is-key/.”

Tech Target, “This Year’s Largest Healthcare Data Breaches, https://healthitsecurity.com/features/this-years-largest-healthcare-data-breaches.”

International Monetary Fund, “Rising Cyber Threats Pose Serious Concerns for Financial Stability, https://www.imf.org/en/Blogs/Articles/2024/04/09/rising-cyber-threats-pose-serious-concerns-for-financial-stability.”

Kroll, “Data Breach Outlook: Finance Surpasses Healthcare as Most Breached Industry in 2023, https://www.kroll.com/en/insights/publications/cyber/data-breach-outlook-2024.”

Finextra, “5 common types of data breaches in the financial sector, https://www.finextra.com/the-long-read/982/5-common-types-of-data-breaches-in-the-financial-sector.”

Nextgov, “Government facilities were third largest ransomware target in 2023, FBI says, https://www.nextgov.com/cybersecurity/2024/03/government-facilities-were-third-largest-ransomware-target-2023-fbi-says/394724/.”

Comparitech, “A recent history of US Government Breaches – can you trust them with your data?, https://www.comparitech.com/blog/vpn-privacy/us-government-breaches/.”

ThreatDown, “2025 State of Ransomware in Education: 92% spike in K-12 attacks, https://www.threatdown.com/blog/2024-state-of-ransomware-in-education-92-spike-in-k-12-attacks/.”

NinjaOne, “Must-Know Ransomware Statistics, Trends and Facts, https://www.ninjaone.com/blog/must-know-ransomware-statistics/.”

StrongDM, “35 Alarming Small Business Cybersecurity Statistics for 2025, https://www.strongdm.com/blog/small-business-cyber-security-statistics.”

Astra, “51 Small Business Cyber Attack Statistics 2025 (And What You Can Do About Them), https://www.getastra.com/blog/security-audit/small-business-cyber-attack-statistics/.”

Kaspersky, “Attacks on mobile devices significantly increase in 2023, https://www.kaspersky.com/about/press-releases/2024_attacks-on-mobile-devices-significantly-increase-in-2023.”

IoTAC, “IoT malware attacks up by 37% in the first half of 2023, https://iotac.eu/iot-malware-attacks-up-by-37-in-the-first-half-of-2023/.”

Check Point Software Technologies, “The Tipping Point: Exploring the Surge in IoT Cyberattacks Globally, https://blog.checkpoint.com/security/the-tipping-point-exploring-the-surge-in-iot-cyberattacks-plaguing-the-education-sector/.”

StationX, “Top Social Media Hacking Statistics & Trends for 2025, https://www.stationx.net/social-media-hacking-statistics/.”

Panda Security, “9 Social Media Threats You Should Be Aware Of, https://www.pandasecurity.com/en/mediacenter/social-media-threats/.”

Infosecurity Magazine, “Social Media Phishing – The 2023 Cybersecurity Threat, https://www.infosecurity-magazine.com/next-gen-infosec/social-media-phishing-threat/.”

Cyberseek, “Cybersecurity Supply/Demand Heat Map, https://www.cyberseek.org/heatmap.html.”

LinkedIn, “7 Industries with High Demand for Cybersecurity Professionals, https://www.linkedin.com/pulse/7-industries-high-demand-cybersecurity-professionals-nancy-j-dchzc/.”