Cybersecurity Industry Statistics: ATO, Ransomware, Breaches & Fraud

Cybersecurity Industry Statistics: ATO, Ransomware, Breaches & Fraud

Table of Contents

Check your exposure

With cybersecurity reports and fraud studies launching almost weekly, it can be hard to keep track of  the latest stats related to:

At SpyCloud, we know our readers need the latest cybersecurity statistics to bolster their case for investing in solutions to combat cybercrime and protect employees and customers. Here is the latest list of cybersecurity statistics you should know for 2025.

Account Takeover (ATO) Statistics:

Ransomware Statistics:

  • Ransom payments surged last year, with a 2.6x increase in the average payment. Sophos State of Ransomware Report 2024
  • Nearly two-thirds of ransom demands last year were for $1 million or more, with an average of $4.3 million. Sophos State of Ransomware Report 2024
  • 85% of organizations were affected by ransomware in some capacity over the past 12 months, with 31% experiencing 6 to 10 incidents. SpyCloud 2025 Identity Threat Report
  • Ransomware accounts for 28% of all malware incidents, the highest among malware types, despite a three-year decline in incident response cases. The dark web, however, shows a 25% increase in ransomware activity, suggesting a shift in tactics rather than impact​. IBM X-Force 2025 Threat Intelligence Index
  • Ransomware was the most pervasive threat to critical infrastructure last year, with a 9% year-over-year increase in reported complaints to the FBI. FBI Internet Crime Report 2024
  • According to security leaders, the top three perceived riskiest entry points for ransomware are:
    #1 Phishing and social engineering
    #2 Exposed or weak APIs
    #3 Stolen cookies that enable session hijacking
    SpyCloud 2025 Identity Threat Report
  • Dark web research suggests that Akira, LockBit, Black Basta, RansomHub, and Hunters International were among the most active ransomware families over the past year. IBM X-Force 2025 Threat Intelligence Index
  • 54% of ransomware victim domains showed up in infostealer marketplaces/logs before the attack, and 40% contained corporate email addresses, suggesting that initial access brokers (IABs) are using these stolen credentials to facilitate ransomware attacks. Verizon 2025 Data Breach Investigations Report
  • Improving ransomware prevention and response is the second highest priority for security teams in 2025 after improving cross-functional team collaboration across IT, IAM, security, and other stakeholders. SpyCloud 2025 Identity Threat Report

Malware Statistics:

Phishing Statistics:

Session Hijacking Statistics:

Data Breach Statistics:

Business Email Compromise (BEC) Statistics:

Fraud & Identity Theft Statistics:

Supply Chain Attack Statistics:

Digital Identity Threat Statistics:

For more insights, get the 2025 SpyCloud Identity Exposure Report

About SpyCloud:

SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics to proactively prevent ransomware and account takeover, safeguard employee and consumer accounts, and accelerate cybercrime investigations. SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include 7 of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.

To get insights on your company’s exposed data, check your exposure today.

Keep reading

What Security Teams Are Missing: Lessons from the 2025 Identity Threat Report
The 2025 SpyCloud Identity Threat Report reveals a dangerous paradox. Read the report recap for a summary of findings, trends, and key benchmarks.
SpyCloud Cybercrime Update
August Cybercrime Update: Darknet Drama, GenAI Malware, and a Suspected DPRK APT Leak
From the BreachForums takedown to Warlock ransomware, ShinyHunters chaos & GenAI malware, our August update covers the month’s top cybercrime news.
blog featured image
Closing the Insider Threat Detection Gap: What Traditional Tools Miss
Traditional tools miss identity-driven insider threats. Learn how SpyCloud’s insider threat detection solution uncovers risks before it’s too late.

Check Your Company's Exposure

See your real-time exposure details powered by SpyCloud.

🪐 New research: The 2025 Identity Threat Report is here

X