With cybersecurity reports and fraud studies launching almost weekly, it can be hard to keep track of the latest stats related to:
- Account takeover (ATO)
- Ransomware
- Malware
- Phishing
- Session hijacking
- Data breaches
- Business email compromise (BEC)
- Fraud and identity theft
- Supply chain
- Digital identity threats
At SpyCloud, we know our readers need the latest cybersecurity statistics to bolster their case for investing in solutions to combat cybercrime and protect employees and customers. Here is the latest list of cybersecurity statistics you should know for 2025.
Account Takeover (ATO) Statistics:
- More than 75% of security leaders rank account takeovers as one of the top four cyber threats organizations face globally. Abnormal Security’s 2024 State of Cloud Account Takeovers Report
- ATO attacks increased 24% year-over-year in 2024. Sift’s Q3 2024 Digital Trust Index
- Account takeover fraud resulted in nearly $13 billion in losses in 2023. 2024 AARP & Javelin Fraud Study
- 83% of organizations experienced at least one instance of account takeover in the past year. Abnormal Security’s 2024 State of Cloud Account Takeovers Report
- 24% of consumers were a victim of ATO in 2024, up from 18% in 2023. Sift’s Q3 2024 Digital Trust Index
- Four out of five consumers would stop shopping on a site where they’d been a victim of ATO. Sift’s Q3 2024 Digital Trust Index
- Only 43% of account takeover victims were notified by the company that their information had been compromised. Sift’s Q3 2023 Digital Trust & Safety Index
- An annual analysis of recaptured data from the darknet shows a 70% password reuse rate for users exposed in two or more breaches in the last year. SpyCloud 2025 Identity Exposure Report
Ransomware Statistics:
- Ransom payments surged last year, with a 2.6x increase in the average payment. Sophos State of Ransomware Report 2024
- Nearly two-thirds of ransom demands last year were for $1 million or more, with an average of $4.3 million. Sophos State of Ransomware Report 2024
- 85% of organizations were affected by ransomware in some capacity over the past 12 months, with 31% experiencing 6 to 10 incidents. SpyCloud 2025 Identity Threat Report
- Ransomware accounts for 28% of all malware incidents, the highest among malware types, despite a three-year decline in incident response cases. The dark web, however, shows a 25% increase in ransomware activity, suggesting a shift in tactics rather than impact. IBM X-Force 2025 Threat Intelligence Index
- Ransomware was the most pervasive threat to critical infrastructure last year, with a 9% year-over-year increase in reported complaints to the FBI. FBI Internet Crime Report 2024
- According to security leaders, the top three perceived riskiest entry points for ransomware are:
#1 Phishing and social engineering
#2 Exposed or weak APIs
#3 Stolen cookies that enable session hijacking
SpyCloud 2025 Identity Threat Report - Dark web research suggests that Akira, LockBit, Black Basta, RansomHub, and Hunters International were among the most active ransomware families over the past year. IBM X-Force 2025 Threat Intelligence Index
- 54% of ransomware victim domains showed up in infostealer marketplaces/logs before the attack, and 40% contained corporate email addresses, suggesting that initial access brokers (IABs) are using these stolen credentials to facilitate ransomware attacks. Verizon 2025 Data Breach Investigations Report
- Improving ransomware prevention and response is the second highest priority for security teams in 2025 after improving cross-functional team collaboration across IT, IAM, security, and other stakeholders. SpyCloud 2025 Identity Threat Report
Malware Statistics:
- In 2024, the use of infostealer malware by cybercriminals doubled. Expel 2025 Annual Threat Report
- When it comes to initial access vectors, malware infections are one of the top three vectors security teams are most concerned about. SpyCloud 2025 Identity Threat Report
- At least 66% of malware-infected devices had an antivirus or EDR program installed at the time of successful malware execution. SpyCloud 2025 Identity Threat Report
- In a sample of infostealer malware logs, 46% of systems that contained corporate login credentials were unmanaged devices — suggesting risky BYOD practices or uncontrolled access points. Verizon 2025 Data Breach Investigations Report
- Malware analysis now ranks as one of the top three skills needed to succeed as a SOC analyst. Tines Voice of the SOC 2023
- About 1 in 2 corporate users have been infected by infostealer malware on their work or personal devices sometime in their digital history. SpyCloud 2025 Identity Threat Report
Phishing Statistics:
- Credential theft attacks stemming from phishing campaigns rose dramatically in the second half of 2024, increasing by 703%. SlashNext Phishing Intelligence Report
- 82.6% of phishing emails exhibit some use of AI. KnowBe4 Phishing Threat Trend Report
- Phishing/social engineering was reported to be the most common entry point used by attackers to gain initial access for ransomware attacks in 2025, reported as the initial access vector in 35% of attacks. SpyCloud 2025 Identity Threat Report
- 8 out of 10 organizations had at least one individual who fell victim to a phishing attempt by CISA Assessment teams. CISA Phishing Assessment Infographic
- The human element was a factor in 60% of breaches, often involving phishing or pretexting. Verizon 2025 Data Breach Investigations Report
- 92% of organizations agree that AI-powered cybercrime, including AI-generated phishing lures and pages, have intensified risk. SpyCloud 2025 Identity Threat Report
Session Hijacking Statistics:
- Session cookie theft via adversary-in-the-middle (AiTM) phishing attacks account for 15% of phishing attacks. Expel Quarterly Threat Report Q2 2023
- SpyCloud researchers recaptured more than 17 billion stolen cookie records from the dark web in 2024. SpyCloud 2025 Identity Exposure Report
- Security teams reported that MFA bypass via session hijacking was one of the top three attack vectors for ransomware events they experienced in the past 12 months. SpyCloud 2025 Identity Threat Report
Data Breach Statistics:
- There were 3,158 publicly reported data breaches in 2024, resulting in a 211% year-over-year increase in victims. Identity Theft Resource Center’s 2024 Data Breach Report
- The average cost of a data breach hit a record $4.88 million, with identity-focused campaigns (using valid credentials) often causing longer dwell times and deeper damage than brute-force attacks. IBM 2025 X-Force Threat Intelligence Index
- Credential abuse remains the top initial access vector, involved in 22% of all breaches. Verizon 2025 Data Breach Investigations Report
- The percentages of breaches where a third party was involved doubled this year, going from 15% to 30%. Verizon 2025 Data Breach Investigations Report
- The most frequently breached industries in 2024 were the financial services and healthcare industries. Identity Theft Resource Center’s 2024 Data Breach Report
- 44% of data breach victims tell friends and family not to associate with a brand that’s been breached. Telesign’s Trust Index
Business Email Compromise (BEC) Statistics:
- The average cost of a BEC claim skyrocketed from $84,000 in 2022 to $183,000 in 2023. NetDiligence Cyber Claims 2024 Study
- There was a 65% increase in identified global exposed losses from Business Email Compromise fraud. FBI PSA: Business Email Compromise (BEC): The $43 Billion Scam
- Pretexting, including BEC, overtook phishing as the most prevalent social engineering tactic in 2022, with BEC attacks accounting for more than 50% of social engineering incidents. Verizon 2023 Data Breach Investigations Report
- The median open rate for text-based BEC attacks is nearly 28%. Abnormal Intelligence H1 2023 Report
- BEC was the attack vector for 10% of data breaches in 2024, and was also one of the costliest vectors. IBM Cost of a Data Breach Report 2024
Fraud & Identity Theft Statistics:
- In 2024, the National Public Data Breach exposed 2.7 billion identity records, including highly sensitive PII like Social Security numbers, addresses, birth dates, and phone numbers that criminals can leverage for new account fraud and synthetic identity creation. 2025 SpyCloud Identity Exposure Report
- American adults lost a total of $43 billion to identity fraud in 2023. 2024 AARP & Javelin Fraud Study
- 1 in every 11 new account creations are attacks. LexisNexis Risk Solutions Cybercrime Report
- Of 19,778 complaints received by the FBI, associated losses from identity theft were $126 million. FBI Internet Crime Report 2023
- In the past 2 years, 37% of consumers had new accounts opened using their identity. Aite-Novarica U.S. Identity Theft: The Stark Reality
- Every $1 lost to fraud costs financial services firms $4.23, and every $1 lost to fraud costs merchants $3.75. LexisNexis True Cost of Fraud Study
- Card Not Present (CNP) losses are estimated to grow to $48 billion in 2023, an increase of 16% from $41 billion in 2022. Juniper Research Online Payment Fraud: Market Forecasts, Emerging Threats & Segment Analysis 2022-2027
- New accounts are 9.5 times riskier than mature accounts. NICE Actimize 2023 Fraud Insights Report
- Attempted fraud transactions have increased by 92% and attempted fraud amounts have jumped by 146%. NICE Actimize 2023 Fraud Insights Report
- As many as 1 in 5 password reset attempts from desktop browsers are fraud. Consistently identified as a high-risk touchpoint, password reset attacks have grown by 135% year-over-year. LexisNexis Risk Solutions Cybercrime Report
- The types of fraud most concerning to fraud executives at financial institutions: ACH fraud and P2P fraud (both with 39% of fraud executives concerned. The types of fraud attacks most concerning? Synthetic identities resulting from application fraud and wire fraud resulting from ATO. Aite-Novarica Market Trends in Fraud for 2022 and Beyond: New Fraudsters, New Era
- Online payment fraud losses are set to exceed $206 billion between 2021 and 2025. Juniper Research Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2021-2025
Supply Chain Attack Statistics:
- In the first half of 2025, supply chain attacks compromised the data of more than 78 million people. ITRC H1 2025 Data Breach Report
- 52% of chief supply chain officers report that their supply chain operations were negatively impacted by cyberattacks in the last 12 months. Gartner: The Elastic Supply Chain
- The annual cost of software supply chain attacks is set to hit $138 billion by 2031. Snyk Software Supply Chain Attack Report
- Darknet exposure analysis shows that the IT, telecom, and software industries face 6X, 5X, and 4X higher supply chain threat levels, respectively. SpyCloud 2025 Identity Threat Report
Digital Identity Threat Statistics:
- The digital identity has become a top attack vector – 91% of organizations reported an identity-related breach in the past year. IDSA’s 2024 Trends in Securing Digital Identities Report
- There was a 22% rise in distinct identity records recaptured from the criminal underground in last year. 2025 SpyCloud Identity Exposure Report
- 22% of businesses see managing and securing digital identities as the number one priority of their security program, up from 17% in 2023. Only 2% of businesses don’t see securing identities as a top 10 priority. IDSA’s 2024 Trends in Securing Digital Identities Report
- Over half (57%) of organizations are putting a major focus on managing identity sprawl. IDSA’s 2024 Trends in Securing Digital Identities Report
- Identity-related incidents in 2024 were primarily driven by phishing (69%) and stolen credentials (37%). Also in the list of frequent incidents include compromised privileged identities, social engineered passwords, third-party or supply chain attacks, and insider attacks. IDSA’s 2024 Trends in Securing Digital Identities Report
- Identity-based attacks continue to rise YoY, up 4% from 2023. Expel 2025 Annual Threat Report
- The average employee identity has 146 exposed data records on the dark web, twelve times more than previously estimated. The Scale of Digital Identity Exposure 2025
- The average consumer identity has 229 exposed data records circulating the dark web, frequently including PII like full names, dates of birth, and phone numbers, as well as Social Security/ID numbers, addresses, and credit card or bank information. 2025 SpyCloud Identity Exposure Report
For more insights, get the 2025 SpyCloud Identity Exposure Report
About SpyCloud:
SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics to proactively prevent ransomware and account takeover, safeguard employee and consumer accounts, and accelerate cybercrime investigations. SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include 7 of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.
To get insights on your company’s exposed data, check your exposure today.
Keep reading
We dug into the ripple effects of Operation Endgame's takedown of the Rhadamanthys stealer, including rumors of its revival & the stealer that's seemingly taken its place.
Scattered LAPSUS$ Hunters weaponizes stolen credentials and session tokens from Salesforce breaches to fuel downstream account takeover attacks – here's how this federated cybercrime group operates and what security teams must do to stop them.
Traditional insider threat detection tools miss identity compromises that happen before criminals enter your network. Discover how dark web monitoring and AI threat detection expose malicious insiders, synthetic identity fraud, and negligent employees before behavioral anomalies surface.