TL,DR:
- Identity abuse and credential theft remain the leading initial access vectors, accounting for 30% of all incidents and driving a 24% year-over-year increase in account takeover attacks.
- Security teams must urgently remediate infostealer malware infections and phished users by automatically resetting credentials and invalidating stolen session cookies, as these specific vectors allow attackers to bypass traditional authentication.
- Attack prevention strategies also should focus on combating the 70% password reuse rate among exposed users.
- Defenders should deploy comprehensive identity threat protection for employees, consumers, and supply chain vendors to mitigate identity risks that can lead to downstream attacks.
With cybersecurity reports and fraud studies launching almost weekly, it can be hard to keep track of the latest stats related to:
- Account takeover (ATO)
- Ransomware
- Malware
- Phishing
- Authentication bypass and session hijacking
- Data breaches
- Business email compromise (BEC)
- Fraud and identity theft
- Supply chain
- Digital identity threats
At SpyCloud, we know our readers need the latest cybersecurity statistics to bolster their case for investing in solutions to combat cybercrime and protect employees and customers. Here is the latest list of cybersecurity statistics you should know for 2026:
Account Takeover (ATO) Statistics:
- Identity abuse remains the top initial access vector, accounting for 30% of all incidents.
- ATO attacks increased 24% year-over-year in 2024. Sift’s Q3 2024 Digital Trust Index
- Account takeover fraud resulted in nearly $13 billion in losses in 2023 2024 AARP & Javelin Fraud Study
- 74% of organizations experienced an account takeover attack in 2024.
- 24% of consumers were a victim of ATO in 2025, up from 18% in 2024. Sift’s Q3 2025 Digital Trust Index
- Four out of five consumers would stop shopping on a site where they’d been a victim of ATO. Sift’s Q3 2025 Digital Trust Index
- Nearly one in four consumers were victims of fraud in the last year.
- An annual analysis of recaptured data from the darknet shows a 70% password reuse rate for users exposed in two or more breaches in the last year. SpyCloud 2025 Identity Exposure Report
Ransomware Statistics:
- Ransomware payments hit a record $1.1 billion in 2023, despite a decline in the share of victims who pay
- The median ransom demand increased to $650,000 in 2023
- 85% of organizations were affected by ransomware in some capacity over the past 12 months, with 31% experiencing 6 to 10 incidents. SpyCloud 2025 Identity Threat Report
- Ransomware attacks saw a drop of nearly 12% last year, yet ransomware remains a critical threat, accounting for 17% of attacks involving malware.
- The FBI received 2,825 ransomware complaints in 2023, an 18% increase from the previous year, with adjusted losses rising 74%.
- According to security leaders, the top three perceived riskiest entry points for ransomware are: #1 Phishing and social engineering #2 Exposed or weak APIs #3 Stolen cookies that enable session hijacking. SpyCloud 2025 Identity Threat Report
- Dark web research suggests that Akira, LockBit, Black Basta, RansomHub, and Hunters International were among the most active ransomware families over the past year. IBM X-Force 2025 Threat Intelligence Index
- 54% of ransomware victim domains showed up in infostealer marketplaces/logs before the attack, and 40% contained corporate email addresses, suggesting that initial access brokers (IABs) are using these stolen credentials to facilitate ransomware attacks. Verizon 2025 Data Breach Investigations Report
- Improving ransomware prevention and response is the second highest priority for security teams in 2025 after improving cross-functional team collaboration across IT, IAM, security, and other stakeholders. SpyCloud 2025 Identity Threat Report
Malware Statistics:
- In 2025, the use of infostealer malware by cybercriminals doubled. Expel 2025 Annual Threat Report
- When it comes to initial access vectors, malware infections are one of the top three vectors security teams are most concerned about. SpyCloud 2025 Identity Threat Report
- At least 40% of malware-infected devices had an antivirus or EDR program installed at the time of successful malware execution. SpyCloud 2026 Identity Threat Report
- In a sample of infostealer malware logs, 46% of systems that contained corporate login credentials were unmanaged devices — suggesting risky BYOD practices or uncontrolled access points. Verizon 2025 Data Breach Investigations Report
- Security analysts cite incident response and malware analysis as top required skills.
- About 1 in 2 corporate users have been infected by infostealer malware on their work or personal devices sometime in their digital history. SpyCloud 2025 Identity Threat Report
Phishing Statistics:
- Credential theft attacks stemming from phishing campaigns rose dramatically in the second half of 2025, increasing by 703%. SlashNext Phishing Intelligence Report
- People typically think about phishing as a consumer problem, but about half (49%) of victims are corporate users. SpyCloud 2026 Identity Exposure Report
- 82.6% of phishing emails exhibit some use of AI. KnowBe4 Phishing Threat Trend Report
- Phishing/social engineering was reported to be the most common entry point used by attackers to gain initial access for ransomware attacks in 2025, reported as the initial access vector in 35% of attacks. SpyCloud 2025 Identity Threat Report
- 69% of organizations experienced a successful phishing attack in 2024.
- The human element was a factor in 60% of breaches, often involving phishing or pretexting. Verizon 2025 Data Breach Investigations Report
- 92% of organizations agree that AI-powered cybercrime, including AI-generated phishing lures and pages, have intensified risk. SpyCloud 2025 Identity Threat Report
- Phishing-resistant authentication is more critical than ever. High-assurance MFA grew 8% YoY, but the threat landscape is accelerating 6.3x faster than the adoption of necessary protections. Okta Businesses at Work 2026
Authentication Bypass & Session Hijacking Statistics:
- Session cookie theft via adversary-in-the-middle (AiTM) phishing attacks account for 15% of phishing attacks. Expel Quarterly Threat Report Q2 2025
- SpyCloud researchers recaptured more than 8 billion stolen cookie records from the dark web last year. SpyCloud 2026 Identity Exposure Report
- Identity-based attacks, including session hijacking, accounted for 64% of all incidents in 2024
Data Breach Statistics:
- There were 3,158 publicly reported data breaches in 2025, resulting in a 211% year-over-year increase in victims. Identity Theft Resource Center’s 2025 Data Breach Report
- The average cost of a data breach hit a record $4.88 million, with identity-focused campaigns often causing longer dwell times.
- Credential abuse remains the top initial access vector, involved in 22% of all breaches. Verizon 2025 Data Breach Investigations Report
- Breaches involving a third-party element, such as supply chain compromises, increased by 68% year-over-year to account for 15% of all breaches.
- The most frequently breached industries in 2025 were the financial services and healthcare industries. Identity Theft Resource Center’s 2025 Data Breach Report
- 44% of data breach victims tell friends and family not to associate with a brand that’s been breached. Telesign’s Trust Index
Business Email Compromise (BEC) Statistics:
- The average cost of a BEC claim skyrocketed from $84,000 in 2023 to $183,000 in 2024. NetDiligence Cyber Claims 2025 Study
- Business Email Compromise (BEC) adjusted losses rose to $2.9 billion in 2023.
- Pretexting accounts for one-quarter of all social engineering attacks.
- The median open rate for text-based BEC attacks is nearly 28%.
- BEC was the attack vector for 10% of data breaches in 2025, and was also one of the costliest vectors. IBM Cost of a Data Breach Report 2025
Fraud & Identity Theft Statistics:
- In 2025, the National Public Data Breach exposed 2.7 billion identity records, including highly sensitive PII like Social Security numbers, addresses, birth dates, and phone numbers that criminals can leverage for new account fraud and synthetic identity creation. 2025 SpyCloud Identity Exposure Report
- American adults lost a total of $43 billion to identity fraud in 2024. 2025 AARP & Javelin Fraud Study
- The attack rate for new account creation is 1 in 10.
- Of 19,778 complaints received by the FBI, associated losses from identity theft were $126 million. FBI Internet Crime Report 2025
- Identity fraud losses totaled $43 billion in 2023.
- Every $1 lost to fraud costs U.S. retail and ecommerce merchants $3.07.
- Merchant losses from online payment fraud will exceed $362 billion globally between 2023 and 2028.
- New accounts are 9.5 times riskier than mature accounts. NICE Actimize 2025 Fraud Insights Report
- Attempted fraud transactions increased by 92% in 2023.
- As many as 1 in 5 password reset attempts from desktop browsers are fraud. Consistently identified as a high-risk touchpoint, password reset attacks have grown by 135% year-over-year. LexisNexis Risk Solutions Cybercrime Report
- Authorized Push Payment (APP) fraud is a top concern for 62% of financial institutions.
- Online payment fraud losses are set to exceed $206 billion between 2023 and 2027. Juniper Research Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2023-2027
Supply Chain Attack Statistics:
- Supply chain attacks impacted 242 organizations in 2024.
- 81% of organizations were negatively impacted by a supply chain breach in the last 12 months.
- The cost of software supply chain attacks is projected to reach $80.6 billion by 2026.
- Darknet exposure analysis shows that the IT, telecom, and software industries face 6X, 5X, and 4X higher supply chain threat levels, respectively. SpyCloud 2025 Identity Threat Report
Digital Identity Threat Statistics for Human and Non-Human Identities:
- The digital identity has become a top attack vector – 91% of organizations reported an identity-related breach in the past year. IDSA’s 2025 Trends in Securing Digital Identities Report
- There was a 23% rise in distinct identity records recaptured from the criminal underground in last year. 2026 SpyCloud Identity Exposure Report
- 22% of businesses see managing and securing digital identities as the number one priority of their security program, up from 17% in 2024. Only 2% of businesses don’t see securing identities as a top 10 priority. IDSA’s 2025 Trends in Securing Digital Identities Report
- Over half (57%) of organizations are putting a major focus on managing identity sprawl. IDSA’s 2025 Trends in Securing Digital Identities Report
- Identity-related incidents in 2025 were primarily driven by phishing (69%) and stolen credentials (37%). Also in the list of frequent incidents include compromised privileged identities, social engineered passwords, third-party or supply chain attacks, and insider attacks. IDSA’s 2025 Trends in Securing Digital Identities Report
- Identity-based attacks continue to rise YoY, up 4% from 2024. Expel 2025 Annual Threat Report
- The average employee identity has 146 exposed data records on the dark web, twelve times more than previously estimated. The Scale of Digital Identity Exposure 2025
- The average consumer identity has 229 exposed data records circulating the dark web, frequently including PII like full names, dates of birth, and phone numbers, as well as Social Security/ID numbers, addresses, and credit card or bank information. 2025 SpyCloud Identity Exposure Report
- 2026 saw a 650% year-over-year growth in the prevalence of non-human identities being managed by organizations. Okta Businesses at Work 2026
- SpyCloud recaptured 18.1 million non-human identities (NHIs) last year alone, including API keys and tokens for payment and remittance platforms, infrastructure and hosting platforms, developer platforms, communication platforms, and AI tools and agents. 2026 SpyCloud Identity Exposure Report
For more insights, get the 2026 SpyCloud Identity Exposure Report
About SpyCloud:
SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions use advanced analytics and AI to accelerate investigations and protect workforce, consumer, and supplier identities from the threats that matter most: authentication bypass, session hijacking, malicious insiders, account takeover, ransomware, and fraud. Its data from malware-infected devices, successful phishes, combolists, and third-party breaches also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 250 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.
To get insights on your company’s exposed data, check your exposure today.
Keep reading
Device code phishing is a fast-growing adversary-in-the-middle (AiTM) attack that exploits OAuth 2.0 device flow to harvest access and refresh tokens — bypassing MFA. SpyCloud Labs researchers break down how it works, what attackers do with stolen tokens, and how to detect and shut down compromised sessions.
Read on for the latest in supply chain compromises, cloud account takeovers, and breach forum shake-ups as we break down the biggest cybercrime trends of the month, including attacks by TeamPCP and ShinyHunters.
SpyCloud’s new partnership with Ping Identity embeds our recaptured darknet identity data directly into PingOne DaVinci & PingOne Advanced Identity Cloud at every identity event.