Cybersecurity Industry Statistics: ATO, Ransomware, Breaches & Fraud

Check your exposure

By submitting your email, you agree to receive email from SpyCloud related to this request.

TL,DR:

Identity abuse and credential theft remain the leading initial access vectors, accounting for 30% of all incidents and driving a 24% year-over-year increase in account takeover attacks.
Security teams must urgently remediate infostealer malware infections and phished users by automatically resetting credentials and invalidating stolen session cookies, as these specific vectors allow attackers to bypass traditional authentication.
Attack prevention strategies also should focus on combating the 70% password reuse rate among exposed users.
Defenders should deploy comprehensive identity threat protection for employees, consumers, and supply chain vendors to mitigate identity risks that can lead to downstream attacks.

With cybersecurity reports and fraud studies launching almost weekly, it can be hard to keep track of the latest stats related to:

Account takeover (ATO)
Ransomware
Malware
Phishing
Authentication bypass and session hijacking
Data breaches
Business email compromise (BEC)
Fraud and identity theft
Supply chain
Digital identity threats

At SpyCloud, we know our readers need the latest cybersecurity statistics to bolster their case for investing in solutions to combat cybercrime and protect employees and customers. Here is the latest list of cybersecurity statistics you should know for 2026:

Account Takeover (ATO) Statistics:

Identity abuse remains the top initial access vector, accounting for 30% of all incidents.
ATO attacks increased 24% year-over-year in 2024. Sift’s Q3 2024 Digital Trust Index
Account takeover fraud resulted in nearly $13 billion in losses in 2023 2024 AARP & Javelin Fraud Study
74% of organizations experienced an account takeover attack in 2024.
24% of consumers were a victim of ATO in 2025, up from 18% in 2024. Sift’s Q3 2025 Digital Trust Index
Four out of five consumers would stop shopping on a site where they’d been a victim of ATO. Sift’s Q3 2025 Digital Trust Index
Nearly one in four consumers were victims of fraud in the last year.
An annual analysis of recaptured data from the darknet shows a 70% password reuse rate for users exposed in two or more breaches in the last year. SpyCloud 2025 Identity Exposure Report

Ransomware Statistics:

Ransomware payments hit a record $1.1 billion in 2023, despite a decline in the share of victims who pay
The median ransom demand increased to $650,000 in 2023
85% of organizations were affected by ransomware in some capacity over the past 12 months, with 31% experiencing 6 to 10 incidents. SpyCloud 2025 Identity Threat Report
Ransomware attacks saw a drop of nearly 12% last year, yet ransomware remains a critical threat, accounting for 17% of attacks involving malware.
The FBI received 2,825 ransomware complaints in 2023, an 18% increase from the previous year, with adjusted losses rising 74%.
According to security leaders, the top three perceived riskiest entry points for ransomware are: #1 Phishing and social engineering #2 Exposed or weak APIs #3 Stolen cookies that enable session hijacking. SpyCloud 2025 Identity Threat Report
Dark web research suggests that Akira, LockBit, Black Basta, RansomHub, and Hunters International were among the most active ransomware families over the past year. IBM X-Force 2025 Threat Intelligence Index
54% of ransomware victim domains showed up in infostealer marketplaces/logs before the attack, and 40% contained corporate email addresses, suggesting that initial access brokers (IABs) are using these stolen credentials to facilitate ransomware attacks. Verizon 2025 Data Breach Investigations Report
Improving ransomware prevention and response is the second highest priority for security teams in 2025 after improving cross-functional team collaboration across IT, IAM, security, and other stakeholders. SpyCloud 2025 Identity Threat Report

Malware Statistics:

In 2025, the use of infostealer malware by cybercriminals doubled. Expel 2025 Annual Threat Report
When it comes to initial access vectors, malware infections are one of the top three vectors security teams are most concerned about. SpyCloud 2025 Identity Threat Report
At least 66% of malware-infected devices had an antivirus or EDR program installed at the time of successful malware execution. SpyCloud Original Research
In a sample of infostealer malware logs, 46% of systems that contained corporate login credentials were unmanaged devices — suggesting risky BYOD practices or uncontrolled access points. Verizon 2025 Data Breach Investigations Report
Security analysts cite incident response and malware analysis as top required skills.
About 1 in 2 corporate users have been infected by infostealer malware on their work or personal devices sometime in their digital history. SpyCloud 2025 Identity Threat Report

Phishing Statistics:

Credential theft attacks stemming from phishing campaigns rose dramatically in the second half of 2025, increasing by 703%. SlashNext Phishing Intelligence Report
People typically think about phishing as a consumer problem, but about half (49%) of victims are corporate users. SpyCloud 2026 Identity Exposure Report
85.8% of phishing attacks are now AI-driven. 2026 KnowBe4 Phishing Threat Trends Report
Phishing/social engineering was reported to be the most common entry point used by attackers to gain initial access for ransomware attacks in 2025, reported as the initial access vector in 35% of attacks. SpyCloud 2025 Identity Threat Report
The human element was a factor in 60% of breaches, often involving phishing or pretexting. Verizon 2025 Data Breach Investigations Report
92% of organizations agree that AI-powered cybercrime, including AI-generated phishing lures and pages, have intensified risk. SpyCloud 2025 Identity Threat Report
Reverse proxy (AiTM) attacks surged 139.22% in the past six months. 2026 KnowBe4 Phishing Threat Trends Report
60.13% of phishing attempts use malicious links as the primary payload – with credential harvesting as the end goal. 2026 KnowBe4 Phishing Threat Trends Report
Phishing-resistant authentication is more critical than ever. High-assurance MFA grew 8% YoY, but the threat landscape is accelerating 6.3x faster than the adoption of necessary protections. Okta Businesses at Work 2026
61.2% of phishing emails that successfully bypass security gateways originate from compromised business accounts. 2026 KnowBe4 Phishing Threat Trends Report

Authentication Bypass & Session Hijacking Statistics:

Session cookie theft via adversary-in-the-middle (AiTM) phishing attacks account for 15% of phishing attacks. Expel Quarterly Threat Report Q2 2025
SpyCloud researchers recaptured more than 8 billion stolen cookie records from the dark web last year. SpyCloud 2026 Identity Exposure Report
Identity-based attacks, including session hijacking, accounted for 64% of all incidents in 2024

Data Breach Statistics:

There were 3,158 publicly reported data breaches in 2025, resulting in a 211% year-over-year increase in victims. Identity Theft Resource Center’s 2025 Data Breach Report
The average cost of a data breach hit a record $4.88 million, with identity-focused campaigns often causing longer dwell times.
Credential abuse remains the top initial access vector, involved in 22% of all breaches. Verizon 2025 Data Breach Investigations Report
Breaches involving a third-party element, such as supply chain compromises, increased by 68% year-over-year to account for 15% of all breaches.
The most frequently breached industries in 2025 were the financial services and healthcare industries. Identity Theft Resource Center’s 2025 Data Breach Report
44% of data breach victims tell friends and family not to associate with a brand that’s been breached. Telesign’s Trust Index

Business Email Compromise (BEC) Statistics:

The average cost of a BEC claim skyrocketed from $84,000 in 2023 to $183,000 in 2024. NetDiligence Cyber Claims 2025 Study
Business Email Compromise (BEC) adjusted losses rose to $2.9 billion in 2023.
Pretexting accounts for one-quarter of all social engineering attacks.
The median open rate for text-based BEC attacks is nearly 28%.
BEC was the attack vector for 10% of data breaches in 2025, and was also one of the costliest vectors. IBM Cost of a Data Breach Report 2025

Fraud & Identity Theft Statistics:

In 2025, the National Public Data Breach exposed 2.7 billion identity records, including highly sensitive PII like Social Security numbers, addresses, birth dates, and phone numbers that criminals can leverage for new account fraud and synthetic identity creation. 2025 SpyCloud Identity Exposure Report
American adults lost a total of $43 billion to identity fraud in 2024. 2025 AARP & Javelin Fraud Study
The attack rate for new account creation is 1 in 10.
Of 19,778 complaints received by the FBI, associated losses from identity theft were $126 million. FBI Internet Crime Report 2025
Identity fraud losses totaled $43 billion in 2023.
Every $1 lost to fraud costs U.S. retail and ecommerce merchants $3.07.
Merchant losses from online payment fraud will exceed $362 billion globally between 2023 and 2028.
New accounts are 9.5 times riskier than mature accounts. NICE Actimize 2025 Fraud Insights Report
Attempted fraud transactions increased by 92% in 2023.
As many as 1 in 5 password reset attempts from desktop browsers are fraud. Consistently identified as a high-risk touchpoint, password reset attacks have grown by 135% year-over-year. LexisNexis Risk Solutions Cybercrime Report
Authorized Push Payment (APP) fraud is a top concern for 62% of financial institutions.
Online payment fraud losses are set to exceed $206 billion between 2023 and 2027. Juniper Research Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2023-2027

Supply Chain Attack Statistics:

Supply chain attacks impacted 242 organizations in 2024.
81% of organizations were negatively impacted by a supply chain breach in the last 12 months.
The cost of software supply chain attacks is projected to reach $80.6 billion by 2026.
Darknet exposure analysis shows that the IT, telecom, and software industries face 6X, 5X, and 4X higher supply chain threat levels, respectively. SpyCloud 2025 Identity Threat Report

Digital Identity Threat Statistics for Human and Non-Human Identities:

The digital identity has become a top attack vector – 91% of organizations reported an identity-related breach in the past year. IDSA’s 2025 Trends in Securing Digital Identities Report
There was a 23% rise in distinct identity records recaptured from the criminal underground in last year. 2026 SpyCloud Identity Exposure Report
22% of businesses see managing and securing digital identities as the number one priority of their security program, up from 17% in 2024. Only 2% of businesses don’t see securing identities as a top 10 priority. IDSA’s 2025 Trends in Securing Digital Identities Report
Over half (57%) of organizations are putting a major focus on managing identity sprawl. IDSA’s 2025 Trends in Securing Digital Identities Report
Identity-related incidents in 2025 were primarily driven by phishing (69%) and stolen credentials (37%). Also in the list of frequent incidents include compromised privileged identities, social engineered passwords, third-party or supply chain attacks, and insider attacks. IDSA’s 2025 Trends in Securing Digital Identities Report
Identity-based attacks continue to rise YoY, up 4% from 2024. Expel 2025 Annual Threat Report
The average employee identity has 146 exposed data records on the dark web, twelve times more than previously estimated. The Scale of Digital Identity Exposure 2025
The average consumer identity has 229 exposed data records circulating the dark web, frequently including PII like full names, dates of birth, and phone numbers, as well as Social Security/ID numbers, addresses, and credit card or bank information. 2025 SpyCloud Identity Exposure Report
2026 saw a 650% year-over-year growth in the prevalence of non-human identities being managed by organizations. Okta Businesses at Work 2026
SpyCloud recaptured 18.1 million non-human identities (NHIs) last year alone, including API keys and tokens for payment and remittance platforms, infrastructure and hosting platforms, developer platforms, communication platforms, and AI tools and agents. 2026 SpyCloud Identity Exposure Report

For more insights, get the 2026 SpyCloud Identity Exposure Report

Keep reading

Kali365: Anatomy of a Microsoft 365 Phishing-as-a-Service Kit – From Telegram Hype to FBI Takedown Theater

June 11, 2026

SpyCloud researchers dissect Kali365, a Telegram-sold phishing-as-a-service kit targeting Microsoft 365. Using device-code and adversary-in-the-middle phishing, it steals OAuth tokens and session cookies to bypass MFA – then staged a fake FBI "shutdown" while operations continued. Here's how the kit works, who it targets, and why password resets won't stop it.

Security Research, SpyCloud Labs

SpyCloud + Okta Identity Threat Protection: Closing the Gap Between Identity Exposure and Attack

June 9, 2026

SpyCloud’s integration with Okta Identity Threat Protection (ITP) levels up your defenses with darknet identity intelligence that automatically remediates exposed identity data, including stolen sessions and tokens. See how it works.

SpyCloud News & Product Updates

Cybercriminals Create New Forums and Interrupt School Finals

June 8, 2026

Read on for the latest from the criminal underground, including threat actor & forum activity, the Canvas breach, device code phishing trends, and what to know about Google Chrome DBSC.

SpyCloud Labs