Good Roasts exists to empower founders, creators, and builders
Submit your project and get direct, no-fluff feedback that highlights what’s confusing, what’s broken, and what needs to improve now.
Hackers launch attacks every 39 seconds in 2025. Businesses could lose up to $10.5 trillion to cybercrime by 2025. These numbers paint a grim picture that should concern organizations everywhere.
The digital world grows more dangerous each day. Cybercrime losses could reach $15.63 trillion by 2029. Data breaches now cost companies an average of $4.88 million globally, showing a 10% jump from last year. Human error causes 95% of cybersecurity breaches. Technology alone cannot protect us from these threats.
This piece breaks down crucial cybersecurity numbers for 2025 and compares them with 2024 data to help safeguard your digital assets. Ransomware attacks cost victims $1.85 million on average per incident. Security leaders express deep concerns about sophisticated threats, with 76% ranking them as their top priority. Our analysis gives you the essential cybersecurity data to protect your organization effectively.
Cybersecurity in 2025: A Snapshot of the Landscape
The digital world of 2025 shows a harsh truth: organizations face bigger challenges as digital threats grow at an alarming rate. The World Economic Forum's Global Cybersecurity Outlook 2025 shows 72% of respondents say their organization's cyber risks have increased, and ransomware remains their biggest worry.
Cybersecurity statistics 2025 vs 2024
Cybercrime's financial damage keeps climbing steeply in 2025. Cybersecurity Ventures expects global cybercrime costs to grow 15% each year, reaching $10.5 trillion by late 2025, up from $3 trillion in 2015. Data breach costs now average $4.88 million worldwide, which is 10% higher than 2024.
Attacks happen more often now. About 71% of organizations say cyberattacks increased in the last year. The industrial sector got hit hardest with data breach costs jumping $830,000 on average from last year. Ransomware costs now reach $1.85 million per incident.
Small organizations struggle the most in 2025. About 35% of them say they can't protect themselves well enough—seven times more than in 2022. Most cyber leaders (71%) believe small organizations have hit a breaking point and can't guard against today's complex cyber risks.
Why cyber threats are growing faster than defenses
Cyber threats outpace defensive capabilities for several key reasons. U.S. organizations' cybersecurity budgets grow linearly or stay flat while cyberattacks multiply exponentially. Security teams can't keep up with this widening gap.
The talent crisis keeps getting worse. The cyber skills gap has grown since 2024, and two-thirds of organizations report they don't have enough skilled people. Only 14% feel confident they have enough staff to handle current threats.
Supply chain problems create major headaches. Big organizations (54%) say supply chain issues block their path to cyber resilience. Complex supply chains and limited insight into supplier security practices create huge risks.
AI has revolutionized the threat landscape. Most cybersecurity professionals (85%) blame the rise in cyberattacks on criminals who use generative AI. This technology helps them find system weaknesses faster and smarter.
Global politics shapes cybersecurity strategies more than ever. Nearly 60% of organizations say political tensions directly shape how they approach cybersecurity.
Top concerns for security leaders this year
CEOs now see cybersecurity as their biggest business threat of the decade, according to KPMG's 2024 Global CEO Outlook. Ransomware tops the list of worries, hitting 72.7% of organizations. Cyber fraud ranks second among organizational cyber risks for 2025.
AI-powered threats keep security leaders up at night. While 66% expect AI to reshape cybersecurity in 2025, only 37% check AI tools' security before using them. Most leaders (53%) admit AI creates new vulnerabilities they aren't ready to handle.
Security leaders worry most about specific AI threats: generative AI phishing (51%), AI voice deepfakes or "vishing" (43%), generative prompt hacking (45%), and deepfakes (41%). These smart threats bypass regular security by copying real communications.
Government-backed attacks remain a major worry. Almost 80% of leaders fear becoming targets within a year. This shows how government-sponsored cyber operations grow more sophisticated and well-funded.
The cybersecurity landscape of 2025 needs a fresh approach. As threats evolve faster than defenses, organizations must focus beyond prevention. They need to learn about resilience—knowing how to withstand, adapt to, and bounce back from cyber incidents quickly.
The Soaring Cost of Cybercrime
Cybercrime has become a trillion-dollar industry that threatens organizations worldwide. The financial damage from cyber attacks has reached record levels. The FBI reports $16.60 billion in cybercrime losses in 2024 alone—this is a big deal as it means that losses jumped 33% from the previous year.
Global financial impact projections
The future looks even more concerning. Cybersecurity Ventures expects global cybercrime costs to hit an unprecedented $10.50 trillion each year by 2025—a massive jump from $3 trillion in 2015.
This represents the biggest transfer of economic wealth in history. The damage exceeds both natural disasters and global illegal drug trade combined. These costs include stolen money, destroyed data, lost productivity, stolen intellectual property, forensic investigation, and damage to reputation.
Some analysts think cybercrime will cost more than $20 trillion by 2026. A more conservative view suggests damages could reach between $1.20-1.50 trillion by late 2025. Either way, the economic burden rivals many major nations' GDP.
Average cost per data breach
Data breaches now cost companies $4.44 million on average globally—9% less than last year because companies spot and contain them faster. But U.S. companies face a different reality.
Their average breach costs shot up 9% to a record $10.22 million.
Companies now spot and contain breaches within 241 days—the shortest time in nine years.
This improvement has helped cut detection and response costs by almost 10% to $1.47 million. Other major costs include:
- Lost business: $1.38 million
- Post-breach response: $1.20 million
- Notification costs: $390,000
Healthcare remains the hardest-hit sector for 14 years straight. Even with a 24% drop in costs, the average breach still costs healthcare companies $7.42 million.
Ransomware and phishing cost breakdown
Phishing attacks hurt companies badly. The average phishing breach now costs $4.88 million in 2025—the highest ever. Social engineering attacks come next at $4.77 million, while Business Email Compromise (BEC) attacks cost $4.67 million per incident.
BEC attacks caused $2.77 billion in losses in 2024 alone. The average wire transfer request reached $128,980 in Q4 2024. The link between phishing and ransomware is clear—54% of ransomware attacks start with a phishing email.
Most companies (64%) now refuse to pay ransoms, which has pushed the median payment down to $115,000. But recovery costs remain huge. One Fortune 50 company reportedly paid $75 million to the Dark Angels ransomware gang—the biggest ransom ever.
Cyber insurance trends and gaps
The cyber insurance market has grown to match these threats. Global premiums now total $16.3 billion in 2025. North America leads with $10.6 billion in premiums (69% of global share), while Europe follows with $3.3 billion (21%).
U.S. cyber insurance rates dropped 5% in Q4 2024. This has created better conditions for buyers. More companies now buy coverage—90% of organizations with 500-1,000 employees have some form of cyber insurance.
Claims happen more often, but average payments fell by 77%. This strange trend reflects better cybersecurity among insured companies and improved incident response. Experts expect the cyber insurance market to double by 2030, growing over 10% each year.
Most Common Cyber Threats Today
Cyber attacks have evolved into sophisticated operations by 2025, with multiple attack vectors now dominating the threat landscape. The data tells a concerning story – ransomware attacks jumped 81% from 2023 to 2024, while DDoS attacks grew 16% quarter-over-quarter. Organizations need to learn about these threats to build better defense strategies.
Ransomware
Ransomware tops the list of cyber risks in 2025, with 45% of organizations ranking it as their biggest concern. Attackers encrypt victim data and demand payment for decryption keys, which often brings critical systems to a halt. The threat has grown more dangerous – 90% of ransomware attacks now steal data before encryption, up from just 10% in 2019.
The ransomware scene changes rapidly. Q1 2025 saw 76 active ransomware groups. The landscape shifted dramatically in Q2 when 17 groups disappeared and 11 new ones emerged. Some groups like Qilin now offer legal consultation services through their affiliate panels to help attackers negotiate ransoms and determine stolen data value.
Malicious emails cause 54% of all ransomware incidents. Ransom demands averaged $5.20 million in 2024. The retail and hospitality sectors faced even steeper demands, averaging $5.70 million.
Phishing and social engineering
Human psychology, not technical flaws, powers social engineering attacks. These attacks show up in 68% of all breaches. ChatGPT's arrival in 2022 led to an explosive 4,151% increase in phishing attacks. These attacks have become harder to spot.
Generative AI has changed how criminals create social engineering attacks. They now produce polished, convincing communications with minimal effort. Recent trends show:
- Vishing (voice phishing) rose 15% last year thanks to deepfake voices
- Quishing (QR code phishing) grew 25% year-over-year
- Microsoft Teams and Slack became new targets for exploitation
Attackers often pose as IT support staff through trusted channels. A recent case showed hackers using Microsoft Teams to impersonate IT support. They gained access through Quick Assist and planted remote monitoring tools across systems. These attacks work because they feel real, not because they're complex.
Business email compromise (BEC)
BEC remains one of the costliest cyber threats, causing $2.77 billion in losses during 2023. Attackers target employees who have access to financial systems by pretending to be executives or trusted contacts. BEC attacks hit 64% of businesses in 2024, with losses averaging $150,000 per incident.
The FBI's records show over 305,000 BEC incidents between 2013 and 2023, with total losses
exceeding $55 billion. These attacks succeed through impersonation – 89% of cases involve fake authority figures like CEOs or senior executives.
AI tools have made this threat worse. BEC attacks jumped from 1% of all cyber attacks in 2022 to 18.6% today. The average wire transfer request in these attacks reached $128,980 by Q4 2024.
DDoS and cloud-based attacks
DDoS attacks have hit record levels. Cloudflare blocked 20.5 million DDoS attacks in Q1 2025 alone – almost matching the entire 2024 total of 21.3 million. These attacks flood networks and websites with traffic until legitimate users can't access them.
Attackers now use more advanced methods. Multi-vector attacks increased 25% in early 2024. Carpet bomb attacks, which spread traffic across multiple IPs, have become common. Attackers use public DNS, NTP, and SNMP servers to amplify their assaults, often shutting down systems within minutes.
Cloud migration has created new opportunities for attackers. They now target cloud resources and infrastructure, looking for security gaps during transition periods.
AI’s Double-Edged Role in Cybersecurity
AI has become a game-changing tool in cybersecurity that acts as both sword and shield, bringing a fundamental change to security threats in 2025. The numbers tell a compelling story – 85% of cybersecurity professionals say recent cyberattacks have increased because bad actors now use generative AI tools. This shows how deeply AI affects digital security.
How attackers use generative AI
Bad actors have quickly embraced AI to boost their attack capabilities. The data speaks for itself – 78% of cybersecurity professionals have seen AI-powered attacks last year, which is 41% more than in 2024. These criminals mainly use generative AI to speed up attack development (74%), craft more believable social engineering traps (68%), and find vulnerabilities automatically (59%).
This has completely changed the economics of cybercrime. AI tools have cut down attack development time by 73%. What once took weeks or months now takes just days or hours. The cost of running a successful phishing campaign has also dropped from $5,000 to $660—an 87% decrease that puts advanced cyber weapons in more hands.
Code generation tops the list of attackers' favorite AI tools. About 61% of threat actors use AI to spot system weaknesses and write malicious code that exploits these gaps. The second most common trick involves creating shape-shifting malware that keeps changing its code to stay hidden. Now, 53% of new malware samples include some type of AI-based hiding technique.
AI-powered defense systems
Companies now see AI as their security backbone. Today, 64% of businesses use some kind of AI-powered cybersecurity solution, up from 51% in 2024. These AI defense systems focus on:
- Threat detection (79% of organizations)
- Anomaly identification (71%)
- Automated response (56%)
- Vulnerability management (48%)
The results prove AI's worth. Companies with solid AI security catch threats 37% faster and have 59% fewer false alarms than those without AI defenses. AI systems can spot and react to possible breaches in just 2.1 minutes, while old-school security tools take 49 minutes.
Money remains a big hurdle though. About 43% of organizations say they don't have enough funds to set up AI security solutions.
Top AI-related vulnerabilities
While AI makes defenses stronger, it brings new weak spots. Prompt injection attacks worry 67% of organizations that use large language models for security. These attacks trick AI systems with clever inputs that bypass security or leak sensitive data.
Data poisoning concerns 53% of organizations. Attackers mess with training data to break AI systems. This problem gets worse since 41% of organizations lack proper protection against training data tampering.
Security teams face another challenge – 38% don't fully grasp how their AI makes decisions. This creates major blind spots in their security setup. The "black box" nature of AI makes it harder to respond to incidents and manage vulnerabilities.
AI in phishing and deepfakes
AI has supercharged social engineering attacks. AI-crafted phishing emails now trick 8.7% of recipients, compared to 2.3% for regular phishing—making them 278% more effective. These smart messages can copy writing styles, add relevant context, and slip past normal security.
Voice deepfakes have become a serious threat. This year, 34% of organizations faced voice deepfake attacks, up from 12% in 2023. These attacks target money transfers and data access, successfully fooling voice authentication systems 43% of the time.
A real-world example shows the stakes. One energy company lost $25 million after criminals used AI to fake their CEO's voice during a call with the CFO about an emergency money transfer. This case shows how AI has made complex attacks easier to pull off, creating new challenges for modern cybersecurity teams.
Human Error and Insider Threats
Human error poses a bigger threat than sophisticated hacking techniques and AI-powered attacks. This vulnerability ranks as the biggest risk in today's digital world and affects organizations of all sizes across industries.
Percentage of breaches caused by human error
The numbers tell a shocking story: human mistakes led to 95% of all data breaches in 2024. This startling data point helps clarify why security experts now see people as their biggest concern. Proofpoint's 2024 Voice of the CISO report shows that 74% of chief information security officers identified human error as their top cybersecurity risk—up significantly from 60% last year.
Security problems don't spread evenly among employees. A small group causes most issues, with just 8% of employees responsible for 80% of all security incidents. Organizations have reported a 43% rise in internal threats and data leaks from compromised or careless employees last year. We need to address human error to create effective security measures.
Negligence vs. malicious insiders
Insider threats split into three main groups:
- Unintentional threats: These include negligent insiders who ignore security policies and accidental insiders who make mistakes without bad intentions
- Negligent insiders: Staff members who bypass security protocols, let others tailgate through secure doors, lose sensitive devices, or skip security updates
- Malicious insiders: People who act with intent, driven by personal grudges, money, or other harmful motives
The 2025 Cost of Insider Risks report shows that 55% of insider incidents came from employee negligence, costing companies $8.80 million yearly to fix. Cases involving criminal insiders (25%) cost about $3.70 million, while stolen credentials (20%) cost $4.80 million.
Training gaps and behavioral risks
The shortage of cybersecurity skills leads to more human errors. Fortinet's 2024 report reveals that 58% of IT decision-makers blame lack of cybersecurity skills and training as the main cause of security breaches. 56% point to poor organizational or employee security awareness.
Companies don't deal very well with keeping and developing talent—50% say their biggest
challenge in keeping cybersecurity staff is not knowing how to provide enough training and skill development. This creates a dangerous loop where poor skills lead to more breaches.
Warning signs often show up before insider threats become problems.
Security teams should watch for unusual behavior such as:
- Unusual work hours
- Strange login locations
- First-time system access
- Moving large data amounts
Most human errors don't fall on individual shoulders—except for criminal insiders. The best defense combines technical protection with solid training. Research shows that companies get the best results by sending fake phishing emails to employees and giving extra training to those who miss these test threats.
Cybersecurity by Industry: Who’s Most at Risk?
Some industries get hit harder by cyber attacks than others in 2025. The risk patterns differ by a lot between sectors. Organizations need to know these specific risks to better protect themselves.
Healthcare
Healthcare groups now face the steepest data breach costs of any industry, with damages hitting $10.93 million per incident in 2025. These costs jumped 53% since 2020, which puts healthcare way above other sectors' average of $4.45 million. Patient records are gold mines for criminals. They sell these records on dark web markets for $250-$1,000 each.
The healthcare world faces tough challenges. Almost 90% of healthcare groups got hit by at least one successful cyber attack last year. The core team is stretched thin – 61% of security pros say they don't have enough staff. This creates big gaps in their defense.
Connected medical devices make things worse. A typical hospital now manages over 20,000 networked devices. Three out of four of these devices have known security flaws.
Finance and insurance
Banks remain prime targets for attackers. They face 300 times more cyber attacks than other industries. These attacks are costly – the average breach sets them back $5.97 million, which is 33% more than what other industries pay.
Banking Trojans have shot up 58% compared to last year. These attacks use complex methods to steal financial data. Banks know the stakes are high. That's why 72% of them increased their security budgets in 2025. Supply chain weak spots worry them the most. Two-thirds of financial firms say third-party risks are their biggest security headache.
Retail and e-commerce
Retail groups now lose $3.28 million on average from breaches. Card fraud without physical cards went up 34% since 2024. Online stores get hit with 62% more bot attacks than other industries. These bots target customer accounts and checkout systems.
Here's a shock – 41% of retail groups still don't follow PCI DSS rules, even though they handle sensitive payment data every day. Supply chain attacks have doubled since 2023. These attacks expose customer data through weak spots in third-party systems.
Education and manufacturing
Schools and universities struggle with limited money for security. Three out of four say they don't have enough funds, yet ransomware attacks shot up 44% since 2024. Universities hold vast amounts of valuable research, but 85% lack good data sorting systems.
Manufacturing has become a hot target. Attacks on operational technology jumped 67% from last year. IT and OT systems now work together, which creates security gaps. Most manufacturing groups (63%) find it hard to protect their industrial control systems.
These attacks hurt small manufacturers badly. The average breach costs $4.24 million, which can be devastating for smaller companies with limited recovery options.
Small Business Cybersecurity Statistics
Small businesses have become easy targets in the cybersecurity battlefield. About 43% of all cyberattacks now target SMBs. These businesses struggle to defend themselves because they have limited resources.
Why SMBs are easy targets
Cybercriminals love to target small businesses because they see them as vulnerable. Most SMBs work with minimal IT support and basic security systems. The numbers tell the story – 94% of small business leaders say they know about cyber threats. Yet most of them don't have
proper training, tools, or security strategies.
The numbers paint a clear picture. Only 47% of micro-businesses have a security plan ready. Compare this to larger SMBs, where 90% have security measures in place. The size of a company clearly shows how prepared they are. Many small business owners think they're too small to catch a hacker's eye. About 59% of businesses without cybersecurity believe hackers won't target them.
Top vulnerabilities in small businesses
Employee mistakes stand out as the biggest weakness for small companies. About 95% of cybersecurity problems can be traced back to these errors. Hackers mostly use social engineering attacks like phishing, spear phishing, and smishing to break in.
Bad password habits create another major security hole. Poor password security leads to 81% of breaches. Small businesses also lack good backup systems, which makes them easy targets for ransomware attacks. Companies with fewer than 25 employees got hit hardest – 29% of them faced ransomware attacks.
Cost of recovery for SMBs
Cyberattacks can destroy a small business financially. The bill for fixing a security breach in 2025 could run anywhere from $120,000 to $1.24 million. These costs cover direct damages, staff time, security experts, lost revenue, insurance costs, and regulatory fines.
The damage can be permanent. Almost half of small businesses that got hit by ransomware had to shut down or declare bankruptcy.
Common mistakes and outdated practices
Small businesses keep making security mistakes that leave them exposed. The biggest issue? About 57% of small business owners think hackers won't come after them.
Other common mistakes include:
- Putting off important updates and patches
- Using old firewalls and security tools
- Not protecting mobile devices
- Skipping multi-factor authentication
- Thinking cloud providers handle all security
Money remains a big problem. Two-thirds of SMBs can't afford to upgrade their security tools. Only 7% feel they have enough budget for security. This gap in security gives attackers an easy way in.
The Cybersecurity Workforce and Skills Gap
The cybersecurity workforce will face a severe shortage by 2025, leaving systems vulnerable to attackers. The numbers paint a stark picture – unfilled cybersecurity positions range from 3.4 million to 4.8 million worldwide. These vacancies represent almost 47% of the total cybersecurity workforce we just need.
Number of unfilled roles globally
US employers looked to fill over 514,000 cybersecurity jobs last year – 12% more than the previous year. The crisis reaches far beyond American shores. Only 14% of organizations say they have enough skilled talent to meet their cybersecurity goals.
Budget limits stand out as the biggest roadblock, with 33% of organizations saying lack of funding keeps them from hiring the talent they just need.
Top in-demand cybersecurity skills
Communication skills lead the pack as the most valuable asset in cybersecurity roles, followed by problem-solving and teamwork. Companies now value transferable skills more than technical know-how. Problem-solving (31%) and curiosity (26%) rank higher than cloud security (19%) or risk analysis (14%).
Notwithstanding that, technical gaps still exist, especially in AI/machine learning (34%) and cloud security (30%).
AI's role in bridging the talent gap
AI reshapes the cybersecurity workforce significantly. Most professionals (67%) believe AI will help reduce staffing shortages in the next three years. AI doesn't just automate routine tasks – it creates new job requirements. More than half of entry-level cybersecurity job posts now ask for AI skills. On top of that, two-thirds of professionals think their expertise will complement AI, while one-third worry about job security.
Stress and burnout in cybersecurity teams
Security teams face unprecedented pressure. About 93% of security leaders who think about leaving blame stress. Almost 98% work overtime, putting in nine extra hours each week. Job satisfaction dropped from 74% in 2022 to 66% in 2024.
The situation looks grim as 62% of security leaders have faced burnout at least once. Nearly a quarter of security leaders ended up looking for new positions, which could make the talent gap even worse.
Conclusion
Cybersecurity threats have reached new heights in 2025. Organizations of all sizes face attacks that happen every 39 seconds. Global cybercrime costs will reach $10.5 trillion this year. These numbers tell us one thing – digital security must be every organization's top priority.
The money lost to cyber incidents keeps growing fast. Companies worldwide lose an average of $4.88 million to data breaches. U.S. companies face even bigger losses that exceed $10 million per incident. Ransomware hits the hardest – attackers just need an average payment of $5.20 million while they completely shut down operations.
AI has become both our biggest threat and best defense in today's digital world. Bad actors utilize generative AI to craft better phishing emails, create advanced malware, and launch devastating deepfake attacks. Companies that use mature AI security systems spot threats 37% faster and deal with 59% fewer false alarms than those using old-school tools.
People still make the most mistakes, causing 95% of all breaches. Most security problems come from employee errors, poor training, or intentional insider attacks rather than technical issues. We need both strong technical protection and detailed security training programs to address this.
Each industry faces its own security battles. Healthcare organizations lose the most money from breaches at $10.93 million. Banks get attacked 300 times more often than other sectors. Security strategies must fit each industry's unique weak spots and rules.
Small businesses have it rough. They're the target in 43% of all cyberattacks but have the least money to protect themselves. Almost half of small businesses that get hit by ransomware end up closing forever. This shows how one cyber attack can destroy a small company.
The worldwide shortage of cybersecurity experts makes everything harder. About 3.4-4.8 million security jobs remain empty globally, which leaves huge holes in company defenses. AI might help fix this later, but right now security teams feel burned out. About 93% of security leaders say stress makes them think about switching careers.
The cybersecurity picture looks scary, but there's hope. Companies that build detailed security plans, spend money wisely on tech and training, and stay watchful can cut their risks substantially. Cybersecurity isn't just an IT problem anymore – it's crucial to survive in today's digital age.
FAQs
Q1. How often do cyber attacks occur in 2025?
According to recent statistics, a cyber attack occurs every 39 seconds in 2025, highlighting the frequency and persistence of digital threats.
Q2. What is the average cost of a data breach globally?
The global average cost of a data breach in 2025 is approximately $4.88 million, representing a significant financial risk for organizations of all sizes.
Q3. How are cybercriminals using AI to enhance their attacks?
Cybercriminals are leveraging AI to create more convincing phishing emails, develop sophisticated malware, and launch deepfake attacks, making their operations more effective and harder to detect.
Q4. What percentage of data breaches are caused by human error?
Human error contributes to 95% of all data breaches, emphasizing the critical importance of employee training and awareness in cybersecurity strategies.
Q5. How many unfilled cybersecurity positions are there globally?
Estimates of unfilled cybersecurity positions range from 3.4 million to 4.8 million globally, indicating a severe shortage in the cybersecurity workforce.