PROMO
Limited Time: Get 40% Off a Comprehensive Pentest for AI/LLM Applications
Get the Offer
PROMO
Limited Time: Get 40% Off a Comprehensive Pentest for AI/LLM Applications
Get the Offer

Top Cybersecurity Statistics for 2026

Dec 15, 2025
Est Read Time: 18 min
Jacob Fox

In last year’s cybersecurity statistics roundup, we saw that cybercrime costs were soaring and ransomware and phishing attacks were on the rise, driven by AI-powered attacks and prompting tightened regulatory requirements. 

This year, these trends will escalate, with agentic AI, quantum computing, deepfakes, and state actors converging to elevate cybercrime to an international financial threat comparable in size to the US and Chinese economies. Here are some stats that signal what to expect in 2026 if current trends hold.

Cobalt-Website-Image-Services-Page

 Ransomware Statistics

  • Nearly eight in ten (78%) of companies were hit by ransomware attacks over the past year (CrowdStrike).
  • Ransomware attacks tripled year-over-year between Q1 2024 and Q1 2025, from 572 to 1,537 (QBE Insurance Group).
  • Publicly disclosed ransomware cases increased 54% in January through April of 2025 compared to the same time frame the previous year (QBE Insurance Group).
  • Ransomware attacks are on track to increase 40% by the end of 2026 compared to 2024 and 400% compared to 2020, with over 7,000 victims publicly named on leak websites, compared to 1,412 in 2020 and 5,010 in 2024 (QBE Insurance Group).
  • The frequency of ransomware attacks on consumers and businesses is on track to increase from one attack every 11 seconds (7,850 per day) in 2020 to one attack every 2 seconds (43,200 per day) by 2031 (Cybersecurity Ventures).
  • Half of corporate data stored in the cloud is classified as “sensitive” and a prime target for ransomware attackers (QBE Insurance Group).
  • Ransomware costs for incidents disclosed by attackers average $5.08 million (IBM).
  • Organizations that detect ransomware attacks internally before attackers inform them save an average of $900,000 (IBM).
  • Almost one in four (nearly 25%) of ransomware victims suffer significant disruption or data loss (CrowdStrike).
  • Nearly all ransomware victims (93%) who pay extortion fees have data stolen anyway in “double extortion” attacks (CrowdStrike).
  • Over eight in ten (83%) of ransomware victims who pay are attacked again (CrowdStrike).
  • Global annual ransomware attack costs will increase from $57 billion in 2025 to $275 billion annually by 2031 (Cybersecurity Ventures).
  • In 2025, global ransomware attacks cost $4.8 billion per month, $1.1 billion per week, $156 million per day, $6.5 million per hour, $109,000 per minute, and $2,400 per second (Cybersecurity Ventures).
  • Only just over one in five (22%) of ransomware victims who felt “very well prepared” before they were attacked recovered within 24 hours (CrowdStrike).
  • Fewer than one in four (38%) of ransomware victims fixed the vulnerability which allowed the attack (CrowdStrike).

Phishing Statistics

  • Over half (56%) of businesses have experienced phishing attacks (Kaseya).
  • Almost half (49%) of businesses have been targeted by phishing attacks over the past year, exceeding the incidence of other threats like viruses and malware (32%) and business email compromise (27%) (Kaseya).
  • Phishing emails increased 17.3% between September 2024 and February 2025 compared to the previous six months, with 11.4% of these attacks sent from trusted accounts within organization supply chains (KnowBe4).
  • Attacks from accounts compromised by phishing increased 57.9% between September 2024 and February 2025 compared to the previous six months (KnowBe4).
  • About seven in ten (70%) of organizations expect a phishing attack in 2026 (Kaseya).
  • Nearly nine in ten (87%) of organizations say AI-generated methods such as deepfakes are making phishing attempts more convincing. (CrowdStrike).
  • The most impersonated brands in phishing emails are led by Microsoft, Docusign, Adobe, PayPal, and LinkedIn (KnowBe4).
  • The top five legitimate platforms criminals use to send phishing emails are Docusign, PayPal, Microsoft, Google Drive, and Salesforce (KnowBe4).
  • The most common phishing payloads are links to malicious websites (54.9%), attachments (25.9%), and social engineering content (21.2%) (KnowBe4).
  • Malicious QR codes are usually inserted into phishing emails as either images (67.6%) or unicode characters (32.4%) (KnowBe4).

Supply Chain Attack Statistics

  • Software supply chain attacks doubled in early 2025 from an average of 13 a month between early 2024 and March 2025 to 28 a month in April 2025 and rose another 30% in October 2025 to 41 attacks (Cyble).
  • Nearly half of organizations (48%) regard AI-automated attack chains as today’s biggest ransomware risk (CrowdStrike).
  • IT, financial services, transportation, technology, and government are the most targeted industries for supply chain attacks (Cyble).
  • Defenses against supply chain attacks on open-source software platforms have hardened, with attacks dropping 70% from 2023 to 2024 (ReversingLabs).
  • Supply chain attackers are shifting their focus from open-source to closed-source, commercial software targets, with cases of leaked developer secrets such as hard-coded credentials, API and encryption keys increasing by 12% from 2023 to 2024 (ReversingLabs).
  • Supply chain attackers are targeting cryptocurrency applications and infrastructure, with 23 cases of accessing sensitive assets and diverting funds from cryptocurrency wallets from 2023 to 2024 (ReversingLabs).

CTA: State of Software Supply Chain 2025

Business Interruption and Security Investment

  • Cyber risk and business interruption are the top global threats facing organizations today, with 13% of businesses suffering loss from cyber threats and 31% from business interruption between 2024 and 2025 (Aon).
  • Nearly nine in ten (89%) of organizations have a plan to address cyber risk, while over three-quarters (77%) have a plan to address business interruption (Aon).
  • Nearly three in four (72%) of business leaders see cyberattacks and cybersecurity as one of their biggest challenges, making it today’s leading business risk (The Hartford).
  • Nearly two-thirds (65%) of business leaders regard cybersecurity procedures as a major risk mitigation priority (The Hartford).
  • Almost half (49%) of business leaders are working to develop or improve cybersecurity in the coming year (The Hartford).
  • Globally, end users will spend $213 billion on cybersecurity in 2025 (Gartner).
  • Cybersecurity spending will increase 12.5% in 2026 to $240 billion (Gartner).
  • Security software ($105,940 billion), security services ($83,812 billion), and network security ($23,273 billion) are the three leading cybersecurity investment areas in 2025 (Gartner).
  • Security accounts for 10.9% of IT spending (IANS).
  • Organizations spend 0.7% of revenue on cybersecurity (IANS).

Human Error and Security Awareness Statistics

  • Nearly all data breaches (95%) involve human error (Mimecast).
  • Over one-third of healthcare organizations (35%) say the leading cause of data loss or exfiltration is employees not following policies (Ponemon Institute).
  • Businesses see human error and social engineering as their biggest vulnerability in 2026 (Kaseya).
  • Human error and social engineering vulnerabilities are driven by poor user practices (30% of incidents), deficient end-user training (29%), and lack of cybersecurity expertise (27%), together accounting for the majority of instances (Kaseya).
  • Security awareness training programs reduce the risk of phishing attacks by 40% after 90 days of training and 86% after a year(KnowBe4).

Geopolitical Influences in Cybersecurity

  • Russia and Ukraine host more cyberattacks than any other country, followed by China, the US, and Nigeria (World Cybercrime Index).
  • China is the leading source of botnet attacks on IoT targets (Nozomi Networks).
  • Indonesia was the largest source of DDoS attacks in the last two quarters of 2024 (Cloudflare).
  • The top national targets for cyberattackers are the US, Ukraine, Israel, Japan, and the UK (DeepStrike).
  • The US is the target of over half (54%) of IoT attacks (Zscaler).
  • China was the top target for DDoS attacks in the last quarter of 2024, followed by the Philippines, Taiwan, and Hong Kong (Cloudflare).
  • Nearly six in ten (59%) of organizations say geopolitical tensions have affected their cybersecurity strategies (World Economic Forum).
  • A third of CEOs (33%) cite cyber espionage as a concern (World Economic Forum).
  • International tensions have made satellites and undersea cables targets for cyberattacks, with 125 attacks on space satellites since the 2022 Viasat hack that marked the start of the war between Russia and Ukraine (World Economic Forum).

Industry Deep Dives


Healthcare Industry Cybersecurity

  • Over nine in ten (93%) healthcare organizations experienced a cyberattack in 2024 (Ponemon Institute).
  • The healthcare and pharmaceutical industry is more vulnerable to phishing than any other segment, with over four in ten (41.9%) of organizations susceptible (KnowBe4).
  • Healthcare is the top industry for ransomware attacks, with four in ten (40%) of organizations expected to experience a ransomware attack in 2026 (ScienceSoft).
  • Healthcare breaches represent the most expensive cybersecurity incidents, averaging $7.42 million in losses in 2025 (IBM).
  • In 2026, the cost of healthcare breaches will reach $12.6 million (ScienceSoft).
  • Cyberattacks impact healthcare providers by causing delays in tests and procedures (reported by 56% of organizations), increase in complications from procedures (53%), longer stays (52%), increase in patient transfers (44%), and higher mortality rates (28%) (ScienceSoft).
  • Almost three in four healthcare organizations suffered patient care disruption because of cyberattacks (Ponemon Institute).
  • Nearly four in ten (38%) of healthcare providers consider cybersecurity one of their top three priorities (Bain & Company).
  • Nearly one-third (32%) of healthcare providers and four in ten (38%) of payers consider cybersecurity risk a barrier to GenAI adoption (Bain & Company).
  • Pentest results show that the healthcare industry performs well at limiting serious vulnerabilities (sixth-best of 13 industries surveyed), but lags at remediating them quickly (ranking 11 out of 13) (Cobalt).

Manufacturing

  • Nearly a third (30%) of manufacturers rank cybersecurity threats as one of their most serious external obstacles (SMC).
  • Manufacturing, logistics, and transportation have become the third most targeted industry for cyberattacks, representing 13% of attacks between August 2023 and August 2025 (QBE Insurance Group).
  • Manufacturing is the top target for cyberattacks against critical infrastructure (Nozomi Networks).
  • Critical manufacturers are targeted for ransomware attacks more than any other sector, with 258 incidents reported in 2024 (FBI).
  • In 2024, the average cost of an industrial data breach was $5.56 million, an 18% increase from 2023 and third-highest among all industries (IBM).
  • Noncompliance fines of up to $1 million per day per violation contribute to the high cost of industrial data breaches (IBM).
  • Unplanned downtime from data breaches can cost manufacturing companies as much as $125,000 per hour (IBM).
  • The leading causes of industrial data breaches are malicious attack (47% of incidents), IT failure (26%), and human error (27%) (IBM).
  • Nearly all manufacturers are investing in operational technology (OT) cybersecurity, with 64% already using an OT security platform and 32% planning to do so within the next five years (SMC).
  • The manufacturing industry fares poorly in cybersecurity performance, with 18% of pentesting findings ranking as serious (tied for third-worst of 13 industries surveyed), just 69% of serious findings resolved (sixth-worst), a median time to resolve (MTTR) serious findings of 122 days (worst), and a half-life of 205 days to resolve 50% of serious findings (fourth-worst) (Cobalt).

Finance and Insurance

  • The financial services industry experienced a 25% increase in cyberattack intrusions between 2023 and 2024, ranking third among all industries (KnowBe4).
  • Phishing and business email compromise are the leading initial attack vectors deployed against financial services targets (KnowBe4).
  • Nearly all (97%) US banks suffered third-party data breaches in their supply chains (SecurityScorecard).
  • Email and password credentials have become the primary target for criminals attacking the financial sector, with 2,892,278 stolen credentials sold in 2025, far surpassing the market for stolen password hashes, IPs, and credit cards (KnowBe4).
  • Financial services ranks fourth among industries for ransomware and data breaches affecting critical infrastructure (FBI).
  • Financial data breaches cost an average $5.56 million (IBM).
  • Nearly three in ten (28%) of the top 150 insurance companies reported breaches in 2024 (SecurityScorecard).
  • Over half (56%) of insurance providers reported at least one stolen credential between 2023 and 2024 (SecurityScorecard).
  • Insurance is the second-most vulnerable industry to phishing after healthcare, with 39.2% of organizations susceptible (KnowBe4).
  • Nearly six in ten (59%) of insurance breaches involve third-party attack vectors (SecurityScorecard).

Education

  • Over eight in ten (82%) of US K-12 schools were impacted by cyberattacks between July 2023 and December 2024 (Center for Internet Security).
  • Almost all (97%) of higher educational institutions in the UK were affected by cyberattacks in 2024 (UK Department for Science, Innovation & Technology).
  • Ransomware, phishing, and QR code exploits are the most common methods used to target educational institutions (Bitsight).
  • The first nine months of 2025 saw 180 ransomware attacks on the global educational sector, a 6% increase over the same period in 2024 (Comparitech).
  • Education was the most targeted industry for Known Exploited Vulnerabilities (KEVs) in 2023, with over half (54.3%) of institutions affected (Bitsight).
  • Attackers targeting K-12 schools increasingly favor command and control attacks (45.3% of attacks from July 2023 to December 2024) over malware attacks (34%) and phishing attacks (10.5%) (Center for Internet Security).
  • Over six in ten (62%) of educational service breaches originate from external sources, while nearly four in ten (38%) come from internal sources (Verizon).
  • Over half (57%) of school cybersecurity attacks come from students, with nearly a third of insider attacks resulting from students guessing weak passwords or finding passwords written down (Information Commissioner’s Office).
  • The majority of attacks (58%) on educational providers target personal data (Verizon).
  • Educational data breaches cost an average $3.80 million (IBM).
  • Educational institutions take an average of 151 days to remediate KEVs (Bitsight).

Other Industries

  • Government and administration have become the most targeted sectors globally, accounting for 19% of incidents between August 2023 and August 2025, followed by IT and telecommunications at 18% (QBE Insurance Group).
  • The retail and wholesale industry is the third-most vulnerable target of phishing after healthcare and insurance, with 36.5% of organizations susceptible (KnowBe4).
  • Energy industry breaches cost an average $4.83 million per incident (IBM).
  • Technology industry breaches cost an average $4.79 million per incident (IBM).

 

Technology and Threat Landscape


IoT and DDoS Attacks

  • Manufacturing and transportation are the most targeted sectors for IoT attacks, each accounting for 20% of attacks (Zscaler).
  • Routers are the target of three in four (75%) of IoT attacks, with most attacks exploiting command injection vulnerabilities (Zscaler).
  • Four in ten (40%) of DDoS attacks are launched by competitors, while nearly two in ten (17%) are launched by either state actors or disgruntled employees (Cloudflare).
  • 2024 saw a 53% increase in DDoS attacks over 2023, with 21.3 million attacks averaging 4,870 per hour (Cloudflare).
  • Telecommunications is the most targeted industry for DDoS attacks (Cloudflare).
  • The last quarter of 2024 saw a surge in DDoS ransomware attacks of 78% compared to the previous quarter and 25% compared to the last quarter of 2023, reflecting holiday shopping season targeting trends (Cloudflare).
  • Nearly three in four (73%) of DDoS attacks were launched by known botnets in 2024 (Cloudflare).
  • Over nine in ten (94%) of Wi-Fi networks are vulnerable to deauthentication attacks, which cause temporary denial of service by fooling routers into disconnecting devices (Nozomi Networks).
  • Network denial of service is the second-most common attack method targeting critical manufacturing after data manipulation (Nozomi Networks).

AI and Cybersecurity

  • AI is now the number one creator of identities with privileged in sensitive access (CyberArk).
  • Machine identities now outnumber human identities 82 to 1 (CyberArk).
  • Over eight in ten (85%) of organizations say AI-powered threats are making traditional defenses obsolete (CrowdStrike).
  • Nearly half (50%) of organizations say they can’t respond to AI threats as fast as attackers can execute them (CrowdStrike).
  • Over three-quarters (76%) of global organizations are struggling to keep pace with the speed and sophistication of AI-powered attacks (CrowdStrike).
  • Nearly nine in ten (89%) of organizations see AI-powered defenses as necessary to keep up with AI-powered attacks (CrowdStrike).
  • Over one in ten (13%) of organizations have reported breaches of AI models or applications (IBM).
  • Six in ten (60%) of healthcare organizations say protecting private data used by AI is difficult or very difficult (Ponemon Institute).
  • Over eight in ten (81%) of security and IT decision-makers express concern about GenAI causing sensitive data leaks (Mimecast).
  • Security incidents involving unauthorized AI use compromise 65% of personally identifiable information compared to 53% for other incidents (IBM).
  • Security incidents involving unauthorized AI use compromise 40% of intellectual property compared to 33% for other incidents (IBM).
  • Unauthorized AI use costs organizations an average $670,000 more per breach than other breaches (IBM).
  • Using AI and automation for cybersecurity reduces breach lifecycles by 80 days (IBM).
  • Over half (56%) of healthcare organizations say AI-powered data loss prevention (DLP) is highly effective at stopping data loss caused by employees (Ponemon Institute).
  • Organizations that use AI and automation for cybersecurity save an average $1.9 million compared to those that don’t (IBM).
  • Cybersecurity applications of AI are led by email security (49% of organizations), enhanced endpoint protection (34%), and threat detection and anomaly protection (32%). (Kaseya).
  • Organizations that express reluctance to adopt AI for cybersecurity express concerns about accuracy (29%), data privacy (27%), and cost (19%) (Kaseya).

CISO Guide: Separating Signal from the Noise cover image

AI Penetration Testing

  • Almost three in four (72%) of security leaders regard AI and LLM security as a top priority (Cobalt).
  • Nearly all (94%) of security leaders agree pentesting is vital to cybersecurity (Cobalt).
  • While eight in ten (81%) of organizations feel their security posture is strong, fewer than half (48%) of vulnerabilities are remediated, and over two-thirds (69%) of serious vulnerabilities aren’t resolved (Cobalt).
  • While almost all (98%) of organizations are adopting GenAI into their products, only two-thirds (66%) conduct regular security assessments like pentesting on AI products (Cobalt).
  • Nearly one in ten (8%) of organizations don’t know if their AI models and applications have been compromised (IBM).
  • Nearly all (97%) of organizations suffering cybersecurity attacks on AI tools lacked proper AI controls (IBM).
  • Over six in ten (63%) of organizations that suffered attacks on AI lacked AI governance or still were developing it (IBM).
  • Only one-third (32%) of organizations have implemented proper AI security controls (CyberArk).
  • While LLM pentests discover more serious vulnerabilities (32%) than any other asset type, fewer of these are resolved (21%) than any other category (Cobalt).

Compliance

  • Over three in four (77%) of global C-suite leaders say compliance contributes moderately or significantly to their objectives (Thomson Reuters).
  • Nearly one in four (24%) of organizations say increasing revenue and attracting new clients are their main drivers for compliance, a number that rises above one in three (35%) for organizations with over $1 billion in annual revenue (A-LIGN).
  • Over seven in ten of executives plan to pursue digital transformation initiatives requiring compliance support between 2025 and 2028 (71%) (PwC).
  • Over half (51%) of organizations plan to pursue AI compliance (A-LIGN).
  • Nearly eight in ten (78%) of CISOs and nearly nine in ten (87%) of CEOs say cybersecurity and privacy regulations reduce their cyber risks (World Economic Forum).
  • Over half (51%) of business and risk leaders identify cybersecurity and data protection as their main compliance priorities (PwC).
  • Over eight in ten (81%) security leaders are confident they meet their regulatory requirements, which appears overconfident in light of pentest findings on resolution rates (Cobalt).
  • Over six in ten companies in the UK, Germany, Spain, and Italy lack confidence in their compliance with data privacy regulations (Usercentrics).

Cybersecurity Statistics FAQs


What are the biggest cybersecurity risks in 2026?

Organizations identify their top cybersecurity concerns as ransomware (45%), phishing and other forms of cyber-enabled fraud (20%), supply chain disruption (17%), malicious insiders (7%), disinformation (6%), and denial of service (6%) (World Economic Forum).

 What are the biggest cybersecurity risks posed by AI?

The GenAI risks that most concern executives and security leaders are AI enhancement of adversarial capabilities such as phishing (47%), data leaks (22%), other security issues such as supply chain risks (17%), and increased complexity of security governance (14%) (World Economic Forum).

Which industries are most targeted by cyberattackers?

The most targeted industries globally are government and administrative systems (19% of attacks between August 2023 and August 2025), IT and telecommunications (18%), and the manufacturing and transportation and logistics sectors (13% combined) (QBE Insurance Group).

Which size companies are most targeted by cyberattackers?

Small businesses with fewer than 1,000 employees are the biggest targets for cyberattackers, accounting for over four in ten (43%) of attacks (Total Assure).

What are today’s most common cyberattack methods?

Today’s most common attack patterns are system intrusion (53%), social engineering (17%), miscellaneous errors (12%), basic web application attacks (12%), and privilege misuse (6%) (Verizon).

2026 Cybersecurity Forecast Webinar CTA
Back to Blog
About Jacob Fox
Jacob Fox is a search engine optimization manager at Cobalt. He graduated from the University of Kansas with a Bachelor of Arts in Political Science. With a passion for technology, he believes in Cobalt's mission to transform traditional penetration testing with the innovative Pentesting as a Service (PTaaS) platform. He focuses on increasing Cobalt's marketing presence by helping craft positive user experiences on the Cobalt website. More By Jacob Fox

Related readings

Cover Image: Healthcare Data Breach Statistics: 2025 Roundup
Healthcare Data Breach Statistics: 2025 Roundup
Cybersecurity Insights
Blog
Oct 2, 2025
Read more
Top Cybersecurity Statistics for 2024 Cover image
Top Cybersecurity Statistics for 2024
Cybersecurity Insights
Blog
Dec 8, 2023
Read more
Cover Image: Top Cybersecurity Statistics for 2025
Top Cybersecurity Statistics for 2025
Cybersecurity Insights
Blog
Dec 23, 2024
Read more
see more

Never miss a story

Stay updated about Cobalt news as it happens