Staying ahead in cybersecurity means getting the lay of the land—what's working, what's not, and what's changing. This cybersecurity data isn't just numbers; it’s deep insights into current digital defense risks, from password statistics revealing ongoing challenges to newer problems like remote work best practices.
More than a quarter (28%) of cybersecurity professionals say that employees in remote and hybrid work environments using the same or weak passwords is their biggest challenge. (Huntress Remote)
Cyber safety concerns for remote and hybrid workers influenced 61% of businesses' decisions to return to the office after the COVID-19 pandemic. (Huntress)
An overwhelming majority (90%) of cybersecurity professionals feel confident in their organization's ability to protect sensitive information in remote and hybrid work scenarios. (Huntress)
Over three-fifths (64%) of respondents believe the shift to remote and hybrid work has positively impacted their ability to predict and prevent cybersecurity incidents. (Huntress)
The most commonly implemented cybersecurity policies for remote and hybrid employees are regular cybersecurity training (84%), encrypted password managers (78%), and virtual private networks, or VPNs (64%). (Huntress)
Only 2 in 5 IT professionals noted that their organization uses multi-factor authentication (MFA). (Huntress)
Nearly two-fifths of organizations conduct cybersecurity training every quarter. (Huntress)
1 in 10 organizations conduct cybersecurity training once a year or less, and 5% lack a formal training schedule altogether. (Huntress)
Almost one-third of respondents (32%) think overall employee cybersecurity awareness needs improvement, while 46% rate it as “meeting expectations.” (Huntress)
Some cyberattacks are much more frequent than others (shocker!), and knowing about the most common cyberattacks is a great starting point for strengthening your defenses. Below, we’ve rounded up key statistics on the patterns and common cybercrime tactics, covering everything from ransomware to identity threats.
You hear all the buzzwords, but what are attackers really doing in the wild? We've reviewed the latest data to show you exactly which methods pop up most often.
Infostealers were highly prevalent in 2024, responsible for 24% of cyber incidents. (Huntress)
Remote access trojans (RATs) like AsyncRAT and Jupyter were used in over 75% of observed remote access attacks. (Huntress)
In 2024, the most active campaign identified by Huntress targeted vulnerabilities CVE-2024-1709 and CVE-2024-1708 in ScreenConnect, representing two-thirds of identified traditional exploitation attempts. (Huntress)
Across all scenarios monitored by Huntress in 2024, PowerShell was the scripting language of choice 45% of the time. (Huntress)
Scripting abuse incidents involved MSHTA, WMI, and WScript in 8.4% of cases. (Huntress)
Registry Run Keys was the top persistence method, used in almost half of the identified cases. (Huntress)
Roughly 1 in 11 attackers who tried to use defense evasion techniques failed. (Huntress)
Over half (55.7%) of evasive maneuvers used file name obfuscation. (Huntress)
Registry Null Byte insertion was used for 40% of all evasion methods. (Huntress)
At least 29 of 3,158 cyberattacks reported by the ITRC last year involved “credential stuffing” attacks using compromised logins and passwords, attacks that could have been prevented with MFA or passkeys. (ITRC)
Let's talk data breaches: here, we break down stats on how often they're happening and how much information is really being exposed.
Just over one-third (35%) of all victim notices contained attack vector details. (ITRC)
In contrast, nearly two-thirds (65%) of all victim notices didn't contain attack vector details. (ITRC)
The Ticketmaster Entertainment, LLC security incident was considered a top compromise in 2024 by victim notice count, with 560 million victim notices. (ITRC)
The number of victim notices saw a dramatic increase, jumping by 211% (!) between 2023 and 2024. (ITRC)
In 2024 alone, there were a total of 3,158 compromises. (ITRC)
Victim notices surpassed 1.3 billion in 2024. (ITRC)
Cyberattacks represented more than 2,500 of all breaches, making them the most common type. (ITRC)
The total number of data breaches recorded in 2024 was 2,850. (ITRC)
Out of 3,158 total compromises reported by the ITRC, data exposures amounted to 18 incidents in 2024. (ITRC)
There were two data leaks registered in 2024 by the ITRC. (ITRC)
Although publicly traded companies accounted for only 7% of all compromised organizations (221 companies), they were responsible for over 72% of victim notices, amounting to 939 million in 2024. (ITRC)
When examining the 133 cyberattacks against publicly traded companies that led to a data breach notice, stolen credentials emerged as the most common attack vector. (ITRC)
At least 114 out of 3,158 compromises involved files being attached to emails or included in physical correspondence. (ITRC)
It's estimated that 1,965 of the compromises reported during 2024 could have been prevented, including three of the five major breaches that resulted in 860 million victim notices. (ITRC)
Identity threats are where things get personal. We're talking about access to accounts and potential hijacking of information, and here's exactly where we're seeing the biggest problems with identity theft and abuse.
Nearly half (45.5%) of identity threat detections in 2024 resulted from access rule violations, such as attempts to reach resources from restricted VPNs or unapproved locations. (Huntress)
Modifications to Inbox Rules frequently involved moving content to the RSS Feeds folder, accounting for half of the malicious activity. (Huntress)
More than a third (35.4%) of suspicious Inbox Rule activity included moving content to the Conversation History Folder. (Huntress)
Nearly 6% of all ITDR events during the year involved attackers trying to hijack or steal user tokens. (Huntress)
NordVPN was the most common VPN used for abuse, making up 20% of all incidents identified. (Huntress)
A phishing attack is more than just a minor annoyance—it's often the first step in a much bigger cyberattack. These stats will give you a clearer picture of what types of phishing are out there, who's being targeted, and how often it's successful.
E-signature impersonation was the most notable phishing email theme, making up almost one-third of identified phishing attempts. (Huntress)
While QR codes represented more than 8% of phishing attacks in 2024, an increase is anticipated for 2025. (Huntress)
Microsoft-branded emails were the most frequent for impersonated brands among 285 groups, comprising nearly 40% of incidents. (Huntress)
Docusign was the second most commonly imitated brand, accounting for a quarter of incidents. (Huntress)
Ransomware attacks have morphed from simple data encryption to highly organized extortion. Here’s what you need to know to stay prepared and defend against these costly attacks.
Over half of the ransomware incidents were linked to RansomHub, Lynx, and Akira. (Huntress)
The average time-to-ransom observed was close to 17 hours. (Huntress)
On average, 18 actions are performed by threat actors before ransomware is triggered. (Huntress)
The presence of ransomware, whether with or without encryption, showed significant growth from 32% to 44%—a 37% increase over the prior year's report. (Verizon)
The average ransom amount decreased to $115,000 in 2024, down from $150,000 in 2023. (Verizon)
Nearly two-thirds (64%) of victim organizations opted not to pay the ransoms. (Verizon)
Ransomware factored into 39% of all breaches, while a vast majority (88%) of breaches affecting small and medium-sized businesses (SMBs) involved ransomware. (Verizon)
It's good to know about cyberattacks in general, but what are hackers doing in practice? What software do they use? How do they get in?
Let’s break down hacking statistics and highlight the tools and methods you need to know to strengthen your cyber defenses and get on a hacker's "do not engage" list
Cobalt Strike is still the most prevalent hacking tool, used for over 31% of hacks in 2024. (Huntress)
PSExec, AD Explorer, and SDelete were the most frequently used Sysinternals tools by attackers in 2024. (Huntress)
ConnectWise ScreenConnect was the most exploited remote access tool, used in nearly three-quarters of cases. (Huntress)
Mimikatz and generic malware were the top tools for gaining access to system credentials, together making up 55%. (Huntress)
Domain enumeration accounted for the main hands-on-keyboard (HOK) activity in 2024. (Huntress)
The costs of cyberattacks aren't limited to immediate expenses; they also include factors like cyber insurance trends, business disruptions, data recovery, and damage to customer trust. These stats break down the costs involved and give you a real sense of the financial risks you might be dealing with.
1 in 4 IT security professionals cite cost as the main factor why organizations choose not to get cyber insurance. (Huntress)
More than half (55%) of the surveyed IT security professionals strongly agree that their organization has the budget to protect itself against cybersecurity threats. (Huntress)
The cyber insurance market is expected to grow 8% from 2024, with a market premium projection of $16.6 billion in 2025. (Swiss Re Group)
34% of healthcare IT professionals say financial loss has the biggest impact after a cyber threat. (Huntress)
More than 1 in 4 healthcare IT professionals cite budget constraints as a top threat. (Huntress)
The average global cost of a data breach soared to $4.88 million in 2024, reflecting a 10% increase from 2023. (IBM)
Business downtime and post-breach customer support, and remediation were the main factors for the cost increase of global data breaches in 2024. (IBM)
More than 50% of organizations said they pass on the costs of data breaches to customers. (IBM)
Organizations that used comprehensive security AI and automation in prevention saved an average of $2.22 million in 2024. (IBM)
Malicious insider attacks account for the highest costs, with an average cost of $4.99 million. (IBM)
In 2024, the average cost of a data breach in the United States reached $9.36 million. (Statista)
In 2023, Canada had the second-highest costs, after the US, with data breach costs averaging $5.13 million. (Statista)
The healthcare sector worldwide reported the highest data breach costs in 2024, averaging approximately $9 million. (Statista)
Financial institutions followed with the highest data breach costs in 2024, with an average cost of $6 million. (Statista)
"Detection and escalation" emerged as the most expensive component of data breaches globally, averaging $1.63 million. (Statista)
"Lost business" was the second most costly aspect of data breaches. (Statista)
Having the right people is key to a strong cybersecurity plan. The problem is that many companies just can't find enough qualified people to hire or keep around. Knowing what's happening in hiring can help tackle these skill shortages and roadblocks.
About 1 in 7 of healthcare IT professionals cited difficulty hiring qualified cybersecurity professionals as an obstacle to adequate cybersecurity. (Huntress)
Over half of breached organizations are facing high levels of security staffing shortages in 2024, a 26.2% increase from 2023. (IBM)
More than 20% of organizations used some type of Gen AI security tools to help close the skills gap. (IBM)
The majority (60%) of surveyed international practitioners and decision-makers agree that skills gaps substantially affect their organization's security, and over half (58%) say it's a big risk. (ISC2)
Two-thirds of surveyed cybersecurity decision-makers reported experiencing a staffing shortage. (ISC2)
In 2024, 25% of surveyed practitioners and decision-makers reported layoffs, and 37% reported budget cuts in their cybersecurity departments. (ISC2)
IT professionals cite a lack of skills as the most challenging aspect of their work over the past 12 months. (ISC2)
The sectors of hosted/cloud services, telecommunications, and aerospace saw the biggest impact from cybersecurity budget cuts during 2024. (ISC2)
Conversely, public sector positions, nonprofits, the military, and legal fields experienced the least disruption due to cybersecurity budget reductions in 2024. (ISC2)
IT professionals cited budget as the number one cause for both their talent and skills gaps. (ISC2)
Cybersecurity professionals place the highest priority on striking a balance between personal fulfillment and professional growth in their careers. (ISC2)
According to the average response, IT professionals generally feel they’re at an appropriate organizational level within their respective companies. (ISC2)
Nearly 1 in 5 cybersecurity professionals explicitly said they’re actively seeking new job opportunities in cybersecurity. (ISC2)
A majority (62%) of professionals transitioned into cybersecurity roles directly from institutions of higher learning. (ISC2)
IT professionals widely regard their cybersecurity certifications as valuable, with 86% affirming this sentiment. (ISC2)
Notably, among those entering cybersecurity within the past year, the proportion of 39-to-49-year-olds has seen a consistent yearly increase, jumping from 18% in 2022 to 35% in 2024. (ISC2)
A large portion of hiring managers (59%) admit they lack sufficient knowledge about generative AI to pinpoint the top skills professionals need in an AI-centric workplace. (ISC2)
Just over half (51%) of cybersecurity experts believe that non-technical or “soft” skills will become more important for cyber professionals in the era of AI. (ISC2)
Some industries are shiny temptations that threat actors just can't resist (ahem, finance), while others might seem a little less exciting, but still hold plenty of valuable info. Here's how these threats change depending on the type of organization.
Schools and universities might not seem like the first places hackers would go, but they hold tons of personal data—student records, research, you name it.
Plus, most schools are working with tight budgets and small IT teams, which can make defending against attacks even tougher. Here are some stats that drive home the cybersecurity challenges the education sector is up against.
In 2024, education was the most targeted industry, accounting for 21% of cyberattacks. (Huntress)
Errors continue a gradual three-year increase, accounting for 29% of breaches in education, with misdelivery being the most frequent type. (Verizon)
External actors are responsible for more than half of the attacks in the education industry, with organized crime groups behind 59% of those incidents. (Verizon)
In education data breaches, personal data (58%) and internal data (49%) are the most commonly compromised types of information. (Verizon)
There were 162 recorded compromises within the education sector in 2024 out of 3,158 total compromises. (ITRC)
It shouldn’t be shocking that the finance industry is a prime target for cyberattacks. With the potential high rewards comes more sophisticated attempts, ranging from system intrusions to social engineering.
The financial sector was the most breached industry in 2024, with 737 recorded compromises out of 3,158 overall. (ITRC)
A majority of breaches in the financial industry (74%) involve system intrusion, social engineering, or basic web application attacks. (Verizon)
Because complex attacks are becoming more common against the financial and insurance vertical, system intrusion continues to be the leading pattern observed in financial sector breaches. (Verizon)
Hacking is the most frequent type of action taken in financial sector breaches, accounting for 45% of incidents. (Verizon)
Approximately one-third of attempts by threat actors in the financial industry are successful. (Verizon)
The healthcare industry has always been at the top of the list for cyberattacks, mainly because it has tons of confidential patient details. So when it comes to cybersecurity within the healthcare sector, it's a constant struggle for organizations to protect that data and keep everything running smoothly in their facilities.
Of the cyberattacks monitored by Huntress in 2024, healthcare was the second most targeted industry, accounting for 17% of attacks. (Huntress)
One-third of IT professionals identify data breaches as their leading cybersecurity concern in the healthcare sector. (Huntress)
Phishing attacks were reported as the most common type of cybersecurity incident healthcare organizations saw in 2024, with 40% of respondents citing them. (Huntress)
Over half (52%) of healthcare IT professionals believe cyber threats most significantly impact their organization by disrupting patient care. (Huntress)
A majority of surveyed healthcare IT professionals expressed confidence in their organization's preparedness for a major cyberattack within the next year; 37% are very confident and 53% are somewhat confident. (Huntress)
About two-thirds of surveyed healthcare IT professionals complete cybersecurity training at least semi-annually. (Huntress)
Improving security awareness training is the primary focus for 37% of healthcare IT professionals in 2025. (Huntress)
Manufacturing facilities run on complex systems, managing everything from supply chains to production lines. That means cybersecurity in manufacturing isn't just about keeping intellectual property safe but also about making sure everyday production continues without a hitch.
Here are statistics that show what's happening in cybersecurity within the manufacturing world.
Manufacturing was the least targeted industry, accounting for 9% of Huntress-identified cyberattacks in 2024. (Huntress)
Malware was the number one threat targeting manufacturing in 2024, representing 17% of attacks. (Huntress)
Malware disguised as Adobe components made up 23% of all methods used in the manufacturing sector. (Huntress)
Manufacturing environments saw high numbers of RAT installations in 2024, with AsyncRAT, Trickbot, NetSupport, and NewCoreRAT as the most frequently detected families. (Huntress)
Domain passwords were the primary target of information theft in manufacturing, with attackers migrating to higher-priority machines as fast as possible. (Huntress)
Government data is often highly sensitive, holding information that could impact entire communities. Would we want personal details or vital infrastructure plans to fall into the wrong hands? Absolutely not, which is why the increasing frequency of cyberattacks on state and local governments demands urgent attention.
Over 10% of the cyberattacks Huntress saw in 2024 targeted government agencies. (Huntress)
Infostealer threats were the most prevalent type of threat for government environments, accounting for 21% of threats. (Huntress)
In 2024, the main attack on government organizations was mainly malicious scripts built on PowerShell and JavaScript, often connected to SOCGholish and AsyncRAT. (Huntress)
Hacking tools like Cobalt Strike and BloodHound were used more often against government entities than other industries. (Huntress)
Generative AI (Gen AI) is making a big splash in cybersecurity, both as a powerful tool for defense and as a potential weapon in the hands of threat actors. These statistics reveal how teams are navigating AI adoption, policies, and attacks.
The majority of surveyed IT security professionals say AI-powered attacks are the biggest threat with the potential to impact cyber insurance in 2025. (Huntress)
Two-thirds of surveyed cybersecurity professionals feel confident that their expertise will enhance Gen AI technology. (ISC2)
Almost half (45%) of cybersecurity teams are using Gen AI within their toolsets. (ISC2)
More than half (54%) of cybersecurity professionals report facing data privacy and security problems due to the organizational implementation of Gen AI. (ISC2)
While 90% of surveyed cybersecurity professionals say their organizations have at least some Gen AI policies in place, the majority (65%) believe more regulations are needed. (ISC2)
A majority (68%) of professionals say they plan to effectively integrate generative AI into their roles within the next two years. (ISC2)
Over two-thirds of respondents noted that Gen AI has been a significant topic of discussion among their organization's leadership. (ISC2)
More than half (54%) of IT professionals believe Gen AI will benefit cybersecurity on a broad scale. (ISC2)
Just 60% of respondents reported that their cybersecurity team participates in formulating regulations and guidelines for generative AI. This figure drops to 50% for organizations with 20,000 or more employees. (ISC2)
1 in 7 employees regularly accessed generative AI systems on their corporate devices at least once every two weeks. (Verizon)
Among these employees, a large percentage used non-corporate emails as account identifiers (72%), while a smaller but still notable portion used corporate emails without proper integrated authentication (17%), suggesting usage outside official policies. (Verizon)
Keeping up with current trends isn't just about knowing what's flashy; it's about understanding where the real risks are. This section dives into what's hot in cybersecurity right now, from how attackers are getting in to what kinds of tech we're using (or maybe not using enough).
Vulnerability exploitation saw yet another year of growth as an initial breach access vector in 2024, now accounting for one-fifth of all breaches. (Verizon)
Credential abuse is still the single most common breach vector year over year. (Verizon)
Targeting edge devices and VPNs for vulnerability exploitation surged to 22%, representing nearly an eightfold increase from the mere 3% seen in the previous year's report. (Verizon)
Only slightly more than half (54%) of edge device vulnerabilities were fully remediated throughout the year, with a median resolution time of 32 days. (Verizon)
The involvement of third parties in breaches doubled, going up from 15% to 30%. (Verizon)
Three-fifths of breaches still involve a human element in 2024, maintaining a consistent level compared to 2023. (Verizon)
The median time to address leaked secrets discovered in a GitHub repository stood at 94 days. (Verizon)
Espionage-motivated breaches witnessed significant growth, now comprising 17% of breaches. (Verizon)
Espionage-motivated breaches used vulnerability exploitation as their primary initial access vector, a substantial 70% of the time, highlighting the danger of running unpatched services. (Verizon)
Nearly 28% of incidents involving state-sponsored actors had a financial motive. (Verizon)
Credential logs showed that 30% of compromised systems could be identified as enterprise-licensed devices. (Verizon)
In 46% of compromised systems where corporate logins were found in compromised data, those systems were unmanaged and hosted both personal and business credentials. (Verizon)
Cybersecurity statistics paint a complex and ever-changing picture. We've seen the rise of sophisticated attacks, the ongoing challenge of human error, and the growing importance of AI’s role in both defense and offense.
These threats can seem overwhelming, but with our in-depth understanding of how threat actors think, we know what to look for. Huntress gives you fully managed endpoint detection and response (EDR), so you've got 24/7 support from security experts ready to respond to threats.
The exact number varies depending on how you define “hacking”, but the ITRC reports over 1.3 billion victims from 3,158 compromises in 2024.
Around 90% of cyber incidents start with phishing emails, making them the main entry point for cyberattacks.
Verizon reported 3,049 incidents for small businesses (less than 1,000 employees) and 982 incidents for large businesses (more than 1,000 employees) in 2024.
Get insider access to Huntress tradecraft, killer events, and the freshest blog updates.
