30+ Cybersecurity Statistics, Breach Costs & Threat Trends (2026)

The 2026 cybersecurity story is not a story about hackers in hoodies anymore. It is a story about machines fighting machines, about ransomware crews running their operations like Fortune 500 SaaS companies, and about defenders trying to close a 241-day window before an intruder turns a stolen password into a ten-million-dollar headline. Generative AI has rewritten the playbook on both sides of the firewall: attackers use it to scale phishing, clone voices, and evade selfie checks, while security teams use it to compress detection times and recover faster from breaches that, until recently, would have crippled them.

The numbers behind this new equilibrium are sobering. IBM's Cost of a Data Breach Report 2025 pegs the average global incident at $4.44 million, with the United States hitting a record $10.22 million. Verizon's 2025 Data Breach Investigations Report analysed more than 22,000 incidents and found ransomware in 44% of all breaches. The FBI's Internet Crime Complaint Center logged $16.6 billion in US losses in 2024, a 33% year-over-year jump. Below are 30+ statistics we could verify against their primary sources, organised into the themes that matter most for any business shipping software, processing payments, or running an online checkout in 2026.

Breach Costs and Volume

1. The average global data breach cost dropped to $4.44 million in 2025.

IBM's Cost of a Data Breach Report 2025 found the global average breach cost fell to $4.44 million, down from $4.88 million in 2024. It is the first decline in five years, driven almost entirely by faster containment from AI-augmented security operations. (IBM)

2. The average US breach cost hit a record $10.22 million.

The same IBM report shows United States organisations posting an average breach cost of $10.22 million in 2025, a record high that runs counter to the global drop. US firms face higher litigation exposure, denser regulatory penalties, and a more expensive labour pool for incident response than the rest of the world. (IBM)

3. Healthcare remains the costliest sector at $7.42 million per breach.

Healthcare led every vertical for the fourteenth year running, with the average breach costing $7.42 million in 2025, even after a $2.35 million reduction from 2024. The sector also took the longest to identify and contain a breach at 279 days, against a global mean of 241 days. (IBM)

4. The global mean time to identify and contain a breach is 241 days.

IBM clocked the global mean time to identify and contain a breach at 241 days in 2025, down 17 days from the prior year and the lowest figure in nine years. AI and automation in security operations cut the lifecycle by roughly 80 days on average. (IBM)

5. Verizon analysed 22,052 incidents and 12,195 confirmed breaches in 2025.

The 2025 Data Breach Investigations Report ingested 22,052 security incidents and 12,195 confirmed breaches across 139 countries, the largest dataset in the report's 18-year history. The expanded sample makes 2025's themes — ransomware, third-party risk, edge device exploitation — harder to dismiss as outliers. (Verizon DBIR 2025)

6. Third-party involvement in breaches doubled to 30%.

Verizon found that third-party involvement in breaches doubled to 30% in 2025, the clearest sign yet that supply chain risk is no longer a tail event. When your vendor gets popped, your data tends to leave with it. (Verizon DBIR 2025)

Ransomware

7. Ransomware appeared in 44% of all breaches in 2025.

Verizon's DBIR found ransomware in 44% of breaches in 2025, up from 32% the year prior, a 37% year-over-year jump. Ransomware-as-a-service kits, leaked builders, and the rise of double-extortion playbooks all contributed to the surge. (Verizon DBIR 2025)

8. Ransomware was present in 88% of small-business breaches.

The same Verizon report shows ransomware in 88% of confirmed breaches at small and medium-sized businesses. SMBs typically lack a 24x7 SOC and stay an outsized share of total victims even as enterprise defences improve. (Verizon DBIR 2025)

9. 49% of ransomware victims paid the ransom in 2025.

Sophos's State of Ransomware 2025, based on a survey of 3,400 IT and security leaders across 17 countries, found 49% of victims paid the ransom and recovered their data. That is down from 56% in 2024 but still the second-highest pay rate in six years. (Sophos State of Ransomware 2025)

10. The median ransom payment fell 50% to $1 million.

Sophos reported that the median ransom payment dropped to $1 million in 2025, half the $2 million median recorded in 2024. Verizon's separate DBIR sample, which leans on incident-response telemetry rather than survey data, pegs the median payment lower at $115,000 — an indication that smaller victims are dragging the central tendency down as ransomware crews diversify their targets. (Sophos, Verizon DBIR 2025)

11. Recovery costs (excluding the ransom) fell 44% to $1.53 million.

The same Sophos report found the average cost to recover from a ransomware attack, excluding any ransom payment, dropped 44% to $1.53 million, down from $2.73 million in 2024. Faster recovery times — 53% of victims fully recovered within a week — explain most of the savings. (Sophos State of Ransomware 2025)

12. Exploited vulnerabilities were the root cause in 32% of ransomware attacks.

Sophos identified exploited vulnerabilities as the most common entry vector for ransomware, accounting for 32% of attacks. That tracks with Verizon's separate finding that exploitation of vulnerabilities now appears in 20% of all breach paths, a 34% year-over-year jump. (Sophos, Verizon DBIR 2025)

13. ENISA tracked 82 ransomware variants targeting EU organisations in 2025.

The ENISA Threat Landscape 2025 catalogued 82 distinct ransomware variants deployed against EU organisations between July 2024 and June 2025, with Akira (11.6%), SafePay (10.1%) and Qilin (7.5%) the most frequently observed. The proliferation reflects a maturing ransomware-as-a-service market with many low-cost builders in circulation. (ENISA)

Phishing, Credentials and Social Engineering

14. Phishing drives 60% of initial intrusions in the EU.

ENISA's 2025 Threat Landscape reports phishing as the primary initial intrusion method, accounting for 60% of observed cases across the EU. By early 2025, AI-assisted phishing and social engineering made up more than 80% of activity in this category. (ENISA)

15. 22% of breaches start with credential abuse.

Verizon's DBIR found credential abuse remains the leading initial attack vector in 22% of confirmed breaches, edging out vulnerability exploitation (20%). Stolen, reused, or phished passwords are still the cheapest way into a corporate network. (Verizon DBIR 2025)

16. 46% of compromised business credentials came from personal BYOD devices.

Verizon also reports that 46% of compromised business credentials were captured from non-managed personal devices, a finding that puts the BYOD vs corporate-issued debate back on the boardroom agenda. (Verizon DBIR 2025)

17. The FBI logged 193,407 phishing complaints in 2024.

The FBI's 2024 IC3 Annual Report received 193,407 phishing and spoofing complaints, making it the top cybercrime type by complaint volume for the year, ahead of extortion (86,415) and personal data breaches (64,882). (FBI IC3)

18. Identity attacks rose 32% in the first half of 2025.

Microsoft's 2025 Digital Defense Report observed a 32% surge in identity-based attacks in the first half of 2025, with more than 97% of those attacks being large-scale password attacks. Phishing-resistant MFA, Microsoft notes, can block over 99% of identity attacks. (Microsoft Digital Defense Report 2025)

19. Vishing attacks surged 442% between the first and second half of 2024.

CrowdStrike's 2025 Global Threat Report logged a 442% jump in voice-phishing (vishing) attacks between H1 and H2 of 2024, as eCrime crews increasingly use spoofed help-desk calls and deepfaked voices to pry credentials out of employees. (CrowdStrike)

Cybercrime Losses, Spending and Industry Trends

20. US cybercrime losses reached a record $16.6 billion in 2024.

The FBI IC3's 2024 Annual Report counted 859,532 complaints with $16.6 billion in reported losses, a 33% jump from 2023. Cyber-enabled fraud alone accounted for $13.7 billion of that total. (FBI IC3)

21. Investment fraud, mostly crypto, drove $6.57 billion in losses.

Investment fraud topped the loss table at $6.57 billion in 2024, with cryptocurrency the dominant vehicle. Business email compromise (BEC) followed at $2.77 billion, and personal data breaches at $4.45 billion. (FBI IC3)

22. Americans over 60 lost nearly $4.8 billion to cybercrime in 2024.

Older Americans bore the heaviest demographic burden, with people over the age of 60 reporting almost $4.8 billion in losses and the largest share of total complaints. Tech-support scams and romance-investment schemes drove most of that figure. (FBI IC3)

23. Global cybersecurity spending will reach $240 billion in 2026.

Gartner forecasts global end-user information security spending of $240 billion in 2026, up 12.5% from $213 billion in 2025. Security software alone will grow from $106 billion to roughly $121 billion year over year. (Gartner)

24. 52% of attacks with known motives in 2025 were financially driven by extortion or ransomware.

Microsoft's 2025 Digital Defense Report concluded that over half — 52% — of attacks with known motives between July 2024 and June 2025 were driven by extortion or ransomware, with espionage-only campaigns making up just 4%. (Microsoft Digital Defense Report 2025)

25. Microsoft blocks 4.5 million new malware attempts per day.

The same report disclosed that Microsoft processes more than 100 trillion security signals daily, blocks roughly 4.5 million new malware attempts, analyses 38 million identity risk detections, and scans 5 billion emails for malware and phishing every 24 hours. The sheer scale of the defender side is what makes AI-augmented operations economically necessary. (Microsoft Digital Defense Report 2025)

26. Public administration absorbed 38.2% of EU cyber incidents in 2025.

ENISA's 2025 Threat Landscape reported public administration as the most-attacked sector across the EU, taking 38.2% of all observed incidents — roughly double its share from the prior year. DDoS-driven hacktivism around regional conflicts is the main accelerant. (ENISA)

AI-Powered Attacks and Defences

27. AI-driven phishing is now three times more effective than traditional campaigns.

Microsoft's 2025 Digital Defense Report finds AI-generated phishing emails convert at roughly 3x the rate of classic, human-written lures. The combination of personalisation, fluent grammar, and rapid iteration makes them measurably harder for end users to spot. (Microsoft Digital Defense Report 2025)

28. AI-driven forgeries grew 195% globally.

The same report measured a 195% global jump in AI-generated forgeries — synthetic identity documents, fake selfies, and liveness-check spoofs designed to defeat KYC and onboarding controls used by banks, exchanges, and fintech apps. (Microsoft Digital Defense Report 2025)

29. 16% of studied breaches involved attackers using AI tools.

IBM's 2025 report found 16% of breaches in its dataset involved attackers using AI, most often for phishing or deepfake impersonation. Defenders are not the only side scaling with large language models. (IBM)

30. One in five breached organisations had a shadow AI incident.

The same IBM report flagged that 20% of breached organisations experienced incidents tied to shadow AI — unsanctioned generative AI usage by employees. High-shadow-AI organisations paid an extra $670,000 per breach on average. (IBM)

31. AI-augmented security saved organisations $1.9 million per breach.

Organisations that used AI and automation extensively in security operations saved roughly $1.9 million per breach and shortened the breach lifecycle by 80 days. AI is a defensive force multiplier when it is governed, and a fresh attack surface when it is not. (IBM)

32. 79% of CrowdStrike's 2024 detections were malware-free.

CrowdStrike reported that 79% of detections in 2024 were malware-free, reflecting the shift toward hands-on-keyboard activity, valid-account abuse, and living-off-the-land techniques that traditional antivirus cannot spot. (CrowdStrike)

Frequently Asked Questions

The 2026 picture is one of asymmetry. Attackers are scaling with generative AI and ransomware-as-a-service kits, but defenders that adopted AI-augmented operations are now shaving roughly $1.9 million off the average breach and recovering in days, not months. For shoppers, the practical takeaway is to stick with sources that vet what they publish — fake coupon sites and lookalike domains are a fast-growing slice of the phishing problem flagged in every report we read. At 99coupons.ai, that is exactly the discipline we apply: verified coupons from real brand pages, no sketchy redirects, no AI-generated codes that exist only to harvest your email. Safe online shopping in 2026 starts with knowing whose link you are clicking.