Tested. Ranked. Trustworthy.

Topickz Research

Cybersecurity Statistics 2026: 100+ Data Points on Breaches, Ransomware & Cost (July Update)

100+ cybersecurity statistics for 2026, each cited to its source. The average breach cost $4.44M globally but $10.22M in the US, ransomware appeared in 44% of breaches, 60% of breaches involved a human element, and shadow AI added $670K per breach. Updated monthly by Topickz.

Vignesh Sampath Kumar Last updated July 7, 2026 14 min read

Cybersecurity numbers get quoted more than almost any stat in software, and mangled more than almost any stat too. The figures below are the ones from the actual reports, the Verizon DBIR, IBM’s breach study, Sophos, CrowdStrike, the FBI, not the recycled versions that lost their source three blog posts ago.

We collected 100+ cybersecurity statistics for 2026 and cited every single one to its source, with the year it was published. No figure goes on this page unless we could trace it to the study it came from. Where a widely-repeated stat could not be verified (the “60% of small businesses close within six months of an attack” claim, for one), we left it off.

This is a living page. We refresh it as new reports land, so the figures reflect what is current, not what was true a year ago.

$4.44M
average cost of a data breach globally in 2025, down 9%, but US breaches hit a record $10.22 million
IBM Cost of a Data Breach Report 2025
How we compiled this, our sources and method

What this page is. A curated, cited roundup of third-party cybersecurity statistics published in 2025 and 2026. The Topickz research desk collected, checked and organized these figures. We did not run these studies ourselves, and we never present another firm’s data as our own.

Sourcing bar. Every stat links to a source and carries a year. We prioritized primary sources: the Verizon DBIR, IBM Cost of a Data Breach, Sophos State of Ransomware, CrowdStrike, Mandiant M-Trends, ISC2, the FBI IC3 report and similar. Several of these publishers (IBM, Gartner, some Verizon PDF assets) block automated access, so where that happened we corroborated the figure across multiple independent outlets citing the same named report before including it.

What we dropped. Figures we could not trace to a real source were left out, even popular ones. The widely-circulated “60% of small businesses close within six months of a cyberattack” claim traces back to a dead citation and is not on this page. We include only one forecast from Cybersecurity Ventures, clearly labeled, because that firm’s projections are contested.

Disclaimer. This is general market analysis, not advice on any specific vendor. Topickz may earn affiliate commissions from some tools we cover, and commissions never influence our data or analysis. See our editorial standards and affiliate disclosure .

Key takeaways

  • The average breach cost $4.44 million globally, the first decline in five years, yet US breaches hit a record $10.22 million, a split driven by heavier US penalties and litigation. (IBM , 2025)
  • Ransomware appeared in 44% of all breaches, but attackers were stopped before encryption in 47% of cases, up from 22% in 2023, as defenses catch attacks earlier. (Verizon DBIR , 2025) (Sophos , 2025)
  • Roughly 60% of breaches still involve a human element, error, manipulation or misuse, even as phishing-simulation performance improves. (Verizon DBIR , 2025)
  • Credentials, not malware, are the front door: 79% of detections were malware-free, and stolen credentials started 22% of breaches. (CrowdStrike , 2025) (Verizon DBIR , 2025)
  • AI is now a breach vector as much as a defense tool: 13% of organizations confirmed an AI-model breach, 97% of them lacked AI access controls, and shadow AI added $670,000 per breach. (IBM , 2025)
  • Ransomware is now an SMB risk more than an enterprise one: it features in 88% of small-business breaches versus 39% for large organizations. (Verizon DBIR , 2025)
  • Attackers move in minutes: average eCrime breakout time fell to 48 minutes, with a record 51-second breakout observed. (CrowdStrike , 2025)
  • Healthcare remains the costliest sector to breach at $7.42 million, a position it has held for 14 straight years. (IBM , 2025)
  • The skills gap shifted from headcount to capability: 95% of teams report a skills need, and 41% name AI as the most pressing one. (ISC2 , 2025)
  • Cybercrime losses keep climbing: the FBI’s IC3 logged $16.6 billion in reported losses in 2024, up 33% year over year. (FBI IC3 , 2025)

Breach frequency and cost

  • $4.44 million was the global average cost of a data breach in 2025, down 9% year over year and the first decline in five years. (IBM , 2025)
  • $10.22 million was the average cost of a US data breach, a record high, up 9% year over year. (IBM , 2025)
  • 241 days was the average breach lifecycle (time to identify plus contain), the lowest figure in nine years. (IBM , 2025)
  • 12,195 confirmed data breaches were analyzed in the 2025 DBIR, the most ever reviewed in a single edition, out of 22,052 total security incidents. (Verizon DBIR , 2025)
  • 30% of breaches involved a third party, double the 15% recorded the year before. (Verizon DBIR , 2025)
  • 3,322 data compromises were tracked in 2025, a new annual record and up 5% from 2024. (Identity Theft Resource Center , 2025)
  • Data compromises rose 79% over five years in the ITRC compromise database. (Identity Theft Resource Center , 2025)

Ransomware

  • Ransomware was present in 44% of all breaches in the 2025 dataset. (Verizon DBIR , 2025)
  • Ransomware attack frequency rose 37% year over year. (Verizon DBIR , 2025)
  • The median ransom payment fell to $115,000, down from $150,000 the year before. (Verizon DBIR , 2025)
  • 64% of victim organizations refused to pay the ransom, up from 50% two years earlier. (Verizon DBIR , 2025)
  • Attackers were stopped before encryption in 47% of cases, more than double the 22% stopped in 2023. (Sophos , 2025)
  • Only 49% of enterprise ransomware attacks resulted in data encryption, down sharply from 66% in 2024, the lowest rate in five years. (Sophos , 2025)
  • The average recovery cost was $1.53 million excluding any ransom, down 44% from $2.73 million in 2024. (Sophos , 2025)
  • 53% of ransomware victims recovered within one week, up from 35% in 2024. (Sophos , 2025)
  • 32% of ransomware attacks began with an exploited vulnerability, the top root cause for the third year running. (Sophos , 2025)
  • 57% of ransom demands were $1 million or more in the 2025 survey. (Sophos , 2025)
  • Only 25% of ransomware victims with encrypted data paid in Q4 2024, an all-time low at the time. (Coveware , 2025)
  • The average ransom payment was $553,959 in Q4 2024, up 16% quarter over quarter, while the median fell 45% to $110,890. (Coveware , 2025)

Phishing and social engineering

  • The global baseline Phish-Prone Percentage is 33.2% before training, so about a third of employees fail a phishing simulation. (KnowBe4 , 2025)
  • That figure falls to 4.2% after 12 months of training, an 87% relative reduction. (KnowBe4 , 2025)
  • Healthcare and pharmaceuticals is the highest-risk industry for phishing susceptibility for the second year running. (KnowBe4 , 2025)
  • Organizations with 10,000+ employees start nearly 15 points more phishing-susceptible than businesses under 250 people. (KnowBe4 , 2025)
  • Voice phishing (vishing) attacks rose 442% between the first and second half of 2024. (CrowdStrike , 2025)
  • Roughly 60% of confirmed breaches involved a human element: error, manipulation or misuse. (Verizon DBIR , 2025)
  • 22% of breaches began with credential abuse and 16% with phishing, the two leading social starting points. (Verizon DBIR , 2025)
  • 15% of employees routinely access generative AI on corporate devices, and 72% of those used a personal email account to do so. (Verizon DBIR , 2025)

Attack vectors and credentials

  • Stolen or compromised credentials were the top initial access vector, used in 22% of breaches. (Verizon DBIR , 2025)
  • Exploitation of vulnerabilities as an access vector jumped 34%, now present in 20% of breaches. (Verizon DBIR , 2025)
  • Techniques to bypass MFA appeared in 4% of the breach dataset, including adversary-in-the-middle, token theft and SIM swap. (Verizon DBIR , 2025)
  • Exploits were the top initial infection vector in incident-response cases at 33%, with stolen credentials reaching second place for the first time. (Mandiant M-Trends , 2025)
  • 79% of detections were malware-free, reflecting the shift to valid-account and identity-based intrusion. (CrowdStrike , 2025)
  • Access-broker ads selling stolen credentials surged 50% year over year. (CrowdStrike , 2025)
  • CISA’s Known Exploited Vulnerabilities catalog grew by 245 entries in 2025, a roughly 20% jump, with 24 additions tied to active ransomware. (CISA , 2025)

AI in attacks and defense

  • 13% of organizations confirmed a breach of an AI model or application, with another 8% unsure, and 97% of those breached lacked proper AI access controls. (IBM , 2025)
  • 60% of AI-related security incidents resulted in compromised data, and 31% caused operational disruption. (IBM , 2025)
  • 20% of breaches were attributed to shadow AI, adding $670,000 to the average breach cost. (IBM , 2025)
  • 63% of organizations lack a mature AI governance policy or are still developing one. (IBM , 2025)
  • 78% of CISOs say AI-powered threats are having a significant impact on their organization, up 5 points year over year. (Darktrace , 2025)
  • Just over 60% of CISOs feel adequately prepared for AI-powered threats, up nearly 15 points, yet only 42% fully understand the AI already in their own security stack. (Darktrace , 2025)
  • 94% of WEF survey respondents expect AI to be the single biggest driver of cybersecurity change in 2026. (World Economic Forum , 2026)
  • Organizations actively assessing the security of their AI tools nearly doubled, from 37% to 64%. (World Economic Forum , 2026)
  • China-nexus cyber activity increased 150% across all sectors in 2024, with a 200 to 300% surge in financial services, media and manufacturing. (CrowdStrike , 2025)

Cost and impact by company size

  • Ransomware features in 88% of small and medium-sized business breaches, versus 39% for large organizations. (Verizon DBIR , 2025)
  • SMBs with 100 to 250 employees face average recovery costs of $638,536, excluding any ransom paid. (Verizon DBIR , 2025)
  • Organizations using extensive AI and automation in security saved $1.9 million on average versus those with none. (IBM , 2025)
  • AI-heavy security programs cut the breach lifecycle by 80 days. (IBM , 2025)
  • Organizations that detect their own breach internally save $900,000 versus having the attacker disclose it. (IBM , 2025)

Industry breakdowns

  • Healthcare has the highest average breach cost of any industry at $7.42 million, a position it has held for 14 consecutive years. (IBM , 2025)
  • Healthcare breaches take 279 days on average to identify and contain, well above the 241-day mean. (IBM , 2025)
  • Financial services ranks second at $5.56 million average breach cost, with industrial third at $5.00 million. (IBM , 2025)
  • 710 large healthcare breaches were reported to HHS in 2025, exposing at least 61.5 million patient records. (HIPAA Journal , 2025)
  • Financial services was 2025’s most-breached sector by compromise count, with 739 incidents, ahead of healthcare (534) and professional services (478). (Identity Theft Resource Center , 2025)
  • Manufacturing espionage-motivated breaches jumped nearly sixfold, from 3% to 20% of manufacturing breaches year over year. (Verizon DBIR , 2025)
  • Retail cyber incidents rose 15% since 2024, with attackers pivoting from card data to customer credentials. (Verizon DBIR , 2025)

Cloud and SaaS security

  • 54% of data stored in the cloud is classified as sensitive, up from 47% the year before. (Thales , 2025)
  • Only 8% of organizations encrypt 80% or more of their sensitive cloud data. (Thales , 2025)
  • 68% cite credential and secrets theft as the fastest-growing cloud attack tactic. (Thales , 2025)
  • 57% say securing cloud environments is more complex than on-premises, up from 51% the prior year. (Thales , 2025)
  • Enterprises run an average of roughly 85 SaaS applications across 2.1 public cloud providers. (Thales , 2025)
  • New and unattributed cloud intrusions increased 26% year over year in 2024. (CrowdStrike , 2025)
  • Valid-account abuse accounted for 35% of cloud incidents in H1 2024, the primary cloud initial-access tactic. (CrowdStrike , 2025)

Incident detection and response times

  • Global median attacker dwell time rose to 11 days in 2024, up from 10, the first increase since M-Trends began, though far below the 205-day median of 2014. (Mandiant M-Trends , 2025)
  • Dwell time is 26 days when an external party notifies the victim, 10 days when discovered internally, and 5 days when the attacker discloses it. (Mandiant M-Trends , 2025)
  • 45.1% of intrusions were discovered within one week, up from 43.3% the year before. (Mandiant M-Trends , 2025)
  • Average eCrime breakout time fell to 48 minutes, with the fastest observed breakout at just 51 seconds. (CrowdStrike , 2025)
  • The global mean time to identify and contain a breach fell to 241 days, a 17-day improvement and the fastest in nine years. (IBM , 2025)

Insider threats

  • The average annual cost of insider risk reached $17.4 million in 2025, up from $16.2 million in 2023. (Ponemon / DTEX , 2025)
  • Large enterprises face average annual insider-risk costs of $26.2 million. (Ponemon / DTEX , 2025)
  • Organizations spend $211,021 on containment per insider incident but only $37,756 on monitoring, a lopsided reactive ratio. (Ponemon / DTEX , 2025)
  • Incidents contained within 31 days cost $10.6 million on average, versus $18.7 million at 91+ days. (Ponemon / DTEX , 2025)
  • 65% of organizations with a formal insider-risk program caught incidents earlier than those without one. (Ponemon / DTEX , 2025)

Compliance: GDPR, HIPAA and SOC 2

  • Cumulative GDPR fines have reached roughly €6.11 billion since May 2018, across 2,685 recorded fines. (CMS Law , 2026)
  • The average GDPR fine is roughly €2.28 million across all countries and years. (CMS Law , 2026)
  • Ireland’s Data Protection Commission has issued the largest cumulative fine total, €4.04 billion, including the record €1.2 billion Meta fine. (CMS Law , 2026)
  • The largest single GDPR fine of 2025 was €530 million against TikTok, for unlawful EU-to-China data transfers. (CMS Law , 2026)
  • HHS collected $8.33 million in HIPAA penalties across 21 enforcement actions in 2025, with 76% citing a risk-analysis failure. (HIPAA Journal , 2025)
  • A SOC 2 Type II audit typically costs $30,000 to $80,000 in auditor fees, with total program cost commonly $30,000 to $350,000. (Secureframe , 2025)
  • A SOC 2 Type II engagement typically runs 5.5 to 17.5 months end to end, versus 1.5 to 3.5 months for Type I. (Secureframe , 2025)

Security spend and the skills gap

  • Worldwide end-user spending on information security was projected to total $213 billion in 2025. (Gartner , 2025)
  • 49% of breached organizations plan to increase security investment after an incident, down from 63% the prior year. (IBM , 2025)
  • 95% of security teams report at least one skills need, and 59% describe it as critical or significant, up from 44% in 2024. (ISC2 , 2025)
  • 41% of teams identify AI as their most pressing skills need, followed by cloud security at 36%. (ISC2 , 2025)
  • Only 34% of organizations say they have adequate cybersecurity staffing, while 62% report shortages. (ISC2 , 2025)
  • 36% of organizations reported security budget cuts and 24% reported layoffs in the past year. (ISC2 , 2025)
  • 63% of ransomware victims cite a lack of people or skills as a contributing cause of the attack. (Sophos , 2025)

Cybercrime and law enforcement

  • The FBI’s IC3 received 859,532 complaints reporting $16.6 billion in losses in 2024, a 33% increase over 2023. (FBI IC3 , 2025)
  • Investment fraud caused over $6.5 billion in losses, the single largest crime-type category, driven by crypto scams. (FBI IC3 , 2025)
  • Business Email Compromise caused close to $2.8 billion in reported losses in 2024. (FBI IC3 , 2025)
  • Cryptocurrency-related crime totaled $9.3 billion across nearly 150,000 complaints, up 66% from 2023. (FBI IC3 , 2025)
  • Victims over age 60 reported the highest losses of any age group, nearly $5 billion, and filed the most complaints. (FBI IC3 , 2025)
  • Global cybercrime costs are projected to reach $10.5 trillion in 2025, the most-cited and most-debated figure in security. (Cybersecurity Ventures , 2025)

What these cybersecurity statistics mean for 2026

The most useful shift in this year’s data is where the money and the risk have moved. Breach costs fell globally for the first time in five years, but only because faster, often AI-assisted, containment is offsetting rising attack volume. In the US, where penalties and litigation are heavier, the average breach still hit a record. So the headline is not that breaches got cheaper, it is that speed of response now decides the bill.

Two attacker trends matter most for anyone buying software. Credentials have replaced malware as the primary way in, which is why identity, MFA and access controls now carry more weight than endpoint tooling alone. And AI has become a two-sided line item: it saves money on defense and containment, but shadow AI and unsecured AI models are opening a fresh, expensive class of breach that most companies have no governance for yet.

For smaller teams, the SMB numbers are the ones to sit with. Ransomware is overwhelmingly a small-business event now, and a single median ransom can exceed a small company’s entire security budget. The organizations that come out ahead are the ones that detect internally and contain fast, since both of those, not the size of the security stack, are what the cost data rewards.

We keep this page current. If a figure here is out of date or you have a study we should add, tell us through our editorial standards page.

Written by

Vignesh Sampath Kumar

Topickz Editorial Team · Review methodology