Cybersecurity
statistics and insights

Explore key cybersecurity insights and statistics for 2025 and 2026

Cybercrime dashboard showing rising data leaks and security trends next to a lock icon representing security.

Data sources and compilation methods

Cybersecurity statistics on this page are based on publicly reported and media-covered incidents from global sources, including breach disclosures, law-enforcement complaints, and industry research. These figures are intended to highlight reported cybersecurity trends rather than represent the full scale of global cybercrime.

A full explanation of methodology, scope, sources, and limitations is available on the dedicated “Methodology and sources” page.

What is Cybersecurity?

Man reviewing cybersecurity data on a tablet, analyzing digital risk or breach reports in an office setting.

Methodology for NordVPN’s analysis on cybersecurity statistics

Explore Methodology

Methodology for NordVPN’s analysis on cybersecurity statistics

Explore Methodology

Chart comparing projected global cybercrime costs: $10.29T in 2025 rising to $16T in 2029.

Cybersecurity overview of 2025

Cybersecurity in 2025 is marked by persistent ransomware operations, large-scale data breaches, and ongoing fraud and credential theft affecting organizations and individuals worldwide. Public reporting this year continues to document thousands of confirmed incidents across sectors, reflecting the steady pace of digital threats. Long-term economic models project that the global cost of cybercrime could approach $16 trillion annually by 2029¹, underscoring the expanding financial impact of an increasingly connected world.

Cybersecurity data breach statistics

Data breach statistics vary depending on whether they measure public disclosures, regulatory notifications, or investigated incidents. These figures describe different parts of the breach lifecycle. The following statistics outline breach frequency and scale.

How often do data breaches happen?

In 2025 alone, our analysis captured approximately 8,500 distinct data breach incidents. The Identity Theft Resource Center (ITRC) reported² 2,563 publicly disclosed data compromises through the first three quarters of the year. By comparison, publicly available breach data revealed approximately 2,900 unique events in Q3 alone.

During H1 2025, 96.9% of breach incidents involved confirmed or suspected cyberattacks. The ITRC reports³ a lower number of 77.8% in H1 2025, and those attack-driven incidents alone exposed 114,582,621 individuals, or about 69% of all victims in that period.

Graph showing that 8,500 distinct global data breach incidents were recorded in
2025.

Major data breaches of 2025

SK Telecom

South Korea – Telecom

Date: April 18, 2025

Affected: ~26.96 million IMSI records

South Korea’s Ministry of Science and ICT reported⁶ that SK Telecom detected unusually large outbound traffic on April 18, 2025, triggering a government-led joint investigation. The final findings state that 25 categories of USIM data totaling 9.82 GB — about 26.96 million IMSI records.

Aflac

US – Insurance

Date: June 12, 2025

Affected: 22.65 million individuals

According to Aflac’s regulatory disclosures and subsequent reporting^7-14, the company detected a cyberattack on June 12, 2025, in which a threat actor used social engineering to gain unauthorized access to multiple systems within its U.S. business, exposing sensitive personal and health information — including names, Social Security numbers, government-issued identification numbers, and medical and insurance data — belonging to approximately 22.65 million individuals globally.

Qantas

Australia – Airline

Date: June, 2025

Affected: 5.7 million impacted customers

According to the Office of the Australian Information Commissioner (OAIC)^15-17, Qantas has notified the regulator of an eligible data breach under the Notifiable Data Breaches scheme following a cyber incident, and the OAIC is engaging with Qantas regarding its compliance with statutory obligations. Qantas has reported that its investigation identified data relating to approximately 5.7 million unique customers in the affected system, with the type of information exposed varying by individual.

TransUnion

US – Credit bureau

Date: July, 2025

Affected: More than 4.4 million people

A Michigan Attorney General press release¹⁸ describes a July 2025 TransUnion cyber incident involving unauthorized access through a third-party application that affected more than 4.4 million people. The same notice says exposed data included names, Social Security numbers, and dates of birth, while noting TransUnion’s position that credit information was not accessed and that impacted individuals would be notified by mail.

Allianz

US – Insurance

Date: July, 2025

Affected: 1.4 million U.S. customers

According to mandatory data breach notification filings submitted to U.S. state authorities, including the Office of the Maine Attorney General¹⁹, Allianz Life Insurance Company of North America reported²⁰ that a cyber incident in July 2025 involved unauthorized access to a third-party, cloud-based customer relationship management (CRM) system. The regulatory filings state that the incident resulted in the exposure of personal information relating to the majority of Allianz Life’s approximately 1.4 million U.S. customers, as well as certain financial professionals and employees.

Cybersecurity attack statistics

Cybersecurity attack statistics reveal the true scale of digital threats facing individuals, businesses, and governments worldwide. While vendor telemetry and national cyber agencies report hundreds of millions — even billions — of attempted attacks each year, only a fraction of these incidents surface in public reporting.

In 2025, our research captured that cybersecurity attack events occurred approximately every 14 minutes, with around 85 distinct cybersecurity attack events per day. This includes all attack types — data breaches, ransomware, social engineering, malware, DDoS, and others.

The biggest cybersecurity attacks

NotPetya

~$10 billion

The 2017 NotPetya malware outbreak is still widely considered the most expensive cyberattack in history, with multiple analyses²³ estimating global losses of around $10 billion across affected organizations.

UnitedHealth

~$2.87 billion

UnitedHealth now estimates²⁴ that the 2024 Change Healthcare ransomware incident may cost about $2.87 billion in total – one of the costliest single-company cyberattacks ever recorded.

Jaguar Land Rover

~$2.3 billion

Analysts estimate²⁵ that the 2025 cyberattack on Jaguar Land Rover has cost the UK economy around £1.9 billion (≈$2.3B), affecting thousands of suppliers and making it the most economically damaging cyber incident in UK history.

MGM Resorts

~$100 million

MGM Resorts disclosed²⁶ that the 2023 ransomware attack is expected to cost it more than $100 million in lost earnings and remediation costs. 

Caesars Entertainment

$15 million

In the same sector, Caesars Entertainment reportedly²⁷ paid a $15 million ransom (down from a $30 million demand) in 2023 to avoid prolonged disruption, underscoring the size of payouts in high-value industries.

Top cybersecurity threats and risks

The top cybersecurity threats include ransomware, phishing, credential theft, malware deployment, supply chain compromise, and cloud misconfigurations. These threat categories collectively accounted for 93% of all cyberattacks recorded by our analysis in 2025.

Ransomware

Ransomware was one of the most dominant cyber threats in 2025, accounting for 26% of all cyber threat events in 2025 — that’s one in every four incidents. A total of 4,850 distinct ransomware incidents were recorded by our analysis, meaning a ransomware attack occurred roughly every two hours throughout the year.

Nord Security:
A broader approach to online security

The data throughout this report shows that most cyber incidents follow familiar paths — vulnerable networks, stolen credentials, exposed data, and limited visibility once something goes wrong. Nord Security develops tools that address many of these risks at different stages, from prevention to detection and response.

Protect everyday connections

NordVPN protects your online activity with encrypted connections, advanced threat blocking through Threat Protection Pro™, and dark web monitoring that alerts you if your credentials are exposed.

Control remote access

NordLayer helps organizations manage secure access for remote and hybrid teams, limiting unnecessary network exposure which reduces the impact of compromised devices.

Reduce password risk

NordPass is a password manager that helps people create and store strong, unique passwords, lowering the risk of account takeovers caused by phishing, password reuse, and credential leaks.

Keep sensitive files private

NordLocker encrypts files stored locally and in the cloud, helping ensure that sensitive information stays protected even if systems or accounts are breached.

Track external threats

NordStellar is a threat intelligence platform for organizations. It tracks leaked credentials, exposed assets, and third-party risks beyond the internal network perimeter.

Watch for identity exposure

NordProtect is an identity protection service that monitors for signs that personal information may be circulating in high-risk environments, supporting faster response to fraud or misuse.

Stay connected securely while traveling

Saily is an eSIM mobile data service that provides internet access abroad without relying on public Wi-Fi or local SIM cards.

Unify AI models under one platform

Nexos.ai is an AI orchestration and governance platform for organizations. It centralizes access to multiple AI models in one secure workspace, adding visibility, control, and guardrails to help teams scale AI responsibly.

Cybercrime statistics

Cybercrime has become one of the most pervasive forms of economic crime worldwide, affecting consumers, businesses, and governments at unprecedented scale. Fraud, identity theft, and digital scams now account for millions of reported incidents each year, with losses ranging from individual account takeovers to systemic impacts measured in billions of dollars.

According to NordVPN’s cybersecurity statistics analysis, reported cybercrime losses reached $54–58 billion in 2025. Globally, however, it is reported^42-44 that the cost of cybercrime is estimated to be about 15.6 trillion annually in 2029, with projections indicating it could increase to $12.2 trillion by 2031.

Furthermore, our analysis based on publicly available data of incidents where financial impact was disclosed shows that 79.7% of cybercrimes result in damages exceeding $1 million, with 27.2% escalating to severe costs of $10 million or more.

Our analysis of cybersecurity statistics for 2025 indicate that online fraud accounts for 14.5% of total coverage, with identity theft representing 4.8%. This trend of crime shifting online is also reflected in the 6.47 million reports logged by the U.S. Federal Trade Commission’s Consumer Sentinel Network in 2024⁴⁵, where 40% were related to fraud and 18% to identity theft.

In our analysis, credit card fraud appears in 8.3% of identity theft coverage globally, whereas in 2024, the FTC⁴⁵ reported that in the U.S credit card fraud accounted for 43.9% of all identity theft reports, with another 32.4% tied to online shopping, payment fraud, and email/social-media account compromise.

The primary classifications of cybersecurity incidents show that social engineering accounted for 34.8% of incidents, followed by ransomware attacks at 25.6%, and credential theft at 13.4%.

When examining the technical attack vectors (how attacks were executed), malware deployment was the most frequent, making up 33% of incidents. Phishing followed closely at 32.6%, and the use of stolen credentials represented 13.8% of attacks.

Cybersecurity statistics by industry

Cybersecurity risk varies sharply by industry, shaped by differences in data sensitivity, operational complexity, regulatory pressure, and attacker incentives. Sectors such as healthcare and finance face persistent exposure due to the value of personal and financial data, while retail, energy, government, and small businesses contend with a mix of high attack volume, uneven security maturity, and cascading supply chain effects.

Financial services and banking breach statistics

NordVPN’s analysis of publicly disclosed data shows that financial sector breach incidents made up ≈20.7% of all reported breaches, which is roughly 148 finance breach incidents per month. External reports⁴⁷ confirm this figure and also state that finance accounts for roughly one-fifth of global breach notifications, according to multi-sector breach outlooks.

Line graph showing that the finance sector averages about 148 breach incidents per month.

The average cost of a data breach in finance is reported⁴⁸ to be about $6.08 million, roughly 22% higher than the global mean cost.

In 2024, the Global Survey of Identity and Security Leaders⁴⁹ reported that 46% of financial institutions suffered a data breach in the past 24 months, making breach experience almost a coin flip over a two-year period.

Cybersecurity spending statistics

Graphic showing that organizations spent over $6 billion globally on breach aftermath costs.

Our analysis reveals organizations collectively spending $6+ billion in breach aftermath costs in 2025, versus one proactive investment announcement.

SK Telecom: 2.3 trillion won (~$1.7B) compensation
Capital One: $425M settlement
AT&T: $177M settlement
PSNI: £119M ($150M) compensation fund
Infosys McCamish: $17.5M settlement

A 2025 review of a global survey⁵⁹ notes that 93% of organizations increased their cybersecurity budgets by at least 10%, yet about 70% still rate their overall cyber readiness as “beginner” or “formative.”

A longitudinal survey by IANS and Artico Search⁶⁰ shows that security accounted for 13.2% of total tech budgets in 2024, up from 8.6% in 2020, reflecting a clear shift toward security-first spending.

It is estimated⁶¹ that the global cyber insurance market will reach about $16.3 billion in 2025 and more than double by 2030 with a >10% annual growth rate.

Cybersecurity predictions

Cybersecurity predictions point to a future shaped by acceleration rather than entirely new threat categories. Artificial intelligence is compressing the time between discovery and exploitation, automation is increasing attack scale, and long-term risks — from ransomware economics to cryptographic obsolescence — are becoming more predictable even as they grow more complex.

It is predicted²⁸ that global ransomware damage costs will reach roughly $265–$275 billion per year by 2031, with a ransomware attack on a business or consumer every 2 seconds (≈43,200 per day).

According to our analysis, coverage patterns, AI-enabled attacks are on a continuous rise, having already reached a "default" status in 2025. Looking ahead, Google Cloud’s Cybersecurity Forecast 2026⁶⁷ predicts that by 2026, AI-enabled attacks will become “the new normal.”

Google’s 2026 forecast⁶⁷ also stresses that security teams that successfully adopt AI agents for triage and investigation will be better able to cope with AI-accelerated threats, while organizations that stick with manual SOC processes risk being overwhelmed by alert volume and speed.

A 2025 study⁶⁸ finds that 29% of organizations have already experienced attacks on their AI application infrastructure, and forecasts a steep rise in GenAI-powered deepfakes and prompt injection attacks through 2026 and beyond.

Another external forecast⁶⁹ states that in 2026 AI-driven cyber defense will become a core capability, as organizations adopt LLM-based analytics and automated playbooks to cut detection and response times from hours to seconds.

ENISA’s Threat Landscape 2024⁷⁰, which identifies threats against availability, ransomware and data theft as top categories, expects attacks on critical infrastructure, satellites and supply chains to remain priority risks for at least the next 5–10 years as digital interdependencies grow.

Explore NordVPN cybersecurity resources and tools

Cybersecurity insights and statistics show what is happening. Understanding why it happens — and how attackers adapt — requires context, research, and ongoing analysis. NordVPN’s cybersecurity resources are designed to help bridge that gap, combining expert research with practical guidance for staying safer online.

Research lab

In-depth research, investigations, and technical analysis produced by NordVPN.

Blog

Regularly updated articles with cybersecurity tips, industry news, and expert insights.

Glossary

Clear definitions of cybersecurity terms used across this report and in public breach disclosures.

Infographics

Visual explanations of cybersecurity trends and statistics, designed to make complex data easier to interpret.

Ask an expert

Expert commentary and discussions on current cybersecurity issues.

Free online security tools

Tools that help assess exposure, identify common risks, and take steps toward improving security.

Explore the Cybersecurity Hub

Cybersecurity
statistics and insights

Data sources and compilation methods

Cybersecurity overview of 2025