Skip to main content
HomeTopicsInitial Access

Initial Access

Cybersecurity statistics about initial access

Showing 1-18 of 18 results

In 2025, browser privilege escalation vulnerabilities surged 183%.

Action16/15/2026
BrowsersPrivilege Escalation

Phishing accounts for 44% of AI-assisted initial access attempts.

IRONSCALES6/6/2026
PhishingAI-Powered Attacks

Prior compromise was the top initial infection vector in ransomware operations at 30%, up from 15% in 2024.

Mandiant5/27/2026
RansomwarePrior Compromise

Median time between initial access and hand-off to a secondary threat group was 22 seconds in 2025, down from more than 8 hours in 2022.

Mandiant5/27/2026
Cybercrime Ecosystem

Prior compromise accounted for 10% of initial infection vectors globally, ranking third-most common.

Mandiant5/27/2026
Prior CompromiseInfection Vector

17% of phishing cases involved voice-based social engineering (vishing).

Google Cloud5/27/2026
PhishingVishing

Threat actors exploited identity issues to gain initial access in 83% of the incidents involving major cloud and SaaS-hosted environments.

Google Cloud5/27/2026
Identity Cloud

Initial access by threat actors using misconfiguration, which accounted for 29.4% of incidents in the first half of 2025, dropped to 21% in H2 2025.

Google Cloud5/27/2026
Misconfiguration

In one intrusion, data exfiltration began within four minutes of initial access.

CrowdStrike5/27/2026
Data Exfiltration

In the fastest cases, attackers moved from initial access to data exfiltration in 72 minutes, four times faster than the previous year.

Palo Alto Unit 422/22/2026
Data Exfiltration

Comcast Business detected 4.7 billion phishing attempts, which specifically targeted human error and poor credential hygiene.

Comcast Business10/1/2025
Cyber threatPhishing

SCATTERED SPIDER moved from initial access to encryption by deploying ransomware in under 24 hours in one observed case

CrowdStrike8/4/2025
RansomwareInitial access

The top initial access vector observed in 2024 was a tie between exploitation of public facing applications and use of valid account credentials, both representing 30% of X-Force incidence response engagements.

IBM 4/17/2025
Initial accessPublic facing application

The average time from initial access to domain control has shrunk to under two hours.

DirectDefense4/15/2025
Initial accessDomain control

For Initial Access, the most observed technique by DirectDefense is Valid Accounts, which involves leveraging stolen credentials for unauthorized access. Alerts triggered for Initial Access include: First Ingress Authentication from Country, Multiple Country Ingress Authentications, Multiple Wireless Country Authentications.

DirectDefense4/15/2025
MITRE ATT&CKInitial access

DirectDefense mapped alerts to the MITRE ATT&CK® framework to identify the top five tactics. The top five tactics identified are: Initial Access, Persistence, Lateral Movement, Execution, and Credential Access.

DirectDefense4/15/2025
MITRE ATT&CKInitial access

4 of 5 (83%) financial fraud claims began with email.

At-Bay4/10/2025
Financial fraudClaim

Email was the preferred entry vector for cybercriminals, driving 43% of claims.

At-Bay4/10/2025
EmailCyber attack