In 2023, 88.9% of backups were not affected by ransomware.

In 16% of large ransomware claims, attackers leveraged compromised or weak credentials to gain entry.

Between 2019 and 2023, retail experienced large losses primarily from ransomware (50.0%), followed by other causes (30.0%) and data breaches (20.0%).

In 2019, victims paid on average 56.9% of the initial ransom demand.

Before 2023, 62.8% of backups were affected by ransomware.

Backbone DDoS attacks (targeting Internet service provider or data center infrastructure) increased by 143% compared to the first half of 2024.

Before 2023, 37.2% of backups were not affected by ransomware.

Attack success rates demonstrate that 40% to 50% of systems are still inadequately protected against politically motivated attack tactics.

Targeted sectors by DDoS attack in the first half of 2025: Defense (23% - an increase of 14%), retail & e-commerce (18% - an increase of 8%), logistics & transport (15% - an increase of 9%), public sector (11%), education (9%), finance (6%), healthcare (5%), telco (5%), technology, IT, Internet (4%), and other (4%).

In 2023, organizations took an average of 32 days to restore operations after a ransomware attack.

In 2023, only 11.1% of backups were affected by ransomware.

For data breach cases where the attacker was detected by internal IT staff or an outsourced cybersecurity provider (OCP), it took an average of 61 days to notice the attacker prior 2019.

11% of organizations actively pursuing CMMC 2.0 certification are in Europe.

7% of organizations actively pursuing CMMC 2.0 certification are in Middle East/Africa.

The average duration business operations were affected by ransomware in professional services was 85 days.

Businesses typically required around two full months to restore operations following a ransomware attack.

37.2% of large losses came from other causes, 16.0% from data breaches, and 46.6% from ransomware. While other causes ticked up, ransomware continued to generate nearly half of the most expensive claims.

In 66.0% of data breach cases since 2019, the company’s own IT team or outsourced service providers discovered the attack.

Across all data breach cases combined, the average time to notice an attacker was 90 days prior 2019.

One observed Layer 7 DDoS attack used around 20,000 legitimate HTTP requests per minute to disrupt sensitive areas. This is compared to 200 million packets per second for brute force attacks, indicating that precision can be more dangerous if unnoticed.