Business interruption was triggered as the main driver of loss in 17.5% of claims (primary 15.1%, excess 23.3%), triggered with some loss impact in 12.6%, triggered with no loss impact known in 7.3%, and not triggered in 62.6%.

In 2022, organizations took an average of 43 days to restore operations after a ransomware attack.

The challenge of data inventory accuracy affects 27% of organizations actively pursuing CMMC 2.0 certification. It ranks sixth among seven key challenges.

Targeted sectors by DDoS attacks in the first half of 2024: Finance (17%), public Sector (11%), retail & e-Commerce (10%), defense (9%), telco (8%), healthcare (7%), education (6%), media (6%), food (6%), energy (6%), logistics & transport (6%), other (10%).

In 10.2% of large ransomware claims, the attack vector was either different or unknown.

Organizations without governance tracking show 5 percentage points higher rates of low-encryption outcomes (20% vs. 15%).

Privacy & cyber security was triggered as the main driver of loss in 13.2% of claims (primary 9.4%, excess 22.2%), triggered with some loss impact in 14.6%, triggered with no loss impact known in 3.3%, and not triggered in 68.9%.

On average, businesses across all industries experienced 69 days of operational disruption due to ransomware attacks.

In 7.1% of cases prior to 2019, the hackers themselves revealed the breach.

In 10.6% of cases since 2019, the source of detection was unknown or other.

Across all data breach cases combined, the average time to notice an attacker was 45 days since 2019.

59% of mid-market firms (5,000-9,999 employees) actively pursuing CMMC 2.0 certification achieve top-tier encryption (76-100% coverage).

Only 56% of organizations have fully implemented end-to-end encryption for all sensitive data.

While 95% of organizations actively pursuing CMMC 2.0 certification track some governance tracking effectiveness metrics, only 38% have instituted comprehensive governance control and tracking systems.

Vendor compliance ranks as the second-highest challenge for the organizations actively pursuing CMMC 2.0 certification (scoring 73 out of 100).

39% of organizations actively pursuing CMMC 2.0 certification cite vendor compliance as a top concern. This is 7 percentage points higher than non-CMMC organizations.

Only 22% of organizations actively pursuing CMMC 2.0 certification implement contractual security requirements with suppliers. This is below the 27% industry average.

The longest documented DDoS attack in the first half of 2025 lasted 12,388 minutes (8 days and 14 hours).

In 2020, organizations took an average of 54 days to restore operations after a ransomware attack.

For data breach cases where the attacker was detected by internal IT staff or an outsourced cybersecurity provider (OCP), it took an average of 35 days to notice the attacker since 2019.