21% of ransomware incidents involved installing backdoors for persistence.

41% of successful ransomware attacks resulted in reputational harm.

16% of successful ransomware attacks involved payment pressure tactics threatening employees.

Roughly 5 times as many identity-related detections were observed in the first half of this year compared to all of 2024.

Three in five (which is 60%) of workers were able to log in to former employer accounts because the password had not been changed.

31% of ransomware victims were affected multiple times in the last 12 months.

74% of repeat ransomware victims state they are juggling too many security tools.

65% of organisations in local government were affected by ransomware.

Ransomware attackers have a one-in-three chance of payout.

67% of organisations in healthcare were affected by ransomware.

22% of successful ransomware attacks involved payment pressure tactics threatening partners, shareholders, and customers.

57% of employees input sensitive data into free-tier AI tools.

Compromised websites are the second most prevalent link delivery method, at 30%.

LM Studio is used by 0.9% of organisations.

eCrime activity represented 73% of total interactive intrusions.

FAMOUS CHOLLIMA infiltrated over 320 companies in the last 12 months, representing a 220% year-over-year increase.

In the three months ended May 2025, users of genAI platforms increased by 50%.

Ransomware rose 36% year over year.

Swedish and Norwegian targets comprise a combined 19% of BEC targets.

40% of threat actor updates in H1 2025 were attributed to state-sponsored groups.