Lateral Movement
Cybersecurity statistics about lateral movement
Related Topics
Showing 1-15 of 15 results
80% of enterprise servers are reachable from anywhere inside the network, creating greenfield conditions for ransomware, operational disruption, and full-environment compromise.
6.5% of the 832 malicious accounts banned between March 2025 and March 2026 used AI to assist with lateral movement.
Nearly half of healthcare and manufacturing security leaders experienced a lateral movement attack in the past year.
57% of healthcare and manufacturing security leaders rank microsegmentation as their top initiative to stop lateral movement.
52% of healthcare leaders cite lack of continuous monitoring for lateral movement and segmentation failures as a critical or significant limitation.
37.5% of organizations report Lateral Movement
Threat actors utilizing AI and automation tools can achieve lateral movement within an organization in as little as 4 minutes, 85% faster than the previous year.
On average, lateral movement within an organization takes 34 minutes, 29% quicker than the 48 minutes recorded in 2024.
96% of incidents involving lateral movement end with the release of ransomware.
67% of security leaders lack visibility into access behaviour and lateral movement.
76% of organizations have at least one public-facing asset that enables lateral movement.
47% say that a challenge in securing and managing hybrid cloud is the lack of comprehensive insight and visibility across their environments, including lateral movement in East-West traffic.
For Lateral Movement, the most observed technique by DirectDefense is Valid Accounts, using stolen credentials to escalate privileges. Alerts triggered for Lateral Movement include: Lateral Movement – Local Credentials.
DirectDefense mapped alerts to the MITRE ATT&CK® framework to identify the top five tactics. The top five tactics identified are: Initial Access, Persistence, Lateral Movement, Execution, and Credential Access.
96% of attackers targeting energy and utilities sector relied on remote services to move laterally.