DPRK-linked incidents rose by more than 130%.

PRESSURE CHOLLIMA stole $1.46 billion in cryptocurrency, the largest single financial heist ever reported.

Average eCrime breakout time fell to 29 minutes in 2025.

The fastest observed eCrime breakout occured in 27 seconds.

42% of vulnerabilities were exploited before public disclosure.

Average eCrime breakout time of 29 minutes was 65% faster than in 2024.

In one intrusion, data exfiltration began within four minutes of initial access.

State-nexus threat actors increased targeting of cloud environments for intelligence collection by 266%.

Attacks that begin with exploitation of public-facing applications increased by 44%, largely driven by missing authentication controls and AI-enabled vulnerability discovery.

Active ransomware and extortion groups increased by 49% year over year.

Vulnerability exploitation accounted for 40% of incidents observed by IBM X‑Force in 2025.

Manufacturing accounted for 27.7% of incidents observed by IBM X‑Force.

North America accounted for 29% of total cases observed by IBM X‑Force.

Manufacturing is the top targeted sector for the fifth consecutive year.

North America became the most-attacked region for the first time in 6 years.

42% of services rely on libraries that are no longer actively maintained

40% of SMBs say an attack costing $100,000 or less could put them out of business.

Registered software vulnerabilities rose 20% in 2025.

Docker environments accounted for 54.3% of honeypot targeting when measured by unique malicious IP addresses.

Total venture capital invested in 2025 approaches $150 billion.