71% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months.

96% of organizations plan to upgrade their IT infrastructure.

FTF (funds transfer fraud) claims severity decreased by 46% YoY. This sharp decline followed an all-time high in 2023.

Corero customers experienced an average of 11 DDoS attacks per day in 2024. This represents a 5% year-over-year increase.

Pentesting accounts for 11% of the total IT security budgets of U.S. enterprises.

The Black Basta variant had the highest average ransom demand at $4 million.

The average ransom demand in 2024 was $1.1 million.

14.5 million compromised credit cards listed on underground markets in 2024. This represents a 20% increase over 2023

There was a 43% increase in data breach data shared on underground forums in 2024.

The percentage of DDoS attacks in the 1-5Gbps range fell from 19.4% of all attacks in 2019 to just 12.4% in 2024.

67% of enterprises reported a breach in the past 24 months.

44% of cyber insurance policyholders that experienced a ransomware incident opted to pay the ransom when deemed reasonable and necessary.

Cyber insurance claims frequency decreased by 7% year-over-year (YoY).

86% of organizations have experienced AI-related security incidents in the last year.

March 2025 held the highest volume of public ransomware cases of all time.

U.S. enterprises allocate an average of $187,000 annually to pentesting.

Extortion (including ransomware) was the primary cause of cyber losses, accounting for 28% of claims.

Despite the decline from 2023, ransomware claims in 2024 remained approximately double the totals recorded for 2020, 2021, and 2022.

Ransom demands from threat actors decreased by 22% year-over-year (YoY) in 2024.

50% of CISOs identify software-based testing as a primary method for uncovering exploitable security gaps within their organizations.