VendorsMandiant
Mandiant
Cybersecurity reports and statistics published by Mandiant
8 categories2 reports
Research Reports
Reports and publications from Mandiant
Recent Statistics & Reports
BRICKSTORM achieved dwell times of nearly 400 days.
5/27/2026•
BRICKSTORMMalwareDwell Time
Median dwell time for cyber espionage incidents and North Korean IT worker incidents was 122 days.
5/27/2026•
Cyber EspionageThreat ActorsDwell Time
Exploits remained the most common initial infection vector for the sixth consecutive year, accounting for 32% of intrusions.
5/27/2026•
ExploitsInitial Infection VectorIntrusion
Global median dwell time was 14 days, up from 11 days.
5/27/2026•
Dwell Time
Prior compromise accounted for 10% of initial infection vectors globally, ranking third-most common.
5/27/2026•
Prior CompromiseInitial AccessInfection Vector
Prior compromise was the top initial infection vector in ransomware operations at 30%, up from 15% in 2024.
5/27/2026•
RansomwarePrior CompromiseInitial Access
Highly interactive voice phishing accounted for 11% of intrusions, making it the second-most common initial infection vector.
5/27/2026•
Voice PhishingInitial Infection Vector
The high tech sector accounted for 17% of incidents.
5/27/2026•
High TechIndustry Targeting
The financial sector accounted for 14.6% of incidents.
5/27/2026•
Financial Servicesindustry Targering
Organizations first detected evidence of malicious activity internally 52% of the time in 2025, up from 43% in 2024.
5/27/2026•
DetectionIncident Response
Median time between initial access and hand-off to a secondary threat group was 22 seconds in 2025, down from more than 8 hours in 2022.
5/27/2026•
Cybercrime EcosystemInitial Access
Email phishing accounted for 6% of intrusions in 2025.
5/27/2026•
Email PhishingIntrusion
Mean time to exploit vulnerabilities was -7 days, indicating exploitation routinely occurs before patches are released.
5/27/2026•
Vulnerability ExploitationZero-Day
Financial (17.4%) was the #1 targeted industry.
4/24/2025•
FinancialSecurity incident
Exploits continue to be the most common initial infection vector (33%).
4/24/2025•
Initial infection vectorExploits
High tech (10.6%) was the 3rd most targeted industry.
4/24/2025•
High techSecurity incident
8% of threat groups were motivated by espionage.
4/24/2025•
Threat groupEspionage
55% of threat groups active in 2024 were financially motivated, showing a steady increase.
4/24/2025•
Threat group
Global median dwell time was 5 days when adversaries notified (notably in ransomware cases).
4/24/2025•
Dwell timeSecurity incidentRansomware
High tech (10.6%) was the 3rd most targeted industry.
4/24/2025•
High techSecurity incident
Showing 1-20 of 28 results