Skip to main content
VendorsSpyCloud

SpyCloud

Cybersecurity reports and statistics published by SpyCloud

8 categories2 reports

Research Reports

Reports and publications from SpyCloud

Recent Statistics & Reports

Under holistic identity matching, the average exposure for a single consumer identity shows 229 records per customer, 52 unique usernames, 105 total usernames, 27 unique emails, 125 total emails, 227 credential pairs, and 9 unique sources.

4/8/2025
ExposureRecordsCredentials

SpyCloud recaptured 44.8 billion PII assets in 2024, a 39% increase from 32.22 billion in 2023. This included 4.4 billion full names, 2.8 billion phone numbers, 42.97 million passport & driver's license numbers (a 168% increase from 2023), 36.97 million credit card numbers, and 3.05 billion Social Security & national ID numbers

4/8/2025
PIIPersonal information

An average of 1,861 cookies were harvested per malware infection.

4/8/2025
MalwareCookies

64% of the phished records contained location data, mostly in the form of IP addresses.

4/8/2025
PhishingRecordsLocation

SpyCloud recaptured 3,562 third-party breach records in 2024. These third-party breaches amounted to 7.6+ billion breach records.

4/8/2025
BreachThird-partyRecords

142.27 million individuals had a password exposed in 2024, a 125% increase from 2023.

4/8/2025
CredentialsPasswordExposure

Endpoint Detection and Antivirus Solutions miss 66% of malware infections.

4/8/2025
EDREndpoint detectionAV

Nearly one in two corporate users were already the victim of a malware infection in 2024.

4/8/2025
Malware

In the year prior to 2024, malware was the cause of 61% of all breaches.

4/8/2025
MalwareBreaches

SpyCloud's research shows that 66% of malware infections occur on devices with endpoint security solutions installed.

4/8/2025
MalwareEndpoint protectionEndpoint

97% of the phished records SpyCloud collected in 2024 contain at least one email address.

4/8/2025
PhishingRecordsEmail address

17.3 billion cookies were siphoned by malware.

4/8/2025
MalwareCookies

SpyCloud's 2024 research reveals the staggering scale of exposed credentials circulating within the criminal underground: 3.1+ billion total passwords recaptured.

4/8/2025
CredentialsCriminal undergroundDark web

About one in every two corporate users was already the victim of an infostealer infection on a personal or corporate system in 2024.

4/8/2025
MalwareInfostealer

The average exposure for a single employee identity in 2024, under a traditional exposure model, shows 11 records per employee, 1 unique username, 1 total username, 1 unique email, 11 total emails, 7 credential pairs, and 7 unique sources (breach, malware, or phish).

4/8/2025
ExposureRecordsCredentials

There was an average of 44 exposed credentials per malware infection.

4/8/2025
MalwareCredentialsExposure

On average, a single malware infection could expose access to 10 to 25 third-party business applications.

4/8/2025
MalwareThird-partyThird-party app

By using holistic identity matching for an individual employee, the average exposure increases to 146 records per employee, 22 unique usernames, 13 total usernames, 89 unique emails, 141 total emails, 57 credential pairs, and 8 unique sources. This represents more than 12x the exposed data compared to the traditional view.

4/8/2025
ExposureRecordsCredentials

There were 2.2 billion credential pairs (username/email + password) recaptured.

4/8/2025
CredentialsCriminal undergroundDark web

74% of recaptured consumer records contain a physical or IP address.

4/8/2025
ExposureRecordsAddress

Showing 21-40 of 41 results