181 Key Cybersecurity Statistics: Vulnerabilities, Exploits, and Their Impact for 2025

As we enter 2025, the cybersecurity statistics from 2024 and previous years reveal a critical landscape of evolving threats, from a surge in vulnerabilities to increasingly sophisticated cyber-attacks.

This blog delves into the latest cybersecurity data, exploring trends like zero-day exploits, and unpatched vulnerabilities, to help you craft a proactive strategy for 2025 cybersecurity challenges.

Cybersecurity Vulnerability Trends 2024

The steady increase in cybersecurity vulnerabilities over the years presents growing challenges for organizations striving to secure their digital assets.

1. CVE Growth in 2024: A staggering 22,254 CVEs (Common Vulnerabilities and Exposures) were reported by mid-2024, reflecting a 30% jump compared to 2023 and a 56% increase from 2022. This surge underscores the growing attack surface in network security and applications. [SC Magazine]

2. Daily Vulnerability Disclosures: By late 2024, an average of 115 CVEs were disclosed daily—a testament to the increasing complexity of modern cyber threats. Expect these numbers to rise further in 2025. [GitHub]

3. Vulnerability-based attacks surged by 124% in Q3 2024 compared to the same period in 2023. This increase is largely attributed to the growing accessibility of LLM tools like ChatGPT. [Indusface]

4. With 25% of breaches linked to stolen credentials and application vulnerabilities, the importance of securing applications becomes increasingly critical in a digital-first world.[Verizon]

5. More than 99% of technologists acknowledge that production applications contain at least four vulnerabilities. [Contrast Security]

The Weaponization of Vulnerabilities

Attackers are weaponizing vulnerabilities faster than ever, making real-time defences essential for 2025.

6. In 2024, 0.91% of all CVEs (204 out of 22,254) were weaponized—representing a 10% year-over-year increase. This trend emphasizes the need for faster cybersecurity breach detection and response. [SC Magazine]

7. Vulnerabilities like CVE-2024-5806 in Progress MOVEit Transfer were exploited within hours of disclosure. This shrinking exploitation window demands real-time cybersecurity protection measures. [Dark Reading]

8. Between November 2021 and October 2023, more than 70% of cyberattacks globally targeted the Microsoft Office Suite, making it the most exploited platform. [Statista]

9. Browser exploits ranked second, accounting for nearly 12% of attacks, while Google’s Android was exploited in about 6% of the detected incidents during this period. [Statista]

10. In 2023, 38% of intrusions began with attackers exploiting vulnerabilities, marking a 6% increase compared to the previous year. [Darkreading]

A Surge in Identified Zero-Day Vulnerabilities

Zero-day vulnerabilities—flaws exploited before patches are available—remain among the most dangerous cybersecurity threats, and their prevalence has seen a sharp rise. These cybersecurity statistics highlight the increasing risk they pose to organizations and the importance of swift response mechanisms.

11. Detection in 2024: As of October 24, 2024, AppTrana detected 2,028 zero-day vulnerabilities, averaging 225 discoveries per month. This staggering rate underscores the evolving sophistication of attackers and the urgent need for robust cybersecurity measures.[Indusface]

12. Rising Numbers in 2023: Throughout 2023, websites protected by the AppTrana WAAP (Web Application and API Protection) solution identified 3,324 zero-day vulnerabilities. This marked a dramatic increase compared to previous years, reflecting the expanding digital attack surface.[Indusface]

13. Exploitation Trends: Over 50% of the most exploited vulnerabilities in 2023 were zero-days—a significant leap from 2022. These cyber trends underscore the urgency for organizations to implement proactive cyber attack prevention measures.[CISA]

14. Prolonged Exploitation Windows: What’s particularly alarming is the extended exploitation period. Zero-day vulnerabilities are not only exploited immediately after discovery but remain active threats for up to 2 years, largely due to delayed patching. This prolonged risk highlights the critical importance of timely patch management and advanced cybersecurity solutions. [SC Magazine]

Impact of Unpatched Vulnerabilities in 2024

Unpatched vulnerabilities remain a top target for cyberattacks, with 2024 cyber-threat stats and past trends showing a sharp rise in attack rates. Delayed patching and poor vulnerability management significantly increase these risks.

1. Increase in Exploitation: Indusface state of application security report 2024 revealed that attacks targeting known vulnerabilities surged by 54% compared to the previous year, showcasing the urgency for faster patching.[Indusface]

2. Ongoing Risks: According to a 2019 Ponemon Institute survey, 60% of breaches were caused by unpatched vulnerabilities, a trend that persists. [Ponemon Institute]

3. A cybersecurity statistics show that 56% of older vulnerabilities continue to be actively exploited, demonstrating the enduring threat of unpatched flaws. [businesswire]

4. Exploitation Rates on the Rise: In 2024, 14% of breaches began with vulnerability exploitation as the initial access method—nearly three times higher than last year. [Verizon]

5. MOVEit Vulnerability Impact: A notable example of unpatched vulnerability exploitation in 2023 was the MOVEit software breach. Hackers exploited a flaw in the file encryption and transfer tool to launch ransomware attacks, starting with the education sector and later targeting finance and insurance industries.

6. Slow Patch Response: The Indusface State of Application Security Report found that 32% of critical vulnerabilities remained unpatched for over 180 days in 2024, increasing exposure to cyber security risks. [Indusface]

7. Delayed Detection: According to cybersecurity breach statistics, it took 204 days on average to discover a breach in 2024, with an additional 73 days required for containment. These delays significantly increase the risk, as shown in data security breaches statistics 2024.[IBM]

8. AI-Driven Detection: Organizations using AI-powered security systems in 2024 were able to detect and contain breaches 108 days faster, saving an average of $1.76 million per breach.[IBM]

9. Faster Containment Saves Millions: Companies that contained breaches in under 200 days saved over $1 million compared to those taking longer, reinforcing the value of rapid response, as supported by security breach statistics.[IBM]

10. Virtual Patch Effectiveness: Virtual patches blocked 62% of web attacks and 71% of API attacks in 2024, offering a crucial layer of defence.[Indusface]

11. WAAP Integration Reduces Patching Time: Integration of vulnerability scanners with WAAP solutions reduced patch remediation times from months to just 3 days, accelerating response times.[Indusface]

Top CVEs 2024

High-severity vulnerabilities in popular software platforms have exposed significant cybersecurity risks in 2024. Ongoing exploitation of these flaws heightens the risk of cyberattacks and data breaches, underscoring the urgent need for timely patches.

12. Microsoft SharePoint (CVE-2024-38094)

A deserialization vulnerability in Microsoft SharePoint allows attackers to execute remote code execution (RCE) attacks, which have been actively exploited. This vulnerability is listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, highlighting the urgency for patching. The rise of cyberattack statistics like these underscores how critical it is to address vulnerabilities swiftly.

13. Grafana (CVE-2024-9264)

Over 100,000 instances of Grafana, including nearly 19,000 in the U.S., are vulnerable to exploitation via SQL Expressions. Attackers can execute commands and access restricted files even with Viewer permissions.

14. CUPS Vulnerabilities (CVE-2024-47176, CVE-2024-47076)

Multiple vulnerabilities in the Common Unix Printing System (CUPS) have exposed 300,000 devices worldwide to remote code execution attacks. The severity of these cybersecurity breach statistics emphasizes the widespread impact of cyber crime statistics 2024, particularly in Linux environments like Debian, Red Hat, and macOS.

15. Ivanti Cloud Services Appliance OS Command Injection (CVE-2024-8190)

A vulnerability in Ivanti CSA versions 4.6 Patch 518 or earlier allows attackers with admin access to execute malicious commands remotely. Disclosed in September 2024, this flaw highlights the ongoing concern of cyber attackers targeting administrative privileges.

16. Apache OFBiz Pre-Authentication RCE (CVE-2024-38856)

This pre-authentication RCE vulnerability in Apache OFBiz allows unauthenticated attackers to execute arbitrary code. The cyberattack stats show that vulnerabilities like these continue to be a major target, requiring organizations to upgrade to newer versions to mitigate risks.

17. OAuth Implementation and XSS Vulnerability

A flawed OAuth implementation exposes millions of websites to XSS attacks, continuing the trend of cybersecurity attacks statistics in the web application space. This vulnerability highlights the need for consistent data security statistics and proper security patching practices across web code.

18. ServiceNow Critical Vulnerabilities (CVE-2024-4879, CVE-2024-5217)

Threat actors exploited critical vulnerabilities in ServiceNow’s IT service management platform, leading to the exposure of over 105 ServiceNow databases. These flaws, with CVSS scores of 9.3 and 9.2, enabled data harvesting, with stolen records reportedly sold on forums for $5,000.

19. Authentication Bypass in Apache OFBiz (CVE-2023-51467)

A follow-up vulnerability to CVE-2023-49070 was identified in Apache OFBiz, leaving systems susceptible to authentication bypass despite a previous patch. This highlights the importance of thoroughly addressing root causes when remediating vulnerabilities.

20. XSS Flaw in LiteSpeed Cache WordPress Plug-in

A critical XSS vulnerability in the LiteSpeed Cache plug-in for WordPress, installed over six million times, was disclosed in July 2024. This flaw enables unauthenticated attackers to escalate privileges, steal sensitive data, and inject malicious code into WordPress sites via a single HTTP request.

21. GOAnywhere MFT Breach (CVE-2024-0204)

A critical vulnerability in Fortra’s GOAnywhere Managed File Transfer (MFT) software allowed attackers to create admin accounts, gaining full system control. All versions before 7.4.1 were affected, exposing organizations to data breaches.

22. MOVEit MFT Breach

The CLOP ransomware gang exploited a vulnerability in MOVEit, a managed file transfer application, exposing 77 million records from over 2,600 organizations. Damages exceeded $12 billion, impacting organizations like the U.S. Department of Energy and Louisiana’s Office of Motor Vehicles.

23. Black Basta’s Privilege Escalation (CVE-2024-26169)

Exploited by the Black Basta ransomware group, this vulnerability enabled privilege escalation on unpatched systems. Despite being patched in March 2024, slow updates left systems exposed to attacks.

24. TellYouThePass Ransomware Campaign (CVE-2024-4577)

A PHP vulnerability targeting Windows servers with default XAMPP stack configurations allowed the TellYouThePass ransomware campaign to infect public IPs. Victims faced ransom demands of 0.1 BTC per attack.

DDoS Attacks and Botnets Statistics 2024

DDoS attacks and botnet-driven campaigns have surged, putting businesses at serious financial and reputational risk. With the growing scale and frequency of these threats, companies must strengthen defences to avoid severe impacts.

Here’s a look at the latest DDoS and bot attack statistics reshaping cybersecurity in 2025.

1. DDoS attacks have surged by 41% in 2024, showing a marked increase in the scale and frequency of these attacks across various industries. [Indusface]

2. Botnets, particularly the Gorilla, the DDoS Botnet, have been responsible for over 300,000 cyberattacks, demonstrating the power of large-scale automated threats that can overwhelm targets, disrupt services, and evade traditional defence mechanisms.

3. Retailers are being hit harder than ever, with bot-driven attacks rising by 60% in 2024. These attacks typically aim at exploiting vulnerabilities in e-commerce platforms, often resulting in severe financial losses and damaged customer trust. [Indusface]

4. Website bot attacks surged by 60%, marking a dramatic rise in automated threats to online platforms.[Indusface]

5. APIs—a crucial backbone of modern applications—witnessed a 39% rise in bot attacks. [Indusface]

6. By the end of 2024, 9 out of 10 websites had encountered bot attacks. [Indusface]

7. 100% of healthcare site witnessed a bot attack in 2024, highlighting the critical risks to this sector. [Indusface]

8. The cost of DDoS attacks has drastically dropped, now as low as $5 per hour for renting botnet. This makes it easier for attackers to target businesses, contributing to the rising cyber-crime statistics.[G2]

9. The scale of DDoS attacks has increased, with some surpassing 71 million requests per second. This makes defending against such attacks even more challenging for companies. [Thehackernews]

10. SMBs face 198% more attacks than enterprises. [Indusface]

11. DDoS attacks are the leading threat for SMBs, with each website or app experiencing 175% more DDoS attacks than enterprise applications. [Indusface]

12. In 2023, advanced bots have doubled in prevalence, contributing to 32% of web traffic being fraudulent. [Statista]

13. SaaS and BFSI sectors are particularly vulnerable, with 10X more bot attacks in SaaS and twice as many attacks in BFSI. [Indusface]

14. DDoS attacks cost businesses up to $22,000 per minute in downtime, highlighting the severe financial impact of these cyber incidents. [Ponemon]

15. Online retailers and small businesses lose anywhere from $8,000 to $74,000 for each hour of downtime caused by a DDoS attack. This underscores the significant financial risk for businesses targeted by these campaigns.[G2]

16. The rise in DDoS attack statistics and botnet exploitation is set to continue. 58% of security leaders cite service disruption as a top challenge in managing DDoS attacks. [Indusface]

17. A notable increase in low-rate HTTP DDoS attacks driven by botnets was observed, highlighting the growing sophistication of these cyber campaigns in bypassing traditional defences. [Indusface]

18. Indusface’s State of Application Security 2024 Annual Report reveals that 40% of these DDoS attacks were successfully blocked using static URI-based rate-limiting techniques. The remaining 60% were neutralized by AppTrana WAAP’s AI-driven behavioral models. [Indusface]

19. The average duration of a DDoS attack was 68 minutes across industries in 2024, but depending on the severity, attacks can last a day or longer, further extending business disruptions.[G2]

20. In December 2022, 10.54 million IoT attacks were reported, highlighting the role of IoT devices in botnet-driven DDoS attacks.[Statista].

21. This trend continued in 2023, with IoT malware attacks rising by 400%, further increasing the risk of botnet exploitation into 2024 and beyond. Regular updates and security measures are essential to combat these vulnerabilities. [ThreatLabz]

API Security Statistics 2024

As API security becomes a focal point in modern cybersecurity, the frequency and severity of breaches highlight critical vulnerabilities across industries. Recent cyberattack statistics underscore the urgency of securing APIs against evolving threats:

1. In 2024, over 2 billion API attacks were blocked by AppTrana, reflecting a sharp increase in the number of attacks targeting APIs. [Indusface]

2. DDoS attacks against APIs surged by 94% in the year, showing an escalating risk for API security. [Indusface]

3. APIs are targeted 68% more frequently per host than websites, illustrating the growing vulnerabilities within API environments. [Indusface]

4. A buggy API on an insurance website exposed Office 365 passwords and over 50 million email records, demonstrating the catastrophic results of weak API protection.[Theregister]

5. A penetration testing revealed a vulnerable API in India that allowed access to over 650,000 sensitive messages, showcasing how easily attackers can compromise vast amounts of data.[Theregister]

6. Trello’s exposed API led to a breach impacting 15 million users, linking private email addresses to Trello accounts, posing significant risks for personal data exposure.[Bleepingcomputer]

7. Dell’s insecure API led to a breach impacting 49 million customer records, where attackers exploited the API to create fake accounts and exfiltrate data.[Bleepingcomputer]

8. 58% of companies identified data exfiltration as their top concern in API security, reflecting the growing threat of sensitive data leaks and breaches.[Traceable.ai]

9. Over 50% of companies have delayed the release of new APIs due to concerns over security, indicating widespread awareness of the risks associated with insecure API endpoints.[Okoone]

10. 46% of organizations rely on penetration testing to assess vulnerabilities in APIs before deployment, with this practice becoming critical for pre-production API security.[Research.ai]

Cyber Threat Statistics and Business Risks 2024

Cyber Threats and Trends 2024

1. Every 39 seconds, a cybersecurity breach occurs, contributing to the 2,244 daily cyberattacks that threaten businesses and individuals.[ Clark School study]

2. 30,000 websites are compromised daily – Websites have become a prime target for cybercriminals, leading to data breaches, reputational damage, and financial losses.[Forbes]

3. In 2024, cybercrime costs are projected to reach $8 trillion globally, expected to almost triple by 2027, with losses predicted to hit $24 trillion.[USAID]

4. Similarly, cybersecurity ventures predicts that by 2025, cybercrime is estimated to cost $10.5 trillion, marking a continuous upward trajectory in losses from cyber incidents.[Business Standard]

5. Ransomware damages are projected to reach $265 billion annually by 2031, a sharp increase from $42 billion in 2024.[Sprinto]

6. The cost of recovering from a ransomware attack has risen to $2.73 million, nearly $1 million higher than in 2023, reflecting the growing financial strain of cyberattacks.[Sophos]

7. According to 2023 cybersecurity statistics, 83% of data breaches were caused by external parties.[Verizon]

8. Cyberattacks in India surged by 115% in Q2 2024 compared to the same period in 2023, indicating a significant rise in cyber threats in the region. [Indusface]

9. BFSI sectors (Banking, Financial Services, and Insurance) experience 2X more attacks per site than the global average.  [Indusface]

10. Power and energy websites face four times more attacks than the average website, with an average of 1.9 million attacks per site. [Indusface]

11. On average, businesses spend $1 million on incident response.

Cyber Threats and Attack Vectors

12. Credential phishing was the most reported threat in 2023, with over 940,000 user reports. This underscores the importance of employee training and email security gateways to mitigate phishing risks.[Statista]

13. According to a Netwrix survey of 937 IT professionals worldwide, 82% of organizations identify credential stuffing as a significant threat. [ Netwrix]

14. Compromised credentials were the most common initial attack vector, responsible for 20% of breaches, with an average cost of $4.37 million per breach. [IBM]

15. Human error remains a major contributor to breaches, with users often falling for phishing emails within seconds. A recent report emphasizes this, reporting that 68% of breaches involve the human element.[Verizon]

16. In 2022, 12% of data breaches are caused by unsecured external-facing assets like servers and databases.[Blackkite]

17. In 2021, only 17% of small businesses implemented basic encryption for their data.[AdvisorSmith]

18. Alarmingly, 53% of small businesses reported having over 1,000 unencrypted sensitive folders, which exposes them to significant risk.[Security Magazine]

19. Additionally, 7 million unencrypted files are compromised daily, underscoring the ongoing vulnerabilities in data protection.[Veritas]

20. 60% of companies have 500+ passwords that never expire – Poor password management remains a significant vulnerability for organizations, exposing them to security risks.[Varonis]

21. Over 60% of financial services companies have 1,000+ sensitive files accessible to all employees – A massive internal security risk arises when sensitive files are accessible to all staff, increasing the likelihood of data breaches and insider threats. [Varonis]

22. 42% of organizations have experienced vulnerabilities leading to security incidents due to mobile devices and web applications, it’s clear that comprehensive security strategies must account for these high-risk areas.[purplesec]

Data Exposure and Security Breaches

23. Nearly 1 billion emails were exposed within a year, impacting 1 in 5 internet users globally.[AAG]

24. Exploitations of public-facing applications accounted for 26% of incidents in 2023, highlighting the critical need for securing internet-accessible applications. [IBM Security X-Force].

25. Organizations without a zero-trust model experience breach costs $1 million higher than those that implement zero-trust measures [IBM].

26. Healthcare cybersecurity spending is estimated to reach $125 billion from 2020-2025 due to the increasing sophistication of attacks on patient data.[Cybercrime Magazine]

27. The Optus data breach, which occurred in September 2022, serves as a stark reminder of the risks associated with poor data security. The breach, which compromised the personal details of 11 million customers, illustrates how even large enterprises can fall victim to cybersecurity breaches.

28. Only 69% of organizations use multi-factor authentication (MFA) for securing cloud environments, despite its proven effectiveness in enhancing security.[Netwrix]

29. The average cost of IoT attacks is $330,000 per incident, underscoring the importance of segmenting IoT devices from critical networks to contain potential breaches. [PSA Certified]

30. In 2024, the cost of cybercrime is set to skyrocket, with projections of $24 trillion in global losses by 2027. This highlights the escalating risks organizations face in the coming years.[Statista]

Key Data Breach Trends  2024

Rising Costs of Data Breaches

1. According to IBM’s 2024 report, the average cost of a data breach now stands at $4.88 million, showing a 10% rise compared to the previous year.This burden is particularly heavy for SMBs, which are less equipped to handle the financial fallout of such incidents.[IBM]

2. In 2023, the average cost of a breach was $4.45 million, representing a 15% increase over the past three years.[Business Standards]

3. The United States continues to have the highest cost of data breaches, with an average of $5.09 million in 2023.[IBM]

4. The healthcare industry incurred the highest breach costs, averaging $9.77 million between 2022-2024. This is primarily due to the value of sensitive patient data, making healthcare organizations prime targets for cybercriminals. [IBM]

5. The Cam4 breach of 2020 exposed over 10 billion records, marking it as one of the largest data leak incidents to date. This reinforces the importance of secure database management and access controls. [Statista]

Cloud and Credential Risks in Breaches

As organizations increasingly migrate to the cloud, the risk associated with misconfigured cloud environments has grown:

6. 82% of breaches in 2024 are expected to involve cloud-based data, highlighting the need for robust cloud security practices. [IBM]

7. Cloud-based services are increasingly becoming prime targets for cybercriminals. 38% of SaaS applications are under attack, with cloud-based email servers also frequently targeted. [SentinelOne]

8. In fact, 80% of organizations have observed a rise in the frequency of cloud attacks, highlighting the growing vulnerability of cloud infrastructure in today’s digital landscape. [SentinelOne]

9. Additionally, 80% of breaches involved compromised or misused privileged credentials, further underscoring the importance of controlling access and ensuring secure credentials.[Verizon]

10. A report by IBM showed that 64% of Americans would hold companies accountable for personal data losses, rather than the attackers themselves, emphasizing the reputational and financial damage companies face following breaches.[Forbes]

11. 27% of businesses experienced a public cloud security incident in 2024. [SentinelOne]

12. 79% of organizations use more than one cloud provider, and this growing complexity is leading to more misconfigurations and security vulnerabilities.[SentinelOne]

13. Cloud misconfigurations account for 23% of security incidents, according to SentinelOne.

14. A 10% increase from the previous year, 27% of businesses have faced security breaches in their public cloud infrastructure. [Netgain Technologies]

15. On average, the price of a full exploit chain for Apple iOS is estimated at $2 million, underlining the growing financial incentives for cybercriminals targeting high-value platforms and users.[Purplesec]

Impact on SMEs and Downtime Costs

16. SMEs are particularly vulnerable, with 40% of SMEs experiencing over eight hours of downtime following a cyberattack. This downtime directly contributes to financial losses, making it crucial for SMEs to invest in proactive cybersecurity measures.[CISCO]

17. In 2023, cybercriminals stole more than $2 billion in cryptocurrency by exploiting security flaws in decentralized exchanges and wallets. This underscores the need for improved security in the rapidly growing cryptocurrency sector.[therecord]

Data Breaches by Industry

Between March 2022 and February 2024, the average costs of breaches by industry were as follows: [Statista]

18. Average breach cost: $9.77 million. High due to sensitive patient data and regulatory compliance.

19. Average breach cost: $6.08 million. Driven by financial data sensitivity & regulatory scrutiny.

20. Average breach cost: $2.55 million. Lower but impactful due to loss of public trust.

21. Average breach cost across all industries: $4.88 million. Reflects various industry risks and breach responses.

22. In 2022, identity fraud impacted 15.4 million U.S. adults, resulting in losses totaling $20 billion. This highlights the widespread impact of data breaches and the increasing need for organizations to protect sensitive consumer information.[Javelin Strategy & Research]

23. The cost of recovering from a ransomware attack is now averaging $2.73 million, a nearly $1 million jump from 2023. This significant increase reflects the growing sophistication of ransomware attacks and the heavy toll they take on organizations’ finances.[Sophos]

24. Gartner predicts global IT spending will grow by 8% in 2024, reaching $5.1 trillion, with 80% of CIOs planning to increase their cybersecurity budgets. This reflects the growing recognition of the need for enhanced cybersecurity measures in the face of rising threats.[Gartner]

Major Data Breaches and Exposed Information 2024

According to recent cyberattack statistics 2024, breaches involving personal data are becoming more common, with an increasing number of data breaches targeting sensitive consumer data.

25. AT&T Data Leak (2024): A breach of AT&T’s systems exposed personal information of around 73 million customers, including social security numbers, email addresses, and other sensitive data. This breach, which occurred on the dark web, underlines the critical need for robust data protection in telecommunications.

26. IMF Email Compromise (2024): The IMF faced a cyberattack in which hackers gained access to 11 email accounts, potentially exposing sensitive communications. While no broader breach occurred, this incident underscores the vulnerability of email systems to cyberattacks.

27. BBC Cloud Storage Breach (2024): The BBC reported a breach of its cloud storage service, which compromised personal data of over 25,000 employees, including information related to pension schemes. While financial details weren’t exposed, this breach highlights vulnerabilities in cloud-based storage and the sensitive nature of employee data.

28. Dell Data Breach (2024): A cyberattack against Dell compromised the data of 49 million customers. Attackers exploited an API vulnerability, using a brute-force method to extract data, exposing the risk of overlooked security flaws in large enterprise systems.

29. National Public Data Breach (2024): Jerico Pictures Inc.’s National Public Data service fell victim to a massive cyberattack. The hacker, “Fenice,” leaked an astonishing 2.9 billion records, including personal information such as names, addresses, and Social Security Numbers stored in plain text. The breach poses severe risks for identity theft and financial crimes, leaving Jerico Pictures Inc. exposed to potential legal battles and lawsuits.

30. FBCS Breach (2024): In February 2024, U.S.-based debt collection agency Financial Business and Consumer Solutions (FBCS) suffered a data breach, exposing sensitive information of over 4 million individuals. The breach, occurring between February 14 and 26, went undetected until February 26 and was disclosed publicly in April, revealing unauthorized access to confidential consumer data.

DNS Security Statistics 2024

1. Organizations are facing 7.5 DNS attacks per year, with DNS-based attacks becoming more common. These attacks often target an organization’s DNS infrastructure, aiming to disrupt its online presence and services.[IDC Report]

2. DNS attacks lead to application outages in 82% of businesses and result in data theft in 29% of cases. This illustrates the devastating potential of DNS attacks, making DNS security a critical concern for businesses aiming to protect their digital assets.[G2]

3. DNS hijacking is a significant concern for 47% of organizations, leading to distributed denial-of-service (DDoS) attacks. This further emphasizes the threat to critical services and infrastructure, as hijacking DNS settings can cause widespread service disruptions. [G2]

In 2021, a global survey of over 1,100 organizations revealed alarming statistics: [Heimdal Security]

4. 87% of organizations reported experiencing DNS attacks.

5. The average cost per attack globally was approximately $950,000, rising to $1 million for North American organizations.

6. The trend has only worsened. By Q1 2024, there were 1.5 million DNS DDoS attacks globally—a clear indication of the escalating threat landscape.

Supply Chain and Third-Party Risks 2024

1. Supply chain security is increasingly critical, with 98% of businesses concerned about supply chain compromises. [Security Magazine]

2. Cyberattacks targeting the software supply chain are expected to cost the global economy $80.6 billion annually by 2026. [Juniper Research]

3. This category of attacks gained visibility following the SolarWinds breach in 2021, a significant incident attributed to a nation-state attack.

4. In fact, 62% of companies faced cybersecurity disruptions in their supply chains last year, according to the 2024 IT Risk and Compliance Benchmark Report.

5. In 2023, 61% of businesses experienced a breach involving a third-party vendor, a significant increase since 2021.[Prevalent]

6. Third-party incidents have far-reaching impacts: 84% cause operational disruptions, and 66% lead to financial losses, according to Gartner.

7. Resolving third-party breaches takes 12.8% more time and incurs 11.8% higher costs, with the breach lifecycle stretching to 307 days. [Prevalent]

8. Costing, on average, 40% more than internal breaches, third-party cyber incidents underscore the importance of strengthening risk management and performing ongoing evaluations of third-party systems. [Gartner]

9. Furthermore, survey respondents reported that third-party incidents also lead to reputational damage (59%).[Gartner]

10. 45% of organizations will face software supply chain attacks by 2025 – Third-party risks are on the rise, making external relationships a growing security concern. [ Gartner]

11. 54% of businesses do not properly vet third-party vendors, increasing the risk of cloud security breaches caused by third-party access.[zengrc]

Key Cybersecurity Stats on Malware & Ransomware 2024

1. 300,000 new pieces of malware created daily – Cybercriminals are continuously innovating and adapting their tactics, with new malware variants appearing each day.

2. 1.2 billion known types of malware – Including viruses, ransomware, and other malicious software, malware continues to be one of the most pervasive cybersecurity threats.[Stationx]

3. 6.06 billion malware attacks detected in 2023 – The volume of malware attacks worldwide reached record levels, reflecting the persistent and growing nature of malicious activity.[Statista]

4. Asia-Pacific region led in malware attacks in 2023 – Driven by a large number of digital platforms, the region saw the highest number of malware detections globally.[IDC]

5. 7% of organizations globally were victims of ransomware in 2023 – Ransomware continues to be one of the most disruptive and financially damaging forms of cyberattack.[Sprinto]

6. A ransomware attack costs an average of $4.54 million (excluding ransom), underscoring the need for proactive measures like endpoint security to mitigate financial strain. [IBM]

7. Ransomware attacks will strike every 2 seconds by 2031 – The growing frequency of ransomware attacks emphasizes the urgency for businesses to adopt layered defences like firewalls, intrusion detection systems, and ransomware-specific tools. [Cybercrime Magazine]

8. 54% of healthcare IT professionals believe their organizations are vulnerable to ransomware attacks – The healthcare sector remains highly susceptible to ransomware, highlighting the need for heightened cybersecurity vigilance. [Proofpoint]

9. 98% of mobile malware targets Android devices, a figure that underscores the importance of mobile security in today’s interconnected world.

Cyber Security Statistics for Compliance 2024

Strategic Focus and Leadership in Compliance

1. 42% of legal and compliance leaders plan to strengthen their personal impact on company strategy, signalling a shift toward more proactive compliance management. [Gartner for Legal, Risk & Compliance Leaders, July 2025 Survey]

2. 40% of leaders are prioritizing improvements in third-party risk management, addressing critical vulnerabilities. [Gartner]

3. 39% of leaders aim to ensure their compliance programs can keep pace with fast-moving regulatory requirements, highlighting the growing challenge of evolving regulations. [Gartner]

4. 70% of corporate risk and compliance professionals now focus on a strategic, outcome-driven model, moving beyond the traditional “check-the-box” approach. (Thomson Reuters Risk & Compliance Survey Report, 2023)

Costs and Consequences of Noncompliance

5. The average cost of a data breach rises by $220,000 when noncompliance with regulations is a factor, significantly increasing the financial impact. [IBM’s Cost of a Data Breach Report, 2023]

6. The average breach cost for organizations with high noncompliance is $5.05 million, a 12.6% increase from the earlier average of $4.49 million. [IBM’s Cost of a Data Breach Report, 2023]

7. The average compliance cost for organizations globally is $5.47 million, with financial services facing the highest average costs of $30.9 million. [IBM’s Cost of a Data Breach Report, 2023]

8. In 2018, noncompliance led to an average business disruption cost of $5.1 million, showing the wide-reaching effects of regulatory failures.[corporatecomplianceinsights]

9. The Intercontinental Exchange was fined $10 million in 2024 for not meeting data breach reporting requirements, illustrating the importance of adhering to data protection regulations.

The Role of Technology in Compliance Management

10. Only 69% of businesses use compliance technology to streamline their programs, reducing manual effort and increasing accuracy.[safetica]

11. Companies that enable compliance technology save an average of $1.45 million in compliance costs, highlighting the financial benefits of leveraging tech tools.

12. Regular compliance audits save businesses an average of $2.86 million, emphasizing the importance of proactive compliance monitoring.

13. Despite the availability of advanced tools, 14% of businesses still rely on spreadsheets to manage IT compliance, illustrating the need for modernization.

Data Privacy and Regulatory Fines

14. The largest GDPR fine to date was €1.2 billion ($1.3 billion USD) for Meta in May 2023, showing the serious financial repercussions of noncompliance. [CNBC]

15. €1.1 billion in GDPR fines were issued between January 2021 and January 2022, reflecting growing regulatory enforcement. [DLA Piper]

16. Since GDPR enforcement began in May 2018, non-compliance with general data processing principles has accounted for the largest share of fines. By September 2024, these violations have resulted in fines exceeding €2.4 billion.[Statista]

17. Meanwhile, the FTC took action against 20 companies between August 2023 and August 2024 for data privacy and security breaches, including a recent case against Verkada for mishandling personal data and violating the CAN-SPAM Act. These actions highlight the increasing focus on data protection compliance.

18. 94% of customers avoid brands that mishandle their personal data, making data privacy a key factor in maintaining customer loyalty.[CISCO]

19. 82% of businesses consider ISO certifications like ISO 27001 and ISO 27701 critical for securing client trust and reinforcing their commitment to compliance. [Cisco]

Legal and Consumer Privacy Protection

20. The CCPA protects $12 billion in personal information annually, ensuring both compliance and consumer trust.

21. 9% of businesses use compliance solutions to adhere to data privacy laws like GDPR and CCPA, ensuring they stay within legal boundaries.

22. 7% of companies have updated their privacy policies to meet GDPR and other regulations, with 80% making multiple updates over the past year.[Legaljobs]

Key Cybersecurity Adoption Rates 2024

1. Zero Trust approach, which assumes no trust by default, has proven effective, saving $1.76 million per breach on average.

2. In 2023, 47% of organizations began leveraging Artificial Intelligence (AI) for cyber risk detection and mitigation, demonstrating AI’s increasing role in safeguarding digital infrastructure.[PWC]

3. As more businesses adopt multi-cloud strategies, Cloud Web Application and API Protection (WAAP) services are rapidly replacing traditional WAAP tools. By 2024, 70% of organizations are expected to rely on these services to protect their production environments from cyber attacks.[Gartner]

4. By 2026, over 40% of organizations with consumer-facing applications will rely on specialized providers for additional anomaly detection technology, up from less than 10% in 2022.[Gartner]

In conclusion, the cybersecurity landscape in 2024 shows a significant rise in attacks, particularly DDoS and exploitation of open vulnerabilities. As you face heightened risks, it’s crucial to prioritize strong security measures, including proactive vulnerability management and advanced threat detection. By staying informed about these cyber trends and investing in the right security solutions, you can better protect your organization from evolving cyber threats and safeguard your digital assets.

Stay tuned for more relevant and interesting security articles. Follow Indusface on Facebook, Twitter, and LinkedIn.