Ransomware vs Data Breach

70% of global ransomware activity targets English-speaking countries.

In the second half of 2025, 40% of all ransomware attacks targeted US-based companies.

In the second half of 2025, ransomware attacks against Canada and the UK accounted for a combined 30% of attacks.

Scattered Spider accounted for 42.9% of all actor-related alerts in the second half of 2025.

44% of attacks in the Automotive and Smart Mobility ecosystem are ransomware-related, more than double the volume in 2024.

90% of ransomware incidents exploit firewalls through a CVE or a vulnerable account.

The fastest ransomware case observed, involving Akira ransomware, takes just three hours from breach to encryption.

96% of incidents involving lateral movement end with the release of ransomware.

Ransomware attacks against industrial organizations increased 64% year-over-year.

Organizations with comprehensive OT visibility detect and contain OT ransomware incidents in an average of 5 days, compared to the industry-wide average of 42 days.

The average dwell time for ransomware in OT environments is 42 days.

Manufacturing accounts for more than two-thirds of all ransomware victims.

The number of ransomware groups targeting industrial organizations increased 49% year-over-year to 119 groups, collectively impacting 3,300 organizations globally.

In 2025, 55% of Chief Information Security Officers (CISOs) in the US and UK reported that their organization experienced a cyberattack, ransomware infection, compromise, or data breach that rendered mobile, remote, or hybrid endpoint devices inoperable.

In 2025, 61% of CISOs indicated that their organization’s board and C-suite expect the cybersecurity group to guarantee zero breaches and ransomware incidents.

68% of incidents in the Automotive and Smart Mobility involve data and privacy breaches.

The fastest ransomware case observed, involving Akira ransomware, takes just three hours from breach to encryption.

In 2025 breach data, AI platforms and tooling accounted for 15% of API-related breaches, tying software as the largest category in the dataset.

Organizations that use an integrated, automated approach to risk management report a 27% breach rate in 2025.

58% of organizations that experienced a breach anticipate spending more time on IT risk management and compliance in 2026.

Organizations that manage risk ad hoc or only after a negative event report a 50% breach rate in 2025.

75% of consumers who experienced a data breach changed their behavior, compared to 36% of consumers who have not experienced a data breach.

Company breaches are the leading cause of consumer data exposure at 30%.

57% of consumers say their personal information has been compromised at least once.

The Identity Theft Resource Center tracks 3,322 data compromises in 2025 (2025)

The number of victim notices in 2025 is 278,827,933, a decrease of 79 percentage points from 2024 (1,367,117,021) (2025)

The number of data compromises in 2025 (3,322) increases by five percentage points compared to 2024 (3,152) (2025)

Data compromises in 2025 represent a 79 percent jump over five years (2025)

Seventy percent (2,324) of data breach notices in 2025 do not include attack information, compared to 65 percent (2,049) in 2024 and 45 percent (1,449) in 2023 (2023–2025)

The number of victim notices in 2025 (278,827,933) is the lowest number of victim notices since 2014 and the lowest number since the last U.S. state and territories adopted data breach laws in 2018 (2025)