Barracuda

90% of ransomware incidents exploit firewalls through a CVE or a vulnerable account.

The fastest ransomware case observed, involving Akira ransomware, takes just three hours from breach to encryption.

11% of detected vulnerabilities have a known exploit.

The most widely detected vulnerability is CVE-2013-2566, which dates to 2013.

66% of incidents involve the supply chain or a third party, up from 45% in 2024.

96% of incidents involving lateral movement end with the release of ransomware.

In 2025, attacks bypassing multifactor authentication (MFA) were reported in 48% of phishing attacks.

In 2025, malicious QR codes were observed in 19% of phishing attacks.

In 2025, obfuscations to hide URLs from detection were seen in 48% of phishing attacks.

The number of known phishing kits doubled during 2025, reaching a significant increase in active use.

In 2025, 'ClickFix' social engineering techniques were used in 1% of phishing attacks.

In 2025, 90% of high-volume phishing campaigns utilized Phishing-as-a-Service (PhaaS) kits.

In late 2025, there were 10 million Mamba 2FA phishing attacks recorded.

In 2025, malicious attachments were present in 18% of phishing attacks.

In 2025, the abuse of trusted, legitimate online platforms was noted in 10% of phishing attacks.

In 2025, the use of 'Blob URIs' was noted in 2% of phishing attacks.

In 2025, attacks leveraging generative AI were reported in 10% of phishing attacks.

In 2025, CAPTCHA was leveraged for added authenticity in 43% of phishing attacks.

In 2025, 'polymorphic' attacks that varied the email header, body, and destination were seen in 20% of phishing attacks.

78% of organizations worldwide experienced an email security breach in the previous 12 months.

41% of organizations cited brand and reputational damage as the most common consequence of an email security breach.

50% of organizations detected an email security breach within one hour.

36% of organizations lost sensitive data due to an email security breach.

25% of organizations lost customers due to an email security breach.

38% of organizations reported operational impact, including downtime and business disruption, as a consequence of an email security breach.

27% of organizations lost new business as a result of an email security breach.

47% of organizations identified advanced evasion techniques as the main obstacle to rapid incident response.

71% of organizations that experienced an email security breach were also hit with ransomware during the year.

24% of email messages overall are now malicious or unwanted spam.

Bitcoin sextortion scams account for 12% of malicious PDF attachments.

83% of malicious Microsoft documents contain QR codes designed to take users to phishing websites.

As many as 20% of organizations experienced at least one attempted or successful account takeover (ATO) incident per month.

47% of email domains do not have Domain-based Message Authentication, Reporting and Conformance (DMARC) configured to protect against unauthorized use, including spoofing and impersonation attacks.

23% of HTML email attachments are malicious, making them the most weaponized text file type detected. More than three-quarters of the malicious files detected overall were HTML files.

68% of malicious PDF attachments contain QR codes designed to take users to phishing websites.