ExtraHop

33.3% of government sector threats were attributed to DarkSide in 2024.

39.92% of manufacturing and construction organizations reported limited visibility into their entire environment.

25.6% of government sector threats were attributed to RansomHub in 2024.

29.27% of ransomware incidents involved initial access as the detected phase.

10% of organizations in the government sector experienced ransomware incidents annually.

13.4% of IT and security decision-makers indicated third-party/supply chain compromise as a common entry point for attackers.

70% of organizations reported that they paid the ransom in 2023

The percentage of organizations that never paid a ransom increased from 9% last year to 30% this year

Unnamed Fortune 50 company reported a ransom payment of $75 million

42.22% of finance organizations reported limited visibility into their entire environment.

33.3% of government sector threats were attributed to LockBit in 2024.

4.83% of organizations reported average downtime of one week after a cyber incident.

23.26% of organizations reported average downtime of 11-24 hours after a cyber incident.

5.53% of ransomware incidents involved a ransom demand as the detected phase.

37.50% of agriculture organizations reported limited visibility into their entire environment.

23.08% of government organizations reported limited visibility into their entire environment.

55% of organizations reported experiencing 11 or more hours of downtime on average after a cyber incident.

In August 2024, the Rhysida ransomware group attacked the Port of Seattle, causing systems to be offline for more than three weeks.

2.33% of organizations reported average downtime of more than a week after a cyber incident.

On average, organizations take just over 2 weeks to respond to and contain a security alert from initial detection to resolution.

At least 165 Snowflake customers were affected by the 2024 Snowflake data breach, including major technology organizations like Pure Storage and AT&T

59.2% of security and IT decision-makers in the technology sector perceive the public cloud as a significant cybersecurity risk in 2024

59% of organizations in France expressed the highest level of concern regarding risks, while 36.8% in the UAE exhibited the lowest level of concern.

23.1% of government sector threats were attributed to Volt Typhoon in 2024.

The finance sector had an average ransom payment of $3.8 million

The government sector had an average ransom payment just below $7.5 million

The Ticketmaster/Live Nation breach exposed the personal and financial information of 560 million customers.

The ransomware attack against Change Healthcare involved the exfiltration of sensitive data belonging to an estimated 192.7 million individuals, making it the largest healthcare data breach on record.

The average downtime per cybersecurity incident was 37 hours

The average length of time to respond to and contain a security alert was 2 weeks

70% of organizations experienced ransomware incidents in the last year

Organizations estimated that ransomware actors had access to their systems for an average of 2 weeks

61.6% of security and IT decision-makers in the U.S. perceive the public cloud as the highest cybersecurity risk in 2024

53.8% of global security and IT decision-makers identified the public cloud as a significant cybersecurity risk to their organization in 2024

43.7% of organizations surveyed identified third-party services and integrations as a concern, tying with public cloud as the number one risk within the telecom industry.

Scattered Spider was detected in 22.0% of cybersecurity incidents over the last 12 months.

RansomHub was detected in 26.8% of cybersecurity incidents over the last 12 months.

28.2% of government sector threats were attributed to Midnight Blizzard/APT29/Nobellium/Cozy Bear in 2024.

LockBit registered a 37% detection rate in Germany, indicating a significantly elevated threat compared to other regions in 2024.

13.0% of IT and security decision-makers cited software misconfiguration as a common entry point for attackers.

33.7% of IT and security decision-makers identified phishing and social engineering as the most common infiltration methods in their attacks.

Almost 25% of respondents reported detections related to the Scattered Spider group over the last year.

12.2% of IT and security decision-makers noted that compromised credentials are increasingly becoming a primary gateway for attackers.

Organizations in the UAE paid ransoms that were 26% higher than the global average, with an average payment of $5.4 million

The average ransom payment in Australia was $2.5 million, the lowest among the countries surveyed

The healthcare sector had the highest average ransom payment at $7.5 million

The average ransom payment in 2023 was more than $3.6 million, an increase from last year's average of $2.5 million

Organizations in the UAE faced an average of 7 ransomware incidents, the highest number globally

Australia experienced an average of 4 ransomware incidents per year, the fewest globally

Organizations in the education sector reported an average dwell time of about 5 weeks prior to a ransomware incident.