Key Findings
Ransomware rose 36% year over year.
40% of threat actor updates in H1 2025 were attributed to state-sponsored groups.
Ransomware attacks are averaging 20 incidents per day.
62% of breaches in H1 2025 involved data stored on network servers.
9% of threat actor updates in H1 2025 were attributed to hacktivists.
76% of breaches in H1 2025 stemmed from hacking or IT incidents.
There were 3,649 documented ransomware attacks in H1 2025.
Ransomware attacks grew in frequency to 608 per month, or roughly 20 per day.
Zero-day exploits increased 46% in H1 2025.
Modbus accounted for 57% of OT protocol traffic in Forescout honeypots in H1 2025.
The U.S. was the top ransomware target, accounting for 53% of all ransomware incidents, in H1 2025.
24% of breaches IN h1 2025 were on email systems.
47% of newly exploited vulnerabilities were originally published before 2025.
Zero-day exploitation increased 46% in H1 2025.
Published vulnerabilities rose 15% in H1 2025.
45% of published vulnerabilities in H1 2025 were rated high or critical.
CVEs added to CISA KEV jumped 80% in H1 2025.
The healthcare sector experienced an average of two healthcare breaches per day in the first half of 2025.
51% of threat actor updates in H1 2025 were attributed to cybercriminals, such as ransomware groups.
Nearly 30 million individuals were affected by breaches in H1 2025.