IBM X-Force 2025 Threat Intelligence Index

Manufacturing is the #1-targeted industry by attacks for the fourth year in a row.

Manufacturing organisations experienced 24% of attacks involving data theft.

The global average cost of a data breach hit a record $4.88 million in 2024.

Ransomware comprises nearly one-third (28%) of malware incident response cases and 11% of security cases.

Of all the malware cases, 28% involved ransomware, followed by backdoors and webshells, at 20% and 13% respectively.

The top initial access vector observed in 2024 was a tie between exploitation of public facing applications and use of valid account credentials, both representing 30% of X-Force incidence response engagements.

The number of infostealers delivered via phishing emails per week increased by 84% year-over-year.

Ransomware made up 28% of malware cases in 2024.

Manufacturing organisations experienced 29% of attacks involving extortion.

Analysis of dark web data reveals a 25% increase in ransomware activity year-over-year.

In 2024, the top impact experienced by victim organisations was credential harvesting, occurring in 28% of incidents.

Manufacturing had the highest number of ransomware cases in 2024.

The share of successful phishing compromises has declined steadily from 46% in 2022 to 29% in 2023 to now just 25% of all incidents remediated by X-Force in 2024.

Identity-based attacks made up 30% of total intrusions for the second year in a row.

Data theft was observed in 18% of incidents.

The number of vulnerabilities has increased rapidly over the past eight years and grown threefold.

25% of attacks exploit public-facing applications.

Only 24% of generative AI projects are secured.

Nearly a quarter of all vulnerabilities in the IBM X-Force Vulnerability Database have an associated weaponized exploit.

Nearly one in three attacks observed by X-Force used valid accounts.

60% of the top 10 vulnerabilities had been actively exploited or had a publicly available exploit from less than two weeks after disclosure to a zero day.

30% of the incidents X-Force responded to in 2024 involved the exploitation of public-facing applications.

Early data from 2025 suggests an even greater increase of 180% of weekly infostealer volume compared to 2023.

The deployment of malware was the most observed action on objectives, making up 42% of cases.

The Asia-Pacific (APAC) region experienced the largest share of security incidents in 2024 at 34%.

X-Force observed a decline in ransomware incidents overall for the third year.

4 out of top 10 vulnerabilities most mentioned on the dark web are linked to sophisticated threat actors.

Analysis of dark web data reveals listings of infostealer advertisements increased 12% in 2024 over the previous year.

Of all PDFs used in malicious spam, 42% used obfuscated URLs, 28% hid their URLs in PDF streams, and 7% were delivered in an encrypted form along with a password.

Malicious ZIP and RAR attachments in phishing emails dropped by 70% and 45% respectively

There was a 12% year-over-year increase of infostealer credentials for sale on the dark web.

The percentage of companies integrating AI into at least one business function has dramatically increased to 72% in 2024, up 55% from the previous year.

Credentials or data were stolen in nearly half of all cyberattacks.

Extortion following a ransom demand occurred in 12% of cases.