Pay attention to the following cybersecurity statistics to learn how to protect yourself from attacks.

According to a survey of global IT security professionals in 2025, malware was the most concerning cyber threat targeting organizations, with a relative value of **** on a five-point scale. Account takeover/credential abuse attacks ranked second, while phishing attacks followed.

Introduction

Cyber Security Statistics: Cybersecurity has become a top priority for organizations worldwide, driven by the escalating volume and complexity of cyber threats. As businesses increasingly adopt digital technologies, the risk of cyberattacks, such as data breaches, ransomware, and phishing, has risen, creating significant challenges for data privacy and security.

The increasing frequency of high-profile cyber incidents has exposed vulnerabilities in various sectors, prompting governments and organizations to enhance their cybersecurity measures. In response, emerging technologies such as artificial intelligence and machine learning are being integrated to enhance threat detection and response capabilities.

The following statistics offer a comprehensive overview of the cybersecurity landscape, shedding light on the trends, risks, and developments that are shaping this critical field.

Percentage of enterprises impacted by specific types of cyber security incidents by the North American Industry Classification System (NAICS) and size of enterprise.

In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

Overview This dataset is a comprehensive, easy-to-understand collection of cybersecurity incidents, threats, and vulnerabilities, designed to help both beginners and experts explore the world of digital security. It covers a wide range of modern cybersecurity challenges, from everyday web attacks to cutting-edge threats in artificial intelligence (AI), satellites, and quantum computing. Whether you're a student, a security professional, a researcher, or just curious about cybersecurity, this dataset offers a clear and structured way to learn about how cyber attacks happen, what they target, and how to defend against them.

With 14134 entries and 15 columns, this dataset provides detailed insights into 26 distinct cybersecurity domains, making it a valuable tool for understanding the evolving landscape of digital threats. It’s perfect for anyone looking to study cyber risks, develop strategies to protect systems, or build tools to detect and prevent attacks.

What’s in the Dataset? The dataset is organized into 16 columns that describe each cybersecurity incident or research scenario in detail:

ID: A unique number for each entry (e.g., 1, 2, 3). Title: A short, descriptive name of the attack or scenario (e.g., "Authentication Bypass via SQL Injection"). Category: The main cybersecurity area, like Mobile Security, Satellite Security, or AI Exploits. Attack Type: The specific kind of attack, such as SQL Injection, Cross-Site Scripting (XSS), or GPS Spoofing. Scenario Description: A plain-language explanation of how the attack works or what the scenario involves. Tools Used: Software or tools used to carry out or test the attack (e.g., Burp Suite, SQLMap, GNURadio). Attack Steps: A step-by-step breakdown of how the attack is performed, written clearly for all audiences. Target Type: The system or technology attacked, like web apps, satellites, or login forms. Vulnerability: The weakness that makes the attack possible (e.g., unfiltered user input or weak encryption). MITRE Technique: A code from the MITRE ATT&CK framework, linking the attack to a standard classification (e.g., T1190 for exploiting public-facing apps). Impact: What could happen if the attack succeeds, like data theft, system takeover, or financial loss. Detection Method: Ways to spot the attack, such as checking logs or monitoring unusual activity. Solution: Practical steps to prevent or fix the issue, like using secure coding or stronger encryption. Tags: Keywords to help search and categorize entries (e.g., SQLi, WebSecurity, SatelliteSpoofing). Source: Where the information comes from, like OWASP, MITRE ATT&CK, or Space-ISAC.

Cybersecurity Domains Covered The dataset organizes cybersecurity into 26 key areas:

AI / ML Security

AI Agents & LLM Exploits

AI Data Leakage & Privacy Risks

Automotive / Cyber-Physical Systems

Blockchain / Web3 Security

Blue Team (Defense & SOC)

Browser Security

Cloud Security

DevSecOps & CI/CD Security

Email & Messaging Protocol Exploits

Forensics & Incident Response

Insider Threats

IoT / Embedded Devices

Mobile Security

Network Security

Operating System Exploits

Physical / Hardware Attacks

Quantum Cryptography & Post-Quantum Threats

Red Team Operations

Satellite & Space Infrastructure Security

SCADA / ICS (Industrial Systems)

Supply Chain Attacks

Virtualization & Container Security

Web Application Security

Wireless Attacks

Zero-Day Research / Fuzzing

Why Is This Dataset Important? Cybersecurity is more critical than ever as our world relies on technology for everything from banking to space exploration. This dataset is a one-stop resource to understand:

What threats exist: From simple web attacks to complex satellite hacks. How attacks work: Clear explanations of how hackers exploit weaknesses. How to stay safe: Practical solutions to prevent or stop attacks. Future risks: Insight into emerging threats like AI manipulation or quantum attacks. It’s a bridge between technical details and real-world applications, making cybersecurity accessible to everyone.

Potential Uses This dataset can be used in many ways, whether you’re a beginner or an expert:

Learning and Education: Students can explore how cyber attacks work and how to defend against them. Threat Intelligence: Security teams can identify common attack patterns and prepare better defenses. Security Planning: Businesses and governments can use it to prioritize protection for critical systems like satellites or cloud infrastructure. Machine Learning: Data scientists can train models to detect threats or predict vulnerabilities. Incident Response Training: Practice responding to cyber incidents, from web hacks to satellite tampering.

Ethical Considerations Purpose: The dataset is for educational and research purposes only, to help improve cybersecurity knowledge and de...

India Cyber Security Incidents: Total data was reported at 1,592,917.000 Unit in 2023. This records an increase from the previous number of 1,391,457.000 Unit for 2022. India Cyber Security Incidents: Total data is updated yearly, averaging 49,908.500 Unit from Dec 2004 (Median) to 2023, with 20 observations. The data reached an all-time high of 1,592,917.000 Unit in 2023 and a record low of 23.000 Unit in 2004. India Cyber Security Incidents: Total data remains active status in CEIC and is reported by Indian Computer Emergency Response Team. The data is categorized under India Premium Database’s Transportation, Post and Telecom Sector – Table IN.TF010: Information Technology Statistics: Cyber Security Incidents.

Cyber attacks on businesses are becoming more frequent, targeted, and complex. The effects of a cyber attack go well beyond the direct financial consequences. In 2024, ** percent of respondents indicated greater difficulty in attracting new customers as the main consequence of cyber attacks.

According to a 2024 survey of Chief Information Security Officers (CISO) worldwide, Ransomware attacks were a leading cybersecurity risk, with roughly ** percent naming it as one of the three major cybersecurity threats. A further share of ** percent of the respondents found malware to be a significant risk to their organizations' cybersecurity. Email fraud compromise and DDoS attacks followed closely, with ** percent.

The European Repository of Cyber Incidents (EuRepoC) is releasing the Global Dataset of Cyber Incidents in Version 1.3 as an extract of our backend database. This official release contains fully consolidated cyber incident data reviewed by our interdisciplinary experts in the fields of politics, law and technology across all 60 variables covered by the European Repository. Version 1.3 covers the years 2000 – 2024 entirely. The Global Dataset is meant for reliable, evidence-based analysis. If you require real-time data, please refer to the download option in our TableView or contact us for special requirements (including API access).

The dataset now contains data on 3416 cyber incidents which started between 01.01.2000 and 31.12.2024. The European Repository of Cyber Incidents (EuRepoC) gathers, codes, and analyses publicly available information from over 220 sources and 600 Twitter accounts daily to report on dynamic trends in the global, and particularly the European, cyber threat environment.

For more information on the scope and data collection methodology see: https://eurepoc.eu/methodology

Full Codebook available here

Information about each file

please scroll down this page entirely to see all files available. Zenodo only displays the attribution dataset by default.

Global Database (csv or xlsx):
This file includes all variables coded for each incident, organised such that one row corresponds to one incident - our main unit of investigation. Where multiple codes are present for a single variable for a single incident, these are separated with semi-colons within the same cell.

Receiver Dataset (csv or xlsx):
In this file, the data of affected entities and individuals (receivers) is restructured to facilitate analysis. Each cell contains only a single code, with the data "unpacked" across multiple rows. Thus, a single incident can span several rows, identifiable through the unique identifier assigned to each incident (incident_id).

Attribution Dataset (csv or xlsx):
This file follows a similar approach to the receiver dataset. The attribution data is "unpacked" over several rows, allowing each cell to contain only one code. Here too, a single incident may occupy several rows, with the unique identifier enabling easy tracking of each incident (incident_id). In addition, some attributions may also have multiple possible codes for one variable, these are also "unpacked" over several rows, with the attribution_id enabling to track each attribution.

Dyadic Dataset (csv or xlsx):
The dyadic dataset puts state dyads in the focus. Each row in the dataset represents one cyber incident in a specific dyad. Because incidents may affect multiple receivers, single incidents can be duplicated in this format, when they affected multiple countries.

Introduction

Cybersecurity in Healthcare Statistics: As the healthcare sector increasingly integrates digital technologies, the need for robust cybersecurity measures has become more critical than ever. Adopting electronic health records (EHRs), telemedicine, and connected medical devices has significantly enhanced patient care and operational efficiency.

However, this digital shift has also exposed healthcare organizations to a rising tide of cyber threats, including data breaches, ransomware attacks, and hacks of medical devices. The sensitive nature of the data fuels these threats, such as personal health information (PHI) and payment records, making healthcare one of the most targeted cyberattack industries.

In response to these growing risks, healthcare providers must prioritize implementing stringent cybersecurity policies and embrace cutting-edge technologies like encryption, artificial intelligence, and multi-factor authentication. The sector is grappling with challenges such as outdated security systems, inadequate staff training, and the complexities of safeguarding networks of interconnected devices.

As cyberattacks become more frequent and sophisticated, understanding cybersecurity statistics within healthcare is essential for identifying vulnerabilities, assessing risks, and strengthening defenses to protect sensitive patient data and maintain trust within the industry.

On June 4-6, 2019, the National Information Technology and Networking Research and Development (NITRD) Program's Artificial Intelligence Research and Development (R&D) and Cyber Security and Information Assurance Interagency Working Groups (IWG), held a workshop to assess the research challenges and opportunities at the intersection of cybersecurity and artificial intelligence (AI). This document summarizes the workshop discussions.

In 2024, manufacturing saw the highest share of cyberattacks among the leading industries worldwide. During the examined year, manufacturing companies encountered more than a quarter of the total cyberattacks. Organizations in the finance and insurance followed, with around 23 percent. Professional, business, and consumer services ranked third, with 18 percent of reported cyberattacks. Manufacturing industry and cyberattacks The industry of manufacturing has been in the center of cyberattacks in a long time. The share of cyberattacks targeting organizations in this sector in 2018 was at 10 percent, while in 2024, it amounted to 26 percent. The situation is even more compliacted when we look at the cyber vulnerabilities found in this sector. In 2024, critical vulnerabilities in manufacturing companies lasted 205 days on average. IT perspective and prevention With recent technology developments, cybersecurity is crucial to an organization’s success. Realizing this, companies have been gradually increasing cybersecurity investments. Thus, in 2024, the cybersecurity budget worldwide was forecast to increase to nearly 283 billion U.S. dollars. Roughly nine in ten board directors of companies worldwide in professional services and media and entertainment industries say they expect an increase in the cybersecurity budget.

Cyber Security as a Service Market Outlook

The global Cyber Security as a Service market size was valued at approximately $14 billion in 2023 and is projected to reach $41 billion by 2032, growing at a compound annual growth rate (CAGR) of 12.5% during the forecast period. This remarkable growth is driven by the increasing prevalence of cyber threats and the growing need for robust security solutions across various sectors.

The growth of the Cyber Security as a Service market can be attributed to several key factors. Firstly, the rapid digitization and adoption of cloud services have exposed businesses to a myriad of cyber threats, necessitating advanced security measures. The rise in sophisticated cyber-attacks, such as ransomware, phishing, and malware, has compelled organizations to seek comprehensive security solutions to safeguard their data and ensure business continuity. Additionally, regulatory requirements and compliance mandates across industries are driving the demand for managed security services, further propelling market growth.

Secondly, the increasing adoption of Internet of Things (IoT) devices has expanded the attack surface, making enterprises more vulnerable to cyber-attacks. As IoT devices become integral to business operations, securing these devices has become paramount. Cyber Security as a Service offers scalable and flexible solutions to monitor and protect IoT ecosystems, thereby addressing the security challenges posed by these interconnected devices. Furthermore, the growing awareness about the financial and reputational damage caused by data breaches is prompting businesses to invest heavily in cybersecurity services.

Thirdly, the shortage of skilled cybersecurity professionals is a significant growth driver for the market. Many organizations lack the in-house expertise required to effectively combat evolving cyber threats. As a result, they are increasingly turning to third-party service providers to manage their cybersecurity needs. Cyber Security as a Service offers access to a pool of experts, advanced technologies, and continuous monitoring capabilities, enabling businesses to strengthen their security posture without the need for extensive internal resources.

The integration of Financial Services Cybersecurity Systems and Services is becoming increasingly vital in the face of evolving cyber threats. Financial institutions are prime targets for cybercriminals due to the sensitive nature of financial data and transactions. As a result, there is a growing emphasis on developing comprehensive cybersecurity frameworks that encompass both preventive and responsive measures. These systems and services are designed to protect financial data, ensure compliance with regulatory requirements, and maintain customer trust. By leveraging advanced technologies such as artificial intelligence and machine learning, financial institutions can enhance their threat detection and response capabilities, thereby safeguarding their operations from potential cyber threats.

From a regional perspective, North America is expected to dominate the Cyber Security as a Service market during the forecast period. The presence of major cybersecurity vendors, coupled with stringent regulatory frameworks and high adoption rates of advanced technologies, contribute to the region's leading position. However, the Asia Pacific region is anticipated to witness the highest growth rate, driven by increasing digital transformation initiatives, rising cybercrime incidents, and growing awareness about cybersecurity solutions.

Service Type Analysis

In the Cyber Security as a Service market, the service type segment is pivotal, covering services such as Threat Intelligence, Managed Security Services, Security Monitoring and Analytics, Incident Response, Compliance Management, and others. The diverse nature of cyber threats necessitates a variety of specialized services, each catering to different facets of cybersecurity.

Threat Intelligence services play a crucial role in the market. These services involve the collection, analysis, and dissemination of information about potential or ongoing cyber threats. By leveraging advanced analytics and machine learning, threat intelligence services provide actionable insights that help organizations anticipate and mitigate cyber risks before they materialize. The growing complexity of cyber threats and the need for proactive threat management

This data set represents 58 consecutive days of de-identified event data collected from five sources within Los Alamos National Laboratory’s corporate, internal computer network. The data sources include Windows-based authentication events from both individual computers and centralized Active Directory domain controller servers; process start and stop events from individual Windows computers; Domain Name Service (DNS) lookups as collected on internal DNS servers; network flow data as collected on at several key router locations; and a set of well-defined red teaming events that present bad behavior within the 58 days. In total, the data set is approximately 12 gigabytes compressed across the five data elements and presents 1,648,275,307 events in total for 12,425 users, 17,684 computers, and 62,974 processes. Specific users that are well known system related (SYSTEM, Local Service) were not de-identified though any well-known administrators account were still de-identified. In the network flow data, well-known ports (e.g. 80, 443, etc) were not de-identified. All other users, computers, process, ports, times, and other details were de-identified as a unified set across all the data elements (e.g. U1 is the same U1 in all of the data). The specific timeframe used is not disclosed for security purposes. In addition, no data that allows association outside of LANL’s network is included. All data starts with a time epoch of 1 using a time resolution of 1 second. In the authentication data, failed authentication events are only included for users that had a successful authentication event somewhere within the data set.

[227+ Pages Report] Global Cyber Security Market size & share projected to hit a record value of USD 398.3 Billion by 2026 at an anticipated CAGR growth rate of 14.9% during the forecast period 2021-2026. Increasing use of technological measures in the sectors of retails, BSFI, information and technology, and manufacturing will boost the footprint of global cyber security market to a larger footprint.

The National Institute of Standards and Technology (NIST) provides a Cybersecurity Framework (CSF) for benchmarking and measuring the maturity level of cybersecurity programs across all industries. The City uses this framework and toolset to measure and report on its internal cybersecurity program. The foundation for this measure is the Framework Core, a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure/industry sectors. These activities come from the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) published standard, along with the information security and customer privacy controls it references (NIST 800 Series Special Publications). The Framework Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous functions: identify, protect, detect, respond, and recover. When considered together, these functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk. The Framework Core identifies underlying key categories and subcategories for each function, and matches them with example references, such as existing standards, guidelines, and practices for each subcategory. This page provides data for the Cybersecurity performance measure. Cybersecurity Framework cumulative score summary per fiscal year quarter (Performance Measure 5.12) The performance measure page is available at 5.12 Cybersecurity. Additional Information Source: Maturity assessment / https://www.nist.gov/topics/cybersecurityContact: Scott CampbellContact E-Mail: Scott_Campbell@tempe.govData Source Type: ExcelPreparation Method: The data is a summary of a detailed and confidential analysis of the city's cybersecurity program. Maturity scores of subcategories within NIST CFS are combined, averaged, and rolled up to a summary score for each major category.Publish Frequency: AnnualPublish Method: ManualData Dictionary

Cybersecurity Dataset: Are We Ready in Latin America and the Caribbean? (2016)

This dataset supports the 2016 Cybersecurity Report, Are We Ready in Latin America and the Caribbean?, produced by the Inter-American Development Bank (IDB), Organization of American States (OAS), and Global Cyber Security Capacity Centre (GCSCC) at Oxford.

Data were collected via an online survey using the Cybersecurity Capability Maturity Model (CMM), developed by the GCSCC. The survey was translated into English and Spanish. Following a pilot phase, it was administered to a diverse group of national stakeholders across 32 countries in Latin America and the Caribbean.

The responses were aggregated, reviewed, cleaned, and supplemented with additional information from external sources to ensure completeness and accuracy.

Information Technology (IT) Security as a Service Market Outlook

The IT Security as a Service market has been experiencing robust growth, with the global market size expected to reach approximately USD 25 billion in 2023. Driven by increasing cybersecurity threats and regulatory requirements, the market is anticipated to expand at a CAGR of around 14% from 2024 to 2032, reaching an estimated USD 73 billion by the end of the forecast period. This significant growth is fueled by advancements in technology, increased adoption of cloud services, and the growing need for organizations to safeguard their digital assets. The rapid digital transformation across industries and the escalating volume of data breaches have propelled the demand for comprehensive security solutions, thereby acting as a pivotal growth factor for the IT Security as a Service market.

A primary growth factor for the IT Security as a Service market is the escalating frequency and sophistication of cyber-attacks. With the increasing reliance on digital platforms, organizations are becoming more vulnerable to cyber threats such as ransomware, phishing, and denial-of-service attacks. Consequently, businesses are prioritizing the implementation of robust security solutions to protect their sensitive data and maintain customer trust. Moreover, the surge in remote work and the proliferation of Internet of Things (IoT) devices have expanded the attack surface, necessitating enhanced security measures. This growing demand for comprehensive cybersecurity solutions has significantly contributed to the upward trajectory of the IT Security as a Service market.

Another crucial factor driving market growth is the stringent regulatory landscape governing data protection and privacy. Governments and regulatory bodies worldwide have introduced rigorous compliance mandates, compelling organizations to adopt advanced security frameworks. Regulations such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States require businesses to implement stringent security protocols to safeguard consumer data. Consequently, organizations are increasingly relying on IT Security as a Service providers to ensure compliance with these regulations and mitigate potential legal and financial repercussions, thereby bolstering market growth.

The adoption of cloud-based solutions has also been a significant driver for the IT Security as a Service market. As businesses migrate to cloud environments for greater scalability and cost-efficiency, the need for cloud-specific security measures becomes paramount. Cloud-based security services offer real-time threat monitoring, rapid deployment, and simplified management, making them an attractive option for enterprises seeking agile and efficient security solutions. Additionally, the integration of artificial intelligence and machine learning in security services has enhanced threat detection and response capabilities, further boosting the demand for IT Security as a Service offerings.

In this evolving landscape, the role of Network Security Service Provider Services has become increasingly critical. These services are essential for organizations looking to protect their network infrastructure from sophisticated cyber threats. By partnering with specialized providers, businesses can leverage advanced security technologies and expertise that may not be available in-house. Network Security Service Providers offer a range of services, including threat detection, vulnerability management, and incident response, tailored to meet the unique needs of each organization. As cyber threats continue to evolve, the demand for these services is expected to grow, enabling organizations to maintain robust security postures and safeguard their digital assets effectively.

Regionally, North America currently holds the largest share of the IT Security as a Service market, driven by the presence of major technology companies and a high level of cybersecurity awareness. The region is expected to maintain its dominance over the forecast period, with a robust CAGR owing to continuous technological advancements and increased investments in cybersecurity infrastructure. Meanwhile, the Asia Pacific region is anticipated to witness the fastest growth, attributed to the rapid digitalization of economies, growing internet penetration, and rising cyber threats. Countries such as China and India are investing heavily in cybersecurity initiatives, further propelling market expansion in the region.<