Phishing, ransomware, and business malware have been the most widespread types of cyberattacks in the United States, resulting in data compromises. In 2024, 455 cases of phishing and its variations were detected. Ransomware followed in the second place, with 188 attacks.

Pay attention to the following cybersecurity statistics to learn how to protect yourself from attacks.

In 2023, ransomware was the most frequently detected cyberattack worldwide, with around 70 percent of all detected cyberattacks. Network breaches ranked second, with almost 19 percent of the detections. Although less frequently, data exfiltration was also among the detected cyberattacks.

The European Repository of Cyber Incidents (EuRepoC) is releasing the Global Dataset of Cyber Incidents in Version 1.3 as an extract of our backend database. This official release contains fully consolidated cyber incident data reviewed by our interdisciplinary experts in the fields of politics, law and technology across all 60 variables covered by the European Repository. Version 1.3 covers the years 2000 – 2024 entirely. The Global Dataset is meant for reliable, evidence-based analysis. If you require real-time data, please refer to the download option in our TableView or contact us for special requirements (including API access).

The dataset now contains data on 3416 cyber incidents which started between 01.01.2000 and 31.12.2024. The European Repository of Cyber Incidents (EuRepoC) gathers, codes, and analyses publicly available information from over 220 sources and 600 Twitter accounts daily to report on dynamic trends in the global, and particularly the European, cyber threat environment.

For more information on the scope and data collection methodology see: https://eurepoc.eu/methodology

Full Codebook available here

Information about each file

please scroll down this page entirely to see all files available. Zenodo only displays the attribution dataset by default.

Global Database (csv or xlsx):
This file includes all variables coded for each incident, organised such that one row corresponds to one incident - our main unit of investigation. Where multiple codes are present for a single variable for a single incident, these are separated with semi-colons within the same cell.

Receiver Dataset (csv or xlsx):
In this file, the data of affected entities and individuals (receivers) is restructured to facilitate analysis. Each cell contains only a single code, with the data "unpacked" across multiple rows. Thus, a single incident can span several rows, identifiable through the unique identifier assigned to each incident (incident_id).

Attribution Dataset (csv or xlsx):
This file follows a similar approach to the receiver dataset. The attribution data is "unpacked" over several rows, allowing each cell to contain only one code. Here too, a single incident may occupy several rows, with the unique identifier enabling easy tracking of each incident (incident_id). In addition, some attributions may also have multiple possible codes for one variable, these are also "unpacked" over several rows, with the attribution_id enabling to track each attribution.

Dyadic Dataset (csv or xlsx):
The dyadic dataset puts state dyads in the focus. Each row in the dataset represents one cyber incident in a specific dyad. Because incidents may affect multiple receivers, single incidents can be duplicated in this format, when they affected multiple countries.

Overview This dataset is a comprehensive, easy-to-understand collection of cybersecurity incidents, threats, and vulnerabilities, designed to help both beginners and experts explore the world of digital security. It covers a wide range of modern cybersecurity challenges, from everyday web attacks to cutting-edge threats in artificial intelligence (AI), satellites, and quantum computing. Whether you're a student, a security professional, a researcher, or just curious about cybersecurity, this dataset offers a clear and structured way to learn about how cyber attacks happen, what they target, and how to defend against them.

With 14134 entries and 15 columns, this dataset provides detailed insights into 26 distinct cybersecurity domains, making it a valuable tool for understanding the evolving landscape of digital threats. It’s perfect for anyone looking to study cyber risks, develop strategies to protect systems, or build tools to detect and prevent attacks.

What’s in the Dataset? The dataset is organized into 16 columns that describe each cybersecurity incident or research scenario in detail:

ID: A unique number for each entry (e.g., 1, 2, 3). Title: A short, descriptive name of the attack or scenario (e.g., "Authentication Bypass via SQL Injection"). Category: The main cybersecurity area, like Mobile Security, Satellite Security, or AI Exploits. Attack Type: The specific kind of attack, such as SQL Injection, Cross-Site Scripting (XSS), or GPS Spoofing. Scenario Description: A plain-language explanation of how the attack works or what the scenario involves. Tools Used: Software or tools used to carry out or test the attack (e.g., Burp Suite, SQLMap, GNURadio). Attack Steps: A step-by-step breakdown of how the attack is performed, written clearly for all audiences. Target Type: The system or technology attacked, like web apps, satellites, or login forms. Vulnerability: The weakness that makes the attack possible (e.g., unfiltered user input or weak encryption). MITRE Technique: A code from the MITRE ATT&CK framework, linking the attack to a standard classification (e.g., T1190 for exploiting public-facing apps). Impact: What could happen if the attack succeeds, like data theft, system takeover, or financial loss. Detection Method: Ways to spot the attack, such as checking logs or monitoring unusual activity. Solution: Practical steps to prevent or fix the issue, like using secure coding or stronger encryption. Tags: Keywords to help search and categorize entries (e.g., SQLi, WebSecurity, SatelliteSpoofing). Source: Where the information comes from, like OWASP, MITRE ATT&CK, or Space-ISAC.

Cybersecurity Domains Covered The dataset organizes cybersecurity into 26 key areas:

AI / ML Security

AI Agents & LLM Exploits

AI Data Leakage & Privacy Risks

Automotive / Cyber-Physical Systems

Blockchain / Web3 Security

Blue Team (Defense & SOC)

Browser Security

Cloud Security

DevSecOps & CI/CD Security

Email & Messaging Protocol Exploits

Forensics & Incident Response

Insider Threats

IoT / Embedded Devices

Mobile Security

Network Security

Operating System Exploits

Physical / Hardware Attacks

Quantum Cryptography & Post-Quantum Threats

Red Team Operations

Satellite & Space Infrastructure Security

SCADA / ICS (Industrial Systems)

Supply Chain Attacks

Virtualization & Container Security

Web Application Security

Wireless Attacks

Zero-Day Research / Fuzzing

Why Is This Dataset Important? Cybersecurity is more critical than ever as our world relies on technology for everything from banking to space exploration. This dataset is a one-stop resource to understand:

What threats exist: From simple web attacks to complex satellite hacks. How attacks work: Clear explanations of how hackers exploit weaknesses. How to stay safe: Practical solutions to prevent or stop attacks. Future risks: Insight into emerging threats like AI manipulation or quantum attacks. It’s a bridge between technical details and real-world applications, making cybersecurity accessible to everyone.

Potential Uses This dataset can be used in many ways, whether you’re a beginner or an expert:

Learning and Education: Students can explore how cyber attacks work and how to defend against them. Threat Intelligence: Security teams can identify common attack patterns and prepare better defenses. Security Planning: Businesses and governments can use it to prioritize protection for critical systems like satellites or cloud infrastructure. Machine Learning: Data scientists can train models to detect threats or predict vulnerabilities. Incident Response Training: Practice responding to cyber incidents, from web hacks to satellite tampering.

Ethical Considerations Purpose: The dataset is for educational and research purposes only, to help improve cybersecurity knowledge and de...

In 2024, manufacturing saw the highest share of cyberattacks among the leading industries worldwide. During the examined year, manufacturing companies encountered more than a quarter of the total cyberattacks. Organizations in the finance and insurance followed, with around 23 percent. Professional, business, and consumer services ranked third, with 18 percent of reported cyberattacks. Manufacturing industry and cyberattacks The industry of manufacturing has been in the center of cyberattacks in a long time. The share of cyberattacks targeting organizations in this sector in 2018 was at 10 percent, while in 2024, it amounted to 26 percent. The situation is even more compliacted when we look at the cyber vulnerabilities found in this sector. In 2024, critical vulnerabilities in manufacturing companies lasted 205 days on average. IT perspective and prevention With recent technology developments, cybersecurity is crucial to an organization’s success. Realizing this, companies have been gradually increasing cybersecurity investments. Thus, in 2024, the cybersecurity budget worldwide was forecast to increase to nearly 283 billion U.S. dollars. Roughly nine in ten board directors of companies worldwide in professional services and media and entertainment industries say they expect an increase in the cybersecurity budget.

In January 2025, a small fintech startup in Austin discovered it had fallen victim to a cyberattack. At first glance, the breach looked like a typical case of credential stuffing. But it wasn’t. The attacker had used an AI-driven system that mimicked the behavioral patterns of employees, learning login habits,...

In the early hours of January 3, 2025, a mid-sized financial firm in Ohio discovered something chilling: over 1.2 terabytes of client data had been quietly siphoned off over the holidays. The attackers left no ransom demand, no calling card, just a system-wide silence and a massive void in customer...

Cyber attacks on businesses are becoming more frequent, targeted, and complex. The effects of a cyber attack go well beyond the direct financial consequences. In 2024, ** percent of respondents indicated greater difficulty in attracting new customers as the main consequence of cyber attacks.

Percentage of enterprises impacted by specific types of cyber security incidents by the North American Industry Classification System (NAICS) and size of enterprise.

Introduction

Cybersecurity in Healthcare Statistics: As the healthcare sector increasingly integrates digital technologies, the need for robust cybersecurity measures has become more critical than ever. Adopting electronic health records (EHRs), telemedicine, and connected medical devices has significantly enhanced patient care and operational efficiency.

However, this digital shift has also exposed healthcare organizations to a rising tide of cyber threats, including data breaches, ransomware attacks, and hacks of medical devices. The sensitive nature of the data fuels these threats, such as personal health information (PHI) and payment records, making healthcare one of the most targeted cyberattack industries.

In response to these growing risks, healthcare providers must prioritize implementing stringent cybersecurity policies and embrace cutting-edge technologies like encryption, artificial intelligence, and multi-factor authentication. The sector is grappling with challenges such as outdated security systems, inadequate staff training, and the complexities of safeguarding networks of interconnected devices.

As cyberattacks become more frequent and sophisticated, understanding cybersecurity statistics within healthcare is essential for identifying vulnerabilities, assessing risks, and strengthening defenses to protect sensitive patient data and maintain trust within the industry.

Introduction

Cyber Security Statistics: Cybersecurity has become a top priority for organizations worldwide, driven by the escalating volume and complexity of cyber threats. As businesses increasingly adopt digital technologies, the risk of cyberattacks, such as data breaches, ransomware, and phishing, has risen, creating significant challenges for data privacy and security.

The increasing frequency of high-profile cyber incidents has exposed vulnerabilities in various sectors, prompting governments and organizations to enhance their cybersecurity measures. In response, emerging technologies such as artificial intelligence and machine learning are being integrated to enhance threat detection and response capabilities.

The following statistics offer a comprehensive overview of the cybersecurity landscape, shedding light on the trends, risks, and developments that are shaping this critical field.

Context

(U) My purpose is to analyze Amazon Web Services (AWS) honeypot data for any trends and/or correlations that could possibly be used in predictive cyber threat vectors. I spent a lot of time looking for data sets and most of the ones I found had no documentation and the data was hard to interpret just from the file. This data is well formatted and straight forward.

Content

(U) The AWS Honeypot Database is an open-source database including information on cyber attacks/attempts.

(U) Data has 451,581 data points collected from 9:53pm on 3 March 2013 to 5:55am on 8 September 2013.

Acknowledgements

http://datadrivensecurity.info/blog/pages/dds-dataset-collection.html Jay Jacobs & Bob Rudis

Inspiration

Your data will be in front of the world's largest data science community. What questions do you want to see answered?

According to a survey conducted among IT security professionals worldwide, an increase in cyber attacks since the COVID-19 pandemic has been mostly seen in the area of data exfiltration and leakage. This includes unauthorized removal or transfer of data from a device, either by a perpetrator or malware. Phishing emails were also increasingly encountered by **** of the respondents.

A quiet morning in Atlanta turned chaotic for a mid-sized healthcare provider. Every computer screen across the facility suddenly went dark, replaced by a single message: "Your data has been encrypted." Operations froze. Appointments were canceled. And the cost of recovery reached into the millions. Unfortunately, this isn’t a rare...

The National Institute of Standards and Technology (NIST) provides a Cybersecurity Framework (CSF) for benchmarking and measuring the maturity level of cybersecurity programs across all industries. The City uses this framework and toolset to measure and report on its internal cybersecurity program. The foundation for this measure is the Framework Core, a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure/industry sectors. These activities come from the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) published standard, along with the information security and customer privacy controls it references (NIST 800 Series Special Publications). The Framework Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous functions: identify, protect, detect, respond, and recover. When considered together, these functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk. The Framework Core identifies underlying key categories and subcategories for each function, and matches them with example references, such as existing standards, guidelines, and practices for each subcategory. This page provides data for the Cybersecurity performance measure. Cybersecurity Framework (CSF) scores by each CSF category per fiscal year quarter (Performance Measure 5.12) The performance measure dashboard is available at 5.12 Cybersecurity. Additional InformationSource: Maturity assessment /https://www.nist.gov/topics/cybersecurityContact: Scott CampbellContact E-Mail: Scott_Campbell@tempe.govData Source Type: ExcelPreparation Method: The data is a summary of a detailed and confidential analysis of the city's cybersecurity program. Maturity scores of subcategories within NIST CFS are combined, averaged, and rolled up to a summary score for each major category.Publish Frequency: AnnualPublish Method: ManualData Dictionary

Cyber Security as a Service Market Outlook

The global Cyber Security as a Service market size was valued at approximately $14 billion in 2023 and is projected to reach $41 billion by 2032, growing at a compound annual growth rate (CAGR) of 12.5% during the forecast period. This remarkable growth is driven by the increasing prevalence of cyber threats and the growing need for robust security solutions across various sectors.

The growth of the Cyber Security as a Service market can be attributed to several key factors. Firstly, the rapid digitization and adoption of cloud services have exposed businesses to a myriad of cyber threats, necessitating advanced security measures. The rise in sophisticated cyber-attacks, such as ransomware, phishing, and malware, has compelled organizations to seek comprehensive security solutions to safeguard their data and ensure business continuity. Additionally, regulatory requirements and compliance mandates across industries are driving the demand for managed security services, further propelling market growth.

Secondly, the increasing adoption of Internet of Things (IoT) devices has expanded the attack surface, making enterprises more vulnerable to cyber-attacks. As IoT devices become integral to business operations, securing these devices has become paramount. Cyber Security as a Service offers scalable and flexible solutions to monitor and protect IoT ecosystems, thereby addressing the security challenges posed by these interconnected devices. Furthermore, the growing awareness about the financial and reputational damage caused by data breaches is prompting businesses to invest heavily in cybersecurity services.

Thirdly, the shortage of skilled cybersecurity professionals is a significant growth driver for the market. Many organizations lack the in-house expertise required to effectively combat evolving cyber threats. As a result, they are increasingly turning to third-party service providers to manage their cybersecurity needs. Cyber Security as a Service offers access to a pool of experts, advanced technologies, and continuous monitoring capabilities, enabling businesses to strengthen their security posture without the need for extensive internal resources.

The integration of Financial Services Cybersecurity Systems and Services is becoming increasingly vital in the face of evolving cyber threats. Financial institutions are prime targets for cybercriminals due to the sensitive nature of financial data and transactions. As a result, there is a growing emphasis on developing comprehensive cybersecurity frameworks that encompass both preventive and responsive measures. These systems and services are designed to protect financial data, ensure compliance with regulatory requirements, and maintain customer trust. By leveraging advanced technologies such as artificial intelligence and machine learning, financial institutions can enhance their threat detection and response capabilities, thereby safeguarding their operations from potential cyber threats.

From a regional perspective, North America is expected to dominate the Cyber Security as a Service market during the forecast period. The presence of major cybersecurity vendors, coupled with stringent regulatory frameworks and high adoption rates of advanced technologies, contribute to the region's leading position. However, the Asia Pacific region is anticipated to witness the highest growth rate, driven by increasing digital transformation initiatives, rising cybercrime incidents, and growing awareness about cybersecurity solutions.

Service Type Analysis

In the Cyber Security as a Service market, the service type segment is pivotal, covering services such as Threat Intelligence, Managed Security Services, Security Monitoring and Analytics, Incident Response, Compliance Management, and others. The diverse nature of cyber threats necessitates a variety of specialized services, each catering to different facets of cybersecurity.

Threat Intelligence services play a crucial role in the market. These services involve the collection, analysis, and dissemination of information about potential or ongoing cyber threats. By leveraging advanced analytics and machine learning, threat intelligence services provide actionable insights that help organizations anticipate and mitigate cyber risks before they materialize. The growing complexity of cyber threats and the need for proactive threat management

This dataset comprises 100,000 entries of synthesized cybersecurity incidents. It provides extensive details on various attack scenarios, target systems, and response measures. The data is structured across 15 columns, each capturing critical aspects of cybersecurity events, including:

Incident Details:

attack_type: Type of the cyberattack (e.g., DDoS, phishing, ransomware). target_system: Systems targeted during the attack. outcome: The result of the attack (e.g., success, failure). timestamp: Time of the attack occurrence. Attacker and Target Information:

attacker_ip: IP address of the attacker. target_ip: IP address of the target. Attack Metrics:

data_compromised_GB: Volume of data compromised in GB. attack_duration_min: Duration of the attack in minutes. attack_severity: Severity of the attack on a scale. Defense and Response:

security_tools_used: Security tools or defenses employed. response_time_min: Time taken to respond to the incident. mitigation_method: Method used to mitigate the attack. Contextual Information:

user_role: Role of the user or entity involved. location: Geographical location of the incident. industry: Industry targeted by the attack. This dataset is ideal for exploring patterns in cybersecurity incidents, evaluating the effectiveness of response strategies, and building predictive models to enhance security measures. Let me know if you'd like further analysis or visualization of the data!

We present a novel cutting-edge, large-scale multiclass dataset to improve the security of network cognition of suspicious traffic in networks. The proposed newly generated dataset contains up-to-date samples and features available to the public to help reduce the effect of upcoming cyberattacks with machine learning methods. Specifically, 6 million traffic samples with 60 features are collected and organized into two balanced classes: 50% normal traffic and 50% anomaly (attack) traffic. Furthermore, the anomaly traffic is composed of 15 different attacks including MITM-ARP-SPOOFING attack, SSH-BRUTE FORCE attack, FTP-BRUTE FORCE attack, DDOS-ICMP, DDOS-RAWIP attack, DDOS-UDP attack, DOS attack, EXPLOITING-FTP attack, FUZZING attack, ICMP FLOOD attack, SYN-FLOOD attack, PORT SCANNING attack, REMOTE CODE EXECUTION attack, SQL INJECTION attack, and XSS attack.

For detailed info, Please refer to and cite our article: Q. Abu Al-Haija, Z. Masoud, A. Yasin, K. Alesawi, Y. Alkarnawi, "Revolutionizing Threat Hunting in Communication Networks: Introducing a Cutting-Edge Large-Scale Multiclass Dataset", 15th International Conference on Information and Communication Systems (ICICS 2024), IEEE, Aug. 2024.