Cybersecurity Statistics 2026: Threats by the Numbers

Cybercrime is projected to cost the world $10.5 trillion per year in 2025, according to Cybersecurity Ventures, up from $3 trillion in 2015. Ransomware now appears in 44% of confirmed breaches (Verizon DBIR 2025), the FBI logged a record $16.6 billion in reported losses across 859,532 complaints, and Check Point measured an average of 1,968 attacks per organization every week in 2025. Small businesses absorb a disproportionate share, accounting for roughly 43% of all attacks. These numbers show a threat that is faster, cheaper to launch, and increasingly automated by AI.

Cyberattacks are no longer a problem only for large enterprises. As more documents, payments, and identities move online, attackers have far more targets and far cheaper tools to reach them. Generative AI has lowered the cost of convincing phishing, while ransomware has matured into a full criminal business model.

This post breaks down 16 verified cybersecurity statistics for 2026, each with a named source and direct link. It is written for individuals, freelancers, and small-business owners who handle sensitive paperwork and want to understand where the real risks are.

1. Cybercrime is set to cost the world $10.5 trillion a year in 2025

$10.5 trillion is the projected annual cost of cybercrime worldwide in 2025, according to Cybersecurity Ventures. That figure is up from $3 trillion in 2015, a rise the firm pegs at roughly 15% growth per year. To put the scale in perspective, if cybercrime were a country, its "GDP" would rank third in the world behind only the United States and China. This total bundles together stolen money, intellectual property theft, fraud, downtime, recovery costs, and reputational damage. The number matters because it reframes cybercrime as a macroeconomic force, not a niche IT concern. For the people defending budgets and devices, it signals that attacker incentives are enormous and still climbing, which is why even small targets are now worth a criminal's time.

Source: Cybersecurity Ventures - Cybercrime To Cost The World $10.5 Trillion Annually By 2025

2. The FBI logged $16.6 billion in reported cybercrime losses in 2024

$16.6 billion in losses were reported to the FBI's Internet Crime Complaint Center (IC3) in 2024, a 33% jump from the prior year. Those losses came from 859,532 complaints, making 2024 a record year on both counts. The figure is striking because IC3 only captures crimes that victims actually report, so the true total is almost certainly higher. Investment fraud, much of it crypto-related, drove the largest dollar losses at more than $6.5 billion, while business email compromise accounted for close to $2.8 billion. People over 60 reported both the most complaints and the heaviest losses, nearly $5 billion as a group. The takeaway is that financial fraud, not just data theft, is where everyday victims feel cybercrime most directly.

Source: FBI - 2024 Internet Crime Report

3. Organizations faced an average of 1,968 cyberattacks per week in 2025

1,968 attacks per week is the average each organization faced in 2025, according to Check Point Research. That represents a 70% increase since 2023, with the weekly figure climbing past 2,000 by the end of the year. The pace is relentless: attacks are no longer occasional events but a constant background hum that every connected business absorbs. Check Point attributes the surge partly to automation and AI, which let attackers scale campaigns and probe many targets at once. The number reframes "did we get attacked" into "how often, and did anything get through." For small teams without a dedicated security staff, this volume explains why a single missed update or reused password can be enough for one of those thousands of weekly attempts to land.

Source: Check Point - 2026 Cyber Security Report

4. Ransomware appeared in 44% of confirmed data breaches

44% of confirmed data breaches in 2025 involved ransomware, according to the Verizon Data Breach Investigations Report (DBIR). That is a sharp rise from 32% the year before, cementing ransomware as the dominant breach pattern. The DBIR analyzed more than 22,000 security incidents and over 12,000 confirmed breaches across 139 countries, so this is a broad, credible sample. Notably, the median ransom paid actually fell to about $115,000, and 64% of victims refused to pay at all, a sign that more organizations now trust their backups and recovery plans. Still, the rising share of breaches that involve ransomware shows attackers default to it because it is profitable and disruptive. For any organization, this stat makes the case for tested backups and tight access controls.

Source: Verizon - 2025 Data Breach Investigations Report

5. Ransomware hit 88% of small and midsize business attacks

88% of cyberattacks against small and midsize businesses (SMBs) involved ransomware, according to the Verizon 2025 DBIR. That share dwarfs the rate seen at larger enterprises and reveals a deliberate targeting pattern. Attackers know smaller organizations often lack dedicated security staff, run outdated software, and hold valuable customer and financial data. For a criminal, that combination means an easier break-in and a victim more likely to pay to restore operations fast. The implication for SMBs is uncomfortable but clear: the assumption that "we are too small to be a target" is exactly backwards. Smaller firms are not collateral damage in attacks aimed elsewhere; they are the primary destination. Basic defenses like offline backups, multifactor authentication, and reducing the amount of sensitive data stored on shared servers matter most here.

Source: Verizon - 2025 Data Breach Investigations Report

6. The average data breach cost $4.44 million in 2025

$4.44 million was the global average cost of a data breach in 2025, according to IBM's Cost of a Data Breach Report. That figure fell 9% from $4.88 million in 2024, the first decline in five years. IBM credits faster detection and containment, much of it driven by security AI and automation, which trimmed the average breach lifecycle to 241 days. In the United States, however, the average cost reached $10.22 million, more than double the global figure. Healthcare remained the most expensive sector at $7.42 million per breach. The drop is encouraging, but the absolute numbers stay enormous, especially for smaller organizations that could never absorb a seven-figure incident. This stat underscores why limiting how much sensitive data you expose is cheaper than cleaning up after it leaks. Our data breach statistics roundup digs deeper into these cost trends.

Source: IBM - Cost of a Data Breach Report 2025

7. Phishing was the most reported cybercrime, with 193,407 complaints

193,407 phishing and spoofing complaints reached the FBI's IC3 in 2024, making it the single most reported cybercrime that year. Phishing topped the list ahead of extortion and personal data breaches, confirming that deception, not technical exploits, remains the most common way criminals reach victims. Phishing works because it targets people rather than systems: a convincing email, text, or fake login page can bypass expensive security tools if one person clicks. The technique scales cheaply, which is why attackers send it by the millions. For individuals and small businesses, this stat is a reminder that the human inbox is the front line. Verifying senders, slowing down on urgent-sounding requests, and never entering credentials from an emailed link remain the highest-value habits you can build.

Source: FBI - 2024 Internet Crime Report

8. 60% of breaches involved a human element

60% of data breaches in 2025 involved a human element, according to the Verizon 2025 DBIR. That covers mistakes, falling for social engineering, misuse of access, and stolen or reused credentials. The number is important because it shifts the focus from purely technical defenses to people and process. Firewalls and antivirus matter, but most breaches still hinge on someone clicking, misconfiguring, or being tricked. The DBIR also found that 22% of breaches began with credential abuse and 16% started with phishing, both squarely human-driven entry points. For small organizations, the practical lesson is that security training and simple guardrails, like multifactor authentication and least-privilege access, often prevent more incidents than expensive tooling. The weakest link is rarely the technology itself; it is the everyday decisions made by busy people under pressure.

Source: Verizon - 2025 Data Breach Investigations Report

9. Roughly 43% of cyberattacks target small businesses

43% of all cyberattacks target small businesses, a figure cited across multiple 2025 industry analyses. The reasoning behind it is consistent: smaller firms are perceived as softer targets with weaker defenses but real, monetizable data. Attackers use automated tools that scan the internet indiscriminately, so a small accounting firm or local clinic gets probed by the same bots that hit large corporations. The difference is that small businesses are far less likely to have the staff, budget, or recovery plans to bounce back. This stat dismantles the comforting myth that obscurity equals safety. Size offers no protection when attacks are automated and opportunistic. The practical response is not to match enterprise security spending, but to cover the basics that block the majority of automated attacks: updates, strong unique passwords, multifactor authentication, and minimizing where sensitive documents live.

Source: StationX - Small Business Cybersecurity Statistics and Trends 2026

10. A ransomware attack is predicted to strike every 2 seconds by 2031

Every 2 seconds is how often Cybersecurity Ventures predicts a ransomware attack will strike a consumer or business by 2031. That pace, roughly 43,200 attacks per day, is up from one every 11 seconds in 2021. The same forecast expects ransomware to cost victims around $275 billion annually by 2031. The acceleration matters because it reflects how attackers keep refining payloads and extortion tactics to hit more victims with less effort. Ransomware has become the fastest-growing category of cybercrime precisely because it is repeatable and profitable. For individuals and small businesses, the trajectory means the question is shifting from "if" to "how often" and "how prepared." Offline, tested backups remain the single most reliable defense, because they let a victim restore data without negotiating with criminals or gambling on whether they will honor a payment.

Source: Cybersecurity Ventures - Ransomware Will Strike Every 2 Seconds By 2031

11. The average ransomware recovery cost was $1.53 million in 2025

$1.53 million was the average cost to recover from a ransomware attack in 2025, excluding any ransom paid, according to Sophos. That marked a 44% drop from $2.73 million in 2024, and recovery sped up too, with 53% of victims back within a week versus 35% the year before. Encouragingly, 97% of organizations that had data encrypted were able to recover it. The improvement reflects better backups, incident response, and recovery planning across the industry. But the recovery figure still excludes the ransom itself, lost business, and reputational harm, so the true cost runs higher. Sophos based the findings on a survey of 3,400 IT and security leaders across 17 countries whose organizations were hit. The lesson for smaller organizations is that recovery capability, not just prevention, determines how badly an attack hurts.

Source: Sophos - The State of Ransomware 2025

12. 4.8 million cybersecurity jobs sit unfilled worldwide

4.8 million is the global cybersecurity talent gap reported in the 2025 ISC2 Cybersecurity Workforce Study. The World Economic Forum has noted the workforce would need to grow by roughly 87% to meet current demand. The shortage matters because defenders are outnumbered while attackers automate and scale. ISC2 found that 88% of respondents said their organization suffered at least one significant security consequence in the past year tied to a skills shortage. For the first time, budget cuts and economic pressure overtook a simple lack of talent as the top driver of understaffed teams. The practical effect trickles down to everyone: when even large organizations struggle to staff defenses, smaller ones rarely have any dedicated security help at all. That reality makes simple, built-in protections and reducing exposure more important than relying on expert intervention after something goes wrong.

Source: ISC2 - 2025 Cybersecurity Workforce Study

13. Attacks on Android users rose 29% in early 2025

29% more attacks hit Android smartphone users in the first half of 2025 than in the same period of 2024, according to Kaspersky. Compared with the second half of 2024, the increase was 48%. Kaspersky blocked more than 14 million Android malware and adware attacks in 2025 and detected over 815,000 new malicious installation packages. Banking trojans were a standout threat, with packages surging into the hundreds of thousands. The rise matters because phones now hold scanned IDs, banking apps, photos of documents, and login sessions, making them rich targets. Mobile-first attackers increasingly favor SMS phishing, known as smishing, to trick users into installing malware or surrendering credentials. For anyone who manages sensitive paperwork on a phone, this stat is a reminder that the device in your pocket is a primary target, not an afterthought, and deserves the same caution as a laptop.

Source: Kaspersky - Attacks on smartphones increased in the first half of 2025

14. Mobile banking malware now targets institutions in 61 countries

1,243 financial institutions across 61 countries were targeted by mobile banking malware, according to Zimperium's 2025 Global Mobile Threat Report. The firm tracked 34 active banking malware families, a 67% year-over-year increase. The data shows attackers treating mobile as a primary battleground, not a secondary one. Banking trojans on phones can intercept one-time passcodes, overlay fake login screens, and quietly drain accounts. Zimperium also highlights that smishing has become one of the most common attack vectors, exploiting the trust people place in text messages. This stat matters because so much sensitive activity, from approving payments to receiving authentication codes, now happens on a single device. The concentration of banking, identity, and document data on phones makes them high-value targets. Keeping apps updated, installing only from official stores, and being skeptical of links in texts are basic but effective countermeasures.

Source: Zimperium - 2025 Global Mobile Threat Report

15. 82.6% of phishing emails now use AI

82.6% of phishing emails detected between September 2024 and February 2025 used AI, a 53.5% year-over-year increase, according to research summarized across 2025 security reporting. Generative AI lets attackers write cleaner, more convincing messages faster, removing the spelling and grammar tells that once flagged scams. Some studies report AI-crafted phishing achieving far higher click rates than traditional campaigns. The shift matters because the classic advice to "look for typos" is now obsolete; a well-written, personalized message is no longer a sign of legitimacy. Attackers also use AI to scale personalization, tailoring lures to a target's role, employer, or recent activity. For individuals and small businesses, this raises the bar on verification: confirm unusual requests through a separate channel, and treat urgency or secrecy as red flags regardless of how polished the message looks. The defense has to move from spotting mistakes to verifying intent.

Source: StationX - Phishing Statistics 2026

16. DDoS made up 77% of reported EU incidents in 2024-2025

77% of reported cybersecurity incidents in the EU were distributed denial-of-service (DDoS) attacks, according to the ENISA Threat Landscape covering July 2024 to June 2025. ENISA analyzed 4,875 incidents and found that almost 80% were ideology-driven, carried out largely by hacktivists. Phishing remained the leading intrusion access point at 60%, followed by vulnerability exploitation at 21.3%. Once attackers got in, 87.3% of malicious code deployed was ransomware, banking trojans, or infostealers. The report also documented over 42,595 new vulnerabilities disclosed in the period, a 27% rise, with critical flaws weaponized within days. This European view confirms patterns seen globally: disruption and data theft dominate, and phishing remains the favored door in. For organizations of any size, the consistency across regions and reports reinforces that a small set of fundamentals, patching, phishing awareness, and resilience, blocks most of what attackers throw.

Source: ENISA - Threat Landscape 2025

What These Cybersecurity Numbers Reveal Together

Read as a set, these statistics describe a threat that is industrializing. Cybercrime now carries a trillion-dollar price tag, ransomware shows up in nearly half of breaches, and organizations field close to 2,000 attacks a week. The common thread is automation: attackers use cheap, scalable tools, increasingly powered by AI, to hit more targets with less effort. That is why volume keeps climbing even as some costs, like ransom payments and recovery bills, edge down.

For individuals and small businesses, the most actionable signal is that you are not too small to matter. Roughly 43% of attacks target small firms, 88% of SMB attacks involve ransomware, and phishing remains the number-one reported crime. Most successful attacks still exploit people and exposed data rather than exotic technical flaws. That means the highest-value defenses are unglamorous: multifactor authentication, tested offline backups, prompt updates, and reducing how much sensitive information sits where attackers can reach it.

The trajectory points toward faster, AI-assisted attacks and a defender shortage of 4.8 million workers that will not close soon. As more identity and financial data concentrates on the phones we carry, where Android attacks rose 29% in early 2025, the device itself becomes a primary target. The organizations and individuals who fare best will be those who shrink their attack surface before an incident, not after.

The cheapest data to protect is the data you never expose in the first place.

Digitize Sensitive Documents Quickly and Reliably

A recurring lesson in these numbers is that exposed data is what gets stolen, and the documents attackers prize most, IDs, contracts, and financial records, are exactly the ones you need to digitize cleanly and keep close. Filewise is the fast, reliable scanner professionals use to get that job done. It turns those sensitive documents into sharp, searchable, professional multi-page PDFs in seconds, with scanning and on-device OCR that run right on your iPhone so your files stay on the device you carry. Face ID locks the most sensitive scans, and you can review our broader data privacy statistics breakdown for more on why minimizing exposure matters.

Join the Filewise waitlist and turn receipts, contracts, and IDs into sharp, searchable PDFs right on your iPhone.

Filewise is launching soon - the fast, reliable PDF and document scanner for iPhone, built for professionals.

Join the Filewise Waitlist

On-device OCR · Face ID security · Launching soon on iOS

Frequently Asked Questions

How much does cybercrime cost globally?

Cybercrime is projected to cost the world $10.5 trillion per year in 2025, according to Cybersecurity Ventures, up from $3 trillion in 2015. That works out to roughly 15% growth per year. Separately, the FBI's IC3 recorded $16.6 billion in reported losses in the United States alone in 2024, a 33% increase over the prior year.

How often do cyberattacks happen?

Organizations faced an average of 1,968 cyberattacks per week in 2025, according to Check Point Research, a 70% increase since 2023. Looking ahead, Cybersecurity Ventures predicts a ransomware attack will strike a consumer or business every 2 seconds by 2031, up from every 11 seconds in 2021.

Are small businesses really targeted by hackers?

Yes. Roughly 43% of all cyberattacks target small businesses, and 88% of attacks against small and midsize businesses involve ransomware, according to the Verizon 2025 DBIR. Attackers favor smaller organizations because they often hold valuable data but lack dedicated security staff and recovery plans.

What is the most common type of cyberattack?

Phishing was the single most reported cybercrime in 2024, with 193,407 complaints to the FBI's IC3. It remains the top entry point for breaches because it targets people rather than systems. AI has made it worse: about 82.6% of phishing emails detected in late 2024 and early 2025 were generated with AI, removing the typos that once gave scams away.