Hi guys, I send out a weekly newsletter with the latest cybersecurity vendor reports and research, and thought you might find it useful, so sharing it here.
All the reports and research below were published between June 23rd - June 29th, 2025.
You can get the below into your inbox every week if you want: https://www.cybersecstats.com/cybersecstatsnewsletter/
Let me know if I'm missing any.
General cybersecurity trend reports
Cyberattacks top list of concerns for U.S. tech executives (Talker Research)
A survey of 1,000 U.S. C-Suite and Direct Managers in Cyber Security and Data Center roles and 1,000 employed Americans working in tech.
Key stats:
- 95% of business leaders say that increased awareness and use of AI has an impact on how they store data.
- 53% of executives see cybersecurity skills as the most in-demand for their future talent pipelines.
- Only 48% of the 1,000 employees polled believe that their company is "very prepared" to prevent cybersecurity attacks.
Read the full report here.
2025 Cybersecurity Assessment Report: Navigating the New Reality (Bitdefender)
Annual report based on an independent survey and analysis of cybersecurity professionals revealing the most urgent concerns, key challenges, and threat perceptions shaping enterprise security.
Key stats:
- 57.6% of IT/security professionals reported being pressured to keep a breach confidential, even when they believed it should be reported to authorities. This is a 38% increase compared to 2023.
- 67.7% stress cutting cyber risk by disabling unused tools/apps.
- 84% of major attacks now use legitimate, existing tools (e.g., LOTL tactics).
Read the full report here.
2025 Compromise Report (Lumu)
A report on how threats are evolving based on insights from the first half of 2025.
Key stats:
- Lumma Stealer is now the most prevalent type of malware, accounting for over 25% of recorded infostealer attacks worldwide.
- Almost 40% of ransomware attacks in the US targeted the education sector.
- The SLED sector (State, Local Government, and Education) faced 60% of the recorded anonymous attacks.
Read the full report here.
Threat Report H1 2025 (ESET)
A summary of the threat landscape trends seen in ESET telemetry and from the perspective of both ESET threat detection and research experts from December 2024 through May 2025.
Key stats:
- ClickFix, a new deceptive fake error attack vector, surged by over 500% compared to H2 2024 in ESET telemetry.
- ClickFix became the second most common attack method after phishing.
- Android adware detections jumped 160%.
Read the full report here.
Ransomware
The State of Ransomware 2025 (Sophos)
Sophos’ sixth annual report on the state of ransomware based on a vendor-agnostic survey of 3,400 IT and cybersecurity leaders. The survey covered organisations with 100 – 5,000 employees across 17 countries.
Key stats:
- The median ransom payment was $1 million.
- Nearly 50% of companies paid a ransom to recover their data.
- 53% of companies that paid the ransom successfully negotiated a lower amount than the initial demand.
Read the full report here.
Monthly Threat Pulse – Review of May 2025 (NCC Group)
NCC Group review of ransomware attacks in May 2025.
Key stats:
- Global ransomware attacks decreased by 6% in May.
- Safepay emerged as the most active threat group, responsible for 18% of all attacks in May.
- Industrials remained the most targeted sector, accounting for 30% of attacks.
Read the full report here.
Fraud/Identity
Americans are worried about AI-powered fraud, but many also trust AI to help stop it (Abrigo)
A survey of American consumers into AI fraud and their financial institutions’ preparedness.
Key stats:
- Over 83% of consumers have concerns about AI-powered fraud.
- More than 43% of Americans say AI-powered fraud detection would increase their confidence in their financial institution.
- Nearly 72% of Americans are either “somewhat,” “very,” or “extremely” interested in AI-powered fraud detection tools.
Read the full report here.
2025 Trends in Identity Report (Identity Theft Resource Center)
Analysis of identity crimes (compromise, theft, and misuse) reported by victims from April 1, 2024, to March 31, 2025.
Key stats:
- The number of people experiencing multiple identity-related concerns increased year-over-year from 15% to 24%.
- Impersonation scams were the top reported type of scam to the ITRC, showing a 148-percentage-point increase year-over-year.
- The top methods of identity compromise reported were due to PII being shared in a scam, stolen documents with personal information, and unauthorized access to a computer or mobile device.
Read the full report here.
Customer Identity Trends Report 2025 (Okta)
Report based on a global survey of 6750 consumers and operational telemetry from its Auth0 platform.
Key stats:
- In 2024, an average of 46% of all registration attempts across the Auth0 platform were identified as signup attacks.
- The retail and e-commerce sector experienced a multi-month attack, during which fraudulent signups outnumbered legitimate ones by 120 times.
- 72% of customers care about security when deciding whether to create an account with a brand.
Read the full report here.
Supply chain
2025 Supply Chain Cybersecurity Trends (SecurityScorecard)
Insights from nearly 550 CISOs and security professionals worldwide into how most organizations manage supply chain cyber risk.
Key stats:
- 88% of cybersecurity leaders are concerned about supply chain cyber risks.
- 70%+ organizations reported experiencing at least one material third-party cybersecurity incident in the past year.
- Fewer than half of organizations monitor cybersecurity across even 50% of their nth-party supply chains.
Read the full report here.
AI
AI Agents: The New Insider Threat (BeyondID)
A report based on a survey of US-based IT leaders on how their organizations approach AI security.
Key stats:
- 85% of organizations lack proper security controls for AI agents.
- 85% of organizations claim they are "ready for AI in security."
- Fewer than 50% of organizations monitor access or behavior for the AI systems they deploy.
Read the full report here.
The State of LLM Security Report (Cobalt)
Research into defenders’ ability to secure generative AI in enterprise security.
Key stats:
- 36% of security leaders and practitioners admit that genAI is moving faster than their teams can manage.
- 48% of security leaders believe a “strategic pause” is needed to recalibrate defenses against genAI-driven threats.
- 33% of respondents are still not conducting regular security assessments, including penetration testing, for their Large Language Model (LLM) deployments.
Read the full report here.
The State of AI in the Workplace 2025 (Zluri)
Study on enterprise AI adoption and its resulting security challenges.
Key stats:
- 80% of enterprise AI tools operate unmanaged.
- Fewer than 20% of AI apps are visible and controlled within enterprises.
- Some companies are already adopting more than 100 AI applications.
Read the full report here.
Industry-specific data
Government State and Local 2025 Survey Findings (EY)
A survey of 300 US state and local IT leaders on their tech modernization efforts.
Key stats:
- 54% of state/local IT leaders say improving cybersecurity is a top priority this fiscal year.
- 82% worry AI will make cyberattacks more advanced.
- 39% cite cybersecurity as the top barrier to adopting private sector tech.
Read the full report here.
State of Identity Verification in the iGaming Industry 2025 (Sumsub)
A comprehensive look at how fraud threats in the iGaming industry are shifting across regions, stages, and attack types.
Key stats:
- 83% of iGaming operators faced fraud in the past year.
- Most fraud occurs between 4 - 8 a.m.
- The deposit stage is the top fraud target (41.9%), followed by withdrawals (22.9%) and in-game activity (11.4%).
Read the full report here.
State of CPS Security 2025: Building Management System Exposures (Claroty)
Research on t...
Content cut off. Read original on https://old.reddit.com/r/cybersecurity/comments/1loabaz/cybersecurity_statistics_of_the_week_june_23rd/