The past, present, and future of cybercrime. Brought to you by Evolution Equity Partners

– Steve Morgan, Editor-In-Chief

Sausalito, Calif. – Dec. 11, 2025

If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $10.5 trillion USD globally in 2025, according to Cybersecurity Ventures — would be the world’s third-largest economy after the U.S. and China, surpassing the wealth of entire nations.

Cybersecurity Ventures is excited to release this special fifth annual edition of the Cybersecurity Almanac, a handbook containing the most pertinent statistics and information for understanding cybercrime and the cybersecurity market.

We have something for everyone, including students, parents, academia, government, law enforcement, small-to-midsized businesses, Fortune 500 and Global 2000 companies, IT workers, cybersecurity experts, chief security officers, the boardroom, and C-suite executives.

The latest edition of the Cybersecurity Almanac provides an enlightening journey into noteworthy security incidents and the hackers behind them, as well as a comprehensive overview of critical historical dates, insightful statistical information, the cyberdefense landscape, cybersecurity investment trends, and more.

CYBERCRIME DAMAGE

• Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next two years, reaching $10.5 trillion USD globally this year and $12 trillion USD annually by 2031, up from $3 trillion USD in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
• The average global costs of a data breach, according to an IBM report, dropped to $4.44 million USD—down 9 percent from the year prior. The catalyst is faster breach containment driven by AI-powered defenses. Organizations were able to identify and contain a breach within a mean time of 241 days, the lowest it’s been in nine years. Yet this progress comes with a caveat: the very speed of AI and automation deployment that’s helping organizations defend better is also creating new risks. The 2025 cost is still up from $3.86 million USD in 2020.
• Following three years of intensive research, an international team of researchers have compiled the first ever ‘World Cybercrime Index’, which identifies the globe’s key cybercrime hotspots by ranking the most significant sources of cybercrime at a national level. The Index, published in Apr. 2024, shows that a relatively small number of countries house the greatest cybercriminal threat. Russia tops the list, followed by Ukraine, China, the U.S., Nigeria, and Romania. The U.K. comes in at number eight.
• Reporting practices concerning illegal cyber activity have improved, but in 2025, we are still faced with a situation where Cybersecurity Ventures predicts that less than 25 percent of cybercrimes committed globally are reported to law enforcement, up from less than one in seven cybercrimes that were reported in 2018, according to the U.S. Department of Justice.
• “Across the country we’re seeing increasingly sophisticated cybercrime being conducted by people who are younger and younger and younger,” said William McKeen, a supervisory special agent with the FBI’s Cyber Division, at a security conference in San Francisco last year. “It is terrifying.” He said the average age of anyone arrested for a crime in the U.S. is 37, while the average age of someone arrested for cybercrime is 19.

WHAT’S AT RISK

• Cybersecurity Ventures estimates that around half of all cyberattacks globally strike small businesses, and it’s been reported in various media outlets over the past decade that 60 percent of small companies go out of business within six months of falling victim to a data breach or cyberattack.
• A survey conducted in Oct. 2025 for Mastercard by the Harris Poll of 13,077 adults across 13 countries revealed that younger people are more likely to fall for online fraud, that people would feel too ashamed to report the crime, and, perhaps most worryingly, that nearly 60 percent say that fraud is so pervasive that being scammed is simply inevitable. Seven of 10 respondents said that it’s harder to secure their information on digital platforms than it is to secure their own home.
• Roughly one million more people join the internet every day. There were around 6 billion people connected to the internet interacting with data in 2022, up from 5 billion in 2020 — and we predict there will be more than 7.5 billion internet users in 2030. If street crime grows in relation to population growth, so will cybercrime.
• Total global data storage is projected to exceed 200 zettabytes by 2025. This includes data stored on private and public IT infrastructures, on utility infrastructures, on private and public cloud data centers, on personal computing devices — PCs, laptops, tablets, and smartphones — and on IoT (Internet-of-Things) devices. Cybersecurity Ventures predicts that the total amount of data stored in the cloud — which includes public clouds operated by vendors and social media companies (think Apple, Facebook, Google, Microsoft, X, etc.), government-owned clouds that are accessible to citizens and businesses, private clouds owned by mid-to-large-sized corporations, and cloud storage providers — will reach 100 zettabytes by 2025, or 50 percent of the world’s data at that time, up from approximately 25 percent stored in the cloud in 2015.

RANSOMWARE

• The global cost of ransomware was predicted to reach $20 billion USD in 2021, up from $325 million USD in 2015. Cybersecurity Ventures expects ransomware damage costs to exceed $265 billion USD annually by 2031.
• Cybersecurity Ventures predicted that a business fell victim to a ransomware attack every 11 seconds in 2021, up from every 14 seconds in 2019. The frequency of ransomware attacks on governments, businesses, consumers, and devices will continue to rise over the next seven years and hit every two seconds by 2031.
• CNA Financial made the biggest ransomware payout on record. The Chicago-based company paid $40 million USD to the Phoenix cybercriminal group, believed to come from Russia.
• Verizon’s 2025 Data Breach Investigation Report (DBIR) found that 44 percent of all breaches analyzed showed ransomware was present, marking a notable rise from last year’s report. Ransomware is also disproportionally affecting small organizations. In larger organizations, Ransomware is a component of 39 percent of breaches, while SMBs experienced Ransomware-related breaches to the tune of 88 percent overall.
• Ransomware complaints to the FBI’s Internet Crime Complaint Center (IC3) increased 9 percent year over year with 3,156 being posted in 2024 up from 2,825 and was called the most pervasive threat to critical infrastructure. For the year, the top five most active ransomware groups were Akira, LockBit, RansomHub, FOG, and PLAY, the report noted.

CRYPTOCRIME

• Cryptocrime, including exit scams, rug pulls, and theft is predicted to cost the world $30 billion USD in 2025, Cybersecurity Ventures predicts, rising at a rate of around 15 percent annually. This is more than twice the record-setting (at the time) $14 billion USD lost in 2021, according to a report from blockchain research firm Chainalysis.
• Major media outlets globally reported on Feb. 21, 2025 that a $1.5 billion (USD) hack of the Bybit cryptocurrency exchange was a record-setting cyberattack. The attack has been linked to North Korea’s Lazarus group, a state-sponsored hacking collective. Prior to that, the largest cryptocurrency hack to date was conducted in Mar. 2022 and targeted the network that supports the popular Axie Infinity blockchain gaming platform. Hackers breached the Ronin Network and made off with around $625 million worth of Ethereum and the USDC stablecoin. U.S. officials said that the Lazarus Group was linked to the theft.
• Perhaps no entity better illustrates the professionalization of the cryptocrime ecosystem than the online marketplace Huione Guarantee, according to the Chainalysis 2025 Crypto Crime Report. Huione and all vendors operating on their platform have processed more than $70 billion in crypto transactions since 2021. This platform has provided infrastructure which facilitates the sale of scam technology and processed on-chain transactions for pig butchering and other fraud and scams, addresses reported as stolen funds, sanctioned entities such as the Russian exchange Garantex, fraud shops, child sexual abuse material, and Chinese-language gambling sites and casinos, among others.
• At least $28 billion tied to illicit activity has flowed into crypto exchanges over the last two years, according to an examination by the International Consortium of Investigative Journalists, The New York Times and 36 other news organizations around the world. The money came from hackers, thieves and extortionists. These groups have moved money onto the world’s largest exchanges, which are online marketplaces where people can convert U.S. dollars or euros into Bitcoin, Ether and other digital coins.
• In Jan. 2024, hackers stole around $112 million of the Ripple-focused cryptocurrency XRP from a crypto wallet, Ripple’s co-founder and executive chairman had disclosed. Ripple’s Chris Larsen said at the time that the stolen crypto was his, which would make it one of the largest hacks on an individual. He wrote on X that “there was unauthorized access to a few of my personal XRP accounts (not Ripple) — we were quickly able to catch the problem and notify exchanges to freeze the affected addresses. Law enforcement is already involved.”

RECENT MAJOR HACKS

• In May 2023, a ransomware gang called Clop began abusing a zero-day exploit of Progress Software’s MOVEit Transfer enterprise file transfer tool. Clop’s widespread attack saw it steal data from government, public, and business organizations worldwide, including New York City’s public school system, a UK-based HR solutions and payroll company with clients including British Airways and BBC, and others. More than 2,600 organizations and 77 million people had been impacted by the MOVEit hack as of Nov. 2023.
• In Oct. 2023, MGM Resorts International said that a cyberattack in Sep. 2023 disrupted its operations and would cause a $100 million hit to its third-quarter results, as it worked to restore its systems. One of the world’s largest gambling firms, MGM shut down its systems after detecting the attack to contain damage. The situation became so dire that federal authorities and the White House became involved in the recovery effort.
• In Dec. 2023, genetic testing company 23andMe announced that hackers accessed the personal data of 0.1 percent of customers, or about 14,000 individuals. The company also said that by accessing those accounts, hackers were also able to access “a significant number of files containing profile information about other users’ ancestry.” But 23andMe would not say how many “other users” were impacted by the breach that the company initially disclosed in early Oct. 2023. As it turns out, there were a lot of “other users” who were victims of this data breach: 6.9 million affected individuals in total.
• Change Healthcare, a subsidiary of healthcare giant UnitedHealth was hit by a massive cyberattack in Feb. 2024. For several weeks, healthcare staff in practices across the U.S. were not able to receive payments from patients. CBS News called it the “biggest ever cybersecurity attack on the American healthcare system”. UnitedHealth’s Apr. 2024 earnings report noted that $872 million were spent on “unfavourable cyberattacks effects,” and the corporation’s CEO later confirmed that an additional $22 million ransom was paid to the hacker group. The company expects the cyberattack to cost $1.6 billion this year.
• A cyberattack on U.S. pharmaceutical solutions company Cencora in Feb. 2024 led to nearly a dozen pharma firms that partner with Cencora to disclose data breaches. Notifications published by the California Attorney General’s office from these companies indicated that the Cencora incident was the catalyst for their breaches. The companies are Bayer, Novartis, Regeneron, AbbVie, Incyte, Genentech, Sumitomo Pharma America, GlaxoSmithKline, Acadia, Endo, and Dendreon. This underscores the interconnected nature of data security within the pharmaceutical industry and highlights the ripple effect a single cyberattack can have on multiple organizations.
• In Mar. 2024, several French state services were targeted by a denial-of-service (DDoS) attack, that Prime Minister Gabriel Attal’s office described as a breach of “unprecedented intensity”. During almost an entire day, over 300 web domains and 177,000 IP addresses associated with the government were impacted, including severe disruptions to major public service websites.

• Roku said hackers gained unauthorized access to 576,000 accounts, the company’s second data-breach incident this year, prompting the streaming-hardware maker to institute additional security measures for users. In an Apr. 2024 blog post, Roku said the hackers likely gained access to the accounts by using usernames and passwords from other sites where customers may have used the same login credentials. This type of automated cyberattack is known as credential stuffing. San Jose, Calif.-based Roku has a user base of 80 million.
• Major London hospitals had to cancel operations and blood transfusions after being hit by a cyberattack that led to them declaring it a “critical incident” in Jun. 2024. Seven hospitals suffered serious disruption to their services as a result of a ransomware attack targeting a private company that analyses blood tests for them. More than 800 planned operations and 700 outpatient appointments were rearranged in the first week after the attack. The cyber assualt also prompted an urgent call for blood donations.
• In Jun. 2024, as many as 165 customers of cloud storage provider Snowflake have been compromised by a group that obtained login credentials through information-stealing malware, researchers from Mandiant, a Google-owned security firm said. Live Nation confirmed that data from its TicketMaster group stored on Snowflake had been stolen following a posting offering the sale of the full names, addresses, phone numbers, and partial credit card numbers for 560 million Ticketmaster customers. Mandiant said that all the compromises it has tracked so far were the result of login credentials for Snowflake accounts being stolen by infostealer malware and stored in vast logs, sometimes for years at a time.
• Roughly 15,000 car dealerships across the U.S. and Canada went days in Jun. 2024 without software systems crucial to running their business, following multiple cyberattacks on CDK Global. The company is one of just a handful of dealer management system providers that underpin auto retailers’ ability to access customer records, schedule appointments, handle car-repair orders and complete transactions, among other tasks. CDK has confirmed that it’s been the subject of a cyber-ransom event, and Bloomberg reported that the company was planning to pay the tens of millions of dollars that the group behind the hacks had demanded in order to restore service.
• A Dec. 2024 data breach involving PowerSchool affected an estimated 62 million students and 10 million teachers. The cloud-based software solution provides tools for enrollment, communication, attendance, staff management, learning systems, analytics, and finance at more than 6,000 K-12 schools and districts across the United States and Canada. The breach has left parents and educators grappling with concerns over privacy and data security, exposing sensitive information that hackers are attempting to exploit on the dark web. 
• In 2025, a notorious predominantly English-speaking hacking group launched a website to extort its victims, threatening to release about a billion records stolen from companies who store their customers’ data in cloud databases hosted by Salesforce. The ShinyHunters gang allegedly hacked dozens of high-profile companies by breaking into their cloud-based databases hosted by Salesforce. Insurance giant Allianz Life, Google, fashion conglomerate Kering, the airline Qantas, carmaking giant Stellantis, credit bureau TransUnion, and the employee management platform Workday, among several others, have confirmed their data was stolen in these mass hacks.The hackers’ leak site lists several alleged victims, including FedEx, Hulu (owned by Disney), and Toyota Motors.
• Google said in Oct. 2025 that there were likely to be more than 100 companies affected by an ambitious hacking campaign that targeted Oracle’s suite of business products, an early assessment that could portend wide-ranging damage. Google, said in a statement that “mass amounts of customer data” were stolen in an operation it said may have begun as early as three months ago. As of Dec. 2025, the number of companies and damages reported are still being tallied.

BIGGEST HACKS EVER

• In 2020, state-backed hackers exploited a ubiquitous SolarWinds software product in order to spy on government and business networks around the world, including in the U.S., U.K., Israel and Canada. The cyber spies lurked in email services, and posed as legitimate staffers to tap confidential information stored in the cloud. The bombshell revelations sent 18,000 exposed SolarWinds customers scrambling to assess whether outsiders did indeed enter their systems, what the damage was and how to fix it.The sprawling operation targeted some of the US government’s most sensitive data.
• Global meat supplier JBS was hit by a massive attack during the 2021 Memorial Day weekend. This was one of the biggest hacks in history to affect a player in food production. This ransomware attack brought its beef and pork slaughterhouses in North America and Australia to a standstill. The company obliged the attackers’ demand and paid an $11 million USD ransom to resume its operations.
• In May 2017, a massive ransomware attack known as WannaCry spread to over 200,000 computer systems across 150 countries. The attack encrypted files on infected systems and demanded ransom payments in Bitcoin to decrypt them. Total financial losses from the WannaCry attack were estimated to exceed $4 billion.
• In Jun. 2017, organisations around the world were hit by another destructive ransomware attack known as NotPetya. It is considered one of the most damaging cyber attacks to date, causing over $10 billion in damages. Major multinational companies were severely impacted, including shipping company Maersk, pharmaceutical giant Merck, and the French construction company Saint-Gobain. The attack also crippled computer systems across Ukraine where it is believed to have originated.
• The credit reporting agency Equifax announced in Sep. 2017 that the personal information of over 145 million Americans had been exposed in a massive data breach. The attackers exploited a security flaw to gain access to Equifax systems and stole sensitive customer information including Social Security numbers, birthdates, addresses, and some driver’s license numbers.
• In Nov. 2014, a hacker group calling itself the “Guardians of Peace” carried out a devastating cyber attack against Sony Pictures in retaliation for the planned release of the comedy film The Interview. The hackers stole and released over 100 terabytes of confidential data including upcoming film scripts, employee salaries, financial records, and thousands of private emails. They also wiped over half of Sony Pictures’ global network.
• In what is considered the largest data breach in history, all 3 billion Yahoo user accounts were compromised by a 2013 breach that went undetected for three years. The attackers, believed to be state-sponsored hackers from Russia, stole names, email addresses, phone numbers, birthdates, and encrypted passwords from Yahoo’s user database. A separate 2014 intrusion also allowed hackers to gain the account keys needed to access the private information of over 500 million accounts.
• The 2013 Cryptlocker malware attacked upwards of 250,000 machines by encrypting their files. It displayed a red ransom note with a payment window accompanied. The virus’ creators used a worm called the Gameover Zeus botnet to make and send copies of the CryptoLocker virus. Although CryptoLocker itself was easily removed, the affected files remained encrypted in a way which researchers considered unfeasible to break. Many said that the ransom should not be paid, but did not offer any way to recover files; others said that paying the ransom was the only way to recover files that had not been backed up. Some victims claimed that paying the ransom did not always lead to the files being decrypted.
• The Stuxnet worm, uncovered in 2010, was a sophisticated cyber weapon used to target and damage Iran’s nuclear enrichment facilities. Stuxnet temporarily crippled Iran’s capacity to develop nuclear material and caused about one-fifth of centrifuges to be destroyed. The virus is widely attributed as a joint effort by U.S. and Israeli intelligence agencies.
• The credit card payment processor Heartland Payment Systems was compromised in 2008, and an estimated 130 Million customer accounts were accessed, making it one of the largest credit card hacks in history. Albert Gonzalez and two Russian hackers placed sniffer programs within the Heartland system. These sniffers intercepted credit card credentials in real time and relayed the data back to them.He was found guilty in 2010 and sentenced to an unprecedented 20 years in prison.
  

HISTORIC VIRUSES

• For computer buffs visiting Pakistan’s historic city of Lahore, it seemed too good a bargain to pass up. A shop called Brain Computer Services was selling brand-name computer programs, such as Lotus 1-2-3 and WordStar, for as little as $1.50 each, according to TIME. From early 1986 to late 1987, scores of Americans — most of them students and backpackers — snapped up cut-rate disks for use on their computers back home. Hidden in nearly every disk was an extra program not supplied by any manufacturer: a snippet of computer code many considered to be the world’s most sophisticated computer virus. Every time an unsuspecting user lent his new disk to a friend or colleague, and every time the disk was run on a machine shared by other users, the code spread from one computer to another. The so-called Brain virus had found its way onto at least 100,000 floppy disks, sometimes with data-destroying impact. In each case the illicit program left behind a calling card for those savvy enough to find it: a message that began with the words WELCOME TO THE DUNGEON, and was signed by brothers Amjad Farooq Alvi, 26, and Basit Farooq Alvi, 19, the owners of Brain Computer Services.
• At around 8:30pm EST on Nov. 2, 1988, a malicious program developed by 23-year-old Robert Morris was unleashed on the Internet from a computer at the Massachusetts Institute of Technology (MIT), according to the FBI. The Morris Worm was soon propagating at remarkable speed and grinding computers to a halt. Within 24 hours, an estimated 6,000 of the approximately 60,000 computers that were then connected to the Internet had been hit. The rogue program had infected systems at a number of the prestigious colleges and public and private research centers that made up the early national electronic network. This was a year before the invention of the World Wide Web. The Morris Worm inspired a new generation of hackers and a wave of Internet-driven assaults that continue to plague our digital systems to this day.
• Neel Mehta of Google’s security team privately reported Heartbleed to the OpenSSL team on Apr. 1, 2014. Codenomicon discovered it independently at approximately the same time, and reported HeartBleed on Apr. 3, 2014. At the time of disclosure, some 17 percent (around half a million) of the Internet’s secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers’ private keys and users’ session cookies and passwords. Journalists deemed the Heartbleed bug “catastrophic”.
• The Zeus computer virus is an online theft tool that hit the web in 2007. A whitepaper by Unisys three years later estimated that it was behind 44 percent of all banking malware attacks. By then, it had breached 88 percent of all Fortune 500 companies, 2,500 organizations total, and 76,000 computers in 196 countries.The Zeus botnet was a group of programs that worked together to take over machines for a remote “bot master.” It originated in Eastern Europe and was used to transfer money to secret bank accounts. More than 100 members of the crime ring behind the virus, mostly in the U.S., were arrested in 2010.
• The worst computer virus outbreak in history, according to HP, Mydoom caused estimated damage of $38 billion in 2004. Also known as Novarg, this malware is technically a “worm,” spread by mass emailing. At one point, the Mydoom virus was responsible for 25 percent of all emails sent. Though a $250,000 reward was offered, the developer of this dangerous computer worm was never caught. Mydoom scraped addresses from infected machines, then sent copies of itself to those addresses. It also roped those infected machines into a web of computers called a botnet that performed distributed denial of service (DDoS) attacks. These attacks were intended to shut down a target website or server.
• The Sobig Worm was a computer worm that infected millions of Internet-connected, Microsoft Windows computers in Aug. 2003. As of 2018, Sobig is the second fastest computer worm to have ever entered the wild, being surpassed only by Mydoom. Sobig was not only a computer worm in the sense that it replicates by itself, but also a Trojan horse in that it masquerades as something other than malware.
• 20 years ago, the internet came as close to a total meltdown as we’ve seen since its commercialization in the 1990s. A UDP network worm payload of just 376 bytes, targeting UDP destination port 1434, aggressively propagated to all vulnerable, internet-connected Microsoft SQL Server hosts worldwide within a matter of minutes. Popularly known as the SQL Slammer (though the name Sapphire was suggested within the academic community, it didn’t catch on) worm, it infected around 75,000 vulnerable servers worldwide. The significant disruption it caused made international news. It was enough to bring many networks to a screeching halt, and disrupted retail credit card point-of-sale systems and ATMs worldwide
• With nearly $20 billion in estimated damages, The Klez Worm infected about 7.2 percent of all computers in 2001, or 7 million PCs. Klez sent fake emails, spoofed recognized senders and, among other things, attempted to deactivate other viruses. As with other viruses and worms, Klez was released in several variants. It infected files, copied itself, and spread throughout each victim’s network. It hung around for years, with each version more destructive than the last.
• Code Red was a computer worm observed on the Internet on Jul. 15, 2001. It attacked computers running Microsoft’s IIS web server. It was the first large-scale, mixed-threat attack to successfully target enterprise networks. The Code Red computer virus was yet another worm that penetrated 975,000 hosts. It displayed the words “Hacked by Chinese!” across infected web pages, and it ran entirely in each machine’s memory. In most cases it left no trace in hard drives or other storage. Financial costs are pegged at $2.4 billion. The virus attacked websites of infected computers and delivered a distributed denial of service (DDoS) attack on the U.S. White House’s website.
• ILOVEYOU, sometimes referred to as the Love Bug or Loveletter, was a computer worm that infected over ten million Windows personal computers on and after May 5, 2000. It started spreading as an email message with the subject line “ILOVEYOU” and the attachment “LOVE-LETTER-FOR-YOU.TXT.vbs.” Onel de Guzman, a then-24-year-old computer science student at AMA Computer College and resident of Manila, Philippines, created the malware.

ARTIFICIAL INTELLIGENCE (AI)

• The integration of AI into cybersecurity products is revolutionizing how organizations protect their systems and data, according to McKinsey. More than 90 percent of AI capabilities in cybersecurity are expected to come from third-party providers, making it easier for companies to adopt cutting-edge solutions as they upgrade their existing security stack. 
• In 2025, Carnegie Mellon University researchers demonstrated that large language models (LLMs) can autonomously plan and carry out sophisticated cyberattacks without human intervention. The research, conducted in partnership with artificial intelligence firm Anthropic, showed that AI could replicate the 2017 cyberattack on Equifax by autonomously exploiting vulnerabilities, installing malware and stealing data.The Equifax breach compromised approximately 147 million customers’ data, making it one of the largest data breaches in U.S. history. 
• Cybersecurity experts have warned for months that fully autonomous cyberattacks — in which AI agents execute an entire operation with minimal human input — were 12 to 18 months away. That timeline just shrank. Anthropic said Claude automated 80–90 percent of the latest Chinese espionage campaign. In response, major cybersecurity vendors are going all-in on AI, building systems that both automate basic defenses (i.e., detecting phishing emails and shutting down suspicious scripts before they execute) and help them anticipate where adversaries’ models might strike next.
• In Apr. 2024, Google, an early AI security mover, announced a major Gmail AI security update for its three billion users. The results: 20 percent more spam is blocked in Gmail using large language models (LLMs); 1,000 percent more user-reported Gmail spam is reviewed each day; 90 percent faster response time dealing with new spam and phishing attacks in Google Drive.
• Gartner predicts that by 2026, enterprises that combine GenAI with an integrated platforms-based architecture in security behavior and culture programs (SBCP) will experience 40 percent fewer employee-driven security incidents. 
• According to Deloitte, potential fraud losses for financial services institutions in the U.S. alone could reach $40 billion USD by 2027, highlighting why financial services are racing to strengthen their defenses. The response has been decisive: 91 percent of U.S. banks currently use AI for fraud detection, while 83 percent of anti-fraud professionals planned to incorporate GenAI into their systems by 2025.
• Phishing attacks over the past year increased by 1,265 percent, attributed to growth of generative AI tools, and the number of reported AI-enabled cyber attacks rose 47 percent globally in 2025. In the Cisco 2025 Cybersecurity Readiness Index: 86 percent of business leaders with cyber responsibilities reported at least one AI-related incident over the past 12 months.

CYBERSECURITY MARKET

• Cybersecurity Ventures predicts that global spending on cybersecurity products and services will hit $522 billion annually (USD) in 2026, up from $260 billion in 2021.This includes all countries globally, B2B and B2C, plus a portion of any markets that are converged with cybersecurity such as quantum security, physical security and surveillance, government information security and military cyber defense technology (all nations), space cyber defense, and also counts in cyberinsurance policies.
• AI is expanding a $2 trillion total addressable market (TAM) for cybersecurity providers, according to a 2024/2025 study by McKinsey, a global management consulting firm and trusted advisor to leading businesses, governments, and institutions.
• Today, nearly 15 percent of (corporate) cybersecurity spending comes from outside the chief information security office (CISO), and non-CISO cyber spending is expected to grow at a 24 percent CAGR over the next three years, according to the McKinsey study, which goes on to state that this has changed from a decade ago, when almost all cybersecurity spending came from the CISO organization.
• The U.S. and Western Europe will account for more than 70% of global security spending in 2025, according to the latest forecast from the “Worldwide Security Spending Guide”, published by IDC. However, all geographic regions were expected to see consistent growth in security spending in 2025, with the highest increases in Latin America, Central and Eastern Europe, and the Middle East and Africa.

• AI is reshaping nearly every industry – and cybersecurity is no exception. One research report estimates that the global market for AI-based cybersecurity products was about $15 billion in 2021 and will surge to roughly $135 billion by 2030.
• A significant amount of corporate, government, and small-to-midsized (STM) spending in our space has gone to Microsoft, who in fiscal 2025 generated around $37 billion in cybersecurity revenue, representing about 14 percent of its total revenue, according to Investing.com, and its security business can reach $50 billion by 2030 if it grows at a mid-teens CAGR.
• Global spending on security awareness training for employees (previously one of the most underspent cybersecurity budget items) is predicted to exceed $10 billion USD by 2027, according to Cybersecurity Ventures, up from around $5.6 billion USD in 2023.
• According to Gartner, worldwide security services revenue exceeded $77 billion in 2024, and Big 4 consulting giant Deloitte had the largest market share with 16.6 percent. That puts Deloitte’s annual security services revenues at more than $12.7 billion. Deloitte has an army of more than 40,000 security services professionals.
• The U.S. spends more than $25 billion on cybersecurity every year to defend federal systems against increasing threats from hackers, ransomware groups and state- sponsored actors, according to Palo Alto Networks. Deltek estimates the federal cybersecurity market at $18.8 billion in 2026, growing to $20.7 billion in 2028. The U.S. has the largest cybersecurity budget out of all nations for protecting its government against cyber threats.

CYBERINSURANCE

• The first cyberinsurance product in the U.S. emerged in 1996/1997 when AIG launched its Internet Security Liability (ISL) product. The ISL standard plan covered legal costs and settlement fees if customer credit cards were stolen from insured companies’ servers and the credit card company failed to protect them.
• Cybersecurity Ventures predicts the cyberinsurance market will grow to $14.8 billion USD in 2025 and will exceed $34 billion USD by 2031, based on a compound annual growth rate (CAGR) of 15 percent calculated over an 11-year period (2020 to 2031).
• One of the world’s largest cyber insurance firms is reportedly pulling back from the market. That company, Beazley, is dealing with increasing claims and falling prices, even as competitors double down on policies covering ransomware demands and other cyberattacks, the Financial Times (FT) reported in Nov. 2025. (Nov. 30). The company recently reported that cyber gross written premiums, a measure of top-line revenue, fell 8 percent in the nine months to Sept. 30 to $848 million. While Beazley has reduced its exposure, Chubb and AIG, two of its biggest rivals in the U.S. market, have maintained or grown their books, the report added. These diverging strategies underline volatility in the nascent sector.
• Attackers are leveraging AI to automate and scale phishing, ransomware and deepfake attacks, making threats faster and harder to detect. Aon research found that a rise in AI-driven deepfake attacks resulted in a 53 percent increase in social-engineering incidents year-over-year, and social engineering and fraud claims increased by 233 percent.
• While cyber insurance claims in the Resilience portfolio dropped by 53 percent in the first half of 2025—suggesting that organizations are getting better at preventing attacks—the financial damage from successful incidents has actually increased. The 2025 Midyear Cyber Risk Report reveals that when cybercriminals do break through Resilience client defenses, they’re hitting 17 percent harder than before, with ransomware attacks now averaging over $1.18 million in damages.
• When deemed reasonable and necessary, 44 percent of Coalition cyberinsurance policyholders that experienced a ransomware incident over the past year opted to pay the ransom. Coalition Incident Response (CIR) was able to negotiate ransom payments down by an average of 60 percent.
• The potential in Europe is clear: 41 percent of businesses with over €500 million in revenue intend to purchase cyberinsurance for the first time in the next five years, according to Howden’s 2025 Cyberinsurance Report. For a €500 million business, cyberinsurance can save approximately €16 million in attack-related costs over ten years. That means a 19 percent return on investment – a compelling value proposition. With rates continuing to fall in the low-double-digit range, current market conditions present a highly favourable entry point for new buyers in Europe.

BIG TECH

• Microsoft launched a national campaign with U.S. community colleges to help place 250,000 people into the cybersecurity workforce from 2021 to 2025, representing half of the country’s labor shortage. Microsoft also increased its planned cybersecurity investment to $20 billion over five years, up from the $1 billion per year they had been spending on cybersecurity since 2015. Last year, Microsoft CEO Satya Nadella announced that Microsoft Security has surpassed $20 billion USD in revenue.
• Citing Cybersecurity Ventures skills shortage data, the Redmond giant announced in 2022 a new partnership under its Ready4Cybersecurity program in Asia to improve access to cybersecurity skills and careers for underrepresented groups. The program aims to certify 100,000 young women and underrepresented youth in cybersecurity by 2025.

• In 2021, Google announced an investment of more than $10 billion through 2025 in cybersecurity. The effort will include helping to secure the supply chain and strengthening open-source security. Google also said they’re training 100,000 Americans for vital data privacy and security jobs. They are providing $15 million to create 15 new cybersecurity clinics at universities across the country, the company informed in Jun. 2024. The tech giant has also funded 2,000 students to earn a Career Certificate in Cybersecurity in Africa. Last year, Google started offering a Cybersecurity Professional Certificate training program for anyone, including those with no background in coding or computer science. The program, created by cybersecurity experts at Google, is designed to provide people with job-ready skills in under 6 months to jumpstart their career.
• IBM has committed to providing 30 million people in more than 30 countries across the Americas, Asia Pacific, Europe, Middle East and Africa, with learning opportunities to plug skills gaps in the technology sector, cybersecurity included, by 2030. Partnerships extend to NGOs focusing on underserved youth, women, and military veterans.
• In Jun. 2024, Cisco Investments, the global corporate venture investment arm of Cisco, launched a $1B AI investment fund to bolster the startup ecosystem and expand the development of secure, reliable, and trustworthy AI solutions. Cisco has already committed nearly $200M of the $1B investment fund to date.

BOARDROOM

• Cybersecurity Ventures predicts that by 2025, 35 percent of Fortune 500 companies will have board members with cybersecurity experience, and by 2031 that will climb to more than 50 percent. This is up from a Heidrick & Struggles estimate of 17 percent in 2021.
• Liability for cyber-physical security incidents were expected to pierce the corporate veil to personal liability for 75 percent of CEOs by 2024, according to Gartner, Inc. Due to the nature of cyber-physical systems (CPSs), incidents can quickly lead to physical harm to people, destruction of property or environmental disasters. 
• Lack of board access is the number one factor for CISO dissatisfaction, according to a Sep. 2025 CSO story citing research that states nearly 40 percent of CISOs at small and mid-market organizations have minimal or no access to full boards.
• The CISO’s rise to the C-suite comes with more engagement with the boardroom, an audience with the CEO, and the power to make strategic decisions for the business, according to Splunk. 82 percent of surveyed CISOs report directly to the CEO in 2025, a significant increase from 47 percent in 2023. In addition, 83 percent of CISOs participate in board meetings somewhat often or most of the time. While 60 percent acknowledge that board members with cybersecurity backgrounds more heavily influence security decisions, only 29 percent of CISOs say their board includes at least one member with cybersecurity expertise.
• Only 29 percent of CISOs said they receive the proper budget for cybersecurity initiatives and achieving their security goals, compared with 41 percent of board members who think cybersecurity budgets are just fine, according to a 2025 report from Oxford Economics, who surveyed 600 respondents, 500 of them CISOs, CSOs, or equivalent security leaders, and 100 board members.

WOMEN IN CYBER

• There’s a shortage of women in the cybersecurity industry. A Cybersecurity Ventures report found that women accounted for 25 percent of cybersecurity jobs worldwide in 2022. The organization predicted that women “will represent 30 percent of the global cybersecurity workforce by 2025, and that will reach 35 percent by 2031.”
• Black women are a vastly underrepresented group in technology and cybersecurity. The National Center for Women & Information Technology (NCWIT) has stated that of the 25 percent of women working in tech, just 3 percent of them are black. And only an undetermined fraction of those women are in cybersecurity.
• It is widely assumed that most cybercriminals are male. A report from Trend Micro sheds light on the numbers and finds that approximately 30 percent of cybercriminal forum participants are women.
• In 2018, Girl Scouts of the USA (GSUSA) partnered with Palo Alto Networks to add cybersecurity badges to Girl Scout programming. By 2023, more than 315,00 cybersecurity badges had been earned by Girl Scouts. 
• In Mar. 2024, Cisco signed an agreement with the Karnataka government in India under which it will train 40,000 people in cybersecurity skills and awareness. Out of that, 50 percent will be women to help meet the growing need for cyber talent as organizations look to bolster defences against an evolving and complex threat landscape.
• Veeam Software’s collaboration with Women In Cloud, launched in Aug. 2025, to certify one million people in AI, cloud, and cybersecurity, is designed to unlock secure digital livelihoods and propel India’s leadership in the global AI-powered economy.
  

CHIEF INFORMATION SECURITY OFFICERS

• The world’s first CISO was anointed in 1994, when financial services giant Citigroup (then Citicorp) set up a specialized cybersecurity office after suffering a series of cyberattacks from Russian hackers.
• Cybersecurity Ventures estimates there are now at least 32,000 CISOs employed worldwide. Zippia, established through a database of 30 million profiles and verified against Census Bureau data, estimates over 7,523 chief security officers (an interchangeable term with CISOs) are “currently employed” in the U.S.
• According to Cybersecurity Ventures, 100 percent of Fortune 500 companies and the majority of Global 2000 organizations employ a CISO or an equivalent role in 2025, up from 70 percent in 2018.
• While 67 percent of CISOs say their cybersecurity culture is strong, a striking 76 percent believe their organization is at risk of a material cyberattack in the next 12 months—up from 70 percent in 2024, according to Proofpoint’s 2025 Voice of the CISO Report. This paradox reflects a growing sentiment: breaches are increasingly viewed as inevitable rather than avoidable.The rise in concern isn’t without merit. Two-thirds (66 percent) of CISOs reported a material loss of sensitive information in the past year—up dramatically from 46 percent in 2024. Despite investments in security posture and awareness, more than half (58 percent) of CISOs still felt unprepared for a cyberattack in 2025.
• Gartner estimates that by 2025, nearly half of cybersecurity leaders will change roles — and 25 percent for different roles entirely — due to stress, psychological pressure, and burnout, among other factors.
• The gender gap remains a chasm when we consider the top roles in cybersecurity. For example, in 2025 women hold less than 20 percent of CISO roles at Fortune 500 companies, according to research from Cybersecurity Ventures.

CYBERSECURITY JOBS

• Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, enough to fill 50 NFL stadiums, according to Cybersecurity Ventures.
• The number of unfilled jobs leveled off in 2022, and remains at 3.5 million (or less) in 2025, with around a half-million of those positions in the U.S., according to CyberSeek. Industry efforts to source new talent and tackle burnout continues, but we predict that the disparity between demand and supply will remain for at least the next several years, especially with the emergence of AI in cybersecurity.
• Employment of information security analysts is projected to grow 32 percent from 2022 to 2032, much faster than the average for all occupations, according to the U.S. Bureau of Labor Statistics (BLS). The median annual wage for information security analysts was nearly $125,000 as of May 2024.
• India alone was expected to create one million new cybersecurity jobs by 2025, according to a NASSCOM estimate in 2016. The Indian cybersecurity market was projected to be close to a valuation of $500 billion USD by 2030.
• The cybersecurity unemployment rate for the most experienced positions hovers at around zero percent, and will likely remain so for years to come. But these positions make up a small percentage of the overall number of jobs in our industry.
• A few CISOs reported earning $5 million a year (including bonuses and annual equity grants), and the median CISO received $532,000 in total compensation, according to a May 2025 story in CSO. The data comes from a survey of U.S. enterprises with more than $1 billion in annual revenues.
• The median Chief Information Security Officer salary in the U.S. in 2025 is $384,715, according to Salary.com. The top paying cities for CISOs are San Francisco, New York, and Boston.

SOME HISTORY

• The world’s first national data network was constructed in France during the 1790s. It was a mechanical telegraph system, consisting of chains of towers, each of which had a system of movable wooden arms on top. The French telegraph system was hacked in 1834 by a pair of thieves who stole financial market information — effectively conducting the world’s first cyberattack.
• Before computer hacking, there was phreaking. The “ph-” was for phone, and the phreaks liked to reverse engineer the system of tones that telecommunications companies used for long-distance dialing. Recreating the tones for each number, at just the right pitch, could mean making a free call rather than running up expensive charges. In 1957, Joe Engressia (Joybubbles), a blind, 7-year-old boy with perfect pitch, hears a high-pitched tone on a phone line and begins whistling along to it at a frequency of 2600Hz, enabling him to communicate with phone lines and become the U.S.’s first phone hacker or “phone phreak.”
• The modern definition of the word “hack” was first coined at MIT in April 1955, and the first known mention of computer hacking occurred in a 1963 issue of The Tech.
• The first computer virus, Creeper, was named after a Scooby-Doo cartoon show character. Creeper was written in 1971 by BBN computer programmer Bob Thomas as an experiment in self-duplicating code.
• The first notable ransomware incident was caused by the AIDS Trojan. Malicious floppy disks containing the Trojan were handed out to roughly 20,000 attendees of the World Health Organization’s AIDS conference by “the father of ransomware,” Joseph Popp. Victims were told to send $189 to PC Cyborg Corporation at a PO box in Panama. Although, as it was simple malware, decryption tools were made available quickly.

– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

About Evolution Equity

The post 2025 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics appeared first on Cybercrime Magazine.