Top 50 cybersecurity statistics for marketing (with sources, 2026)

Before you publish

These figures tie to primary sources published in 2024 or 2025 (accessed for accuracy in April 2026). Annual reports change year to year. Open the linked PDF or page and confirm the exact figure, definition, and geography before customer-facing or paid claims.

Pair each statistic with your ICP (enterprise vs. SMB, US vs. global) and note the study population. Verizon DBIR and IBM breach reports, for example, are not interchangeable samples.

How to read this list

Each fact is written in the same order: what was studied or counted (population, dataset, or geography), what was measured, and what the numbers showed (including year-over-year or subgroup splits when the source reports them).

Use the statistic number (for example #23) in internal briefs so reviewers can match copy to the same source.

IBM: Cost of a Data Breach 2025

1. In IBM's 2025 Cost of a Data Breach study, organizations worldwide reported a global average data breach cost of $4.4 million USD, down 9% from the prior year (IBM tied the decrease partly to faster identification and containment). IBM Cost of a Data Breach report

2. In IBM's 2025 study, among organizations that reported an AI-related security incident, 97% lacked proper AI access controls. IBM Cost of a Data Breach report

3. In IBM's 2025 study, 63% of organizations lacked AI governance policies to manage AI or prevent shadow AI proliferation. IBM Cost of a Data Breach report

4. In IBM's 2025 study, organizations with extensive use of AI in security reported about $1.9 million lower average breach cost than organizations that did not use those capabilities. IBM Cost of a Data Breach report

5. In IBM's 2025 Cost of a Data Breach report, IBM attributed lower global average breach cost partly to faster identification and containment, including automation and AI-assisted security workflows. IBM Cost of a Data Breach report

Verizon: Data Breach Investigations Report 2025 (executive summary)

6. In Verizon's 2025 Data Breach Investigations Report, analysts included 22,052 real-world security incidents in the dataset. Verizon 2025 DBIR executive summary (PDF)

7. In Verizon's 2025 DBIR dataset, 12,195 incidents were confirmed data breaches. Verizon 2025 DBIR executive summary (PDF)

8. In Verizon's 2025 DBIR, those incidents and breaches involved victims in 139 countries. Verizon 2025 DBIR executive summary (PDF)

9. In Verizon's 2025 DBIR breach sample, 53% of breaches used the System Intrusion classification pattern (36% in the prior year's comparison shown alongside in the report). Verizon 2025 DBIR executive summary (PDF)

10. In Verizon's 2025 DBIR breach sample, exploitation of vulnerabilities as an initial access vector accounted for 20% of breaches, up 34% year over year versus the prior year's report. Verizon 2025 DBIR executive summary (PDF)

11. In Verizon's 2025 DBIR, edge devices and VPNs were the target of 22% of exploitation-of-vulnerabilities actions (up from about 3% in the prior year's report). Verizon 2025 DBIR executive summary (PDF)

12. In Verizon's 2025 DBIR, about 54% of those edge-device targets were fully remediated through the year; median time to remediate perimeter device vulnerabilities was 32 days. Verizon 2025 DBIR executive summary (PDF)

13. In Verizon's 2025 DBIR dataset, ransomware presence grew 37% year over year relative to the prior year's report. Verizon 2025 DBIR executive summary (PDF)

14. In Verizon's 2025 DBIR breach sample, ransomware was present in 44% of all breaches reviewed (up from 32% in the prior comparison). Verizon 2025 DBIR executive summary (PDF)

15. In Verizon's 2025 DBIR ransom figures, median ransom paid to ransomware groups was $115,000 (down from $150,000 the prior year). Verizon 2025 DBIR executive summary (PDF)

16. In Verizon's 2025 DBIR, 64% of victim organizations did not pay ransoms (up from 50% two years earlier). Verizon 2025 DBIR executive summary (PDF)

17. In Verizon's 2025 DBIR, among larger organizations ransomware was a component of 39% of breaches; among SMBs in the dataset, ransomware-related breaches were 88% overall. Verizon 2025 DBIR executive summary (PDF)

18. In Verizon's 2025 DBIR breach sample, the human element was involved in roughly 60% of breaches (similar to the prior year). Verizon 2025 DBIR executive summary (PDF)

19. In Verizon's 2025 DBIR breach sample, breaches involving a third party rose from 15% to 30% year over year. Verizon 2025 DBIR executive summary (PDF)

20. In Verizon's 2025 DBIR breach sample, espionage-motivated breaches were 17% of breaches in the analysis. Verizon 2025 DBIR executive summary (PDF)

21. In Verizon's 2025 DBIR, analysis of infostealer credential logs found 30% of compromised systems could be identified as enterprise-licensed devices. Verizon 2025 DBIR executive summary (PDF)

22. In Verizon's 2025 DBIR, among compromised systems with corporate logins in the data, 46% were non-managed and hosted both personal and business credentials. Verizon 2025 DBIR executive summary (PDF)

23. In Verizon's 2025 DBIR breach sample, Social Engineering was the incident classification pattern for 17% of breaches (per the executive summary pattern breakdown). Verizon 2025 DBIR executive summary (PDF)

ISC2: Cybersecurity Workforce Study 2025

24. In ISC2's 2025 Cybersecurity Workforce Study, 16,029 professionals participated (a record sample size for that study). ISC2 Cybersecurity Workforce Study

25. In ISC2's 2025 study, 95% of respondents reported having at least one skill need (up 5 percentage points from 2024). ISC2 Cybersecurity Workforce Study

26. In ISC2's 2025 study, 59% of respondents cited critical or significant skill needs (up from 44% in 2024). ISC2 Cybersecurity Workforce Study

27. In ISC2's 2025 study, 41% of respondents ranked AI as the most pressing skills need and 36% ranked cloud security as the next most pressing. ISC2 Cybersecurity Workforce Study

28. In ISC2's 2025 study, 72% of respondents agreed that reducing cybersecurity personnel significantly increases the risk of a breach. ISC2 Cybersecurity Workforce Study

29. In ISC2's 2025 study, 76% of respondents said organizations should be held accountable if they suffer a breach after cutting cybersecurity staff. ISC2 Cybersecurity Workforce Study

30. In ISC2's 2025 study, 55% of respondents agreed their organizations have the resources necessary to address security incidents in the next 2 to 3 years (fewer than one quarter strongly agreed). ISC2 Cybersecurity Workforce Study

31. In ISC2's 2025 study, 33% of respondents said their organizations do not have the budget to adequately staff security teams. ISC2 Cybersecurity Workforce Study

32. In ISC2's 2025 study, 29% of respondents said they cannot afford to hire staff with the skills they need. ISC2 Cybersecurity Workforce Study

33. In ISC2's 2025 study, respondents reported cybersecurity layoffs at 24% of organizations in 2025 (down 1 percentage point from 2024). ISC2 Cybersecurity Workforce Study

34. In ISC2's 2025 study, organizations with 10,000 or more staff reported cybersecurity layoffs at 32%, compared with 17% among organizations with 1 to 99 staff. ISC2 Cybersecurity Workforce Study

FBI IC3: 2024 Internet Crime Report

35. In the FBI IC3 2024 Internet Crime Report, complainants reported $16.6 billion in total losses for 2024 (the report describes that total as a new record). FBI IC3 2024 Internet Crime Report (PDF)

36. In calendar year 2024, the FBI IC3 received 859,532 complaints. FBI IC3 2024 Internet Crime Report (PDF)

37. In the FBI IC3 2024 report, total reported losses were 33% higher than in 2023. FBI IC3 2024 Internet Crime Report (PDF)

38. In the FBI IC3 2024 data, among complaints that reported a loss, the average reported loss was $19,372. FBI IC3 2024 Internet Crime Report (PDF)

39. From 2020 through 2024, the FBI IC3 received 4.2 million complaints and $50.5 billion in reported losses, averaging about 836,000 complaints per year. FBI IC3 2024 Internet Crime Report (PDF)

40. Since 2000, the FBI IC3 has received more than 9 million complaints in total. FBI IC3 2024 Internet Crime Report (PDF)

41. In the FBI IC3 2024 report, phishing/spoofing led crime types by complaint count with 193,407 complaints. FBI IC3 2024 Internet Crime Report (PDF)

42. In the FBI IC3 2024 Internet Crime Report, investment fraud had the highest reported loss total at $6,570,639,864. FBI IC3 2024 Internet Crime Report (PDF)

43. In the FBI IC3 2024 report, business email compromise accounted for $2,770,151,146 in reported losses. FBI IC3 2024 Internet Crime Report (PDF)

44. In the FBI IC3 2024 report, cyber-enabled fraud accounted for almost 83% of all losses reported to IC3 in 2024. FBI IC3 2024 Internet Crime Report (PDF)

45. In the FBI IC3 2024 Internet Crime Report, individuals aged 60 and older filed 147,127 complaints with $4.8 billion in reported losses in the age-group breakdown. FBI IC3 2024 Internet Crime Report (PDF)

46. In the FBI IC3 2024 report introduction, ransomware complaints rose 9% from 2023 to 2024. FBI IC3 2024 Internet Crime Report (PDF)

ENISA: State of Cybersecurity in the Union (2024)

47. In ENISA's 2024 State of Cybersecurity in the Union report (citing ENISA Threat Landscape 2024), DoS/DDoS/RDoS and ransomware remained the most reported attack forms, accounting for more than half of observed events, followed by threats against data. ENISA State of Cybersecurity in the Union (PDF)

ENISA: Threat Landscape 2024

48. In ENISA Threat Landscape 2024, the publication documents the full threat-landscape methodology and incident corpus that underpin the EU overview referenced in the State of Cybersecurity in the Union report. ENISA Threat Landscape 2024

Gartner: market sizing

49. In Gartner's July 2025 forecast, worldwide end-user spending on information security was projected at $213 billion for 2025, up 10.4% year over year. Gartner information security spending forecast

50. In the same July 2025 Gartner forecast, security software was projected at $105.9 billion and security services at $83.8 billion for 2025. Gartner information security spending forecast