GITNUXREPORT 2025

Advanced Persistent Threat Statistics

Most organizations remain vulnerable to persistent, targeted, and costly APT cyber threats.

Jannik Lindner

Jannik Linder

Co-Founder of Gitnux, specialized in content and tech since 2016.

First published: April 29, 2025

Our Commitment to Accuracy

Rigorous fact-checking • Reputable sources • Regular updatesLearn more

Key Statistics

Statistic 1

57% of organizations do not have sufficient resources to detect APT activities

Statistic 2

65% of organizations believe their current cybersecurity tools are insufficient against APT groups

Statistic 3

66% of organizations lack comprehensive incident response plans specifically for APT threats

Statistic 4

63% of organizations do not regularly update threat detection signatures for APTs

Statistic 5

71% of organizations believe that AI-based detection methods are crucial for identifying APT activities

Statistic 6

33% of organizations have successfully prevented at least one APT attack through advanced defense measures

Statistic 7

The detection rate of APT activities by traditional security solutions is only about 42%

Statistic 8

50% of APT attacks are detected only after weeks or months of activity

Statistic 9

59% of organizations state their threat hunting teams are insufficiently equipped to detect APT threats

Statistic 10

65% of organizations lack adequate security monitoring for internal lateral movement

Statistic 11

77% of organizations believe that continuous monitoring is essential to detect APT threat persistence

Statistic 12

54% of targeted organizations reported that APT groups stayed undetected for months

Statistic 13

45% of organizations have adopted threat intelligence platforms specifically for APT detection

Statistic 14

67% of organizations confirm that internal security teams lack sufficient training to identify APT activities

Statistic 15

72% of organizations state they plan to increase cybersecurity spending due to APT threats over the next year

Statistic 16

85% of APT attacks can be mitigated with integrated endpoint detection and response solutions

Statistic 17

The average cost of an APT attack to a company is $4.4 million

Statistic 18

48% of organizations detected APT activities only after significant damage had been done

Statistic 19

The average infiltration duration of an APT threat is approximately 188 days

Statistic 20

46% of organizations report that their incident response times increase during APT campaigns

Statistic 21

53% of incidents involving APT activity involved data exfiltration

Statistic 22

44% of incidents linked to APTs involve ransomware deployment as a secondary payload

Statistic 23

70% of APT attacks result in some form of data breach

Statistic 24

72% of APT attacks are conducted via spear-phishing techniques

Statistic 25

The most common entry point for APTs is via phishing emails, used in 70% of campaigns

Statistic 26

55% of APT groups employ advanced encryption techniques to evade detection

Statistic 27

38% of APT attacks deploy zero-day vulnerabilities

Statistic 28

74% of APT actors utilize custom malware tailored for each attack

Statistic 29

APT campaigns often leverage social engineering in 80% of their operations

Statistic 30

90% of APT campaigns involve multiple attack vectors simultaneously

Statistic 31

50% of APT groups use stolen credentials to maintain persistent access

Statistic 32

40% of APT groups utilize malware obfuscation techniques to evade detection

Statistic 33

49% of APT campaigns involve the use of fileless malware techniques

Statistic 34

75% of APT-related malware is designed to avoid signature-based detection

Statistic 35

APT groups frequently utilize compromised third-party vendors to access target networks

Statistic 36

52% of APT campaigns include using legitimate tools and processes to blend in with normal activity

Statistic 37

58% of APT campaigns leverage compromised systems to propagate laterally across networks

Statistic 38

30% of APT campaigns leverage social media for reconnaissance and spear-phishing

Statistic 39

49% of APT campaigns involve the use of legitimate administrative privileges to escalate access

Statistic 40

68% of organizations worldwide experienced at least one APT attack in 2022

Statistic 41

Nearly 75% of APT campaigns involve malware

Statistic 42

80% of APT attacks last more than 6 months before detection

Statistic 43

43% of large enterprises report suffering at least one successful APT attack annually

Statistic 44

54% of organizations have experienced multiple APT campaigns over the past year

Statistic 45

58% of cybersecurity incidents in 2023 were linked to APT involvement

Statistic 46

85% of targeted attacks with APT involvement affected organizations with over 5,000 employees

Statistic 47

49% of attackers using APT tactics have backgrounds in nation-states or state-sponsored groups

Statistic 48

70% of APT activities focus on espionage and data theft

Statistic 49

60% of APT operations involve lateral movement within targeted networks

Statistic 50

38% of companies have increased cybersecurity budgets specifically to counter APT threats

Statistic 51

Cryptocurrency mining malware is employed in over 20% of APT campaigns to generate revenue

Statistic 52

81% of organizations have undergone a breach involving an APT group in the past year

Statistic 53

61% of organizations have experienced multiple APT campaigns within a single year

Statistic 54

80% of APT attacks involve some form of lateral movement to access sensitive data

Statistic 55

73% of companies do not regularly share threat intelligence about APTs with industry peers

Statistic 56

APT groups target supply chains in 42% of their operations

Statistic 57

62% of APT attacks target government or critical infrastructure sectors

Statistic 58

The financial sector is targeted by APT groups in 35% of incidents

Statistic 59

69% of APT groups target intellectual property and sensitive R&D data

Slide 1 of 59
Share:FacebookLinkedIn
Sources

Our Reports have been cited by:

Trust Badges - Publications that have cited our reports

Key Highlights

  • 68% of organizations worldwide experienced at least one APT attack in 2022
  • The average cost of an APT attack to a company is $4.4 million
  • 72% of APT attacks are conducted via spear-phishing techniques
  • 57% of organizations do not have sufficient resources to detect APT activities
  • Nearly 75% of APT campaigns involve malware
  • 48% of organizations detected APT activities only after significant damage had been done
  • APT groups target supply chains in 42% of their operations
  • 80% of APT attacks last more than 6 months before detection
  • 65% of organizations believe their current cybersecurity tools are insufficient against APT groups
  • The most common entry point for APTs is via phishing emails, used in 70% of campaigns
  • 55% of APT groups employ advanced encryption techniques to evade detection
  • 43% of large enterprises report suffering at least one successful APT attack annually
  • The average infiltration duration of an APT threat is approximately 188 days

Did you know that over two-thirds of organizations worldwide faced an Advanced Persistent Threat in 2022, often lurking undetected for months and costing millions—making APTs the stealthy, costly adversaries every modern enterprise must proactively combat?

Detection, Prevention, and Security Measures

  • 57% of organizations do not have sufficient resources to detect APT activities
  • 65% of organizations believe their current cybersecurity tools are insufficient against APT groups
  • 66% of organizations lack comprehensive incident response plans specifically for APT threats
  • 63% of organizations do not regularly update threat detection signatures for APTs
  • 71% of organizations believe that AI-based detection methods are crucial for identifying APT activities
  • 33% of organizations have successfully prevented at least one APT attack through advanced defense measures
  • The detection rate of APT activities by traditional security solutions is only about 42%
  • 50% of APT attacks are detected only after weeks or months of activity
  • 59% of organizations state their threat hunting teams are insufficiently equipped to detect APT threats
  • 65% of organizations lack adequate security monitoring for internal lateral movement
  • 77% of organizations believe that continuous monitoring is essential to detect APT threat persistence
  • 54% of targeted organizations reported that APT groups stayed undetected for months
  • 45% of organizations have adopted threat intelligence platforms specifically for APT detection
  • 67% of organizations confirm that internal security teams lack sufficient training to identify APT activities
  • 72% of organizations state they plan to increase cybersecurity spending due to APT threats over the next year
  • 85% of APT attacks can be mitigated with integrated endpoint detection and response solutions

Detection, Prevention, and Security Measures Interpretation

Despite over two-thirds of organizations recognizing the vital role of AI and integrated endpoint solutions in combating APTs, a startling majority remain under-resourced, ill-prepared, and slow to detect, leaving most vulnerable to stealthy breaches that often linger undetected for months—making robust, ongoing investment and training the only way to turn the tide against these persistent cyber adversaries.

Impact and Consequences of APT Incidents

  • The average cost of an APT attack to a company is $4.4 million
  • 48% of organizations detected APT activities only after significant damage had been done
  • The average infiltration duration of an APT threat is approximately 188 days
  • 46% of organizations report that their incident response times increase during APT campaigns
  • 53% of incidents involving APT activity involved data exfiltration
  • 44% of incidents linked to APTs involve ransomware deployment as a secondary payload
  • 70% of APT attacks result in some form of data breach

Impact and Consequences of APT Incidents Interpretation

With nearly three-quarters of APT assaults leading to data breaches and a cost of over $4 million per attack, organizations face an escalating storm that often hits hard before detection, underscoring the urgent need for vigilant, proactive defenses instead of reactive remedies.

Methods and Techniques Employed in APT Campaigns

  • 72% of APT attacks are conducted via spear-phishing techniques
  • The most common entry point for APTs is via phishing emails, used in 70% of campaigns
  • 55% of APT groups employ advanced encryption techniques to evade detection
  • 38% of APT attacks deploy zero-day vulnerabilities
  • 74% of APT actors utilize custom malware tailored for each attack
  • APT campaigns often leverage social engineering in 80% of their operations
  • 90% of APT campaigns involve multiple attack vectors simultaneously
  • 50% of APT groups use stolen credentials to maintain persistent access
  • 40% of APT groups utilize malware obfuscation techniques to evade detection
  • 49% of APT campaigns involve the use of fileless malware techniques
  • 75% of APT-related malware is designed to avoid signature-based detection
  • APT groups frequently utilize compromised third-party vendors to access target networks
  • 52% of APT campaigns include using legitimate tools and processes to blend in with normal activity
  • 58% of APT campaigns leverage compromised systems to propagate laterally across networks
  • 30% of APT campaigns leverage social media for reconnaissance and spear-phishing
  • 49% of APT campaigns involve the use of legitimate administrative privileges to escalate access

Methods and Techniques Employed in APT Campaigns Interpretation

With 72% of APT attacks wielding spear-phishing as their gateway and nearly all advanced actors employing tactics like custom malware, encryption, and living-off-the-land techniques across multiple vectors, it’s clear that today's cyber adversaries have mastered the art of deception—turning the human element and legitimate tools into their most effective weapons of stealth and persistence.

Prevalence and Frequency of APT Attacks

  • 68% of organizations worldwide experienced at least one APT attack in 2022
  • Nearly 75% of APT campaigns involve malware
  • 80% of APT attacks last more than 6 months before detection
  • 43% of large enterprises report suffering at least one successful APT attack annually
  • 54% of organizations have experienced multiple APT campaigns over the past year
  • 58% of cybersecurity incidents in 2023 were linked to APT involvement
  • 85% of targeted attacks with APT involvement affected organizations with over 5,000 employees
  • 49% of attackers using APT tactics have backgrounds in nation-states or state-sponsored groups
  • 70% of APT activities focus on espionage and data theft
  • 60% of APT operations involve lateral movement within targeted networks
  • 38% of companies have increased cybersecurity budgets specifically to counter APT threats
  • Cryptocurrency mining malware is employed in over 20% of APT campaigns to generate revenue
  • 81% of organizations have undergone a breach involving an APT group in the past year
  • 61% of organizations have experienced multiple APT campaigns within a single year
  • 80% of APT attacks involve some form of lateral movement to access sensitive data
  • 73% of companies do not regularly share threat intelligence about APTs with industry peers

Prevalence and Frequency of APT Attacks Interpretation

With nearly 70% of organizations falling victim to APTs—often lurking undetected for over half a year and orchestrated by nation-states—it's clear that today's cyber espionage phenomenon is less a matter of if and more of when, demanding heightened vigilance, smarter intelligence sharing, and strategic defenses across the board.

Targeted Sectors and Strategic Focus Areas

  • APT groups target supply chains in 42% of their operations
  • 62% of APT attacks target government or critical infrastructure sectors
  • The financial sector is targeted by APT groups in 35% of incidents
  • 69% of APT groups target intellectual property and sensitive R&D data

Targeted Sectors and Strategic Focus Areas Interpretation

With nearly half of advanced persistent threat operations infiltrating supply chains and over 60% aiming at vital government and infrastructure sectors, it's clear that cyber adversaries are not just gambling but strategically weaponizing their attacks to threaten national security, economic stability, and the very essence of innovation—making cybersecurity not just an IT issue but a national priority.

Sources & References