Key Takeaways
- 17% of organizations paid a ransom multiple times
- 86% of malware is delivered through phishing and social engineering in Microsoft’s threat intelligence summary
- The CISA KEV catalog contained 93 vulnerabilities as of a specific snapshot in 2025, indicating continuing expansion (as shown in the catalog entry count on CISA)
- IBM reported that 1,000 records exposed increased breach costs significantly; it cites the cost per record approach in 2023 report
- FBI and CISA warned that business email compromise median loss per incident was $15,000 in 2023 (FBI IC3 BEC section)
- In Verizon DBIR 2024, the estimated cost of breaches is described as varying by incident type; the report’s incident-type distributions include quantification of cost drivers
- 55% of organizations reported using EDR (endpoint detection and response) in 2024 (survey-based measure in SonicWall’s 2024 report coverage).
- Cybersecurity spending in North America reached $30.2 billion in 2024 (projected by IDC).
- IDC forecasts global cybersecurity spending to grow at a 13.8% CAGR from 2024 to 2027.
- 48% of organizations said their backup systems are not fully protected against ransomware, according to Druva’s 2024 data resilience research.
- 75% of organizations reported using multifactor authentication (MFA) in Microsoft’s Digital Defense Report (2024)
- In 2023, phishing accounted for 76% of reported security incidents in APWG’s Quarterly Phishing Activity Trends report
- 52% of organizations report they use security automation to improve response times, according to the SANS 2024 survey on security automation
- 70% of organizations planned to increase investment in security operations (SecOps) in 2024, based on a CrowdStrike survey of IT and security leaders
- 57% of organizations reported deploying threat intelligence feeds in 2024, per a ThreatConnect/industry survey
Phishing and credential theft drive most breaches, while patching and ransomware readiness lag despite rising security spending.
Related reading
01 · Category
Cost Analysis13 stats
Cost Analysis Interpretation
02 · Category
Threat Landscape5 stats
Threat Landscape Interpretation
03 · Category
Market & Adoption5 stats
Market & Adoption Interpretation
More related reading
04 · Category
User Adoption3 stats
User Adoption Interpretation
05 · Category
Industry Trends2 stats
Industry Trends Interpretation
06 · Category
Industry Overview3 stats
Industry Overview Interpretation
How often security and incident preparedness fall short
A substantial share of organizations report gaps in coverage and resilience, especially around insurance denial/limits and ransomware recovery capabilities.
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
Marcus Engström. (2026, February 13). Computer Security Statistics. Gitnux. https://gitnux.org/computer-security-statistics
Marcus Engström. "Computer Security Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/computer-security-statistics.
Marcus Engström. 2026. "Computer Security Statistics." Gitnux. https://gitnux.org/computer-security-statistics.
Sources & references
31 datasets cited across this report · attribution is report-level
+8 additional datasets cited (not shown individually)

