CRD #15

Henry Rõigas

Henry Rõigas

6 min read
CRD #15
Photo by Hunter Harritt / Unsplash
The Cybersecurity Research Digest cuts through the marketing fluff and bias to bring you relevant and objective insights on cybersecurity stats and trends, all backed by empirical data.
With the holiday season and early weeks of the year being relatively quiet for new research, this post highlights key findings from reputable sources published over a month (between 23 December 2024 and 20 January 2025), followed by a list of all monitored reports.

The persistent dominance of "cyber" in global risk surveys

I typically avoid reporting on studies that lack actionable insights – however, since this is the first post of the year and such statistics appears in surveys nearly every time I prepare a CRD publication, it's worth noting that "cyber" — very broadly defined to encompass IT disruptions, hacktivism, cybercrime, data breaches, and the potential fines associated with such events — continues to dominate global risk perception studies.

This was reaffirmed by an Allianz study involving over 3,500 risk managers across more than 100 countries and territories. Of those surveyed, 38% identified cybersecurity as the top risk for their organizations, surpassing concerns like business and supply chain interruptions (31%), natural catastrophes (29%), regulatory changes (25%), climate change (19%), macroeconomic developments (15%), and political risks (14%). As said, while this isn’t immediately actionable, it simply reflects the importance of the work we’ve committed ourselves to.

Global insights: focus on ransomware and AI adoption strong, but capability gap widens for smaller orgs

A World Economic Forum study, drawing on surveys and in-depth interviews with business leaders, underscores a growing cyber resilience gap between small and large organizations. From 2022 to 2025, small organizations reported a sevenfold increase in perceived resilience insufficiency, likely due to resource limitations and the "indiscriminate" targeting strategies of threat actors. Meanwhile, large organizations — benefiting from greater budgets and pushed by stricter compliance requirements — have halved their reported resilience insufficiency over the same period.

Perceived cyber resilience insufficiency by small and large organization (World Economic Forum)

In terms of technology priorities, the study found that 66% of respondents identified AI and machine learning as the most influential areas shaping cybersecurity by 2025. OT/IT convergence and cloud technology adoption followed only at 13% and 11%, respectively. Nevertheless, despite AI’s widespread adoption, most organizations — again, especially smaller ones — still lack processes to assess the security of AI tools.

AI tool usage outpacing security validation (World Economic Forum)

The study also confirms that ransomware remains the top risk concern for 45% of leaders, followed by fraud-related threats like BEC and phishing (20%). Supply chain disruptions rank third, cited by 17% of respondents.

Infostealer use surge as ransomware tactics evolve in 2024

A 2024 recap of cyber threat activity by Check Point highlights the industrial manufacturing sector is still the primary target for ransomware groups, with healthcare and medical organizations becoming the second most targeted. The shift underscores the abandonment of earlier “ethical” pledges by ransomware operators to spare the healthcare sector from attacks.

Industry distribution of ransomware victims, as reported on shame sites – 2024 (Check Point)

While high-profile incidents such as Dark Angels securing a $75 million payment from a Fortune 50 company and ALPHV extracting $22 million from Change Healthcare made headlines, the median ransom payment in 2024 remained steady at around $200,000.

The report also confirms the ongoing transition from encryption-based attacks to data exfiltration as the primary leverage tactic for criminals. According to Coveware, encryption-based ransom resolutions (i.e. organizations ending up paying) dropped from 75% in 2019 to 32% by Q3 2024, while data exfiltration as a leverage maintained a stable resolution rate of 35%.

Another significant trend in 2024 was the rise of infostealer malware, with infection attempts increasing by 58% year over year. These tools have largely supplanted the dominance of big botnets and banking malware, with the study claiming a staggering 90% of breached companies in 2024 having their credentials leaked in stealer logs prior to the attacks. This figure may seem unrealistically high, but there is no doubt that stolen credentials are among the most commonly used initial access vectors — alongside vulnerability exploitation — as confirmed by other similar studies.

On a positive note, incident response statistics indicate improvements in organizational readiness. Security alerts have surpassed service disruptions as the primary trigger for responses, reflecting a shift towards more proactive rather than reactive security postures.

Most Common Triggers for contacting Incident Response (Check Point)

An unproductive imbalance: holding employees accountable for incidents

A recent study involving 1,000 office workers in Ireland highlights a troubling trend in workplace cybersecurity: nearly three-quarters (73%) of office workers believe their employer holds staff personally responsible for breaches, often through disciplinary actions or unfavorable treatment. Alarmingly, 29% reported that someone in their company had been fired for accidentally causing a breach in the last year. The pressure is significant, with 64% of employees stating they would leave or consider leaving their job if they caused a breach.

These dynamics are unproductive and foster a culture of silence. Over a third (36%) admitted to not reporting a breach in the past year due to embarrassment or fear of repercussions. Additionally, one in five employees expressed discomfort in raising cybersecurity concerns with upper management, reflecting a lack of trust and open communication.

The survey clearly highlights the need for organizations to readjust the balance between personal accountability and organizational responsibility. Companies must support employees by offering mental health resources, reduce punitive measures, and foster an environment that encourages open reporting and trust.

Reports monitored: 23 December 2024 - 20 January 2025

To take a deeper dive in the topics most relevant for you, find below a list of all the monitored research reports (28) that were published during the observed period.

Title Organisation(s) Topic(s)
The AI MonitorEdge Report COOs Leverage GenAI to Reduce Data Security Losses PYMNTS GenAI (general)
Britain's Cyberscape Markel Direct general / insurance
The State of Healthcare Cybersecurity 2025 Veriti healthcare
30th December – Threat Intelligence Report Check Point Research threat intelligence
The 2024 Security and Compliance Compensation Survey Report The Foushée Surveys HR / salaries / CISO
Global Cybersecurity Index 2024 ITU governments
Analysis on China's Cyberattack Techniques in 2024 GSN (Taiwan) China / threat intelligence
Risk Decisions 360°: Emerging Risks That Can Impede Sustainable Company Growth Chubb risk perceptions (general)
State of the MSP Industry 2025 Look Ahead: Trends, Growth and Strategies for Success Kaseya MSPs
Artificial Intelligence: Opportunity or Threat for Global Networks? Arelion AI security impact
From budget battles to strategic wins: Partner insights on selling cybersecurity in 2025 e92plus budgets
Cybersecurity Disclosure Overview: A Survey of Form 10-K Cybersecurity Disclosures by S&P 100 Companies Dunn & Crutcher LLP disclosures / S&P100
Global Cybersecurity Outlook 2025 World Economic Forum / Accenture general
Lessons from red teaming 100 generative AI products Microsoft GenAI / read teaming
The 2024 Phishing Intelligence Report SlashNext phishing
BSIMM15 Report Black Duck software security
2025 Identity Security Risks and Trends Report Delinea identity and access management
The State of Global Cyber Security 2025 Check Point Software Technologies general
State of Global Authentication Survey Yubico authentication
State of the CISO 2025 Report IANS Research / Artico Search CISO perspectives
Cyber Readiness Report 2024: Protecting reputation through cyber resilience Hiscox insurance
Allianz Risk Barometer 2025 Allianz risk perceptions (general)
DORA: 43% of UK financial services unprepared for EU regulation, Censuswide survey finds. Orange Cyberdefense DORA / UK
73% of office workers in Ireland say staff get blamed for cybersecurity incidents IT.ie / SonicWall / Censuswide employee responsibility / Ireland
GRIT 2025 Ransomware & Cyber Threat Report GuidePoint Security CTI
Under Pressure: Is Vulnerability Management Keeping Up? Swimlane vulnerability management
Mobile Device Security Scorecard 2024 Omdia mobile security
State of Physical Security 2025: Strategizing, planning, and investing wisely Genetec physical security

About

evisec's Cybersecurity Research Digest provides security leaders verified strategic insights via a carefully curated weekly summary of evidence-led, unbiased and objective cybersecurity research publications. Read more about our service here.

✉️ Suggestions or want to collaborate? Get in touch via LinkedIn or email (henry@evisec.xyz)

Read more