In 2025, only 28% of IT and security leaders believed they could fully recover from a cyber incident in 12 hours or less, down from 43% in 2024

58% of IT and security leaders believe it would take at least two days to recover and achieve full-service operations post-compromise

44% of retailers reported experiencing a significantly higher volume of attacks in 2025.

76% of organizations have experienced at least one material cyberattack.

92% of organizations reported experiencing legal, regulatory, or compliance consequences, including fines, lawsuits, or other enforcement actions.

70% of publicly traded companies reported adjusting earnings or financial guidance after a cyberattack.

68% of publicly traded companies said they observed an impact on their stock price after a cyberattack.

73% of privately held firms redirected budgets from innovation and growth initiatives after a cyberattack.

82% of organizations saw 11–50% of their data impacted from an attack.

The Qantas board imposed a 15% reduction in short-term bonuses for the CEO and senior executives due to the July 2025 breach.

The penalty for Qantas CEO Vanessa Hudson due to the bonus reduction following the July 2025 breach amounted to about A$250,000.

78% of family offices say a successful attack would trigger withdrawals or investor panic.

The amount of data most organizations got back after paying a ransom was 51–75%.

44% of organizations suffered from multiple, damaging attacks.

66% of organizations surveyed have been the victim of at least one cyberattack in the last 12 months, resulting in financial loss or disrupted business operations.

54% of organizations attacked paid a ransom.

92% of organizations still lost data after paying a ransom.

8% of organizations got all their data back after paying a ransom.

7% of organizations recovered in a day or less after an attack.

4–7 Days was the "normal" recovery time after a cyberattack.