Information Risk Insight Study 2025
Featured Report | June 1, 2025
The IRIS 2025 report takes you inside 15 years of cyber incident patterns, revealing how the threat landscape continues to shift. Ransomware has skyrocketed to historic highs, while accidental disclosures have quietly faded—but for how long?
Get the data, spot the trends, and understand what these changes mean for your organization.
Download the full report and unlock exclusive bonus content, including extended analyses and insights designed to keep you ahead of what’s next.
Download the full IRIS 2025 report to access comprehensive analysis of cyber risk trends AND get additional insights and exclusive updates, sign up for a free “Signal Insights” membership with Cyentia Institute IRIS Risk Services. Members receive ongoing access to expanded data, sector briefings, and expert commentary at no cost. Get started today and stay ahead of emerging cyber risks.
Key Findings
-
Incidents Are Increasing Rapidly
The average number of significant security incidents reported each quarter has grown by 650% over the last 15 years. This highlights a pressing need for organizations to proactively manage their exposure and preparedness. -
Probability of Experiencing a Cyber Event Is Much Higher
The annual likelihood that an organization will experience a cyber event has almost quadrupled since 2008. For small and midsize businesses, this probability has more than doubled. Business leaders should recognize that risk is widespread and rising across the board. -
Financial Impact of Incidents Has Risen Sharply
The median loss from a security incident has increased 15-fold, from $190,000 to nearly $3 million. Losses from extreme events have grown to $32 million. Cyber risk now represents a major financial exposure for organizations of all sizes. -
Large Enterprises Are Disproportionately Targeted
While small businesses see the largest number of incidents in absolute terms, the rate of incidents among the largest corporations is 620 times higher when adjusted for the number of organizations. The scale and complexity of large organizations attract more targeted and persistent attacks. -
Attack Methods and Threat Vectors Are Evolving
Credential compromise remains the most common entry point, but attacks exploiting web applications have increased sixfold for smaller firms, and incidents involving third-party relationships have doubled for large organizations. Leaders should ensure that security programs address the most current and relevant attack methods.
Stay informed and prepared as the cyber landscape continues to change. For ongoing access to bonus content, sector-specific updates, and expert commentary, sign up for a free membership with Cyentia Institute IRIS Risk Services.
Download your copy today and ensure you receive the latest information to help manage and reduce your organization’s risk.
Stay Up-To-Date With Cyentia!
Sign-up to be notified when we release new research!
In the ever-evolving cyber security landscape, it’s more important than ever to stay up-to-date with the latest cyber security research and analysis so you can be better prepared. Our IRIS series is a rapidly growing series of reports dedicated to clearing away these fears by leveraging real-world data and rigorous analysis focused on key aspects and challenges of managing cyber risk.
Sign up today to be notified when we publish new research so you don’t miss out!
© Copyright 2025 Cyentia Institute
