30 Cybersecurity Statistics You Must Know in 2026

DevOps teams did not sign up to be security teams. But if you run repos, CI/CD, cloud roles, SaaS apps, integrations, or backups, you operate the systems attackers lean on.

Most breaches are not flashy. They start with routine failures: a token left in a repo, MFA not enforced, an overprivileged API key that never expires, or backups that are deletable by the same admin identity.

Attackers do not need to “break in” if they can log in. They move with normal tooling and blend into admin traffic. They pull data out through services the business already trusts, then decide whether to encrypt. Ransomware is often the finale, not the opening act.

This article compiles 30 cybersecurity statistics from recent reports and maps them to a typical attack lifecycle. Most numbers were published in 2025, often about 2024 incidents, plus a few early 2026 outlook surveys. We hope this serves as a kind of checklist for your DevOps stack.

Exposure and misconfiguration: where leaks start

#1 65% of Forbes 2025 AI 50 companies had confirmed secret leaks on GitHub

Leaked material included API keys, token, and credentials. Many were in places teams often overlook: deleted forks, gists, and secondary repositories. (source: Wiz’s State of AI in the Cloud report, Nov 2025)

Even strong teams leak secrets in the corners. If your posture is “we scan repos, so we’re fine”, this should unsettle you.

#2 Median time to remediate leaked GitHub secrets was 94 days

Verizon’s 2025 Data Breach Investigations Report reports a 94-day median time to remediate secrets leaked in GitHub repositories. Their dataset covers 22,052 incidents and 12,195 confirmed breaches across many org sizes and industries.

Ninety-four days is not just a delay. It is a window.

#3 Most scanner-detected repo secrets in 2025 were tied to web app infrastructure (39%) and CI/CD (32%)

Next were cloud infrastructure (15%) and databases (5%). For disclosed web app infrastructure secrets, 66% were JWTs used for authentication and sessions. For cloud, 43% were Google Cloud API keys. (source: Verizon’s 2025 DBIR)

This is not a niche AppSec problem. It is a pipeline and runtime problem.

#4 61% of SaaS accounts have MFA disabled or inactive

This figure comes from Saas Alerts’ SaaS Application Security Insights 2025, based on SaaS security telemetry from 43,000+ SMBs and nearly six million user accounts. 

It seems that the mere availability of MFA does not solve the problem, does it?

#5 75% of organizations had a SaaS security incident in the last year

AppOmni reports this rate in State of SaaS Security 2025, based on a survey of 803 security leaders and practitioners globally. The report also notes that many incidents were linked to unauthorized applications.

Unauthorized apps are an attack surface. If you do not control what is connected, you do not control your risk.

#6 63% of organizations see external data oversharing

Cloud Security Alliance reported this in 2025 research based on a survey of 420 IT and security professionals. The same research also found that 56% of orgs say employees send confidential data to unauthorized SaaS apps, and it flags IAM gaps like weak privilege control (58%) and poor user lifecycle automation (54%).

This is how data walks out without a “breach” headline.

#7 Organizations without full SaaS visibility are 5 x more likely to face an incident or data loss through 2027

Gartner states this as a planning assumption in its 2025 Magic Quadrant for SaaS Management Platforms. This assumption also applies to organizations that do not centrally manage SaaS lifecycles.

#8 By 2027, 75% of employees will buy, change, or build technology outside IT control

Gartner projected this at its Security and Risk Management Summit 2023, up from 41% in 2022. SaaS sprawl is coming at us full speed.

Initial access

#9 Over 60% of cloud security events relate to initial access, persistence, or credential theft

This figure comes from Elastic Security Labs’ Global Treat Report 2025. 

In the cloud, identity is the main control point. Emphasize hardening authentication and watching for abnormal privileged access.

#10 In 2025, exploited vulnerabilities were the #1 driver of ransomware success

Statista reported this in Nov 2025 based on a survey of cybersecurity professionals. 32% said ransomware succeeded due to exploited vulnerabilities. The next most cited causes were compromised credentials (23%), then malicious email (19%), phishing (18%) and brute force (6%).

Patch and identity are still doing the most of the work.

Lateral movement and data exfiltration, the quiet phase

#11 In 2024, RDP was the top tool attackers used to move inside networks

ReliaQuest’s Annual Cyber-Threat Report 2025 breaks down lateral movement techniques used in 2024 incidents:

• Remote Desktop Protocol (26%): Common in Windows environments. With stolen credentials, it can blend in as normal activity.
• Internal spear phishing (16%): Uses trusted internal messages to expand access to more accounts and systems
• SSH/SMB/Windows admin shares (14%): Leans on standard remote admin paths after attackers get valid credentials.

This is why “we have EDR” is not a full answer.

#12 80% of breaches involved exfiltration

ReliaQuest’s report also shows that data theft is a core part of most incidents. In exfiltration cases, data was moved in two main ways:

• 60% to mainstream cloud storage (Google Drive, Mega, Amazon S3)
• 40% over C2 channels to attacker-run infrastructure.

Because blocking common cloud storage is often not realistic for day-to-day work, you should monitor for unusual data movement and identity activity instead.

Ransomware and operational disruption: when the business stops

#13 93% of paying victims later learned their data was stolen

Paying does not end the problem. Victims who paid often still lost data, were attacked again (83%), or could not recover all data (45%). 

These figures come from CrowdStrike’s State of Ransomware 2025 survey of 1,100 IT and security decision makers across Australia, France, Germany, India, Singapore, the UK, and the US.

#14 57% of organizations rely on a single layer of security to protect their cloud backups from ransomware.

That’s one conclusion from an EON survey of 154 IT and cloud leaders at Google Cloud Next 2025. The survey also found that 13% of organizations have no ransomware protection for cloud backups, while 29% use multiple layers like immutability, anomaly detection, and MFA.

At the same time, EON attributes 23% of cloud data loss to ransomware or breaches. This is why separate admin boundaries and immutability should be treated as baseline controls.

#15 Ransomware succeeds due to gaps in expertise (40.2%) and visibility (40.1%)

Sophos’ State of Ransomware 2025 surveyed 3,400 IT and security leaders across 17 countries whose orgs were hit by ransomware. The most cited factors contributing to the success of ransomware were:

• Lack of expertise (40.2%)
• Unknown security gaps (40.1%)
• Lack of people/capacity (39.4%)

This points to a basic operations problem. The fix is: clearer process, better coverage, and enough staffing, not another tool.

#16 54% of board members think they’re prepared. Security teams disagree.

In the CrowdStrike’s survey 54% of board and C-level leaders said they are “very prepared” for ransomware, versus 46% of security teams. It also found that 76% of organizations report this disconnect is growing.

That gap is a risk by itself. It leads to underfunded controls and unrealistic recovery plans.

The cost of failure, money, legal exposure, and downtime

#17 Average breach cost in 2025: $4.44M globally and $10.22M in the US

These figures come from IBM’s Cost of a Data Breach Report 2025. IBM notes the global average fell from $4.88M in 2024, while the US average rose by 9% in 2025, due to higher regulatory penalties and higher detection and escalation costs.

The study covered 600 organizations with breaches between March 2024 and February 2025 across 17 industries in 16 countries or regions. 

If you operate in the US, plan for  higher escalation and penalty costs. That changes the ROI math for detection, response, and auditability.

#18 41% of 5B+ revenue companies report higher exposure to damaging breaches

PwC highlights this fact in its 2026 Global Digital Trust Insights survey of business and tech leaders (May to July 2025). The same survey shows higher exposure among US-based organizations (37%) and TMT (33%).

#19 46% of organizations experienced an outage or service disruption due to attacks

That’s the reality shown in Red Canary’s Security Operations Trends Report 2025, based on a survey of 550 security leaders across the US, UK, Australia, New Zealand, and the Nordics. In the same research, leaders estimated the average incident cost over the past year at $3.7M.

Downtime is not rare, so your recovery plan needs to work in practice.

#20 61% of security leaders report breaches caused by failed or misconfigured controls in the last 12 months

65% of those breaches cost more than $1M. (Source: Security Leaders Peer Report 2025 by Panaseer, based on a survey of 400 security leaders at larger orgs in the US and UK).

It seems that a lot of “breach prevention” is basic control hygiene.

#21 955 hours of disruptions in total across key DevOps SaaS platforms in 2024

GitProtect’s report, The CISO’s Guide to DevOps Threats 2025, puts the combined time of disruptions for GitHub, Bitbucket, Jira, GitLab and Azure DevOps in 2024 at 955 hours. That’s enough time to sail across the Atlantic on a small yacht, make a short stop in the Caribbean, reach the East Coast, and head back to Europe.

AI is accelerating the mess, more tools, more leaks, weaker controls

#22 46% of organizations struggle to monitor non-human identities

This finding comes from the Cloud Security Alliance’s State of SaaS Security Report 2025 mentioned earlier. The report also flags growing concern about overprivileged API access as GenAI tools and SaaS-to-SaaS integrations spread (56%).

Non-human identities and API sprawl are where governance collapses. Treat machine access like first-class identity.

#23 AI-driven social engineering is the top 2026 threat

ISACA’s 2026 Tech Trends and Priorities Global Pulse Poll surveyed 2,963 professionals in digital trust fields (cybersecurity, audit, governance, risk, compliance) and placed this risk at the top. In the same ranking, ransomware and extortion came next 54%), followed by insider threats (35%).

#24 66% of organisations expect AI to have the biggest impact on cybersecurity, but only 37% assess tools before deployment

World Economic Forum highlights this gap in its Global Cybersecurity Outlook 2025, based on 409 survey responses from 57 countries 

This is shadow IT moving faster than most control processes. If you do not offer a quick, clear path, teams will deploy tools first and deal with security later.

#25 78% of companies lag on basic data and AI security practices

Accenture’s State of Cybersecurity Resilience 2025 (survey of 2,286 respondents from $1B+ revenue companies across multiple regions) paints a broader picture. It also found that:

• 22% have clear policies and training for generative AI use
• 25% fully apply encryption and access controls for sensitive data across transit, storage and processing
• 83% have not built a secure cloud foundation with integrated monitoring, detection, and response.

AI mostly makes existing gaps hurt more, like weak data controls, weak cloud foundations, poor inventory.

#26 Shadow AI adds $670K to breach cost in high-usage orgs

IBM’s 2025 breach-cost research also looked at “shadow AI” and found:

• 20% of organisations said they had a breach tied to shadow AI incidents.
• These incidents more often involved PII (65%) and IP (40%).
• Data was frequently spread across multiple environments.

Shadow AI is solved not only by policy but also by controlling data movement and access across environments.

#27 37% of SMBs plan to address AI risk by expanding cyber insurance coverage

Hiscox’s Cyber Readiness Report 2025 also lays out what what other measures SMBs plan to do over the next three years to reduce AI-related risks:

• Employee training on AI threats: 36%
• Regular AI usage audits: 36%
• Hiring AI-skilled staff: 33%
• Using AI security consultants: 33%

The research covered 5,750 companies (50 to 249 employees) in the US and Europe (Jul-Aug 2025).

Supply chain and third-party blast radius

#28 54% of large organizations say third-party risk management is a major challenge

World Economic Forum’s Global Cybersecurity Outlook 2025 frames supply chain complexity and limited supplier visibility as a top cyber risk. Key concerns include third-party software vulnerabilities and attacks that spread through connected partners and systems. 

If you use vendors, integrations, and open source, you already have a supply chain. The question is whether you can see and constrain it.

#29 24% of orgs with 5,000+ external data-sharing partners had 10+ breaches per year

Kiteworks’ Data Security and Compliance Risk 2025 links breach frequency to the number of outside groups with whom an organization shares  private data with. Orgs with fewer than 500 partners did better, 34% reported zero breaches.

More partners means more ways for data to leak. If you add integrations, scale controls and monitoring with them.

#30 59% of IT and security professionals cite code vulnerabilities as the top AppSec concern

This figure comes from Thales’ 2025 survey of nearly 3,200 IT and security professionals across 20 countries and 15 industries. Other main AppSec concerns were:

• Software supply chain issues (48%)
• API attacks (38%).

Top DevSecOps challenges included:

• Secrets management (54%)
• Sprint cadence and execution (48%)
• Open-source SCA (44%)