The global cyber attack report

Global cybercrime is set to cost the world $15.63 trillion by 2029 with current estimates already at $10.5 trillion, yet many businesses still lack cyber protection. 

According to a new report, 59% of businesses have experienced a successful attack in the past 12 months. These findings are particularly worrying for small and medium sized businesses, with 20% reporting having no cybersecurity technology in place at all.

Not only that, at the end of last year, it was reported that 95% of data breaches were tied to human error. With a shortage of over four million cybersecurity professionals worldwide, cybersecurity awareness and training has never been more crucial for businesses. 

Understanding today’s cyber threat landscape

Cyber attacks are growing at record speeds due to a number of factors. Technology like cloud computing, IoT and artificial intelligence have been a positive step forward for businesses, but at the same time, have also created new entry points for attackers. 

Understanding the tactics, targets and motives of cybercriminals is key to helping businesses build cybersecurity awareness, help recognise potential threats and build resilience.

Using data from the Cyber Events Database (CED), which tracks and categorises thousands of significant global cyber attacks from 2014 to the present day, we’ve been able to identify trends in attacks across industries and the motives behind them. By combining this data with insights from cybersecurity reports and industry research, we’re able to identify clear patterns and trends to help give a detailed overview of the global cyberthreat landscape to highlight the risks that businesses face and what can be done to prevent them. 

Key takeaways:

• The USA accounts for 44% of all reported cyber attacks between 2024 and 2025 (646)

• The UK follows with 72 attacks, with Russia (70), Canada (40) and France (38) completing the top five

• Financial gain was the primary motive behind the majority of cyberattacks between 2024 and 2025, accounting for 1,013 of the 1,468 reported incidents

• Public administration was the most targeted sector over the past year, with 308 reported attacks

Global landscape: Cyber attacks by the numbers 

With cyber attacks on the rise around the world, it is essential for individuals and businesses alike to understand their distributions and motives. That’s why we’ve taken a closer look at the global breakdown of cyber attacks, highlighting which countries are targeted the most, the most common motives behind each attack, the industries most at risk and the times when incidents are most likely to occur. 

The rise of cyber attacks

As technology evolves, so does cybercrime. The rise of remote and hybrid working, cloud commuting, AI and automation have all created new opportunities for cybercriminals to exploit. Cybercriminals are adapting quickly, using sophisticated tools and tactics to target organisations of every size and sector, from global enterprises to local charities.

According to the World Economic Forum’s Global Cybersecurity Outlook for 2025, 72% of organisations worldwide have experienced an increase in cyber threats in the past year, with ransomware incidents increasing by 46%, driven by generative AI-enabled tools.

Domonic Taylor, CTO at Hosting, explains, “Cyber attacks are becoming more common and more frequent. AI has lowered the barrier of entry and threats that used to take months to develop now launch in minutes.

This means individuals and businesses need to be wary of the early signs of attacks, taking their own security even more seriously. AI can be an incredibly powerful tool, for good and for bad, and unfortunately, we’re also seeing the impacts of the latter.” 

Cyber attacks by country 

According to the latest data from the Cyber Events Database, the US accounts for 44% of all reported cyber attacks between 2024 and 2025, with 646 reported incidents. The UK follows with 72 attacks, with Russia, Canada and France completing the top five. 

This suggests that the US, along with other digitally developed countries are most at risk, making them prime targets for cybercriminals. 

Countries in Africa, Asia and Latin America generally show fewer reported attacks, however this doesn’t necessarily mean they are safer. Smaller digital footprints, underreporting and limited monitoring are all likely to play a part in the reduced number of reported attacks.

Encouragingly, according to the World Economic Forum, only 15% of respondents in Europe & North America lack confidence in their country’s ability to respond to major cyber incidents targeting critical infrastructure.

Cyber attacks by motive 

Over the past year, the motive behind the majority of cyber attacks has been financial gain, making up 1,013 of the 1,468 reported incidents. Attackers often use methods such as phishing or ransomware to steal money or data. Other common motives included 145 protest-related attacks, which are generally used to disrupt organisations for political or social reasons, and 111 political-espionage attacks, which are aimed at gathering state-backed intelligence or confidential information.

Dominic adds, “The data shows a clear trend - if an attacker can profit, they will try to. Whether it's ransomware, sophisticated phishing, or even deepfakes, financial gain drives the majority of cybercrime.”

Cyber attacks by industry

Over the past year, the public administration sector has been the most targeted by cybercriminals, with 308 reported attacks. Second was healthcare and social assistance, with 200 reported incidents and third was finance and insurance with 178, whereas industries including construction, wholesale trade and manufacturing report far fewer incidents.

This highlights that cybercriminals are focusing their attention on industries that hold high value sensitive information which could cause widespread disruption if leaked. Therefore both public and private organisations need to invest in strong cybersecurity measures to stay one step ahead. 

The UK cyber threat landscape

Along with the rest of the world, the UK is witnessing a sharp rise in cyber attacks. According to the National Cyber Security Centre (NCSC), it has handled over 204 nationally significant cyber incidents over the past year, which is more than double the cases recorded the previous year. In total, the organisation responded to 429 cyber incidents, with 18 classified as “highly significant” due to their potential to disrupt essential national services such as energy networks, healthcare systems, and government operations. Not only that, the report identifies a 50% year-on-year rise in major incidents, marking the third consecutive year of increased cyber activity. 

It’s not just happening at a national level either. At the same time the Cyber Security Breaches Survey 2025 found that 43% of UK businesses reported at least one cyber breach or attack in the past 12 months, highlighting how widespread the threat has become across all sectors. 

The Institution of Engineering and Technology (IET) has also raised concerns about a growing “cyber crisis” in the UK. Research by the IET revealed that one in seven UK adults (14%) fell victim to cybercrime in 2025, with over half (56%) expressing fear of future hacks. Despite this, only 24% of people feel their personal data is secure, and three-quarters (74%) believe hackers are becoming more inventive.

Recent high-profile breaches at Jaguar Land Rover and Marks & Spencer have further concerned the public, highlighting the growing sophistication of cybercriminals.

Key developments in the cyber threat landscape

Over the past couple of years, cyber attacks have become increasingly sophisticated. Criminals are using advanced technology to enhance the scale of their attacks, with Artificial Intelligence (AI) in particular transforming the cyber attack landscape. 

Criminals are using AI to automate, scale and personalise their attacks, with AI tools enabling them to launch more effective attacks with very little effort. Generative AI is also being used to create highly convincing phishing emails and messages that mimic real individuals or brands, whereas AI algorithms are being used by attackers to analyse huge datasets and guess or steal passwords. 

However at the same time, AI is becoming essential for cyber security, with businesses increasingly relying on AI-powered systems to detect anomalies faster than humans, with automated threat analysis, real-time behaviour tracking, and predictive risk modeling expected to become industry standards.

Beyond AI, there are several other factors shaping the cyber threat landscape in 2026: 

• Deepfakes and Synthetic Identities: Last year, deepfake attacks occurred every five minutes. Attackers are using AI-generated media to authorise fraudulent transactions, manipulate voice and video calls, and bypass biometric or identity‑based security checks, creating new challenges for identity verification. 

• Shadow agents: Also known as “shadow AI”, shadow agents refer to the use of artificial intelligence applications by employees without the knowledge or approval of the IT or security department. This can create risks such as data leaks and security vulnerabilities.

• Ransomware-as-a-Service (RaaS): Attackers can now rent ready‑made malware through subscription style ransomware platforms. This means that even low skilled criminals can launch an attack. 

• Supply Chain Attacks: Attackers are now targeting third-party vendors and software providers to gain entry to larger organisation’s systems. This means they can distribute malware at scale, steal sensitive data, or move across multiple organisations without being immediately detected.

• Cloud, IoT, and Edge Vulnerabilities: As businesses adopt hybrid cloud 

environments and connected devices, attackers are exploiting insecure data flows, weak authentications and unpatched devices to steal data, hijack devices and launch large scale attacks. 

If anything, these developments show us that cyber threats are evolving faster than ever, making it essential for both individuals and businesses to be vigilant when it comes to cyber security.

Tips for preventing cyber attacks

Experts say that if cybercrime were a nation in 2026, it would be the world’s third-largest economy, trailing only behind the US and China. With this in mind, here are some essential tips to help individuals and businesses stay one step ahead of cybercriminals in 2026.

1. Use AI to your advantage

Although AI is being used by cybercriminals to enhance attacks, it can also be used to detect suspicious activity as well as predict potential attacks before they happen. Businesses can use AI in cybersecurity through tools like machine learning to detect anomalies, deep learning to spot unknown malware, and natural language processing to identify phishing or malicious content. 

2. Implement zero trust security

Zero Trust is a security model based on maintaining strict access controls and not trusting anyone by default. It encourages better identity controls, and continuous verification and segmentation, which can significantly reduce risks. 

3. Invest in supply chain best practices 

With businesses relying on cloud services and third-party vendors more so than ever, it’s essential to regularly audit cloud configurations, enforce consistent security policies, and vet vendors to reduce misconfigurations, unauthorised access, and supply chain risks. By taking these steps, businesses can protect sensitive data and strengthen their overall cyber security. 

4. Plan your response to cyber threats in advance

Businesses of all sizes should have a clear incident response plan, defining who does what and how to respond so the team is ready to act fast and minimise the damage if an attack does occur.

5. Increase cybersecurity awareness 

With human error the leading cause of data breaches, cybersecurity training is essential when it comes to helping staff recognise phishing attempts, social engineering and AI -generated scams amongst others. 

The state of cyber security: What’s next?

Cybersecurity is set to enter a new era in 2026, defined by emerging technologies that can expand the reach of cyber attacks whilst at the same time increase security measures.  

Although the scale of threats may seem daunting, businesses that invest in AI driven defenses, layered security strategies and regular updates to their training and security systems will stand the best chance of protecting their assets and data. 

Find out how you can protect your website from the latest cyber threats here.