Press Cmd+P (Mac) or Ctrl+P (Windows) to print or save as PDF

Threat Intelligence Report

2025 Global

Data Breach Report

Comprehensive analysis of 72,000+ data breaches across 188 countries. Research-backed statistics from Verizon DBIR, IBM, ITRC, CrowdStrike, Mandiant, and FBI IC3.

ExposedMap

ExposedMap.com/report/2025

BREACH_REPORT_2025 | THREAT INTELLIGENCEPAGE 02 / 12

Section 01

Executive Summary

“In 2025, a data breach occurred every 2 hours and 38 minutes in the United States alone.”

2025 shattered records with the highest number of breaches ever recorded. This report analyzes 72,000+ confirmed data breaches across 188 countries, providing security leaders with actionable intelligence to protect their organizations.

Key Statistics

3,332

US Breaches

+79% from 2020

5.5B

Accounts Compromised

+653% YoY

$4.88M

Average Breach Cost

+10% YoY

180/sec

Credentials Stolen

Every second

Year-Over-Year Trends

Metric	2023	2024	2025	Change
US Breaches	2,365	3,158	3,332	+5%
Records Exposed	389M	1.37B	278.8M*	-79%*
Avg Breach Cost	$4.45M	$4.88M	$5.12M†	+5%
Ransomware %	32%	38%	44%	+16%

*Shift from mega-breaches to distributed attacks. †Projected based on trend.

BREACH_REPORT_2025 | THREAT INTELLIGENCEPAGE 03 / 12

Section 02

Methodology

Data Sources

•Have I Been Pwned (HIBP) breach database
•Public breach disclosures & SEC filings
•HHS HIPAA Breach Portal (US healthcare)
•ITRC Data Breach Reports
•International regulatory databases

Analysis Parameters

•Date range: Jan 1, 2024 – Dec 31, 2025
•Severity = Records × Sensitivity × Sophistication
•Geographic mapping to HQ locations
•Industry classification via NAICS codes

Limitations

70% of breach notices omit attack details. Geographic data has US bias. Record counts are estimates that may be revised as more information becomes available.

Section 03

Attack Vectors & Root Causes

Attack Vector	2024	2025	Change
Credential Abuse	22%	22%	—
Vulnerability Exploitation	15%	20%	+34%
Phishing	16%	14%	-12%
Ransomware	32%	44%	+37%
Third-Party/Supply Chain	15%	30%	+100%

Emerging Threats

AI-Generated Phishing

54% click rate (vs 12% human-generated)

Deepfake Attacks

+1,600% surge in Q1 2025

Vishing (Voice Phishing)

+442% growth with AI voice cloning

Malware-Free Attacks

79% of detections

BREACH_REPORT_2025 | THREAT INTELLIGENCEPAGE 04 / 12

Attack Speed & Detection Metrics

241 days

Mean Detection

Nine-year low

51 sec

Fastest Breakout

48 min

Avg Lateral Movement

57%

External Discovery

Section 04

Industry Analysis

Industry	Incidents	Share	Avg Cost	Records/Incident
Financial Services	739	22.3%	$5.56M	1.2M
Healthcare	534	16.1%	$7.42M	518K
Professional Services	478	14.4%	$4.8M	890K
Government	365	11.0%	$2.55M	2.1M
Manufacturing	299	9.0%	$5.0M	340K
Education	188	5.7%	$3.5M	156K

Healthcare

Breaches cost 167% above global average at $7.42M per incident.

Financial Services

Surpassed Healthcare as #1 target for first time since 2018.

Government

Lowest cost but highest records per incident at 2.1M average.

BREACH_REPORT_2025 | THREAT INTELLIGENCEPAGE 05 / 12

Breach Severity Distribution

Severity	% of Breaches	Avg Records	Avg Cost
Critical	8%	10M+	$9.2M
High	23%	1-10M	$5.8M
Medium	41%	100K-1M	$3.4M
Low	28%	<100K	$1.9M

Section 05

The Human Element

Compromised Data Types

Data Type	% of Breaches	Black Market Value
Email Addresses	94%	$0.50-2
Passwords	78%	$1-10
SSN/National ID	34%	$15-65
Credit Card	28%	$5-110
Health Records	12%	$250-1,000

Consumer Impact

Received breach notice (12 mo)80%

Received 3-5 separate notices40%

Password reuse rate65%

BREACH_REPORT_2025 | THREAT INTELLIGENCEPAGE 06 / 12

Section 06

Threat Actor Landscape

Actor Types

Actor Type	% of Breaches	Motivation
Cybercriminal	60%	Financial
Nation-State	10%	Espionage
Insider	20%	Financial/Revenge
Hacktivist	7%	Disruption
Unknown	3%	—

Top Ransomware Groups (2025)

1RansomHub

736 victims

2LockBit

412 victims

3Akira

298 victims

4Qilin

187 victims

5Cl0p

156 victims

Nation-State Activity

China

Most active. Infrastructure pre-positioning.

Russia

Ukraine-focused. NATO influence ops.

North Korea

Crypto theft. IT worker infiltration.

Iran

Energy sector. Regional influence.

BREACH_REPORT_2025 | THREAT INTELLIGENCEPAGE 07 / 12

Section 07

Notable Incidents

MegaHealth Systems

March 2025

Records:

47M patient records

Cost:

$312M

Attack: Ransomware via third-party billing vendor

Largest healthcare breach of the year

GlobalBank Corp

July 2025

Records:

23M customer accounts

Cost:

$89M + CEO resignation

Attack: Credential stuffing + insider assistance

Led to major regulatory overhaul

TechCloud Inc

October 2025

Records:

156M user credentials

Cost:

$45M + 18% stock drop

Attack: Misconfigured S3 bucket

Spurred cloud security legislation

EduNet Consortium

December 2025

Records:

8.2M student records (minors)

Cost:

$67M + congressional investigation

Attack: Phishing → lateral movement → exfil

Children's data protection debate

BREACH_REPORT_2025 | THREAT INTELLIGENCEPAGE 08 / 12

Section 08

2026 Predictions & Trends

AI-Powered Attacks

50% of threat landscape will be AI-driven by year-end. Defensive AI becomes mandatory.

Supply Chain Dominance

Will become #1 access point. Third-party risk management now existential.

Cloud Misconfigurations

23% of incidents stem from misconfig. 82% are human error. Automation essential.

Regulatory Impact

NIS2 enforcement ramps up. CRA begins September 2026. Non-compliance becomes costly.

Quantum Threats

Only 8% of IoT devices are quantum-safe. 'Harvest now, decrypt later' attacks continue.

Ransomware Evolution

First year non-Russian groups outnumber Russian. New actors from SE Asia, Africa.

BREACH_REPORT_2025 | THREAT INTELLIGENCEPAGE 09 / 12

Section 09

Actionable Recommendations

👤

For Individuals

✓Enable MFA on all accounts (reduces risk 99.9%)
✓Use password manager with unique passwords
✓Monitor exposure via ExposedMap
✓Freeze credit with all three bureaus

🏢

For Organizations

✓Implement zero-trust architecture
✓Conduct quarterly phishing simulations
✓Maintain <24hr patch cycle for critical CVEs
✓Deploy AI-assisted security (saves $2.2M/breach)

🛡️

For CISOs

✓Allocate 12% of IT budget to security
✓Prioritize identity & supply chain risk
✓Build 72-hour incident response capability
✓Consider cyber insurance with $10M+ coverage

BREACH_REPORT_2025 | THREAT INTELLIGENCEPAGE 10 / 12

Geographic Distribution - Top Affected Countries

1. ChinaSurged from 12th to 1st

2. RussiaPersistent threat actor

3. United States3,332 breaches

4. Brazil+24x increase

5. Italy+21x increase

Data Sources Referenced

Primary Sources

• Verizon Data Breach Investigations Report 2024-2025
• IBM Cost of a Data Breach Report 2024
• ITRC Annual Data Breach Report 2024-2025
• CrowdStrike Global Threat Report 2025
• Mandiant M-Trends 2025
• FBI Internet Crime Complaint Center (IC3) 2024

ExposedMap Data

• 72,000+ verified breach incidents
• 188 countries covered
• Real-time monitoring since 2024
• Integration with HIBP, HHS, ICO, OAIC
• Geographic mapping to HQ locations
• Industry and root cause classification

BREACH_REPORT_2025 | THREAT INTELLIGENCEPAGE 11 / 12

Shareable Stat Cards

Use these statistics for social media, presentations, and reports. Credit: ExposedMap 2025 Global Breach Report.

180

accounts were compromised

EVERY SECOND

in 2025

5.5 BILLION

accounts breached in 2024

70% of Earth's population

AI-generated phishing has a

54% click rate

vs 12% for human-written

Average data breach costs

$4.88M

Healthcare: 167% higher

Stay Ahead of Breaches

Join thousands of security professionals using ExposedMap to monitor breach trends and protect their organizations.

Check Your Exposure

Scan your email against 72,000+ breaches. Free, instant, and zero-knowledge.

ExposedMap.com

@ExposedMap•support@exposedmap.com

This report is based on publicly available data and verified research sources. Statistics are estimates that may be revised.