3% of SMB owners faced severe, lasting damage following a cyber attack.

In 2025, only 28% of IT and security leaders believed they could fully recover from a cyber incident in 12 hours or less, down from 43% in 2024

58% of IT and security leaders believe it would take at least two days to recover and achieve full-service operations post-compromise

92% of organizations reported experiencing legal, regulatory, or compliance consequences, including fines, lawsuits, or other enforcement actions.

76% of organizations have experienced at least one material cyberattack.

70% of publicly traded companies reported adjusting earnings or financial guidance after a cyberattack.

68% of publicly traded companies said they observed an impact on their stock price after a cyberattack.

73% of privately held firms redirected budgets from innovation and growth initiatives after a cyberattack.

82% of organizations saw 11–50% of their data impacted from an attack.

The Qantas board imposed a 15% reduction in short-term bonuses for the CEO and senior executives due to the July 2025 breach.

The penalty for Qantas CEO Vanessa Hudson due to the bonus reduction following the July 2025 breach amounted to about A$250,000.

78% of family offices say a successful attack would trigger withdrawals or investor panic.

The amount of data most organizations got back after paying a ransom was 51–75%.

54% of organizations attacked paid a ransom.

92% of organizations still lost data after paying a ransom.

8% of organizations got all their data back after paying a ransom.

7% of organizations recovered in a day or less after an attack.

4–7 Days was the "normal" recovery time after a cyberattack.

75% of organizations saw impact to their data protection infrastructure and storage systems after a cyber attack.

78% of organizations suffered from the inability to access data or IT outages due to an attack (e.g., ransomware, malware, DDoS).