VendorsMandiant
Mandiant
Cybersecurity reports and statistics published by Mandiant
8 categories1 reports
Recent Statistics & Reports
Exploits continue to be the most common initial infection vector (33%).
4/24/2025•
Initial infection vectorExploits
Healthcare (9.3%) was the 5th most targeted industry.
4/24/2025•
HealthcareSecurity incident
8% of threat groups were motivated by espionage.
4/24/2025•
Threat groupEspionage
55% of threat groups active in 2024 were financially motivated, showing a steady increase.
4/24/2025•
Threat group
Global median dwell time was 5 days when adversaries notified (notably in ransomware cases).
4/24/2025•
Dwell timeSecurity incidentRansomware
High tech (10.6%) was the 3rd most targeted industry.
4/24/2025•
High techSecurity incident
Government (9.5%) was the 4th most targeted industry.
4/24/2025•
GovernmentSecurity incident
Financial (17.4%) was the #1 targeted industry.
4/24/2025•
FinancialSecurity incident
Global median dwell time was 26 days when external entities notified.
4/24/2025•
Dwell timeSecurity incident
Business and professional services (11.1%) was the 2nd most targeted industry.
4/24/2025•
Business and professional servicesSecurity incident
Global median dwell time was 10 days when organizations discovered malicious activity internally
4/24/2025•
Dwell timeSecurity incident
The Global median dwell time rose to 11 days in 2024, up from 10 days in 2023.
4/24/2025•
Dwell timeSecurity incident
Stolen credentials are the second highest initial infection vector, making up 16% of investigations. This rise means stolen credentials were the second most common initial infection vector for the first time in 2024.
4/24/2025•
Initial infection vectorCredentialsStolen credentials
Financial (17.4%) was the #1 targeted industry.
4/24/2025•
FinancialSecurity incident
High tech (10.6%) was the 3rd most targeted industry.
4/24/2025•
High techSecurity incident