Cybercrime is on track to cost the global economy USD 15.63 trillion by 2029, according to newly compiled research drawing on the Cyber Events Database, the World Economic Forum, and national cybersecurity agencies.
The report highlighted that in the past year 59% of businesses have suffered a successful breach and 20% of small and medium-sized businesses (SMBs) reported no cybersecurity technology at all.
Human error remained the dominant weakness, contributing to 95% of data breaches worldwide. This risk was heightened by an ongoing shortage of more than four million cybersecurity professionals.
Global Trends Showed Financially Driven, AI-Enabled Threats
CED data revealed significant concentration of activity in digitally mature economies. Between 2024 and 2025, the US accounted for 646 reported incidents (44% of all recorded attacks) followed by the UK (72), Russia (70), Canada (40), and France (38).
Researchers cautioned that lower reporting in parts of Africa, Asia, and Latin America likely reflected gaps in monitoring, rather than reduced threat exposure.
Financial gain remained the primary motive behind cyberattacks, representing 1,013 of the 1,468 incidents tracked. Other motives included protest-related operations (145) and political espionage (111).
Public administration was the most targeted industry over the past year with 308 incidents, followed by healthcare and social assistance (200) and finance and insurance (178).
The report also identified some of the trends shaping the current threat landscape. Attackers increasingly relied on Artificial Intelligence (AI) to automate, tailor, and scale their operations.
“AI has lowered the barrier to entry, and attacks that once took months to develop can now launch in minutes,” Dominic Taylor, CTO at Hosting.co said, commenting on the report. “If an attacker can profit, they will try to.”
Other factors included the rise of employee-driven “shadow AI,” the expansion of Ransomware-as-a-Service platforms (RaaS), and persistent supply-chain compromise.
At the infrastructure level, hybrid cloud, Internet of Things, and edge environments introduced new entry points through misconfigurations, weak authentication, and unpatched devices.
To counter these threats, analysts recommend strengthening supply-chain oversight, adopting zero-trust security models, applying AI-assisted detection, and increasing organization-wide security training to counter rapidly evolving threats.
