Unit 42, Palo Alto Networks’ cybersecurity threat research unit, today released its 2025 Global Incident Response Report, revealing that 86% of major cyber incidents in 2024 resulted in operational disruption, reputational damage, or financial losses.
The report, based on responses to 500 major incidents across 38 countries and all economic sectors, highlights a new trend: financially motivated criminal groups have shifted to prioritizing deliberate damage—destroying systems, locking out customers, and causing prolonged outages to maximize impact and pressure victims into paying ransoms.
The speed, sophistication, and scale of attacks have reached unprecedented levels, driven by AI-based threats and multifaceted intrusions, making the 2024 cybersecurity landscape even more volatile.
Cyber threats are faster and more destructive
As attackers rewrite the rules of the game, defense teams struggle to keep up. The report points to several trends:
- Faster attacks than ever: in 25% of incidents, attackers exfiltrated data in under five hours—three times faster than in 2021. The scenario is even more alarming in 20% of cases, where data theft occurred in less than one hour.
- Rising insider threats: the number of North Korea-linked insider incidents tripled in 2024. State-sponsored groups have infiltrated companies, posing as IT professionals, securing jobs, and then installing backdoors, stealing data, and even altering source code.
- Multifaceted attacks have become standard: in 70% of cases, attackers exploited three or more attack surfaces simultaneously, forcing security teams to protect endpoints, networks, cloud environments, and the human factor all at once.
- Phishing is back: after being surpassed by vulnerabilities last year, phishing has once again become the top initial access vector for cyberattacks, accounting for 23% of intrusions. With generative AI, phishing campaigns are more sophisticated, convincing, and scalable than ever.
- The growth of cloud attacks: nearly 29% of incidents involved cloud environments, and 21% resulted in operational disruptions, with attackers exploiting misconfigurations to map entire networks for valuable data.
- AI as an attack cycle catalyst: criminals are using artificial intelligence to create more convincing phishing campaigns, automate malware development, and accelerate their progression through the attack chain. In a controlled experiment, Unit 42 researchers found AI-assisted attacks can reduce data exfiltration time to just 25 minutes.
Why do cyberattacks continue to succeed?
The report highlights three key factors enabling attacker success:
- Complexity compromises security effectiveness: in 75% of incidents, there was evidence in logs, but operational silos prevented detection.
- Lack of visibility facilitates attacks: 40% of cloud incidents were caused by unmonitored assets and shadow IT, allowing attackers to move laterally undetected.
- Excessive privileges amplify damage: in 41% of attacks, attackers exploited excessive permissions to facilitate lateral movement and privilege escalation.
Malicious actors are reworking their strategies, combining AI, automation, and multifaceted tactics to bypass traditional defenses. The time between initial intrusion and full impact is shrinking rapidly, making detection, response, and mitigation more critical than ever.
To stay ahead of threats in 2025, organizations must proactively strengthen network, application, and cloud security, while empowering their security operations with AI-based solutions for faster, more effective detection and response.
