Data breach speed tripled compared to 2021, study finds

Palo Alto Networks' Unit 42, its cybersecurity threat research unit, released its 2025 Global Incident Response Reportrevealing that 861 of the top cybersecurity incidents in 2024 resulted in operational disruptions, reputational damage, or financial losses. 

The report, based on responses to 500 major incidents in 38 countries across all sectors of the economy, highlights a new trend: financially motivated criminal groups are now prioritizing deliberate damage, destroying systems, blocking customers, and causing prolonged disruptions to maximize impact and pressure victims into paying ransoms.

The speed, sophistication, and scale of attacks reached unprecedented levels, fueled by AI-based threats and multifaceted intrusions, making the 2024 cybersecurity landscape even more volatile.

Cyber threats are faster and more destructive.

As attackers rewrite the rules of the game, defense teams struggle to keep pace. The report highlights several trends:

• Attacks faster than everIn 25% incidents, attackers exfiltrated data in less than five hours, three times faster than in 2021. The situation is even more alarming in 20% cases, where data theft occurred in less than an hour.
• Rising internal threatsThe number of internal incidents linked to North Korea tripled in 2024. State-sponsored groups have been infiltrating companies, posing as IT professionals, gaining employment, and then installing backdoors, stealing data, and even altering source code.
• Multifaceted attacks have become the norm.In 70% cases, attackers exploited three or more attack surfaces simultaneously, forcing security teams to protect endpoints, networks, cloud environments, and the human factor concurrently.
• Phishing is back.After being surpassed by vulnerabilities last year, phishing has returned as the primary initial access vector for cyberattacks, accounting for 23% of intrusions. With the use of generative AI, phishing campaigns are more sophisticated, convincing, and scalable than ever before.
• The growth of cloud attacksAlmost 29% of the incidents involved cloud environments, and 21% resulted in operational damage, with attackers exploiting incorrect configurations to map entire networks in search of valuable data.
• IA as a catalyst for the cycle of attacksCriminals are using artificial intelligence to create more convincing phishing campaigns, automate malware development, and accelerate their progress within the attack chain. In a controlled experiment, Unit 42 researchers discovered that AI-assisted attacks can reduce the time to data exfiltration to as little as 25 minutes.

Why are cyberattacks still successful?

The report highlights three key factors enabling attackers' success:

• Complexity compromises security effectiveness. In 75% incidents, there was evidence in the logs, but operational silos prevented detection.
• Lack of visibility facilitates attacks. 40% cloud incidents were caused by unmonitored assets and shadow IT, allowing attackers to move laterally undetected.
• Excessive privilege amplifies the damage.In the 41% attacks, attackers exploited excessive permissions to facilitate lateral movement and privilege escalation.

Malicious actors are reforming their strategies, combining AI, automation, and multifaceted tactics to bypass traditional defenses. The time between initial intrusion and full impact is rapidly decreasing, making detection, response, and mitigation more critical than ever.

To stay ahead of threats in 2025, organizations need proactively to strengthen the security of their networks, applications, and cloud environments, and to empower their security operations with AI-based solutions for faster and more effective detection and response.