Cyberedge reports on cybersecurity trends

The Cyberedge Group’s report aggregates the security profile of companies and their response to cybersecurity threats
Only 54.3% of organizations that paid ransoms successfully recovered their data, down from 72.7% two years ago
Attack Surface Management is a rapidly growing field within cybersecurity

Illustration by ArtemisDiana/DepositPhotos

BitDepth 1545 for January 12, 2026

The Cyberedge Group’s cybersecurity report maps an aspect of the sector that isn’t widely reported, the security profile of companies and how they are responding to cybersecurity threats.

The report by the research firm has been produced since 2016 and the 2025 report gathers information from 1,200 responders across a profile of global companies ranging from “small” operations with 500-999 employees to monoliths with 25,000 or more.

The largest bloc of respondents were those companies with 5,000 – 9,000 employees and those with 1,000 – 4,999. Companies were included from 17 countries, though there are few specifics about the experience in Latin America and none for the Caribbean. The largest number of respondents were from US organisations.

Responses came from the education, finance, government, healthcare, manufacturing, retail and telecommunications/technology sectors.
The broad insights do offer value to regional cybersecurity professionals.

Organisations that have experienced at least one successful cyberattack and the number that suffered six or more, increased between the 2016 and 2021 reports.

Those numbers hit a plateau between 2021 and 2023, with 85 per cent experiencing one infiltration and 40 per cent dealing with six or more cyberattacks.

More than ten successful cyberattacks were experienced by 7.9 per cent of respondents.

The aggregate numbers of infiltration success have dropped by 3.5 per cent since 2024, and the report suggests that greater focus on cybersecurity, increased cooperation among stakeholders in the International Counter Ransomware Initiative as well as an increase in successful responses by law enforcement to ransomware attacks have contributed to that change.

The count of organisations reporting that they have paid ransomware groups has also dropped.

Some countries actively discourage ransomware payments, and the report cited the slogan attributed to Robert Goodloe Harper in the 1790’s, “Millions for defense, but not one cent for tribute.”

Specific factors leading to the decrease of ransomware payments include, “Increasing doubts about the inclination and even the ability of ransomware gangs to provide effective decryption tools, and to honor their promises not to reveal exfiltrated data (doubt that paying a ransom will produce any results).”

“The refusal of some cyber insurance companies to cover ransom payments (although the policies may still cover costs related to losses from ransomware attacks) [and] a growing number of laws prohibiting ransom payments to some classes of cybercriminals and groups associated with terrorist organizations, and governments strongly discouraging ransom payments to anyone.”

Only half (54.3 per cent) of the organisations that paid ransoms successfully recovered their data, down from 72.7 per cent just two years ago.

The average ransom payment has been rising and falling since 2022, when the mean was US$211,529, peaking in the third quarter of 2023 at US$850,700 then dropping to $553,959 in the fourth quarter of 2024.

Areas of vulnerability identified by the report are Internet of Things (IoT) deployments and mobile device vulnerabilities, specifically mobile devices used in companies, but cybersecurity for mobile devices has significantly lagged behind threat initiatives.

Mobile and web application vulnerabilities affect 90.9 per cent of respondents in the 2025 report and these weaknesses are contributing to the areas of greatest cybersecurity concern, harvesting of personally identifiable information (PII), account takeovers and payment fraud.

“Attack surfaces are getting much larger because sensitive data that used to be stored in a few databases and file servers in corporate headquarters are now scattered across multiple SaaS applications, cloud platforms, hosted services, home offices, and remote devices,” the report notes.

“Some cybersecurity experts now suggest that organizations should think about having multiple attack surfaces with different characteristics, versus one extremely large one.”

“Enterprise attack surfaces are expanding and diversifying. One of the main reasons is that applications and data are now, to use a technical term, all over the place.”

Attack surface management is a growth industry for cybersecurity experts, so much so that ASM is now a new and valid acronym in those circles.

Contributing to cybersecurity consolidation is the surprising growth in acceptance of frameworks, standards and expected systems that were once seen as an annoyance championed by government agencies and industry standards bodies.

These controls were once recommended, but in the face of growing cybersecurity threats, have become mandatory in many jurisdictions.

The growing threat landscape has also forced these standards to become more complete, timely and agile systems to shape relevant cybersecurity responses. It doesn’t hurt that in cybersecurity insurance claims, compliance is a factor in any case brought for recompense.

Leading frameworks being used by respondents are those offered by the Cloud Security Alliance (Cloud Control Matrix) and the National Institute of Standards and Technology (NIST) cybersecurity framework.

Request the report here.