2024/2025: A cyber attack on companies every 14 seconds

US companies are by far the most popular target according to the latest NordPass study

[datensicherheit.de, 03/26/2025] „In the time it takes you to read this article, at least twelve more cyber attacks will have taken place – one every 14 seconds,“ warns NordPass in a recent statement dated March 26th 2025. According to a recent NordPass study, the USA is by far the most popular target. This study, conducted in collaboration with NordStellar to investigate cyber security incidents, confirms a worrying trend: „Attacks are on the rise!“

Companies that offer B2B services, internet and web services as well as banking and credit services are particularly affected

„In the last quarter, companies using NordStellar’s ‘Dark Web Monitoring Tool’ detected 772 cyber security incidents in their corporate environment.“ In January 2025, there were already 321 incidents. According to NordPass, by far the most data breaches in the last quarter were recorded in the USA (61), followed by India (13) and the United Kingdom (7).

It is also worth noting that in the last quarter of 2024 and in January 2025, most data breaches occurred at companies „providing business services (B2B), internet and web services, and banking and credit services, including fintech companies“.

„At a time when the number of cyber-attacks is at an all-time high, a single compromised password can allow malicious actors unauthorised access to sensitive company data. It is therefore crucial for companies to strengthen their cyber defences not only through education, but also by using the right tools,“ emphasises Karolis Arbaciauskas, Head of Business Product at NordPass. For example, they could use the free ‘Dark Web Monitoring Tool’ to check whether their company data has ever been exposed.

Targeting small companies too

Arbaciauskas adds that many small business owners do not recognise the need for cyber security tools because they believe their companies are too small or too insignificant to be of interest to cyber criminals. „However, the data shows the opposite trend!“ He knows from experience that people all over the world think this way.

His warning: „But this is a deceptive feeling. Cyber attacks that target specific companies or individuals, as we know them from films, are very rare. Threat actors usually cast their nets over a wide area and see who they can catch.“ The data also shows that the victims are usually small companies with up to 35 employees.

According to Arbaciauskas, larger companies generally place more emphasis on training their employees, have solid security guidelines and are better prepared technologically to defend against attacks. As a result, cyber incidents occur less frequently in big companies. „And when large, well-known companies are hacked, we all hear about it in the news. At the same time, thousands of incidents in small companies often go unnoticed.“

On average, it takes companies 204 days to detect a cyber security breach

Even if an incident is detected, it usually takes a very long time for a response to follow and for the incident to be resolved: „On average, it takes companies 204 days to detect a security breach and another 73 days to contain it.“

Due to reused and insecure employee passwords or downloaded malware, company credentials often show up in compromised databases, giving hackers the opportunity to penetrate the system. For smaller companies, a serious data breach can mean certain doom – as the financial costs and reputational damage can be immense.

According to estimates from IBM, the average cost of a data breach is around 4.45 million USD. „This represents a 15 per cent increase over the last three years and highlights the increasing financial impact of data breaches on today’s businesses.“

Identify vulnerabilities in the company’s IT infrastructure and develop strategies to defend against threats

According to Arbaciauskas, every organisation, regardless of its size or type, should take extra care when it comes to cyber security. For him, the use of important tools such as password managers, which enable secure management of company data and access, or virtual private network (VPN) solutions is „a first step towards greater resilience against online threats„.

In addition, a cyber security review is helpful in identifying weaknesses in a company’s IT infrastructure and developing strategies to defend against threats. Arbaciauskas concludes: „It is also important to invest in general cyber security awareness within the organisation to avoid misconduct, which can often lead to serious data breaches.“

The study on which this article is based was conducted in collaboration with NordStellar. The data was analysed based on factors such as country, industry, company type, company size and type of data affected. The focus was on cyber security breaches in the last quarter (beginning of October to end of December 2024) and in January 2025.

Further information on the topic:

NordPass, Maciej Bartłomiej Sikora, 10/28/2024
Data Breach Trends Report 2024

NordPass
A cyberattack strikes every 14 seconds / Check if your company is exposed using our free dark web monitoring tool

IBM
Cost of a Data Breach Report 2024

datensicherheit.de, 01/20/2020
Allianz-Studie: Cybercrime als Sicherheitsrisiko Nummer 1 / Marc Schieder fordert IT-Security zur „Chefsache“ zu machen