Cyber scams cost businesses $1.7 million per year, claims report

Ninety-eight percent of businesses experienced a cyber attack in 2024, with 94% reporting associated financial losses of at least $500,000, according to the 2025 CyberScam Report from security firm BrandShield.
Based on a survey of 200 CISOs from the UK, US, and Europe, the research discovered that suffering a cyber attack in 2024 had a significant impact on a CISO’s attitudes to emerging technologies and how much they should invest in cyber monitoring tools.
For example, when it comes to the potential negative effects of AI, 34% said they were very concerned, 40% said they were concerned, and 25% said they were only slightly concerned. For those having suffered a cyber attack, however, these levels of worry increased.
If the organization lost up to $1 million in relation to cyber attacks in 2024, 53% of CISOs said they were concerned, while 23% said they were very concerned. For organizations that lost more than $1 million, 40% said they were very concerned and 33% said they were concerned – although 1% said they weren’t concerned at all.
When it comes to the level of spending in their company in relation to threat monitoring, 76% of CISOs interviewed said their budgets would likely increase this year, with those that had suffered a cyber attack anticipating a greater increase than those that hadn’t.
Supply chain attacks and phishing plague businesses
When it comes to the type of attacks that CISOs faced in the past year, 33% identified supply chain attacks as the main cause of their problems, followed by brand impersonation (31%), advanced persistent threats (APTs) (29%), executive impersonation (28%), and phishing and scam sites (27%).
Ransomware, which was a major concern for businesses for several years, came in last place at 22%.
This falls in line with recent research from ITPro, which showed phishing – which is increasingly incorporating elements of generative AI according to researchers – to now be the biggest threat. This was followed by malware and password attacks, both often a feature of campaigns by APTs, with ransomware coming in fourth and social engineering fifth.
Of BrandShield’s own research, CEP and co-founder Yoav Kerensaid: “The scale of online threats is unprecedented, and cybercriminals are weaponizing AI faster than businesses can react. Organizations must prioritize AI-powered defenses that don’t just detect threats but neutralize them in real-time.”
MORE FROM ITPRO
Source link