S-RM’s 2025 Cyber Incident Insights Report highlights a fragmented 2024 cybersecurity landscape, marked by a surge in ransomware attacks. As cybercrime became more accessible, global law enforcement intensified efforts to counter emerging threats.
The Cyber Incident Insights report outlines dominant trends observed in 2024 and provides an outlook for 2025. Data points around key 2024 developments were:
Fractures and fissures
Over the course of 2024, S-RM’s Incident Response team encountered more cyber threat actors than ever before—53 separate threat actors, a 96% increase from 27 in 2023. This trend reflects an increasingly fractured threat landscape, with established groups hampered by the efforts of law enforcement and the barriers of entry for new entrants lower than ever.
Ransomware still dominant
Over a third of the incidents S-RM’s team responded to involved ransomware, making it the leading incident category for the third year running. The rate of growth, however, may have slowed slightly. The number of organizations posted on ransomware and data-theft leak sites grew by 13% in 2024, down from 70% growth the prior year.
Ransom payments on the decline
While the threat actors multiply and become increasingly brazen, S-RM has observed that victims are becoming more resilient to ransom demands. Since 2022, the proportion of incidents the team has responded to that resulted in a ransom payment has nearly halved.
Exploited vulnerabilities continue to open doors
Exploited vulnerabilities in public-facing systems accounted for method of entry in 39% of extortion cases S-RM supported in 2024. S-RM also observed a 53% increase the number of small businesses named on ransomware leak sites, indicating that increased competition among ransomware groups has broadened the scope of organizations targeted by threat actors.
Paul Caron, Head of Cybersecurity, Americas at S-RM, said: Last year was about staying nimble and adaptable as the number of threat actors proliferated. With increased competition for potential targets, cybercriminals sought out a wider variety of targets going beyond large companies to include small and medium-sized businesses. And we’ve seen they’ve evolved their techniques and tools for example increasing EDR avoidance and Adversary-in-the-Middle’ (AiTM) attacks.”
To access the full S-RM 2025 Cyber Incident Insights Report, visit the website here.
Related News:
Cohesity CERT Expanded with Leading IR Vendors To Fortify Cyber Resilience
Zerto Cloud Vault Solution Launched for Cyber Resilience via MSPs
Methodology
The 2025 S-RM Cyber Incident Insights Report seeks to support organisations in their cybersecurity efforts by sharing the insights gained through responding to incidents around the world. This report features data from Polus Analytics, S-RM’s proprietary platform that holds data on over 600 incidents the global IR team responded to across S-RM’s 2024 financial year.
