How are cyber incidents trending year over year?

Cyber incidents have been increasing steadily, with ransomware, data breaches, and phishing attacks leading the growth. Rankiteo tracks these trends globally, providing monthly and yearly breakdowns of incident volume, severity, and affected industries.

What are the most common types of cyber attacks?

The most common types include ransomware, data breaches, phishing, DDoS attacks, and supply chain compromises. Their relative frequency changes over time as threat actors adapt their tactics.

Which industries face the most cyber incidents?

Healthcare, financial services, technology, government, and manufacturing consistently rank among the most targeted industries due to the value of their data and critical infrastructure dependencies.

What is a cyber incident severity score?

A severity score is a numerical rating from 0 to 100 assigned to each cyber incident based on its impact, scope, data sensitivity, and number of affected organizations. Scores of 80+ are Critical, 60-79 High, 40-59 Medium, and below 40 Low.

How often is the cyber incident trend data updated?

Rankiteo continuously monitors threat intelligence feeds, breach databases, and security advisories. The incident trend data on this page is refreshed in real time as new incidents are detected and classified.

How can organizations use cyber incident trend data?

Organizations use incident trend data for strategic security planning, budget justification, cyber insurance underwriting, regulatory compliance (NIS2, DORA, SEC), vendor risk assessment, and board-level reporting on the evolving threat landscape.

Cyber Incident Trends

Explore trends across 18,418 cyber incidents tracked by Rankiteo. Monthly timelines, year-over-year growth, attack type breakdowns, and severity distribution.

18,418

Total Incidents

21.2K

Companies Affected

79.2

Avg Severity

Attack Types

Severity Distribution

12,414

Critical

67%

3,644

High

20%

1,388

Medium

972

Low

Year-over-Year

1906

incidents

Avg sev: 100 · 2 companies

1989

incidents

Avg sev: 100 · 2 companies

1996

incidents

Avg sev: 92.5 · 4 companies

1997

incidents

Avg sev: 68.3 · 3 companies

1998

incidents

Avg sev: 100 · 1 companies

1999

incidents

Avg sev: 100 · 2 companies

2000

incidents

Avg sev: 85.5 · 10 companies

2001

incidents

Avg sev: 88.3 · 9 companies

2002

incidents

Avg sev: 86.2 · 4 companies

2003

incidents

Avg sev: 71.4 · 7 companies

2004

incidents

Avg sev: 75 · 4 companies

2005

incidents

Avg sev: 73.8 · 4 companies

2006

incidents

Avg sev: 85 · 4 companies

2007

incidents

Avg sev: 57.5 · 4 companies

2008

incidents

Avg sev: 71.5 · 11 companies

2009

incidents

Avg sev: 67.5 · 8 companies

2010

incidents

Avg sev: 83.6 · 23 companies

2011

incidents

Avg sev: 67.6 · 37 companies

2012

126

incidents

Avg sev: 68.5 · 128 companies

2013

162

incidents

Avg sev: 64.8 · 174 companies

2014

200

incidents

Avg sev: 69.2 · 212 companies

2015

227

incidents

Avg sev: 72.5 · 238 companies

2016

319

incidents

Avg sev: 73 · 343 companies

2017

350

incidents

Avg sev: 70.9 · 367 companies

2018

293

incidents

Avg sev: 71.7 · 311 companies

2019

365

incidents

Avg sev: 71 · 385 companies

2020

1,088

incidents

Avg sev: 76.1 · 1.1K companies

2021

1,254

incidents

Avg sev: 75.8 · 1.3K companies

2022

2,275

incidents

Avg sev: 83 · 2.3K companies

2023

3,991

incidents

Avg sev: 74 · 4.1K companies

2024

1,972

incidents

Avg sev: 79.6 · 2.2K companies

2025

3,506

incidents

Avg sev: 85.6 · 4.4K companies

2026

2,160

incidents

Avg sev: 85.7 · 3.5K companies

Monthly Incident Volume

Incidents by Attack Type

Data Breach

10,401

Ransomware

1,593

Ransomware Attack

400

Cyberattack

345

Cyber Attack

260

ransomware

212

Vulnerability Exploitation

201

Data Exposure

165

Data Breach, Ransomware

149

Data Leak

132

Other

102

Remote Code Execution (RCE)

101

Most Affected Industries

Hospitals and Health Care

1,627

Financial Services

941

Software Development

826

Government Administration

779

IT Services and IT Consulting

543

Insurance

476

['Software Development']

447

Higher Education

441

Retail

379

Banking

351

Education Administration Programs

308

Non-profit Organizations

266

Cyber Incident Trends & Statistics - 2026 Overview

Cyber incidents continue to rise in both volume and severity across every sector of the global economy. Rankiteo tracks and analyzes thousands of publicly reported cyber events, including ransomware attacks, data breaches, phishing campaigns, DDoS attacks, and supply chain compromises, to deliver a comprehensive view of how the cyber threat landscape is evolving.

This page presents real-time trend data derived from Rankiteo's continuous monitoring of global threat intelligence feeds, breach disclosure databases, security advisories, and dark web activity. Every incident is classified by attack type, severity band, affected industry, and date to enable year-over-year comparisons and monthly granularity.

Why Tracking Cyber Incident Trends Matters

Understanding how cyber threats evolve over time is essential for security leaders, risk managers, insurers, and policymakers. Key use cases include:

Strategic Planning: Identify which attack types are accelerating so your security roadmap addresses the most likely threats.
Budget Justification: Use year-over-year incident growth data to support cybersecurity investment requests to executive leadership and boards.
Cyber Insurance: Underwriters and brokers rely on incident trend data to price risk accurately and identify emerging exposure concentrations.
Regulatory Compliance: Frameworks like NIS2, DORA, and SEC cyber disclosure rules increasingly require organizations to demonstrate awareness of current threat trends.

Understanding Severity Distribution

Each incident tracked by Rankiteo is assigned a severity score from 0 to 100 based on the scope of impact, data sensitivity, number of affected entities, and the nature of the attack. Incidents scoring 80+ are classified as Critical, 60–79 as High, 40–59 as Medium, and below 40 as Low. The severity distribution chart above reveals what proportion of global incidents fall into each band, helping organizations calibrate their risk tolerance.

Attack Type Breakdown

Not all cyber incidents are created equal. Ransomware remains the most financially devastating attack type, while data breaches expose the highest volume of sensitive records. Phishing and social engineering attacks are the most frequent initial access vector. Supply chain attacks, though less common, have an outsized blast radius. The attack type breakdown above ranks each category by incident count, giving you an at-a-glance view of the current threat mix.

Methodology & Data Sources

Rankiteo aggregates incident data from multiple authoritative sources including government CERT advisories, vendor security bulletins, breach notification databases, dark web leak sites, and curated open-source threat intelligence feeds. Each incident undergoes automated classification and severity scoring before being added to our dataset. Data is refreshed continuously, ensuring the statistics on this page reflect the latest known state of the global cyber threat landscape.

For more details on our scoring methodology, visit the Rating Methodology page. To explore specific incident types in depth, see our Ransomware Tracker, Data Breach Statistics, and Threat Actor Leaderboard.