How are cyber incidents trending year over year?

Cyber incidents have been increasing steadily, with ransomware, data breaches, and phishing attacks leading the growth. Rankiteo tracks these trends globally, providing monthly and yearly breakdowns of incident volume, severity, and affected industries.

What are the most common types of cyber attacks?

The most common types include ransomware, data breaches, phishing, DDoS attacks, and supply chain compromises. Their relative frequency changes over time as threat actors adapt their tactics.

Which industries face the most cyber incidents?

Healthcare, financial services, technology, government, and manufacturing consistently rank among the most targeted industries due to the value of their data and critical infrastructure dependencies.

What is a cyber incident severity score?

A severity score is a numerical rating from 0 to 100 assigned to each cyber incident based on its impact, scope, data sensitivity, and number of affected organizations. Scores of 80+ are Critical, 60-79 High, 40-59 Medium, and below 40 Low.

How often is the cyber incident trend data updated?

Rankiteo continuously monitors threat intelligence feeds, breach databases, and security advisories. The incident trend data on this page is refreshed in real time as new incidents are detected and classified.

How can organizations use cyber incident trend data?

Organizations use incident trend data for strategic security planning, budget justification, cyber insurance underwriting, regulatory compliance (NIS2, DORA, SEC), vendor risk assessment, and board-level reporting on the evolving threat landscape.

Cyber Incident Trends

Explore trends across 16,310 cyber incidents tracked by Rankiteo. Monthly timelines, year-over-year growth, attack type breakdowns, and severity distribution.

16,310

Total Incidents

17.7K

Companies Affected

78.1

Avg Severity

Attack Types

Severity Distribution

10,532

Critical

65%

3,538

High

22%

1,349

Medium

891

Low

Year-over-Year

1996

incidents

Avg sev: 92.5 · 4 companies

1997

incidents

Avg sev: 68.3 · 3 companies

1998

incidents

Avg sev: 100 · 1 companies

1999

incidents

Avg sev: 100 · 2 companies

2000

incidents

Avg sev: 85.5 · 10 companies

2001

incidents

Avg sev: 86 · 8 companies

2002

incidents

Avg sev: 86.2 · 4 companies

2003

incidents

Avg sev: 71.4 · 7 companies

2004

incidents

Avg sev: 75 · 4 companies

2005

incidents

Avg sev: 73.8 · 4 companies

2006

incidents

Avg sev: 85 · 4 companies

2007

incidents

Avg sev: 57.5 · 4 companies

2008

incidents

Avg sev: 72.8 · 9 companies

2009

incidents

Avg sev: 67.5 · 8 companies

2010

incidents

Avg sev: 82.9 · 21 companies

2011

incidents

Avg sev: 67.6 · 37 companies

2012

126

incidents

Avg sev: 68.5 · 128 companies

2013

158

incidents

Avg sev: 64.1 · 163 companies

2014

199

incidents

Avg sev: 69.1 · 210 companies

2015

223

incidents

Avg sev: 72.1 · 233 companies

2016

316

incidents

Avg sev: 72.8 · 331 companies

2017

344

incidents

Avg sev: 70.4 · 355 companies

2018

287

incidents

Avg sev: 71.4 · 298 companies

2019

359

incidents

Avg sev: 70.6 · 376 companies

2020

1,070

incidents

Avg sev: 75.8 · 1.1K companies

2021

1,229

incidents

Avg sev: 75.4 · 1.3K companies

2022

2,258

incidents

Avg sev: 82.9 · 2.3K companies

2023

3,936

incidents

Avg sev: 73.8 · 4.0K companies

2024

1,853

incidents

Avg sev: 79 · 2.0K companies

2025

3,075

incidents

Avg sev: 85.2 · 3.7K companies

2026

752

incidents

Avg sev: 84.6 · 1.2K companies

Monthly Incident Volume

Incidents by Attack Type

Data Breach

9,657

Ransomware

1,314

Ransomware Attack

397

Cyberattack

285

Cyber Attack

246

ransomware

188

Vulnerability Exploitation

135

Data Exposure

129

Data Leak

120

Data Breach, Ransomware

106

Other

ransomware, data breach

Most Affected Industries

Hospitals and Health Care

1,627

Financial Services

941

Software Development

826

Government Administration

779

IT Services and IT Consulting

543

Insurance

476

Higher Education

441

Retail

379

Banking

351

Education Administration Programs

308

Non-profit Organizations

266

Telecommunications

257

Cyber Incident Trends & Statistics — 2026 Overview

Cyber incidents continue to rise in both volume and severity across every sector of the global economy. Rankiteo tracks and analyzes thousands of publicly reported cyber events — including ransomware attacks, data breaches, phishing campaigns, DDoS attacks, and supply chain compromises — to deliver a comprehensive view of how the cyber threat landscape is evolving.

This page presents real-time trend data derived from Rankiteo's continuous monitoring of global threat intelligence feeds, breach disclosure databases, security advisories, and dark web activity. Every incident is classified by attack type, severity band, affected industry, and date to enable year-over-year comparisons and monthly granularity.

Why Tracking Cyber Incident Trends Matters

Understanding how cyber threats evolve over time is essential for security leaders, risk managers, insurers, and policymakers. Key use cases include:

Strategic Planning: Identify which attack types are accelerating so your security roadmap addresses the most likely threats.
Budget Justification: Use year-over-year incident growth data to support cybersecurity investment requests to executive leadership and boards.
Cyber Insurance: Underwriters and brokers rely on incident trend data to price risk accurately and identify emerging exposure concentrations.
Regulatory Compliance: Frameworks like NIS2, DORA, and SEC cyber disclosure rules increasingly require organizations to demonstrate awareness of current threat trends.

Understanding Severity Distribution

Each incident tracked by Rankiteo is assigned a severity score from 0 to 100 based on the scope of impact, data sensitivity, number of affected entities, and the nature of the attack. Incidents scoring 80+ are classified as Critical, 60–79 as High, 40–59 as Medium, and below 40 as Low. The severity distribution chart above reveals what proportion of global incidents fall into each band, helping organizations calibrate their risk tolerance.

Attack Type Breakdown

Not all cyber incidents are created equal. Ransomware remains the most financially devastating attack type, while data breaches expose the highest volume of sensitive records. Phishing and social engineering attacks are the most frequent initial access vector. Supply chain attacks, though less common, have an outsized blast radius. The attack type breakdown above ranks each category by incident count, giving you an at-a-glance view of the current threat mix.

Methodology & Data Sources

Rankiteo aggregates incident data from multiple authoritative sources including government CERT advisories, vendor security bulletins, breach notification databases, dark web leak sites, and curated open-source threat intelligence feeds. Each incident undergoes automated classification and severity scoring before being added to our dataset. Data is refreshed continuously, ensuring the statistics on this page reflect the latest known state of the global cyber threat landscape.

For more details on our scoring methodology, visit the Rating Methodology page. To explore specific incident types in depth, see our Ransomware Tracker, Data Breach Statistics, and Threat Actor Leaderboard.