How are cyber incidents trending year over year?

Cyber incidents have been increasing steadily, with ransomware, data breaches, and phishing attacks leading the growth. Rankiteo tracks these trends globally, providing monthly and yearly breakdowns of incident volume, severity, and affected industries.

What are the most common types of cyber attacks?

The most common types include ransomware, data breaches, phishing, DDoS attacks, and supply chain compromises. Their relative frequency changes over time as threat actors adapt their tactics.

Which industries face the most cyber incidents?

Healthcare, financial services, technology, government, and manufacturing consistently rank among the most targeted industries due to the value of their data and critical infrastructure dependencies.

What is a cyber incident severity score?

A severity score is a numerical rating from 0 to 100 assigned to each cyber incident based on its impact, scope, data sensitivity, and number of affected organizations. Scores of 80+ are Critical, 60-79 High, 40-59 Medium, and below 40 Low.

How often is the cyber incident trend data updated?

Rankiteo continuously monitors threat intelligence feeds, breach databases, and security advisories. The incident trend data on this page is refreshed in real time as new incidents are detected and classified.

How can organizations use cyber incident trend data?

Organizations use incident trend data for strategic security planning, budget justification, cyber insurance underwriting, regulatory compliance (NIS2, DORA, SEC), vendor risk assessment, and board-level reporting on the evolving threat landscape.

Cyber Incident Trends

Explore trends across 17,368 cyber incidents tracked by Rankiteo. Monthly timelines, year-over-year growth, attack type breakdowns, and severity distribution.

17,368

Total Incidents

19.5K

Companies Affected

78.7

Avg Severity

Attack Types

Severity Distribution

11,478

Critical

66%

3,586

High

21%

1,373

Medium

931

Low

Year-over-Year

1989

incidents

Avg sev: 100 · 2 companies

1996

incidents

Avg sev: 92.5 · 4 companies

1997

incidents

Avg sev: 68.3 · 3 companies

1998

incidents

Avg sev: 100 · 1 companies

1999

incidents

Avg sev: 100 · 2 companies

2000

incidents

Avg sev: 85.5 · 10 companies

2001

incidents

Avg sev: 86 · 8 companies

2002

incidents

Avg sev: 86.2 · 4 companies

2003

incidents

Avg sev: 71.4 · 7 companies

2004

incidents

Avg sev: 75 · 4 companies

2005

incidents

Avg sev: 73.8 · 4 companies

2006

incidents

Avg sev: 85 · 4 companies

2007

incidents

Avg sev: 57.5 · 4 companies

2008

incidents

Avg sev: 72.8 · 9 companies

2009

incidents

Avg sev: 67.5 · 8 companies

2010

incidents

Avg sev: 83.6 · 23 companies

2011

incidents

Avg sev: 67.6 · 37 companies

2012

126

incidents

Avg sev: 68.5 · 128 companies

2013

159

incidents

Avg sev: 64.3 · 164 companies

2014

199

incidents

Avg sev: 69.1 · 210 companies

2015

226

incidents

Avg sev: 72.4 · 237 companies

2016

317

incidents

Avg sev: 72.9 · 338 companies

2017

346

incidents

Avg sev: 70.6 · 362 companies

2018

289

incidents

Avg sev: 71.5 · 301 companies

2019

362

incidents

Avg sev: 70.8 · 379 companies

2020

1,078

incidents

Avg sev: 75.9 · 1.1K companies

2021

1,240

incidents

Avg sev: 75.6 · 1.3K companies

2022

2,266

incidents

Avg sev: 82.9 · 2.3K companies

2023

3,963

incidents

Avg sev: 73.9 · 4.1K companies

2024

1,916

incidents

Avg sev: 79.3 · 2.1K companies

2025

3,326

incidents

Avg sev: 85.5 · 4.1K companies

2026

1,428

incidents

Avg sev: 85.4 · 2.3K companies

Monthly Incident Volume

Incidents by Attack Type

Data Breach

10,014

Ransomware

1,460

Ransomware Attack

400

Cyberattack

319

Cyber Attack

254

ransomware

201

Vulnerability Exploitation

166

Data Exposure

142

Data Breach, Ransomware

129

Data Leak

125

Other

Phishing

Most Affected Industries

Hospitals and Health Care

1,627

Financial Services

941

Software Development

826

Government Administration

779

IT Services and IT Consulting

543

Insurance

476

Higher Education

441

Retail

379

Banking

351

['Software Development']

319

Education Administration Programs

308

Non-profit Organizations

266

Cyber Incident Trends & Statistics - 2026 Overview

Cyber incidents continue to rise in both volume and severity across every sector of the global economy. Rankiteo tracks and analyzes thousands of publicly reported cyber events, including ransomware attacks, data breaches, phishing campaigns, DDoS attacks, and supply chain compromises, to deliver a comprehensive view of how the cyber threat landscape is evolving.

This page presents real-time trend data derived from Rankiteo's continuous monitoring of global threat intelligence feeds, breach disclosure databases, security advisories, and dark web activity. Every incident is classified by attack type, severity band, affected industry, and date to enable year-over-year comparisons and monthly granularity.

Why Tracking Cyber Incident Trends Matters

Understanding how cyber threats evolve over time is essential for security leaders, risk managers, insurers, and policymakers. Key use cases include:

Strategic Planning: Identify which attack types are accelerating so your security roadmap addresses the most likely threats.
Budget Justification: Use year-over-year incident growth data to support cybersecurity investment requests to executive leadership and boards.
Cyber Insurance: Underwriters and brokers rely on incident trend data to price risk accurately and identify emerging exposure concentrations.
Regulatory Compliance: Frameworks like NIS2, DORA, and SEC cyber disclosure rules increasingly require organizations to demonstrate awareness of current threat trends.

Understanding Severity Distribution

Each incident tracked by Rankiteo is assigned a severity score from 0 to 100 based on the scope of impact, data sensitivity, number of affected entities, and the nature of the attack. Incidents scoring 80+ are classified as Critical, 60–79 as High, 40–59 as Medium, and below 40 as Low. The severity distribution chart above reveals what proportion of global incidents fall into each band, helping organizations calibrate their risk tolerance.

Attack Type Breakdown

Not all cyber incidents are created equal. Ransomware remains the most financially devastating attack type, while data breaches expose the highest volume of sensitive records. Phishing and social engineering attacks are the most frequent initial access vector. Supply chain attacks, though less common, have an outsized blast radius. The attack type breakdown above ranks each category by incident count, giving you an at-a-glance view of the current threat mix.

Methodology & Data Sources

Rankiteo aggregates incident data from multiple authoritative sources including government CERT advisories, vendor security bulletins, breach notification databases, dark web leak sites, and curated open-source threat intelligence feeds. Each incident undergoes automated classification and severity scoring before being added to our dataset. Data is refreshed continuously, ensuring the statistics on this page reflect the latest known state of the global cyber threat landscape.

For more details on our scoring methodology, visit the Rating Methodology page. To explore specific incident types in depth, see our Ransomware Tracker, Data Breach Statistics, and Threat Actor Leaderboard.