How are cyber incidents trending year over year?

Cyber incidents have been increasing steadily, with ransomware, data breaches, and phishing attacks leading the growth. Rankiteo tracks these trends globally, providing monthly and yearly breakdowns of incident volume, severity, and affected industries.

What are the most common types of cyber attacks?

The most common types include ransomware, data breaches, phishing, DDoS attacks, and supply chain compromises. Their relative frequency changes over time as threat actors adapt their tactics.

Which industries face the most cyber incidents?

Healthcare, financial services, technology, government, and manufacturing consistently rank among the most targeted industries due to the value of their data and critical infrastructure dependencies.

What is a cyber incident severity score?

A severity score is a numerical rating from 0 to 100 assigned to each cyber incident based on its impact, scope, data sensitivity, and number of affected organizations. Scores of 80+ are Critical, 60-79 High, 40-59 Medium, and below 40 Low.

How often is the cyber incident trend data updated?

Rankiteo continuously monitors threat intelligence feeds, breach databases, and security advisories. The incident trend data on this page is refreshed in real time as new incidents are detected and classified.

How can organizations use cyber incident trend data?

Organizations use incident trend data for strategic security planning, budget justification, cyber insurance underwriting, regulatory compliance (NIS2, DORA, SEC), vendor risk assessment, and board-level reporting on the evolving threat landscape.

Cyber Incident Trends

Explore trends across 18,213 cyber incidents tracked by Rankiteo. Monthly timelines, year-over-year growth, attack type breakdowns, and severity distribution.

18,213

Total Incidents

20.9K

Companies Affected

79.1

Avg Severity

Attack Types

Severity Distribution

12,234

Critical

67%

3,630

High

20%

1,385

Medium

964

Low

Year-over-Year

1906

incidents

Avg sev: 100 · 2 companies

1989

incidents

Avg sev: 100 · 2 companies

1996

incidents

Avg sev: 92.5 · 4 companies

1997

incidents

Avg sev: 68.3 · 3 companies

1998

incidents

Avg sev: 100 · 1 companies

1999

incidents

Avg sev: 100 · 2 companies

2000

incidents

Avg sev: 85.5 · 10 companies

2001

incidents

Avg sev: 88.3 · 9 companies

2002

incidents

Avg sev: 86.2 · 4 companies

2003

incidents

Avg sev: 71.4 · 7 companies

2004

incidents

Avg sev: 75 · 4 companies

2005

incidents

Avg sev: 73.8 · 4 companies

2006

incidents

Avg sev: 85 · 4 companies

2007

incidents

Avg sev: 57.5 · 4 companies

2008

incidents

Avg sev: 71.5 · 11 companies

2009

incidents

Avg sev: 67.5 · 8 companies

2010

incidents

Avg sev: 83.6 · 23 companies

2011

incidents

Avg sev: 67.6 · 37 companies

2012

126

incidents

Avg sev: 68.5 · 128 companies

2013

159

incidents

Avg sev: 64.3 · 164 companies

2014

200

incidents

Avg sev: 69.2 · 212 companies

2015

227

incidents

Avg sev: 72.5 · 238 companies

2016

318

incidents

Avg sev: 73 · 340 companies

2017

350

incidents

Avg sev: 70.9 · 367 companies

2018

290

incidents

Avg sev: 71.6 · 302 companies

2019

364

incidents

Avg sev: 70.9 · 384 companies

2020

1,086

incidents

Avg sev: 76 · 1.1K companies

2021

1,253

incidents

Avg sev: 75.8 · 1.3K companies

2022

2,274

incidents

Avg sev: 82.9 · 2.3K companies

2023

3,986

incidents

Avg sev: 74 · 4.1K companies

2024

1,962

incidents

Avg sev: 79.6 · 2.2K companies

2025

3,467

incidents

Avg sev: 85.5 · 4.3K companies

2026

2,021

incidents

Avg sev: 85.8 · 3.2K companies

Monthly Incident Volume

Incidents by Attack Type

Data Breach

10,302

Ransomware

1,580

Ransomware Attack

400

Cyberattack

343

Cyber Attack

258

ransomware

208

Vulnerability Exploitation

194

Data Exposure

162

Data Breach, Ransomware

147

Data Leak

132

Other

101

Remote Code Execution (RCE)

Most Affected Industries

Hospitals and Health Care

1,627

Financial Services

941

Software Development

826

Government Administration

779

IT Services and IT Consulting

543

Insurance

476

Higher Education

441

['Software Development']

415

Retail

379

Banking

351

Education Administration Programs

308

Non-profit Organizations

266

Cyber Incident Trends & Statistics - 2026 Overview

Cyber incidents continue to rise in both volume and severity across every sector of the global economy. Rankiteo tracks and analyzes thousands of publicly reported cyber events, including ransomware attacks, data breaches, phishing campaigns, DDoS attacks, and supply chain compromises, to deliver a comprehensive view of how the cyber threat landscape is evolving.

This page presents real-time trend data derived from Rankiteo's continuous monitoring of global threat intelligence feeds, breach disclosure databases, security advisories, and dark web activity. Every incident is classified by attack type, severity band, affected industry, and date to enable year-over-year comparisons and monthly granularity.

Why Tracking Cyber Incident Trends Matters

Understanding how cyber threats evolve over time is essential for security leaders, risk managers, insurers, and policymakers. Key use cases include:

Strategic Planning: Identify which attack types are accelerating so your security roadmap addresses the most likely threats.
Budget Justification: Use year-over-year incident growth data to support cybersecurity investment requests to executive leadership and boards.
Cyber Insurance: Underwriters and brokers rely on incident trend data to price risk accurately and identify emerging exposure concentrations.
Regulatory Compliance: Frameworks like NIS2, DORA, and SEC cyber disclosure rules increasingly require organizations to demonstrate awareness of current threat trends.

Understanding Severity Distribution

Each incident tracked by Rankiteo is assigned a severity score from 0 to 100 based on the scope of impact, data sensitivity, number of affected entities, and the nature of the attack. Incidents scoring 80+ are classified as Critical, 60–79 as High, 40–59 as Medium, and below 40 as Low. The severity distribution chart above reveals what proportion of global incidents fall into each band, helping organizations calibrate their risk tolerance.

Attack Type Breakdown

Not all cyber incidents are created equal. Ransomware remains the most financially devastating attack type, while data breaches expose the highest volume of sensitive records. Phishing and social engineering attacks are the most frequent initial access vector. Supply chain attacks, though less common, have an outsized blast radius. The attack type breakdown above ranks each category by incident count, giving you an at-a-glance view of the current threat mix.

Methodology & Data Sources

Rankiteo aggregates incident data from multiple authoritative sources including government CERT advisories, vendor security bulletins, breach notification databases, dark web leak sites, and curated open-source threat intelligence feeds. Each incident undergoes automated classification and severity scoring before being added to our dataset. Data is refreshed continuously, ensuring the statistics on this page reflect the latest known state of the global cyber threat landscape.

For more details on our scoring methodology, visit the Rating Methodology page. To explore specific incident types in depth, see our Ransomware Tracker, Data Breach Statistics, and Threat Actor Leaderboard.