The 2025 Armis Cyberwarfare Report highlights the ramifications of AI and the need for organizations to move beyond reactive measures if they want to protect their operations and the people they serve.
This latest study, conducted by Censuswide, surveyed over 1,800+ IT decision-makers in companies with 1,000+ employees in the U.S., UK, Italy, France, Australia, and Germany to provide the latest comprehensive picture of the growing crisis.
Below are some of the report’s findings:
“Attackers are weaponizing AI at unprecedented levels, accelerating risks while organizations fall further behind in their ability to respond.”
“The financial and operational toll of cyberwarfare is escalating at an alarming rate. In 2024, the global average cost of a data breach was $4.88M USD, up 10% when compared to 2023 and the highest total ever. This is disrupting industries and crippling business operations, as just over two-thirds (67%) of IT decision-makers report that their company has experienced a cybersecurity breach at least once.”
“The cost is now more than just financial. It puts individuals and their most sensitive information at risk. Take the 2024 Change Healthcare ransomware attack, the largest U.S. healthcare data breach in history, which compromised the data of 190 million Americans. Those organizations that fail to take proactive measures are not only risking their bottom line but also the trust and safety of the people they serve.”
“It’s clear that defensive measures are still lacking. 58% of organizations only respond as an attack occurs or after the damage has already been done. Such a reactive approach invites AI-driven cyberattacks that can cripple operations before defenses can even react. This lack of preparedness means that organizations that stay the course will always be left chasing their tails – to the detriment of society.”
“IT leaders in France (39%), the U.S. (34%), and Italy (29%) most frequently cite phishing and spear-phishing attacks as the techniques that regularly evade security tools, whereas in Germany, credential theft and abuse, through brute force or password spraying (31%), are the most commonly observed techniques bypassing security measures.”
The report emphasizes that organizations must move from a reactive to a proactive security posture.
As AI increases the scalability and success rate of social engineering and credential-based attacks, personal data removal is an essential proactive measure companies can take to counter this—by removing the fuel that attackers and AI rely on to launch them in the first place.
Download Armis’s full report for more insights.