This study is consistent with our experience in handling approximately 3,000 incidents this past year, especially as it relates to the primary affected business sectors. Malicious actors are often opportunistic criminals, but they tend to go where the reward is worth the risk. Extortionate attacks on heavily regulated professional services firms, health care providers and financial services firms, often produce results for malicious actors.

Supply chain breaches made up 32% of the incidents Experian responded to globally last year. These aren’t isolated events; they’re system-wide shocks that affect entire networks. A single vendor’s vulnerability can lead to cascading losses across industries. It’s not just about assessing your own posture anymore. It’s about demanding visibility, accountability, and breach readiness from every partner you do business with.

Once again, ransomware is the primary driver of losses in this year’s report—it’s the most impactful type of attack, potentially creating significant financial, operational and reputational harm. Recently, we’ve seen multiple third-party and supply chain breaches across industries. As demonstrated in the survey, these breaches have enabled threat actors to be able to ratchet up ransom demands and, in some cases, secure payments. This is because the service provider needs to restore lots of clients, since the attack doesn’t just affect them as a company. With businesses deeply integrated with third parties, software providers and SaaS platforms, recovery can take weeks, causing considerable business and productivity losses. These challenges emphasize the importance of implementing effective controls and recovery strategies.

We saw a notable increase of BEC cases in 2024. Despite worries of sophisticated compromises, 84% of those cases involved someone clicking an email link. Email security that prevents accidental clicking on a malicious attachment from turning into a compromised network is more critical than ever, and strong payment controls to validate transaction identities can prevent fraudulent funds transfers altogether.