Phishing is the Leading Cause of Ransomware Attacks in 2025, SpyCloud Identity Threat Report Finds - Yahoo Finance

This is a paid press release. Contact the press release distributor directly with any inquiries. Phishing is the Leading Cause of Ransomware Attacks in 2025, SpyCloud Identity Threat Report Finds SpyCloud September 23, 2025 7 min read SpyCloud SpyCloud’s latest research reveals a 10-point rise year-over-year in phishing-driven ransomware attacks, amid growing AI-powered cybercrime and widespread infostealer infections AUSTIN, Texas, Sept. 23, 2025 (GLOBE NEWSWIRE) -- SpyCloud, the leader in identity threat protection, today released its 2025 SpyCloud Identity Threat Report, unveiling new data on the surge of phishing-driven ransomware, the widening identity exposure gap, and the growing disconnect between perceived and actual cybersecurity readiness. The market survey report – an evolution of SpyCloud’s annual Malware and Ransomware Defense Report to capture the expanded tactics and identity-focused threats security teams now face – analyzes responses from 507 security leaders and practitioners across North America and the UK. It offers a comprehensive look at how attackers are exploiting the identity exposures, gaps in traditional defenses, and steps organizations can take to adapt. Key findings from this year’s report include: Phishing has overtaken all other vectors as the leading entry point for ransomware, cited by 35% of affected organizations – up sharply from 25% in 2024. This rise reflects the growing sophistication of phishing-as-a-service (PhaaS) and the use of adversary-in-the-middle (AitM) techniques to bypass multifactor authentication (MFA) and hijack active sessions. Repeat ransomware attacks are the norm, not the exception. 85% of organizations were affected by ransomware at least once in the past year, with nearly one-third (31%) reporting 6-10 ransomware events in the last year. Infostealer malware continues to evade traditional EDR and antivirus defenses, compromising nearly 50% of all corporate users and exposing credentials for downstream attacks. Digital identity exposure is accelerating, with SpyCloud having recaptured a total of 63.8 billion distinct identity records – a 24% year-over-year increase. Credential remediation after phishing is inconsistent, with just 41% of organizations routinely revoking or resetting compromised access. Remediation remains largely manual and reactive, with fewer than 20% of organizations able to automate identity threat response across their systems. AI-powered cybercrime is outpacing AI-powered defense, with 92% acknowledging increased risk from AI-powered threats, yet only 47% using AI in their own security operations. Supply chain exposures continue to plague industries, with the IT, telecom, and software sectors topping the list as the most heavily targeted supply chain vectors – each facing 4-6x more identity threats than average based on SpyCloud’s Supply Chain Identity Threat Index – a new metric assessing third-party exposure risk across industries found in SpyCloud’s recaptured darknet identity exposure data. Story Continues View Comments Terms and Privacy Policy Privacy Dashboard