Editor’s note: This report was authored by Kimberley Bromley, Hayden Evans, and Joseph Keyes.
Today, we’re proud to present the ReliaQuest Annual Cyber-Threat Report: 2025. Now in its third year, this report offers a close look at the top cyber threats our customers faced throughout 2024. Built on in-depth analysis of true-positive customer incidents, it provides a clear and accurate view of what really happens when attackers strike.
Last year was a defining one for cybercrime. We saw a record-breaking number of ransomware attacks, a rise in vulnerability exploitation for initial access, and AI-assisted attacks becoming a reality.
But defenders progressed this year, too. At ReliaQuest, we’ve also been using AI and automation to tackle threats faster than ever, empowering our customers to achieve threat containment in as little as three minutes.
The full report is available here, but if you’re looking for an overview, read on for key findings from the report and the top actions you need to take to defend against the threats to come.
In 2024, Attackers Got Faster
Cyber threats are now faster than ever. Attackers are adopting AI and automation to supercharge their attacks. Our research identified that, on average, attackers moved from initial access to lateral movement in just 48 minutes. It also takes attackers just over 4 hours to exfiltrate data and 6 hours to encrypt it.
Though attacks are accelerating, attackers are sticking to tried-and-tested methods like phishing to achieve initial access, the first critical step of every cyber attack. phishing and business email compromise attacks are increasingly bolstered by advanced tactics like bypassing MFA and abusing Microsoft Teams for social engineering.
Last year, ransomware attackers shifted strategies: 80% of breaches we investigated featured exfiltration only. Encryption is now less effective, meaning ransomware groups weaponize stolen data for extortion, resale, or access to additional targets, preying on fears of reputational damage, regulatory fines, and sensitive information exposure.
With attackers accelerating their methods, it’s critical for organizations to adapt their defenses accordingly. Below, three steps you can take today.
Recommendations You Can’t Afford to Ignore
Incorporate AI and Automation into Security Operations
AI and automation are no longer optional, they are necessary to keep pace with today’s fastest moving cyber threats. As part of our security operations platform, GreyMatter, Agentic AI can autonomously handle alerts end-to-end to contain threats rapidly, drive down response times and allow security teams to focus on tackling more complex challenges. By taking advantage of the automated response capabilities of GreyMatter, our customers can achieve a mean time to contain as low as 3 minutes.
Barricade Common Entry Points
Top initial access methods included phishing and drive-by compromise, while public-facing assets and internet-facing external remote services fueled active intrusions.
- Secure remote services with client-based certificates and monitor public-facing assets for vulnerabilities.
- Mitigate risks by promptly patching systems, as attackers exploit unpatched vulnerabilities at record speeds.
- Proactively address phishing and drive-by compromise attacks by implementing strict access controls and user training.
Eliminate Blind Spots: Deny Attackers Any Opportunity
Most “hands-on-keyboard” breaches resulted from insufficient logging and unmanaged devices.
- Deploy endpoint security solutions across all assets to manage your attack surface effectively.
- Enable detailed logging on devices, servers, and network traffic to capture critical data for investigations.
- Establish clear log retention policies for hot and cold storage, ensuring quick retrieval during incidents.
Our Mission
In 2025, ReliaQuest remains committed to advancing our GreyMatter platform and delivering innovations that simplify complexity and strengthen security outcomes. With deeper automation, more robust threat intelligence, and expanded visibility across hybrid environments, we’re enabling enterprises to stay ahead of adversaries while focusing on what matters most—driving their missions forward.
This report reflects our dedication to helping organizations navigate the challenges of the year ahead with clarity, confidence, and collaboration. Together, we can Make Security Possible.
