What is cybersecurity?

13 June 2025

Authors

Alexandra Jonker

Editorial Content Lead

Gregg Lindemulder

Staff Writer

Matthew Kosinski

Enterprise Technology Writer

What is cybersecurity?

Cybersecurity is the practice of protecting people, systems and data from cyberattacks by using various technologies, processes and policies. 
 

At the enterprise level, cybersecurity is key to overall risk management strategy, and specifically, cyber risk management. Common cybersecurity threats include ransomware and other malwarephishing scams, data theft and more recently, attacks powered by artificial intelligence (AI).

As cyberthreats grow in sophistication and frequency, organizations are increasing their investments in prevention and mitigation. The International Data Corporation (IDC) projects that security spending will reach USD 377 billion by 2028.1

This evolving threat landscape has also fueled growth in the cybersecurity job market. The US Bureau of Labor Statistics projects that “employment of information security analysts is projected to grow 32% from 2022 to 2032, faster than the average for all occupations.”2

Why is cybersecurity important?

Cyberattacks and cybercrime can disrupt, damage and destroy businesses, communities and lives. Security incidents can lead to identity theft, extortion and the loss of sensitive information, impacts that can significantly affect businesses and the economy. By one estimate, cybercrime will cost the world economy USD 10.5 trillion per year by 2025.3

But a more pertinent question may be: “Why is cybersecurity especially important right now?”

Today, cybercriminals are using new technologies to their advantage. For instance, businesses are embracing cloud computing for efficiency and innovation. But bad actors view this advancement as an expanding attack surface ripe for exploitation.

Bad actors are also leveraging the dark web. According to the IBM X-Force 2025 Threat Intelligence Index, sophisticated threat actors, including nation-states, are using the anonymity of the dark web to acquire new tools and resources.

They are demonstrating never-before-seen levels of coordination, automation and prowess—elevating risk from data breaches to widescale disruption.

The cost of cyberattacks is also growing. According to IBM's latest Cost of a Data Breach Report:

  • Average costs: The average cost of a data breach jumped to USD 4.88 million from USD 4.45 million in 2023, a 10% spike and the highest increase since the pandemic.

  • Business losses: Business losses and post-breach response costs rose nearly 11% over the previous year.

  • Regulatory fines: The number of organizations paying more than USD 50,000 in regulatory fines because of a data breach rose 22.7% over the previous year; those paying more than USD 100,000 rose 19.5%.

The latest tech news, backed by expert insights

Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement.

Thank you! You are subscribed.

Your subscription will be delivered in English. You will find an unsubscribe link in every newsletter. You can manage your subscriptions or unsubscribe here. Refer to our IBM Privacy Statement for more information.

Tech trends driving cyber threats

One of the biggest challenges for cybersecurity professionals and security operations teams is the constantly evolving nature of the information technology (IT) landscape, and the evolving threats alongside it.

Emerging technologies, while offering tremendous advantages for businesses and individuals, also present new opportunities for threat actors and cybercriminals to launch increasingly sophisticated attacks on critical systems. For example:

Cloud computing

On-demand access to computing resources can increase network management complexity and raise the risk of cloud misconfigurations, improperly secured APIs and other avenues hackers can exploit.

Multicloud environments

A multicloud approach introduces risks such as increased attack surface, identity access management gaps, cloud sprawl, fragmented security capabilities and heightened risk of human error or misconfiguration.

Distributed work

Remote work, hybrid work and bring-your-own-device (BYOD) policies mean more connections, devices, applications and data for security teams to protect—and for threat actors to exploit.

The Internet of Things (IoT)

Many connected devices—vehicles, appliances, and other physical objects—within IoT networks are unsecured or improperly secured by default and can be easily hijacked by bad actors.

Artificial intelligence

Generative AI in particular is a new threat landscape already exploited through methods such as prompt injection. However, research from the IBM Institute for Business Value says only 24% of generative AI initiatives are secured.

Securing generative AI: What matters now

A rising challenge: The cybersecurity skills gap

As the global attack surface expands, the cybersecurity workforce is struggling to keep pace. A World Economic Forum study found that the gap between available cybersecurity workers and jobs that need to be filled could reach 85 million by 2030.4

Closing this skills gap can have a big impact. According to the Cost of a Data Breach 2024 Report, organizations experiencing a high-level shortage of security skills faced an average breach cost of USD 5.74 million, compared to USD 3.98 million for those with lower-level skills shortages.

To address these challenges, resource-strained security teams will increasingly turn to security technologies featuring advanced analytics, AI and automation to strengthen cyber defenses and minimize the impact of successful attacks.

    Build core skills for a cybersecurity role with IBM SkillsBuild: Start learning for free.

    The different types of cybersecurity

    Effective cybersecurity includes layers of protections across an organization’s IT infrastructure. Some of the most important types of cybersecurity include:

    • AI security
    • Critical infrastructure security
    • Network security
    • Endpoint security
    • Application security
    • Cloud security
    • Information security
    • Identity security

    AI security

    In this context, AI security refers to cybersecurity measures designed to protect AI applications and systems from cyberthreats, cyberattacks and malicious use. Hackers might use prompt injection, data poisoning or other malicious techniques to trick AI tools into sharing confidential information. They also use AI itself to quickly create malicious code and phishing scam content.

    The term “AI security” can also mean using AI to enhance an organization's security posture (see “What is AI security?”).

    Critical infrastructure security

    Critical infrastructure security protects the computer systems, applications, networks, data and digital assets that a society depends on for national security, economic health and public safety.

    In the United States, the National Institute of Standards and Technology (NIST) offers a cybersecurity framework to help IT providers and stakeholders secure critical infrastructure.5 The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) also provides guidance.6

    Network security

    Network security focuses on preventing unauthorized access to computer networks and systems. It has three chief aims: to prevent unauthorized access; to detect and stop in progress cyberattacks and security breaches; and to ensure that authorized users have secure access to their network resources.

    Endpoint security

    Endpoint security protects end users and endpoint devices—desktops, laptops, mobile devices, smartphones, servers and others—against cyberattacks. Organizations are also adopting unified endpoint management (UEM) solutions that allow them to protect, configure and manage all endpoint devices from a single console.

    Application security

    Application security (AppSec) works to identify and repair vulnerabilities in application software to prevent unauthorized access, modification or misuse. Modern application development methods (such as DevOps and DevSecOps) build security and security testing into the development process.

    Cloud security

    Cloud security secures an organization’s cloud-based infrastructure, including applications, data and virtual servers. Generally, cloud security operates on the shared responsibility model. The cloud provider is responsible for securing their delivered services and the infrastructure that delivers them. The customer is responsible for protecting customer data, code and other assets they store or run in the cloud.

    Information security

    Information security (InfoSec) protects an organization's important information (digital files and data, paper documents, physical media) against unauthorized access, use or alteration. Data security, the protection of digital information, is a subset of information security and the focus of most cybersecurity-related InfoSec measures.

    Identity security

    Identity security focuses on protecting digital identities and the systems that manage them. It includes practices such as identity verification, access control enforcement and unauthorized access prevention. According to the IBM X-Force 2025 Threat Intelligence Index, identity-based attacks make up 30% of total intrusions—making identity-based attacks the most common entry point into corporate networks.

    What are the most common types of cyber threats?

    Today, the most common types of cyberattacks and cybersecurity threats include:

    • Malware
    • Ransomware
    • Phishing attacks
    • Credential theft and abuse
    • Insider threats
    • AI attacks
    • Cryptojacking
    • Distributed denial-of-service (DDoS)

    Malware

    Malware, short for "malicious software," is any software code or computer program that is intentionally written to harm a computer system or its end users, such as Trojan horses and spyware. Almost every modern cyberattack involves some type of malware.

    Ransomware

    Ransomware is a type of malware that holds a victim’s sensitive data or device hostage, threatening to keep it locked—or worse—unless the victim pays a ransom to the attacker. Since 2023, ransomware attacks have been on the decline. The decline is likely due to businesses’ reluctance to pay ransoms and increased government actions against ransomware groups.

    Phishing

    Phishing is a type of social engineering that uses fraudulent email, text or voice messages to trick users into downloading malware, sharing sensitive information or sending funds to the wrong people.

    Bulk phishing scams are most familiar—mass-mailed fraudulent messages that appear to be from a trusted brand, asking recipients to reset their passwords or reenter credit card information. More sophisticated phishing scams, such as spear phishing and business email compromise (BEC), target specific individuals or groups to steal especially valuable data or large sums of money.

    Credential theft and account abuse

    Hackers have many techniques for stealing credentials and taking over accounts. For example, Kerberoasting attacks manipulate the Kerberos authentication protocol (commonly used in Microsoft Active Directory) to seize privileged service accounts. In 2025, the IBM X-Force team identified a surge in phishing emails distributing infostealer malware and credential phishing.

    Insider threats

    Insider threats originate with authorized users (employees, contractors or business partners) who intentionally or accidentally misuse their legitimate access or have their accounts hijacked by cybercriminals. These threats can be difficult to detect because they have the earmarks of authorized activity and are invisible to antivirus software, firewalls and other security solutions that block external attacks.

    AI attacks

    Cybercriminals are using AI to conduct advanced attacks. Some use open source generative AI to produce fake emails, applications and other business documents in minutes. Hackers are also using organizations’ AI tools as attack vectors. For example, in prompt injection attacks, threat actors use malicious inputs to manipulate generative AI systems into leaking sensitive data, spreading misinformation or worse.

    Cryptojacking

    Cryptojacking occurs when hackers gain access to a device and use its computing resources to mine cryptocurrencies such as Bitcoin, Ethereum and Monero. Security analysts identified cryptojacking as a cyberthreat around 2011, shortly after the introduction of cryptocurrency.

    Distributed denial-of-service (DDoS)

    A DDoS attack attempts to crash an online resource—such as a website or cloud service— by overloading it with traffic. This is typically performed using a botnet, a network of distributed systems that a cybercriminal hijacks by using malware and remote-controlled operations. Increasingly, attackers are combining DDoS attacks with ransomware attacks, or simply threatening to launch DDoS attacks unless the target pays a ransom.

    Common cybersecurity myths

    Despite an ever-increasing volume of cybersecurity incidents worldwide and the insights gleaned from resolving these incidents, some cybersecurity misconceptions persist. Some of the most dangerous include:

    • Strong passwords are adequate protection
    • Most cybersecurity risks are well-known
    • All cyberattack vectors are contained
    • Some industries are safe from risk
    • Cybercriminals don’t attack small businesses

    Myth #1: Strong passwords are adequate protection

    Strong passwords do make a difference—a 12-character password takes 62 trillion times longer to crack than a 6-character one. But passwords are also easy to acquire, through social engineering, keylogging malware or buying them on the dark web (or off disgruntled insiders).

    Myth #2: Most cybersecurity risks are well-known

    The cyberthreat landscape is constantly changing. Thousands of new vulnerabilities are reported every year. Opportunities for human error, specifically by negligent employees or contractors who unintentionally cause a data breach, are also increasing.

    Myth #3: All cyberattack vectors are contained

    Cybercriminals find new attack vectors all the time. The rise of AI technologies, operational technology (OT), IoT devices and cloud environments all give hackers new opportunities to cause trouble.

    Myth #4: Some industries are safe from risk

    Every industry faces cybersecurity risks. For example, ransomware attacks are targeting more sectors than ever, including local governments, nonprofits and healthcare providers. Attacks on supply chains, government (.gov) websites and critical infrastructure have also increased.

    Myth #5: Cybercriminals don’t attack small businesses

    Yes, they do. The Hiscox Cyber Readiness Report found that almost half (41%) of small businesses in the US experienced a cyberattack in the last year.7

    Cybersecurity best practices

    While each organization’s security strategy differs, many use these tools and tactics to reduce vulnerabilities, prevent attacks and intercept attacks in progress:

    • Cybersecurity awareness training
    • Data security tools
    • Identity and access management
    • Attack surface management
    • Threat detection and response
    • Disaster recovery
    Cybersecurity awareness training

    With robust data security policies, security awareness training can help employees protect personal and organizational data. For example, it can help users understand how seemingly harmless actions—oversharing on social media or ignoring operating system updates—can increase risk of attack. It can also help them recognize and avoid phishing and malware attacks.

    Data security tools

    Data security tools can help stop security threats in progress or mitigate their effects. For instance, data loss prevention (DLP) tools can detect and block attempted data theft, while security controls like encryption can enhance data protection by making any data that hackers do manage to steal useless.

    Identity and access management

    Identity and access management (IAM) refers to the tools and strategies that control how users access digital resources and what they can do with those resources. For example, multifactor authentication (MFA) requires users to supply multiple credentials to log in, meaning threat actors need more than just a password to break into an account. A zero trust security architecture is one way to enforce strict access controls.

    Attack surface management

    Attack surface management (ASM) is the continuous discovery, analysis, remediation and monitoring of the cybersecurity vulnerabilities and potential attack vectors that make up an organization’s attack surface. Unlike other cyberdefense disciplines, ASM is conducted entirely from a hacker’s perspective.

    Threat detection and response

    Analytics- and AI-driven technologies can help identify and respond to attacks in progress. These technologies can include security information and event management (SIEM)security orchestration, automation and response (SOAR) and endpoint detection and response (EDR). Typically, organizations use these technologies as part of a formal incident response plan.

    Disaster recovery

    Disaster recovery capabilities play a key role in maintaining business continuity and remediating threats in the event of a cyberattack. For example, the ability to fail over to a backup hosted in a remote location can help businesses resume operations after a ransomware attack (sometimes without paying a ransom).

    Related solutions
    IBM® Guardium® AI Security

    Continuously identify and fix vulnerabilities in AI data, models and application usage with IBM® Guardium® AI Security.

      Explore Guardium AI Security
      AI cybersecurity solutions

      Improve the speed, accuracy and productivity of security teams with AI-powered solutions.

        Explore AI cybersecurity solutions
        Cybersecurity consulting services

        Transform your business and manage risk with a global industry leader in cybersecurity consulting, cloud and managed security services.

        Explore cybersecurity services
        Take the next step

        Learn how IBM Security® provides transformative, AI-powered solutions that optimize analysts’ time—by accelerating AI threat detection and mitigation, expediting responses, and protecting user identity and datasets—while keeping cybersecurity teams in the loop and in charge.

        Explore AI cybersecurity solutions Discover Guardium AI Security
        Footnotes

        1 Worldwide Security Spending to Increase by 12.2% in 2025 as Global Cyberthreats Rise, Says IDC, International Data Corporation (IDC), 21 March 2025.

        2 State of the Tech Workforce | Cyberstates 2024, The Computing Technology Industry Association (CompTIA), March 2024.

        3 Cybercrime threatens business growth. Take these steps to mitigate your risk, ZDNet, April 2022.

        4 Strategic Cybersecurity Talent Framework, World Economic Forum, April 2024.

        5 NIST Cybersecurity Framework, National Institute of Standards and Technology (NIST), 26 February 2024.

        6 Cybersecurity Best Practices, Cybersecurity and Infrastructure Security Agency (CISA).

        7 The Hiscox Cyber Readiness Report 2024, Hiscox Insurance Company Inc., 2024.