At the enterprise level, cybersecurity is key to overall risk management strategy, and specifically, cyber risk management. Common cybersecurity threats include ransomware and other malware, phishing scams, data theft and more recently, attacks powered by artificial intelligence (AI).
As cyberthreats grow in sophistication and frequency, organizations are increasing their investments in prevention and mitigation. The International Data Corporation (IDC) projects that security spending will reach USD 377 billion by 2028.1
This evolving threat landscape has also fueled growth in the cybersecurity job market. The US Bureau of Labor Statistics projects that “employment of information security analysts is projected to grow 32% from 2022 to 2032, faster than the average for all occupations.”2
Cyberattacks and cybercrime can disrupt, damage and destroy businesses, communities and lives. Security incidents can lead to identity theft, extortion and the loss of sensitive information, impacts that can significantly affect businesses and the economy. By one estimate, cybercrime will cost the world economy USD 10.5 trillion per year by 2025.3
But a more pertinent question may be: “Why is cybersecurity especially important right now?”
Today, cybercriminals are using new technologies to their advantage. For instance, businesses are embracing cloud computing for efficiency and innovation. But bad actors view this advancement as an expanding attack surface ripe for exploitation.
Bad actors are also leveraging the dark web. According to the IBM X-Force 2025 Threat Intelligence Index, sophisticated threat actors, including nation-states, are using the anonymity of the dark web to acquire new tools and resources.
They are demonstrating never-before-seen levels of coordination, automation and prowess—elevating risk from data breaches to widescale disruption.
The cost of cyberattacks is also growing. According to IBM's latest Cost of a Data Breach Report:
Industry newsletter
Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement.
Your subscription will be delivered in English. You will find an unsubscribe link in every newsletter. You can manage your subscriptions or unsubscribe here. Refer to our IBM Privacy Statement for more information.
One of the biggest challenges for cybersecurity professionals and security operations teams is the constantly evolving nature of the information technology (IT) landscape, and the evolving threats alongside it.
Emerging technologies, while offering tremendous advantages for businesses and individuals, also present new opportunities for threat actors and cybercriminals to launch increasingly sophisticated attacks on critical systems. For example:
On-demand access to computing resources can increase network management complexity and raise the risk of cloud misconfigurations, improperly secured APIs and other avenues hackers can exploit.
A multicloud approach introduces risks such as increased attack surface, identity access management gaps, cloud sprawl, fragmented security capabilities and heightened risk of human error or misconfiguration.
Remote work, hybrid work and bring-your-own-device (BYOD) policies mean more connections, devices, applications and data for security teams to protect—and for threat actors to exploit.
Many connected devices—vehicles, appliances, and other physical objects—within IoT networks are unsecured or improperly secured by default and can be easily hijacked by bad actors.
Generative AI in particular is a new threat landscape already exploited through methods such as prompt injection. However, research from the IBM Institute for Business Value says only 24% of generative AI initiatives are secured.
As the global attack surface expands, the cybersecurity workforce is struggling to keep pace. A World Economic Forum study found that the gap between available cybersecurity workers and jobs that need to be filled could reach 85 million by 2030.4
Closing this skills gap can have a big impact. According to the Cost of a Data Breach 2024 Report, organizations experiencing a high-level shortage of security skills faced an average breach cost of USD 5.74 million, compared to USD 3.98 million for those with lower-level skills shortages.
To address these challenges, resource-strained security teams will increasingly turn to security technologies featuring advanced analytics, AI and automation to strengthen cyber defenses and minimize the impact of successful attacks.
Build core skills for a cybersecurity role with IBM SkillsBuild: Start learning for free.
Effective cybersecurity includes layers of protections across an organization’s IT infrastructure. Some of the most important types of cybersecurity include:
In this context, AI security refers to cybersecurity measures designed to protect AI applications and systems from cyberthreats, cyberattacks and malicious use. Hackers might use prompt injection, data poisoning or other malicious techniques to trick AI tools into sharing confidential information. They also use AI itself to quickly create malicious code and phishing scam content.
The term “AI security” can also mean using AI to enhance an organization's security posture (see “What is AI security?”).
Critical infrastructure security protects the computer systems, applications, networks, data and digital assets that a society depends on for national security, economic health and public safety.
In the United States, the National Institute of Standards and Technology (NIST) offers a cybersecurity framework to help IT providers and stakeholders secure critical infrastructure.5 The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) also provides guidance.6
Network security focuses on preventing unauthorized access to computer networks and systems. It has three chief aims: to prevent unauthorized access; to detect and stop in progress cyberattacks and security breaches; and to ensure that authorized users have secure access to their network resources.
Endpoint security protects end users and endpoint devices—desktops, laptops, mobile devices, smartphones, servers and others—against cyberattacks. Organizations are also adopting unified endpoint management (UEM) solutions that allow them to protect, configure and manage all endpoint devices from a single console.
Application security (AppSec) works to identify and repair vulnerabilities in application software to prevent unauthorized access, modification or misuse. Modern application development methods (such as DevOps and DevSecOps) build security and security testing into the development process.
Cloud security secures an organization’s cloud-based infrastructure, including applications, data and virtual servers. Generally, cloud security operates on the shared responsibility model. The cloud provider is responsible for securing their delivered services and the infrastructure that delivers them. The customer is responsible for protecting customer data, code and other assets they store or run in the cloud.
Information security (InfoSec) protects an organization's important information (digital files and data, paper documents, physical media) against unauthorized access, use or alteration. Data security, the protection of digital information, is a subset of information security and the focus of most cybersecurity-related InfoSec measures.
Identity security focuses on protecting digital identities and the systems that manage them. It includes practices such as identity verification, access control enforcement and unauthorized access prevention. According to the IBM X-Force 2025 Threat Intelligence Index, identity-based attacks make up 30% of total intrusions—making identity-based attacks the most common entry point into corporate networks.
Today, the most common types of cyberattacks and cybersecurity threats include:
Malware, short for "malicious software," is any software code or computer program that is intentionally written to harm a computer system or its end users, such as Trojan horses and spyware. Almost every modern cyberattack involves some type of malware.
Ransomware is a type of malware that holds a victim’s sensitive data or device hostage, threatening to keep it locked—or worse—unless the victim pays a ransom to the attacker. Since 2023, ransomware attacks have been on the decline. The decline is likely due to businesses’ reluctance to pay ransoms and increased government actions against ransomware groups.
Phishing is a type of social engineering that uses fraudulent email, text or voice messages to trick users into downloading malware, sharing sensitive information or sending funds to the wrong people.
Bulk phishing scams are most familiar—mass-mailed fraudulent messages that appear to be from a trusted brand, asking recipients to reset their passwords or reenter credit card information. More sophisticated phishing scams, such as spear phishing and business email compromise (BEC), target specific individuals or groups to steal especially valuable data or large sums of money.
Hackers have many techniques for stealing credentials and taking over accounts. For example, Kerberoasting attacks manipulate the Kerberos authentication protocol (commonly used in Microsoft Active Directory) to seize privileged service accounts. In 2025, the IBM X-Force team identified a surge in phishing emails distributing infostealer malware and credential phishing.
Insider threats originate with authorized users (employees, contractors or business partners) who intentionally or accidentally misuse their legitimate access or have their accounts hijacked by cybercriminals. These threats can be difficult to detect because they have the earmarks of authorized activity and are invisible to antivirus software, firewalls and other security solutions that block external attacks.
Cybercriminals are using AI to conduct advanced attacks. Some use open source generative AI to produce fake emails, applications and other business documents in minutes. Hackers are also using organizations’ AI tools as attack vectors. For example, in prompt injection attacks, threat actors use malicious inputs to manipulate generative AI systems into leaking sensitive data, spreading misinformation or worse.
Cryptojacking occurs when hackers gain access to a device and use its computing resources to mine cryptocurrencies such as Bitcoin, Ethereum and Monero. Security analysts identified cryptojacking as a cyberthreat around 2011, shortly after the introduction of cryptocurrency.
A DDoS attack attempts to crash an online resource—such as a website or cloud service— by overloading it with traffic. This is typically performed using a botnet, a network of distributed systems that a cybercriminal hijacks by using malware and remote-controlled operations. Increasingly, attackers are combining DDoS attacks with ransomware attacks, or simply threatening to launch DDoS attacks unless the target pays a ransom.
Despite an ever-increasing volume of cybersecurity incidents worldwide and the insights gleaned from resolving these incidents, some cybersecurity misconceptions persist. Some of the most dangerous include:
Strong passwords do make a difference—a 12-character password takes 62 trillion times longer to crack than a 6-character one. But passwords are also easy to acquire, through social engineering, keylogging malware or buying them on the dark web (or off disgruntled insiders).
The cyberthreat landscape is constantly changing. Thousands of new vulnerabilities are reported every year. Opportunities for human error, specifically by negligent employees or contractors who unintentionally cause a data breach, are also increasing.
Cybercriminals find new attack vectors all the time. The rise of AI technologies, operational technology (OT), IoT devices and cloud environments all give hackers new opportunities to cause trouble.
Every industry faces cybersecurity risks. For example, ransomware attacks are targeting more sectors than ever, including local governments, nonprofits and healthcare providers. Attacks on supply chains, government (.gov) websites and critical infrastructure have also increased.
Yes, they do. The Hiscox Cyber Readiness Report found that almost half (41%) of small businesses in the US experienced a cyberattack in the last year.7
While each organization’s security strategy differs, many use these tools and tactics to reduce vulnerabilities, prevent attacks and intercept attacks in progress:
With robust data security policies, security awareness training can help employees protect personal and organizational data. For example, it can help users understand how seemingly harmless actions—oversharing on social media or ignoring operating system updates—can increase risk of attack. It can also help them recognize and avoid phishing and malware attacks.
Data security tools can help stop security threats in progress or mitigate their effects. For instance, data loss prevention (DLP) tools can detect and block attempted data theft, while security controls like encryption can enhance data protection by making any data that hackers do manage to steal useless.
Identity and access management (IAM) refers to the tools and strategies that control how users access digital resources and what they can do with those resources. For example, multifactor authentication (MFA) requires users to supply multiple credentials to log in, meaning threat actors need more than just a password to break into an account. A zero trust security architecture is one way to enforce strict access controls.
Attack surface management (ASM) is the continuous discovery, analysis, remediation and monitoring of the cybersecurity vulnerabilities and potential attack vectors that make up an organization’s attack surface. Unlike other cyberdefense disciplines, ASM is conducted entirely from a hacker’s perspective.
Analytics- and AI-driven technologies can help identify and respond to attacks in progress. These technologies can include security information and event management (SIEM), security orchestration, automation and response (SOAR) and endpoint detection and response (EDR). Typically, organizations use these technologies as part of a formal incident response plan.
Disaster recovery capabilities play a key role in maintaining business continuity and remediating threats in the event of a cyberattack. For example, the ability to fail over to a backup hosted in a remote location can help businesses resume operations after a ransomware attack (sometimes without paying a ransom).
1 Worldwide Security Spending to Increase by 12.2% in 2025 as Global Cyberthreats Rise, Says IDC, International Data Corporation (IDC), 21 March 2025.
2 State of the Tech Workforce | Cyberstates 2024, The Computing Technology Industry Association (CompTIA), March 2024.
3 Cybercrime threatens business growth. Take these steps to mitigate your risk, ZDNet, April 2022.
4 Strategic Cybersecurity Talent Framework, World Economic Forum, April 2024.
5 NIST Cybersecurity Framework, National Institute of Standards and Technology (NIST), 26 February 2024.
6 Cybersecurity Best Practices, Cybersecurity and Infrastructure Security Agency (CISA).
7 The Hiscox Cyber Readiness Report 2024, Hiscox Insurance Company Inc., 2024.