To ensure the X-Analytics Application remains current and produces reliable outcomes, the X-Analytics Research Team aggregates and analyzes historical and cyber risk intelligence data to calibrate backend variables within X-Analytics.
This update includes:
Industry Threat Baselines: -1.5% change since last update
The industry threat baselines decreased by an average of 1.5% since the last update.
Crimeware (including ransomware), Denial of Service Attacks, and Web Application Attacks are the top three threat categories (in order of most likely to least likely).
The decrease in threat activity is partially related to a decrease in web application attack activity and a 2025 baseline update for cyber espionage, denial of service attack, and everything else (unknown and unclassified activity).
The decrease in threat activity will cause a decrease in cyber exposure for most customers.
Data Breach Probability Baseline: +5.3% change since last update
Data breach probability baseline increased by an average of 5.3% since the last update.
This increase is partially due an increase in mega breaches, an increase in the average data breach size (or volume), an increase in ransomware related data breaches, and increase in “unknown” vector data breaches.
Special Note: The increase in “unknown” vector is the exact reason why we maintain the Everything Else (unknown/ unclassified) threat category within X-Analytics.
The average size of data breach is still between 400k and 500k records.
The increase in data breach probability will cause an increase in data breach cyber exposure for most customers.
Data Breach Cost per Record: +9.7% change since last update
Data breach cost per record increased by 9.7% since the last update.
This increase is partially related to inflationary realities catching up to the cost of cyber and to the increase cost of sensitive records.
The increase in data breach cost per record will cause an increase in data breach cyber exposure for most customers.
Business Interruption (DoS) Probability Baseline: +32.2% change since last update
Business interruption (DoS) probability baseline increased by an average of 32.2% since the last update.
The increase in DoS probability is partially due to an increase in application-layer DDoS attacks and a correction in the probability curve using year-end data.
All parts of the probability curve did not increase by 32.3%. Most of the increase took place between 13 hours and 47 hours, which are already extremely low in probability.
The increase in business interruption (DoS) probability will cause mixed results in business interruption (DoS) cyber exposure for most customers depending on your organization's ability to recapture revenue.
Business Interruption (Other) Probability Baseline: -1.8% change since last update
Business interruption (Other) probability baseline decreased by an average of 1.8% since the last update.
The decrease in probability is partially related new procedures attempting to reduce supplier and error-based outages.
In simple terms, human error is the most concerning cause of IT outages.
The decrease in business interruption (other) probability will cause a decrease in business interruption (other) expected loss for most customers.
Ransomware Probability Baseline: -7.9% change since last update
Ransomware baseline probability has decreased by an average of 7.9% since the last update.
This decrease in probability is partially due to a change in attack motivations and patterns, an improvement in countermeasures, and an improvement in how victim organizations refuse to negotiate with ransomware gangs.
This decrease in ransomware probability will cause a decrease in ransomware expected loss for most customers.
Ransomware Extortion: +4.9% change since last update
Ransomware extortion has increased by 4.9% since the last update.
This increase is partially due to victim organizations conducting quick negotiations (with limited benefit) to get back up and running as fast as possible and it is partially due to inflationary realities catching up to cyber extortion demands.
This increase in ransomware extortion will cause an increase in ransomware cyber exposure for most customers.
Misappropriation Probability Baseline: ~0.0% change since last update
Misappropriation baseline probability has not changed since the last update.
The no change in misappropriation probability will cause no change in misappropriation cyber exposure for most customers.
Misappropriation of Funds: % of Payments Related to Fraud: -8.8% change since last update
Misappropriation of funds, % of payments related to fraud, has decreased by 8.8% since the last update.
This decrease is partially related to improve fraud countermeasures within the electronic fund transaction process and messaging platforms.
This decrease in % of payments related to fraud will cause a decrease in misappropration of funds cyber expsoure for most customers.
If you have questions, please contact your X-Analytics Customer Success Team Member.
Comments