To ensure the X-Analytics Application remains current and produces reliable outcomes, the X-Analytics Research Team aggregates and analyzes historical and cyber risk intelligence data to calibrate backend variables within X-Analytics.
Update Summary:
Between the dates of February 28th and March 4, 2025, backend variables were updated within the X-Analytics application. This particular update window included resetting threat baselines for Error, Theft & Loss, Crimeware, Cyber-Espionage, Skimming, Denial-of-Service (DoS) Attack, and Everything Else.
Even with the resetting of the threat baselines, cyber exposure decreased by an average of 5.7% across all industries since last month. Please see table below:
Change in Industry Baseline Since Last Update
Industry Vertical | % Change | Reasons for Change (since last update) |
Accommodation and Food Services (72) | -23.7% | Decreases in Crimeware, Cyber-Espionage, and Everything Else compared to updated risk indexes. |
Administrative and Support, and Waste Management and Remediation Services (56) | -1.7% | Decreases in Everything Else compared to updated risk index. |
Agriculture, Forestry, Fishing, and Hunting (11) | +6.7% | Increases in Error, Cyber-Espionage, and Everything Else compared to updated risk indexes. |
Arts, Entertainment, and Recreation (71) | +1.2% | Increases in Error and Everything Else compared to updated risk indexes. |
Aviation (481,488,492) | +5.2% | Increases in PoS Intrusion, Crimeware, and Cyber-Espionage compared to current and updated risk indexes. |
Construction (23) | +47.8% | Increases in Error, Crimeware, DoS Attacks, and Everything Else compared to updated risk indexes. Though, Crimeware is the main reason. |
Education (61) | -4.4% | Decreases in Theft and Loss and Cyber-Espionage compared to updated risk indexes. |
Finance and Insurance (52) | -16.8% | Decreases in Theft and Loss, Crimeware, Cyber-Espionage, and Everything Else compared to updated risk indexes. |
Healthcare and Social Assistance (62) | -17.9% | Decreases in Theft and Loss, Crimeware, Cyber-Espionage, and DoS Attack compared to updated risk indexes. |
Information, Software, and Technology (51) | -11.3% | Decreases in Theft and Loss, Crimeware, Cyber-Espionage, DoS Attack, and Everything Else compared to updated risk indexes. |
Management of Companies and Enterprises (55) | +14.3% | Increases in Error, Crimeware, Cyber-Espionage, DoS Attack, and Everything Else compared to current and updated risk indexes. |
Manufacturing (31,32,33) | -16.2% | Decreases in Theft and Loss, Crimeware, Cyber-Espionage, and Everything Else compared to updated risk indexes. |
Mining (21) | -23.6% | Decreases in Crimeware, Cyber-Espionage, and DoS Attack compared to updated risk indexes. |
Other Services (except Public Administration) (56) | +6.7% | Increases in Error, Theft and Loss, and Everything Else compared to current and updated risk indexes. |
Professional, Scientific, and Technical Services (54) | -13.8% | Decreases in Theft and Loss, Crimeware, Cyber-Espionage, and Everything Else compared to updated risk indexes. |
Real Estate Rental and Leasing (53) | -24.5% | Decreases in Crimeware, Cyber-Espionage, and Everything Else compared to updated risk indexes. |
Retail Trade (44,45) | -9.6% | Decreases in Error, Theft and Loss, Crimeware, DoS Attack, and Everything Else compared to updated risk indexes. |
Transportation & Warehousing (48,49) | -30.0% | Decreases in Crimeware, DoS Attack, and Everything Else compared to updated risk indexes. |
Utilities (22) | +13.2% | Increases in Error, Crimeware, Cyber-Espionage, and Everything Else compared to current and updated risk indexes. |
Wholesale Trade (42) | -13.9% | Decreases in Crimeware and Everything Else compared to updated risk indexes. |
The above tables does not include Public Administration (92).
Special Note: If one or more of your profiles has threat overrides, then we highly recommend that you compare your current answers to industry defaults to determine if you need to make any adjustments to your threat answers.
This update includes:
Industry Threat Baselines: +16.6% change since last update
The industry threat baselines increased by an average of 16.6% since the last update.
Crimeware (including ransomware), Web Application Attacks, and Denial of Service Attacks are the top three threat categories (in order of most likely to least likely).
The increase in threat activity is mainly related to resetting the threat baselines for miscellaneous error, physical theft and loss, physical card skimming, crimeware (including ransomware), cyber-espionage, denial-of-service attacks, and everything else.
An adjustment in the risk indexes will offset most of the threat reset.
With the increase in threat baseline and the adjustment in risk indexes, most customers will experience a decrease in cyber exposure for most customers. For more information, please see here.
Data Breach Probability Baseline: -1.1% change since last update
Data breach probability baseline decreased by an average of 1.1% since the last update.
This decrease is partially due a decrease in unauthorized access and unauthorized disclosure.
The average size of data breach is still between 400k and 500k records.
The decrease in data breach probability will cause a decrease in data breach cyber exposure for most customers.
Business Interruption (DoS) Probability Baseline: -0.7% change since last update
Business interruption (DoS) probability baseline decreased by an average of 0.7% since the last update.
The increase in DoS probability is partially due to a decrease in attacks that are 30-minutes or longer.
The decrease in business interruption (DoS) probability will cause a decrease in business interruption (DoS) cyber exposure for most customers.
Business Interruption (Other) Probability Baseline: +8.9% change since last update
Business interruption (Other) probability baseline increased by an average of 8.9% since the last update.
The increase in probability is partially due to an increase in human error-based outages.
The increase in business interruption (other) probability will cause an increase in business interruption (other) expected loss for most customers.
Ransomware Probability Baseline: +0.7% change since last update
Ransomware baseline probability has increased by an average of 0.7% since the last update.
This increase in probability is partially due an increase in attacks from RansomHub and 31 other active ransomware groups.
This increase in ransomware probability will cause an increase in ransomware expected loss for most customers.
Misappropriation Probability Baseline: +5.6% change since last update
Misappropriation baseline probability has increase by an average of 5.6% since the last update.
This increase in probability is partially due to increases in AI-based social engineering attacks, business email compromise (BEC), AI-adoption and related misuse and error, and cyber-espionage related activity.
The increase misappropriation probability will cause an increase in misappropriation cyber exposure for most customers.
Misappropriation of Funds: % of Payments Related to Fraud: ~0.0% change since last update
The no change in "Misappropriation of Funds: % of Payments related to Fraud" will cause no change in misappropriation cyber exposure for most customers.
Additional Questions:
If you have questions, please contact your X-Analytics Customer Success Team Member.
For more information, please visit X-Analytics Now or X-Analytics Industry Benchmarks.
Comments