AI-enhanced malware attacks are primary concern of U.S. IT professionals for 2025, according to 60% of global IT professionals surveyed for GetApp’s 6th Annual Data Security Report.
While phishing and ransomware attacks remain prevalent, the increasing sophistication of AI-enhanced threats signals the need for businesses to prioritize new defensive strategies, asserts GetApp, a software consultancy. Additionally, 37% of U.S. IT professionals view AI-enhanced attacks as their primary concern next year.
Key Trends: Ransomware Recovery Improving
The survey of 4,000 cybersecurity and IT professionals from 11 countries, including 500 U.S. IT professionals, offers insights and recommendations on how businesses can protect themselves against AI-enhanced cyberattacks through training, upgraded tools and response plans.
The report reveals five additional key trends and how to address them:
1. Ransomware remains a significant challenge, but recovery rates are improving. In 2024, ransomware attacks affected 44% of U.S. companies, with 43% of those paying a ransom. However, 36% of businesses were able to recover their data without payment, indicating improvements in incident response and decryption capabilities.
2. Phishing is still widespread despite ongoing prevention efforts. Phishing continues to plague businesses, with 87% of U.S. organizations reporting phishing attempts in the past 12 months. Alarmingly, 74% of employees who received a phishing email clicked on malicious links, highlighting the ongoing need for security awareness training.
3. Cloud security vulnerabilities are a growing concern. As more businesses adopt cloud solutions, 56% of data breaches in the U.S. were attributed to software vulnerabilities, emphasizing the importance of securing cloud-based infrastructure.
4. U.S. data breaches are below global averages, but risks remain high. The U.S. fared better than its global counterparts in terms of data breaches, with 54% of businesses reporting them in 2024 compared to the global average of 62%. Despite this, more than half of U.S. organizations still experienced a breach, underscoring the need for continued vigilance.
5. Multi-factor authentication (MFA) adoption rises as cyberthreats evolve. Fifty-one percent of U.S. companies have implemented MFA for all applications, higher than the global average of 44%. This increased use of MFA is helping businesses fend off some of the most damaging cyberattacks.
Commenting on MFA adoption rates, David Jani, security analyst at GetApp, stated:
“Increased investments in MFA are certainly paying off, but AI is pushing cyberattacks into uncharted territory and businesses can’t afford to fall behind. While efforts to mitigate risks like ransomware and phishing are improving, AI-driven threats require a faster, more adaptive approach. The companies that succeed in 2025 will be the ones that enhance their defenses now.”
