Cyber scams cost businesses $1.7 million per year, claims report

Supply chain attacks, brand impersonation, and APTs top the list of threats to businesses

A fan of four $100 notes
(Image credit: Getty Images)

Ninety-eight percent of businesses experienced a cyber attack in 2024, with 94% reporting associated financial losses of at least $500,000, according to the 2025 CyberScam Report from security firm BrandShield.

Based on a survey of 200 CISOs from the UK, US, and Europe, the research discovered that suffering a cyber attack in 2024 had a significant impact on a CISO’s attitudes to emerging technologies and how much they should invest in cyber monitoring tools.

For example, when it comes to the potential negative effects of AI, 34% said they were very concerned, 40% said they were concerned, and 25% said they were only slightly concerned. For those having suffered a cyber attack, however, these levels of worry increased.

If the organization lost up to $1 million in relation to cyber attacks in 2024, 53% of CISOs said they were concerned, while 23% said they were very concerned. For organizations that lost more than $1 million, 40% said they were very concerned and 33% said they were concerned – although 1% said they weren’t concerned at all.

When it comes to the level of spending in their company in relation to threat monitoring, 76% of CISOs interviewed said their budgets would likely increase this year, with those that had suffered a cyber attack anticipating a greater increase than those that hadn’t.

Supply chain attacks and phishing plague businesses

When it comes to the type of attacks that CISOs faced in the past year, 33% identified supply chain attacks as the main cause of their problems, followed by brand impersonation (31%), advanced persistent threats (APTs) (29%), executive impersonation (28%), and phishing and scam sites (27%).

Ransomware, which was a major concern for businesses for several years, came in last place at 22%.

This falls in line with recent research from ITPro, which showed phishing – which is increasingly incorporating elements of generative AI according to researchers – to now be the biggest threat. This was followed by malware and password attacks, both often a feature of campaigns by APTs, with ransomware coming in fourth and social engineering fifth.

Of BrandShield’s own research, CEO and co-founder Yoav Kerensaid: “The scale of online threats is unprecedented, and cybercriminals are weaponizing AI faster than businesses can react. Organizations must prioritize AI-powered defenses that don’t just detect threats but neutralize them in real-time.”

MORE FROM ITPRO

Jane McCallion
Managing Editor

Jane McCallion is Managing Editor of ITPro and ChannelPro, specializing in data centers, enterprise IT infrastructure, and cybersecurity. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.