Technology
Rising cyber attacks push U.S. companies to treat security as urgent risk
Reported cybercrime losses reached $16.6 billion in 2024, a 33% jump from 2023, as ransomware, credential theft and extortion continued to hit U.S. companies. Verizon’s latest breach analysis shows how broad the exposure has become: 30,458 cybersecurity incidents and 10,626 confirmed data breaches across 94 countries, with the median time for users to fall for phishing emails at less than 60 seconds.
The pressure is being felt far beyond information technology departments. Companies now rely more heavily on cloud services, remote access, third-party vendors and AI-enabled software, which makes operations faster but also widens the attack surface. A single compromised contractor account or one insecure software update can be enough to move an intruder deeper into a network, disrupt operations or expose customer data.
The Cybersecurity and Infrastructure Security Agency tried to push the issue up the corporate agenda on March 27, 2024, when it proposed expanded cybersecurity incident and ransomware-payment reporting across 16 critical-infrastructure sectors. The proposal reflected how far cyber risk reaches into the economy, from healthcare and finance to logistics and retail, where downtime can quickly mean lost revenue and public harm.

The public safety dimension is even clearer in critical infrastructure. In a June 2024 intelligence assessment, U.S. agencies said Iran-affiliated and pro-Russia actors had gained access to, and in some cases manipulated, industrial control systems in the food and agriculture, healthcare, and water and wastewater sectors. Those incidents showed that cyberattacks can move from stolen data to physical operations, with consequences that can spill into hospitals, utilities and supply chains.
Attackers are also changing faster than many defenses. Artificial intelligence is making phishing emails more convincing and helping criminals automate reconnaissance, giving them more ways to probe corporate networks at scale. Verizon’s 2025 report found that 62% of financially motivated incidents involved ransomware or extortion, with a median loss of $46,000 per breach.

That combination has turned cybersecurity into a board-level issue. Investors now treat it as a management problem rather than a narrow IT concern, and companies face pressure to show they can respond quickly and transparently after an incident. Insurance costs have also risen as attacks have become more frequent and expensive, raising the stakes for firms that still leave patching, identity controls, backup systems and incident response planning incomplete.
Verizon’s 2024 breach report also found that attacks exploiting vulnerabilities as the initial path into breaches were rising sharply, a sign that weak software hygiene remains a basic failure point. Despite more spending and more warnings, the firms most at risk are still the ones that treat cyber risk as a compliance exercise instead of an operational threat.
Sources
- [1]reuters.com
- [2]ic3.gov
- [3]verizon.com
- [4]cisa.gov
- [5]paulhastings.com
- [6]dni.gov