Personal data breaches have reached alarming levels in 2025. According to the latest IBM Cost of a Data Breach Report 2025, the global average cost of a data breach amounts to $4.44 million, while in the United States the cost has skyrocketed to $10.22 million. Meanwhile, artificial intelligence has become hackers’ new weapon, with 87% of organizations worldwide reporting AI-powered attacks within the past year.
Read: What to do if you receive calls from Poland or Netherlands: Warning – don’t call back
The new threats of 2025: AI and automated attacks
The AI revolution in cybercrime
2025 marks a new era in cybercrime. According to recent studies, 82.6% of phishing emails now use artificial intelligence, causing their success rates to soar to 54%, compared to 12% for traditional attacks. Criminals can now create extremely convincing messages that look authentic, using your colleagues’ writing style or references to your recent purchases.
Microsoft revealed that automated AI phishing emails achieve a 54% click-through rate, while AI-powered attacks increased by 47% globally in 2025.
Deepfakes: The new scourge of digital fraud
Deepfakes now account for 6.5% of all fraud, marking a 2,137% increase since 2022. In Hong Kong, a company lost $25 million when hackers used deepfake technology to impersonate the company’s CFO in a video call. The first quarter of 2025 recorded 19% more deepfake incidents than the entire year of 2024.
The main ways personal data is breached in 2025
Phishing: The number one threat
Phishing remains the most widespread method of personal data theft. The Verizon Data Breach Investigations Report 2025 reveals that phishing represents 16% of all initial attacks and is involved in 28% of confirmed data breaches. Daily, 3.4 billion spam emails are sent globally, with one trillion being phishing emails annually.
In Europe, 42% of attacks in 2025 involve phishing, while in North America the percentage reaches 47%. In the United Kingdom, 43% of businesses reported cyberattacks in 2025, with 85% of these involving phishing.
Stolen credentials: The most common cause
According to Verizon, 53% of data breaches are due to stolen passwords. Hackers gain access through passwords leaked from previous attacks or through techniques like credential stuffing. IBM’s research shows that when criminals breach a system, they maintain access for about six months before being discovered, while the process of detecting and containing a breach decreased to 241 days in 2025.
Corporate data breaches
2025 recorded over 3,100 data breaches in the US, affecting over 1.35 billion people. 72% of breaches involved cloud-stored data, with the cost of these incidents averaging $5.05 million. 53% of breaches include customers’ personally identifiable information (PII), such as social security numbers, emails, and home addresses.
Ransomware and extortion
Ransomware appeared in 23% of data breaches in 2025, with the average cost of such incidents reaching $5.08 million. Hackers now employ double extortion tactics: they encrypt files and threaten to publish data if ransom isn’t paid. Interestingly, 64% of organizations that suffered ransomware in 2025 didn’t pay ransom, an increase from 50% in 2023.
Third-party vendor attacks
Supply chain attacks doubled compared to the previous year, making third-party vendor breaches the second most common and expensive attack method, with an average cost of $4.91 million.
Business email compromise (BEC)
BEC constitutes 53% of all phishing attacks in 2025 and caused $2.77 billion in damages in the US alone in 2024, according to the FBI. Attackers impersonate CEOs or trusted vendors to trick employees into making fraudulent bank transfers.
Who’s most at risk: Targets by industry
Healthcare: The most expensive sector
The healthcare sector remains the most expensive for 12 consecutive years, with an average breach cost of $7.42 million. 17% of all attacks in 2024 targeted healthcare, while AI-powered attacks in the sector increased by 76% in 2025.
Financial services
In 2024, the financial sector recorded 737 breaches, rising to first place for the first time since 2018. 46% of attacks in the sector involve phishing.
Small businesses: Easy targets
Small businesses are targeted almost four times more than large ones, according to Verizon. 43% of all cyberattacks target small businesses, with 68% of phishing cases in small companies starting from an untrained employee.
How to protect yourself: Practical measures for 2025
Use multi-factor authentication (MFA)
Enabling MFA is essential. The Change Healthcare incident in 2025 proved that a system without MFA isn’t just vulnerable but negligent. Use modern phishing-resistant authentication methods like passkeys.
Update software and systems
Studies show that one-third of applications contain critical or serious vulnerabilities. Over 45% of large enterprises leave vulnerabilities unresolved for more than a year.
Invest in AI for cybersecurity
Organizations that extensively use AI in their security reduce breach costs by $1.9 million ($3.62M vs $5.52M). 69% of businesses consider AI essential for cybersecurity as threats increase, while 88% believe AI use is critical to free up time for security teams.
Staff training
68% of breaches in 2025 involved human error. Regular phishing simulations and training are essential. Organizations using AI in security can detect and contain breaches 108 days faster than others.
Secure passwords and password managers
Don’t use the same password for different services. Use a password manager to create and store strong, unique passwords for each account.
Wi-Fi caution
Avoid using public Wi-Fi networks for sensitive transactions. If necessary, use a VPN to encrypt your connection.
Check app permissions
Be careful about what permissions you grant to apps you install. Many request access to data they don’t need for their function.
Monitor accounts
Regularly check your bank transactions and credit cards for suspicious activity. Enable notifications for every transaction.
Backup copies
Regularly create backups of your important data on external drives or cloud services with strong encryption.
Cooperation with authorities
IBM reports that cooperating with authorities in ransomware incidents can reduce breach costs by nearly $1 million on average.
The future: What to expect
The World Economic Forum predicts that the annual cost of cybercrime will exceed $23 trillion by 2027. Weekly cyberattacks have more than doubled since 2021, from 818 per organization in Q2 2021 to 1,984 in the same period of 2025.
AI attacks are increasing rapidly, with predictions for over 28 million incidents globally in 2025. 66% of organizations expect AI to impact cybersecurity in 2025, but only 37% have procedures for evaluating AI tool security before deployment.
Protecting personal data in 2025 requires an active stance, continuous updates, and combining technological solutions with human vigilance. Threats are evolving, but with the right measures you can significantly reduce risk.
