# CyberSecStats #47 - Ransomware speed records, LATAM threat landscape, more AI security woes and OT incidents

> CyberSecStats #47: 3-hour Akira ransomware, APIs top KEV at 43%, over-privileged AI hits 76% incident rate, 72-minute breach-to-exfil, LATAM attacks doubled.

Source: https://fmcybersecurity.com/en/insights/strategy/cybersecstats-47/
Locale: English
Other locale: https://fmcybersecurity.com/insights/strategy/cybersecstats-47/

## Metadata

- Date: 2026-02-24
- Author: fredrik-standahl
- Topic: strategy
- Format: news
- Scope: international

## This Week's Cybersecurity Eye-Openers

Three takeaways from this week's data.

**1. Ransomware speed record set**

The fastest-ever observed ransomware case, involving Akira, took just three hours from the initial breach to full encryption.

**2. APIs become the most exploited attack surface**

43% of CISA KEV additions in 2025 were API-related, making APIs the single largest exploited surface in that dataset.

**3. Over-privileged AI systems drive 76% incident rate**

Organizations with over-privileged AI systems experience a 76% incident rate, compared with just 17% for organizations that enforce least-privilege controls on AI.

## Big Picture Reports

### 2026 Global Incident Response Report (Palo Alto Unit 42)

Cyber attacks are now unfolding four times faster than a year ago. The gaps letting attackers in are more basic than most organizations expect.

**The speed and identity crisis:**

- In the fastest cases, attackers moved from initial access to data exfiltration in 72 minutes, four times faster than the previous year.
- Identity weaknesses play a material role in nearly 90% of investigated incidents.
- Misconfigurations or gaps in security coverage enable attacks in over 90% of incidents.

[Read the full report here.](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?ref=cybersecstats.com)

### 2026 Global Threat Analysis Report (Radware)

DDoS attacks surged to record levels in 2025, with almost twice the traffic as in 2024.

**The DDoS explosion:**

- Network-layer DDoS attacks (OSI layers 3 to 4) increased 168.2% year over year.
- Peak network-layer DDoS attack volumes reached almost 30 Tbps.
- Web DDoS attacks (OSI layer 7) increased by 101.4% compared with 2024.

[Read the full report here.](https://www.radware.com/threat-analysis-report/?ref=cybersecstats.com)

## Ransomware

### The Managed XDR Global Threat Report (Barracuda)

Most ransomware victims see it come from firewalls, CVEs, and compromised accounts.

**The firewall vulnerability:**

- 90% of ransomware incidents exploit firewalls through a CVE or a vulnerable account.
- The fastest ransomware case observed, involving Akira, took just three hours from breach to encryption.
- 66% of incidents involve the supply chain or a third party, up from 45% in 2024.

[Read the full report here.](https://www.barracuda.com/reports/managed-xdr-global-threat-report?ref=cybersecstats.com)

### Ransomware Index Report 2025 (Securin)

Encryption is going out of style. Data theft is in.

**The ransomware hierarchy:**

- Qilin claimed the most victims in 2025 (835), followed by Akira (650), Cl0p (517), Play (363), and INC (334).
- 2025 ransomware market share by group: Qilin (23%), Akira (18%), Cl0p (14%), Play (10%), INC (9%).
- Ransomware victims by industry: commercial facilities (997), manufacturing (846), IT (818), healthcare (473), and financial services (340).

[Read the full report here.](https://www.securin.io/ransomware-report-2025?ref=cybersecstats.com)

## API Security

### API ThreatStats Report 2026 (Wallarm)

APIs emerge as the single most exploited attack surface.

**The API threat picture:**

- In 2025, 43% of CISA KEV additions were API-related.
- 98% of API vulnerabilities are easy or trivial to exploit.
- 99% of API vulnerabilities are remotely exploitable.

[Read the full report here.](https://www.wallarm.com/reports/2026-wallarm-api-threatstats-report?ref=cybersecstats.com)

## Application Security

### The Great AppSec Reality Check 2026 (Rein Security)

9 out of 10 CISOs are open to buying AI-native application protection.

**The visibility crisis:**

- Over 75% of security professionals lack the real-time production insight needed to validate risk and understand how their code behaves in real-world environments.
- 73% of SCA users lack visibility into whether flagged vulnerabilities are exploitable in production.
- 93% of CISOs and AppSec executives are ready to replace or purchase new AI-native application protection.

[Read the full report here.](https://lp.reinsec.io/the-great-appsec-reality-check-survey-report?ref=cybersecstats.com)

## Mobile Security

### 72% of Mobile Apps Experienced a Security Incident Last Year (Guardsquare)

Mobile apps are being uninstalled because end users know they are vulnerable.

**The mobile app picture:**

- 72% of organizations experienced at least one mobile app security incident in the past year.
- 81% of developers say AI-generated code has introduced new vulnerabilities.
- 65% reported customer churn or app uninstalls as a direct result of security issues.

[Read the full report here.](https://www.guardsquare.com/mobile-app-security-threat-report?ref=cybersecstats.com)

## OT and Industrial Security

### 2026 OT Cybersecurity Year in Review (Dragos)

The threat of cyber shutdowns is becoming very real for manufacturing and industrial organizations as attackers switch tactics.

**The industrial target:**

- Manufacturing accounts for more than two-thirds of all ransomware victims.
- Ransomware attacks against industrial organizations increased by 64% year over year.
- The average dwell time for ransomware in OT environments is 42 days.

[Read the full report here.](https://www.dragos.com/ot-cybersecurity-year-in-review?ref=cybersecstats.com)

### OT/IoT Cybersecurity Trends and Insights 2025 H2 Review (Nozomi Networks)

Most ransomware targets English-speaking countries.

**Targeting and exposure:**

- 70% of global ransomware activity targets English-speaking countries.
- In the second half of 2025, 40% of all ransomware attacks targeted US-based companies.
- 68% of observed wireless networks in industrial and critical infrastructure environments operate without Management Frame Protection despite using modern encryption.

[Read the full report here.](https://www.nozominetworks.com/ot-iot-cybersecurity-trends-insights-february-2026?ref=cybersecstats.com)

## AI Security and Governance

### AI Security and Exposure Benchmark 2026 (Pentera)

AI is everywhere, but very few CISOs are securing it.

**The AI security gap:**

- Only 11% of enterprise CISOs have security tools specifically designed to protect AI systems.
- Organizations with overprivileged AI systems have a 76% incident rate, compared with 17% for organizations that limit AI to only the privileges needed for the task.
- 78% of enterprises fund AI security through existing security budgets.

[Read the full report here.](https://pentera.io/resources/reports/ai-security-exposure-survey-2026/?ref=cybersecstats.com)

### The 2026 Infrastructure Identity Survey, State of AI Adoption (Teleport)

More AI means more incidents.

**The AI privilege problem:**

- 70% of security leaders say AI systems have more access than a human in the same role.
- Enterprises deploying AI systems with excessive permissions experience 4.5x as many security incidents as those that enforce least-privilege controls.
- 67% of organizations rely on static credentials for AI systems.

[Read the full report here.](https://goteleport.com/resources/surveys/infrastructure-identity-survey-2026/?ref=cybersecstats.com)

### Internal Audit and AI-Enabled Fraud (Internal Audit Foundation and AuditBoard)

Internal audit leaders see AI-powered fraud as a rapidly growing threat. Most admit their teams are not yet equipped to catch it.

**The audit preparedness gap:**

- Fewer than 40% of internal audit leaders believe their function is adequately prepared to detect AI-enabled fraud.
- 88% identify AI-powered phishing attacks as a top risk.
- 57% identify a lack of appropriate technology or tools as a primary barrier to improving AI-enabled fraud preparedness.

[Read the full report here.](https://www.theiia.org/en/content/research/foundation/2026/internal-audit-and-ai-enabled-fraud/?ref=cybersecstats.com)

## Open Source Security

### 2026 Open Source Landscape Report (TuxCare)

Open-source software in production is a risk people know about but are rarely able or willing to fix.

**The patching problem:**

- 47.8% of surveyed enterprise open source users said their organization experienced a cybersecurity incident in the past 12 months.
- Among those reporting incidents, 61.4% said the incident occurred when a patch was available but had not been applied.
- 92.6% of open-source users reported that their organization was aware it was vulnerable before the cybersecurity incident occurred.

[Read the full report here.](https://tuxcare.com/2026-open-source-landscape-report/?ref=cybersecstats.com)

## Industry-Specific

### 2026 Global Automotive and Smart Mobility Cybersecurity Report (Upstream)

Many ransomware incidents in the automotive sector did not make headlines.

**The automotive threat:**

- 44% of attacks in the Automotive and Smart Mobility ecosystem are ransomware-related, more than double the volume in 2024.
- 67% of incidents involve telematics and cloud systems as attack vectors.
- 92% of automotive cyberattacks are conducted remotely, of which 86% require no physical proximity to vehicles or systems.

[Read the full report here.](https://upstream.auto/reports/global-automotive-cybersecurity-report/?ref=cybersecstats.com)

## Regional Spotlight

### Region Report: Latin America (Intel471)

Latin America is more digitally connected than many outside the region realize. Cyberattacks there are growing extremely fast.

**The LATAM escalation:**

- Cyberattacks in LATAM increased from over 250 in 2024 to over 450 in 2025.
- The number of ransomware variants in LATAM rose from 48 to 79, with the most impactful gangs being Qilin, The Gentlemen, SafePay, Akira, and INC.
- Brazil accounted for about 30% of ransomware victims in LATAM in 2025, followed by Mexico at about 14% and Argentina at about 13%.

[Read the full report here.](https://www.intel471.com/resources/whitepapers/region-report-latin-america-2025?ref=cybersecstats.com)

---

For the full documentation index, see https://fmcybersecurity.com/llms.txt
For the complete corpus as a single document, see https://fmcybersecurity.com/llms-full.txt