Cyber Incident Breakdown for 2024
It's that time of year where we get the opportunity to look back on 2024.
The year 2024 presented a dynamic landscape of cyber threats and responses. With an increasing reliance on digital systems across industries, the challenges of securing sensitive data and critical infrastructure became more pronounced. Below, we break down the trends based on data from this year's incidents.
Distribution of Incidents
It seems most attackers come out punching at the start of the year and this trails off in H2. This has been consistent in 2024 and 2023. The graph below shows the distribution of number of incidents across the full year. The anomaly in May 2023 we believe was driven by the large number of organisations affected by the MoveIT campaign.

Incidents by Location
Incidents by location in 2024 remain in line with the previous year, the United States stands out as a primary target for threat actors with Western European states (UK, Germany and France) featuring at the top of the most attacked lists.The disparity in reported numbers could reflect differences in reporting mechanisms rather than actual attack volumes.

Although the USA is prominent, it held a much larger share of incidents in the previous year (2023), In 2023, it was the victim of 49% of incidents recorded in the top 10 victim countries. This has dropped to 36% in 2024. Emerging markets are seeing a rise in incidents, pointing towards a shift in attacker focus to regions with weaker cybersecurity frameworks.

Industry Breakdown
Government and Public Service organisations continue to feature heavily in the Top 10 most attacked industries with Local Government organisations taking the top spot. Healthcare has dropped from the top spot but still ranks highly at #4. Healthcare has been particularly hard hit in recent years. The downward trend is likely due to growing resilience and lessons learned from previous waves of attacks.

note:for industry definitions click here.
Threat Actor Origins & Types
Russia retains a significant lead in terms of attack attribution results. Other notable sources of activity are the USA, Ukraine & France. Activity at least in part may be attributed to ongoing geopolitical conflicts.

Although individual hackers were the top threat actor group, collectively, most incidents were perpetrated by criminals and crime syndicates indicating that ransomware remains a lucrative opportunity. Nation state activity made up for 20% of malicious activity.

note: for threat actor definitions click here
Motives
Personal Gain remains the top motivation for attacks in 2024. Almost half (49%) of all attacks were motivated by personal gain (which includes financial gain faciliated by ransomware). Ranked #2 with 16% was Ideology.. further cementing assertions above that a large portion of malcious cyber activity is currently driving by geopolitical goals and causes.

note: multiple motives may be attributed to single incidents. for motive definitons click here.
Basic TTP (Tactics, Techniques, and Procedures) Breakdown
Various TTPs and combinations of TTPs were analysed across incidents to identify Exfiltration from End Host as a primary technique for stealing data. Attackers often targeted endpoints like desktops, laptops, and servers to steal sensitive data using techniques such as Phishing. Data Attacks were also prominent. Data destruction or manipulation are often a precursor to a ransomware attack.The larger instances of exfiltration perhaps indicate the attacker have prioritised stealing data over and above denying availibility ot it through mechanisms such as encryption. It should be noted that the techniques are not mutually exclusive and data attakcs usually follow exfiltration. It's possible that attackers are successfully exfiltrating data but are less successful at subsequent data attacks.

note: for TTP definitions click here
Summary
The cyber threat landscape of 2024 underscores the evolving challenges of digital security. As attackers innovate, organisations must adopt proactive and adaptive security measures, from employee training and robust incident response plans to investment in cutting-edge technologies like AI-based threat detection.
The year 2024 highlighted significant trends in cyber threats, showcasing patterns in attack distribution, geographical focus, and attacker motivations. As in previous years, incidents were concentrated at the beginning of the year, with numbers declining in the latter half. The United States remained a major target for threat actors, although its share of incidents dropped compared to 2023. Emerging markets experienced an increase in attacks, reflecting shifts in adversary strategies towards regions with weaker cybersecurity defences.
Government and Public Service sectors, particularly Local Government organisations, continued to be frequent targets. Healthcare, while still prominent, saw a decline in incidents, suggesting improvements in defences. Russia remained the most common source of attributed attacks, with other activity linked to the USA, Ukraine, and France, influenced by ongoing geopolitical dynamics.
Financial motives drove nearly half of all attacks, largely through ransomware campaigns. Ideologically driven attacks also featured prominently, reinforcing the role of geopolitics in malicious activity.
Analysis of attack methods revealed a strong focus on data exfiltration from endpoints, often through phishing. Data theft frequently occurred ahead of attempts to encrypt or destroy data, with attackers increasingly prioritising the value of stolen information over disruption.
The trends of 2024 emphasise the importance of strengthening defences, improving incident reporting, and adapting to emerging threats to protect sensitive data and critical systems. Understanding these trends is vital for crafting policies and solutions that effectively mitigate risks in the coming years.
