Frequency vs. Impact: When More Attacks Don’t Mean Greater Damage 

Published
Written by:
Vishwa Pandagle
Vishwa Pandagle
Cybersecurity Staff Editor

Question: Your report shows that the most targeted sectors aren't always the most impacted. What does that say about sector-wise cyber resilience? Why are some less-targeted sectors experiencing greater consequences?


Sofia Scozzari, CEO & Founder of HackManac

The following top 2025 frequency rankings in our latest global report

Ranking by average severity instead 

Gov/ Military/ Law Enforcement drops out of the top ten entirely. That gap is the most important signal in cybersecurity when assessing risk: frequency and impact of cyber attacks show different angles. 

At the same time, less-targeted sectors aren't automatically more resilient. What actually drives the divergence is the type of threat and the attacker type, which also gives us the motivation behind it.

Not all threats are built to cause the same damage. 

Vulnerabilities, particularly zero-days, are arguably the single most dangerous category we track: 

"Multiple techniques," usually the signature of APT groups running state-sponsored cyber espionage or information warfare operations, represent the second most dangerous threat in our 2025 data. 

Ransomware remains a serious and disruptive threat, particularly with double extortion, where data theft is layered on top of encryption. 

DDoS and web attacks sit at the opposite end: high visibility, low average impact, the kind of threat that generates headlines without proportional damage.

Even if severity of cyber attacks can add a further perspective to the scenario, CISOs need to see where risk is heading, not just where it sits today. To solve this problem, this year we decided to add two metrics based on our Estimated Severity Index. 

Impact Momentum tracks the period-over-period rate of change in average severity for a given sector, technique, or actor class, telling you whether risk in that cohort is accelerating, stabilizing, or declining. 

The Quiet Shift Index, on the other hand, flags clusters of activity where damage is disproportionate to observed attack volume, surfacing the slow-building, under-the-radar shifts that precede a wave of major incidents, before they show up as a spike in your monitoring.

Used together, these four layers (volume, severity, acceleration, and concentration) offer a full perspective of the cyber scenario to a CISO, a security manager, or any decision maker in the company: 

A sector or a vendor relationship that looks "quiet" on volume can still be accumulating risk that a frequency-only dashboard will never catch. 

In cybersecurity, resilience depends on understanding your own specific threat scenario, in order to size your defense strategy to the damage you're actually exposed to.


For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: