In one cybersecurity firm’s customer base*,a 0.25% incidence rate in 2023 had surged to 28.36% in 2024.

Based on data acquired from protecting 1.4m devices* for a 12-month period in 2024 across 90 countries, a firm specializing in software for managing and securing Apple products has released some findings.

First, from analyzing 10m phishing attacks during 2024, 25% involving corporate entities involved a social engineering ploy, and one in 10 of the victims involved had clicked on a malicious URL.

Second, of organizational devices in the data, 32% of users had operated at least one device with critical vulnerabilities, and 55.1% of the mobile devices used at work are running on a vulnerable operating system (OS).

Other findings

Third, info stealer malware had accounted for 28.36% of all Mac malware examined, compared to 0.25% in a similar analysis performed for 2023.

Fourth, over 90% of attacks recorded in the data had originated from phishing pathways.

Fifth, between 150,000 and 200,000 phishing attacks were classified as Zero Day attacks.

From interpreting the data trends, the firm has expressed several opinions and recommendations:

  • Adopt layered security strategies, including zero-trust methodologies, to improve defense against phishing and other attacks.
  • Security practices should extend beyond operating system updates to include application-level controls.
  • High-profile users face increased targeting by advanced spyware, so they need to trained for extra vigilance, to equip them with the skills to address new and emerging social engineering tactics, including those delivered through non-traditional channels

According to Josh Stein, Vice President, Product Strategy, Jamf, the firm releasing its findings: “Age-old threats like phishing remain extremely prevalent and cannot be overlooked… nor can threats skyrocketing in popularity like info stealers.”

*involving iOS, iPadOS, Android and macOS platforms comprising desktops, smartphones and tablet computers. No breakdown of Android/Apple devices was supplied, but the firm states it is an Apple-first company. Analysis was stated as performed in the first quarter of 2025, “revisiting the prior 12-month period.”