Serious cyber-attacks increase 25% year on year and now average a cost of over $3m