While the internet has brought about undisputed advantages in virtually every sphere of life, it has a dark side too —stolen data, identity thefts, and security breaches have become the order of the day. With more of our lives moving online amid the ongoing pandemic, individuals, companies, and governments become more exposed to cyber attackers. We prepared these essential cybersecurity statistics to keep you up-to-date with the latest trends in the field and threats that emerge alongside new technologies such as artificial intelligence and machine learning. So, stick with us and stay safe.
Cybersecurity Statistics (Editor’s Choice)
- Most cybersecurity breaches are caused by human error.
- Only 5% of the average company’s folders are protected.
- In 94% of cases, the malware reaches targets via email.
- The global cybersecurity market was worth $176.50 billion in 2020.
- Cybercrime costs organizations $2.9 million every minute.
- Due to COVID-19, cybercrime is on the rise by 600%.
- Malware attacks grew 358% through 2020.
- The average global cost of a data breach is $3.86 million.
General Cybersecurity Facts & Stats
1. Approximately 43% of cyberattacks target small businesses.
Small businesses have fewer resources allocated for cybersecurity. Cybercriminals know this and direct nearly half of all of the attacks toward smaller firms. This number, reported for 2020, further marks a significant rise from 18% of small businesses targeted by cybercriminals just a few years ago. Small businesses (under 500 employees) spent $7.68 million per incident on average.
2. Most cybersecurity breaches happen because of human error.
Cybersecurity statistics show that as many as 95% of cybersecurity breaches come within the organization, with cybercriminals and hackers targeting the weakest link. The majority of incidents, therefore, occur when an employee who lacks digital literacy downloads a malicious file and releases malware into the network.
3. Only 5% of a typical company’s folders have protections.
It seems that companies have the majority of their folders unprotected, cybersecurity threats statistics show. Another research meanwhile indicates that 22% of all folders in a company are open to all employees. Then, 53% of companies learned that over 1,000 sensitive files were available to all employees.
(Varonis, Titan File)
4. In 94% of cases, malware reaches targets via email.
Research from Verizon revealed some interesting facts about cybersecurity. Typically, malware reaches users via email. Then, the most common attack including social engineering is phishing. Namely, it comprises 80% of reported incidents. The main goal of attackers behind this type of scam is to convince users to install corrupted software. One way to mitigate both risks is to rely on some email encryption software. Despite the common association to phishing involving Nigerian princes and relatives, it’s important to stress out that 40% of all phishing command servers are in the US.
5. Google has registered about 2.14 million phishing sites in 2021.
This marks a 27% rise since the previous year. Phishing statistics further suggest that there are 75 times as many phishing sites now as malware ones. Malware sites, however, are growing at a quicker pace, from 21,803 to 28,803 (32%) between 2020 and 2021.
6. Windows executables, with about 74%, are the most common malicious files attached in phishing emails.
According to the ESET’s Report from 2020, attackers also used script files (11%), office documents (5%), compressed archives (4%), PDF docs (2%), Java files (2%), batch files (2%), shortcuts, and Android executables.
7. About 60% of organizations’ security leaders say that phishing causes them to lose data.
The impact of successfully completed phishing attacks on organizations vary. Cybersecurity attacks statistics indicate that 52% of organizations suffer the loss of credentials and compromised accounts. Some 47% get infected with ransomware, while 29% suffer the same by malware. Finally, 18% of organizations report financial losses.
8. 80% of senior IT employees and leaders think their organization lacks sufficient cybersecurity.
Despite the general readiness of organizations to invest in IT security, we can still see that leading security experts feel like their companies are not quite there yet. Cyber threats are still a very real danger to their systems according to the majority. On top of that, only 57% of companies organized a data security risk assessment in 2020.
9. Approximately 52% of small and medium businesses don’t have in-house IT specialists.
The lack of funds for security experts and IT in the majority of SMBs is a tremendous challenge. Data further shows that one in five companies don’t use endpoint security, and only 14% consider cyberattacks and risk mitigation as effective. On the other hand, small business cybersecurity statistics show that 83% of SMBs are not financially ready for recovery from these types of attacks.
10. The US President’s budget includes $15 billion earmarked for cybersecurity.
As one of the interesting facts about cybersecurity, we can point out that the budget the US President Office allocates for this vital segment is pretty substantial. Each year, this budget gets higher, so the one allocated for 2019 was 4.1% higher YoY. The largest contributor to the budget was the Department of Defense. In 2019, it funded $8.5 billion in cybersecurity, $340 million more than in 2018.
Cybersecurity Industry Trends
11. The global cybersecurity market was worth $176.50 billion in 2020.
Constant threats to organizations in cyberspace, a changing digital landscape, rise of risks and vulnerabilities are all pushing the global cybersecurity market expansion. Many cybersecurity companies are working on consulting and developing solutions to cybercrime. In fact, all of this will push the growth of the market to $403.01 billion by 2027, according to some expectations, with a CAGR of 12.5%.
(Brand Essence Research)
12. Predictions for cybercrime damage costs hover around $6 trillion per year by the end of 2021.
Emerging trends in cybersecurity are driving the cost of damage control for malicious cyber activity. For reference, these are estimated to double from $3 trillion in 2015. These costs include data destruction, lost productivity, stolen money, theft of financial data, fraud, forensic investigation, restoration of hacked systems, and finally ruined reputation.
13. 70% of cryptocurrency transactions are expected to be illegal by 2021.
It’s a well-known fact about cybersecurity that the booming cybercrime typically relies on the use of crypto, particularly bitcoin. In fact, $76 billion of illegal transactions annually involve bitcoin. For comparison purposes, this is nearly reaching the scale of the combined illegal drugs market of the US and Europe.
14. Cybercrime costs organizations $2.9 million every minute.
According to cybersecurity statistics, major businesses lose $25 per minute due to the impact of data breaches. In the US, for example, the cost is the highest. On average, an attack in the US costs $8.6 million.
15. Only 16% of executives confirm their companies are ready to handle cyberrisks.
Trends in cybersecurity reveal that, although 75% of experts consider cybersecurity a top priority, many organizations are not prepared to deal with attacks. Automotive and banking meanwhile have been cited as the two industries where the majority of experts have identified cybersecurity as vital to the organization.
16. The employment of information security analysts is estimated to grow 31% between 2019 and 2029.
Cybersecurity Bureau of Labor statistics suggest that the demand for information security analysts will increase along with the rise of online attacks. Employment of such professionals is projected to grow 56% in computer system design and related areas in the same period. One of the main drivers behind this is the adoption of cloud storage services and the rise of threats in cyberspace.
17. In the US, the unemployment rate for the cybersecurity industry is 0%.
The latest cybersecurity jobs statistics for the US indicate that, unlike many other professions, this one has a shortage of experts — out of 942,000 positions, 521,000 remain unoccupied. When you add the median salary of $99,730 annually into the mix, this is an extremely lucrative career choice.
18. 88% of organizations have spent more than $1 million on GDPR compliance.
GDPR targets the better protection of personal data. Although not one of the solutions to cybercrime, it most definitely is pre-enabler. It, however, has proven costly — 40% of organizations have spent over $10 million to ensure GDPR compliance.
19. 77% of organizations don’t have a cybersecurity incident response plan.
Cybersecurity stats show that many of these organizations don’t fear cyberattacks. One of the reasons is that they see themselves as too small to be targeted.
20. Due to COVID-19, cybercrime is on the rise by 600%.
The number of cybersecurity incidents rose as the pandemic hit harder. Some of those involve cybercriminals posing as representatives from the CDC or WHO, trying to trick recipients by making them click suspicious links and malicious attachments.
21. In 2021, data breach costs rose from $3.86 million to $4.24 million.
One of the legacies of the pandemic word would be the increase in costs of data breaches. This significant growth represents the highest average cost in the 17 years. On top of that, one other important moment defined cybersecurity trends — remote work. The average cost of a breach was $1.07 million higher where remote work was a factor in causing the incident.
22. Half a million Zoom user accounts ended up on the dark web recently.
The video conference platform is making it a habit to allow data breaches to go unchecked. For reference, in a recent data breach, 530,000 accounts ended up on sale on dark web hacker forums. The hackers seem to use a more sophisticated attack called credential stuffing which involves usernames and passwords obtained from a previous attack.
23. WannaCry ransomware was the biggest cyberattack recorded, hitting over 230,000 computers globally.
WannaCry is malicious ransomware used to extort money for data that criminals steal. This major internet attack started in 2017 when the ransomware spread through a weakness in Microsoft Windows. Some of the first companies to come under attack were Spain’s Telefonica and thousands of NHS hospitals and surgeries. It subsequently spread beyond Europe to affect 150+ countries. The losses from this cyberattack cost approximately $4 billion worldwide.
24. The number of total DDoS attacks is estimated to reach 15.4 million by 2023.
One of the top trends in cybersecurity concerns Distributed-Denial-of-Service, or commonly known as DDoS. These attacks occur when multiple systems flood the bandwidth of a targeted system with traffic. Over 2018-2019 there was a 776% increase in these attacks between 100 Gbps and 400 Gbps and estimations show that their number might double by 2023, compared to 2018.
25. 36 billion records were compromised in the first three quarters of 2020.
Based on the cyberattack statistics by year, this was twice at the time, as the number of records exposed in the whole of 2019. Hacking or unauthorized access to networks, services, and systems was accountable for 64% of breaches, underscoring the importance of using VPN services for keeping online traffic and data safe.
26. In 2019, the ransomware numbers increased 820%.
Ransomware is a particular type of malicious software that holds data stolen from users as a hostage, while criminals ask for ransom in return. Cyber attack statistics show that ransomware damage costs for organizations were projected at around $20 billion in 2021.
27. Malware grew 358% through 2020.
The stats regarding the number of cyberattacks per year point to a significant increase in malware in 2020. Research from Deep Instinct shows that hundreds of millions of attempted attacks happened every day in 2020. Some malware was more prominent than others, so the distribution of Emotet malware (infrastructure of thousands of servers acting as a door opener for computers around the world) rose by an incredible 4,000% in 2020.
28. In 2016, hackers accessed Uber’s data and downloaded the personal information of 57 million users and drivers worldwide.
Uber’s CEO in 2016 announced that the company had lost a significant amount of data due to hacking activities. Although they apparently haven’t been able to steal trip locations, bank account numbers, credit card details, or similar, these criminals did download some personal info. Besides the info from users, according to hacking statistics, they did obtain names and driver’s license numbers of 600,000 drivers in the US.
29. In 2020, 67% of financial institutions registered an increase in cyberattacks.
More than any other industry, the financial sector was targeted for malware attacks in 2020. Namely, 25% of all malware attacks hit these institutions. Moreover, 26 of the financial enterprises suffered a destructive attack. On top of that, 79% of financial organizations confirmed that cybercriminals are becoming more sophisticated with more effective attacks.
Data Breach Statistics
30. Lack of multi-factor authentication was a reason behind the 99.9% of 1.2 million compromised Microsoft accounts in 2020.
A technique called password spraying is the main method used for hacking accounts and it involves taking easy-to-guess passwords and combining them with the list of usernames. Multi-factor authentication provides higher security in this context.
31. The total of data breaches in 2020 in the US reached 1,001.
It’s important to differentiate between data breaches and data exposure (leakage). So although there were 1,001 cases of recent security breaches, 155.8 million people suffered from data leakage.
32. The biggest data breach occurred in 2013 when over 3 billion Yahoo customers lost their personal information.
An attack of epic proportions such as the one that hit Yahoo in 2013, hasn’t happened since then. On this occasion, every single customer of the company lost their data, cybersecurity breach statistics reveal. The breach included accounts for email, Fantasy, Flickr, and Tumblr. Luckily, hackers didn’t steal any financial information, only usernames and passwords.
33. The data breach at Equifax cost the company at least $4 billion.
The credit bureau Equifax suffered a massive data breach in 2017 which compromised information about 143 million people. The breach sent the company’s shares plunging, wiping $4 billion of its market value.
34. Cybersecurity facts show that 89% of healthcare providers have suffered a data breach.
A study shows that healthcare is an industry highly susceptible to cyber threats. Besides many healthcare providers and organizations having experienced a data breach, 60% of business associates of healthcare organizations have also suffered the same. These breaches are costing the industry approximately $6.2 billion.
The Bottom Line
The latest trends in cybersecurity and emerging cybersecurity threats underscore the importance of keeping your data safe —both on a personal and a business level. Hopefully, these statistics have given you some ideas to devise a safety plan and what tools to use to that end.
What are the 4 types of cyberattacks?
An online attack may take different forms. But the majority of them come as one of these:
- Malware – Malicious software, used for the purpose of spying, like ransomware, virus, or worm. These corrupted codes bypass the network’s protection when a user clicks on a risky attachment or installs corrupted software.
- Phishing – This practice involves sending fraudulent communication through email or social media to the users. Cybersecurity facts show that its main aim is to retrieve personal data, particularly login information and credit card details.
- Hacking – Criminals earn a lot of money by gaining access to the IT systems of an organization through illegal means. Usually, the reason behind this is to obtain sensitive information.
- Data breach – Leaking data is easier today with the widespread use of smartphones or tablets. The nature of their storage makes them perfect for saving data, but also for data breaches.
How frequent are cyberattacks?
Based on the cybersecurity attacks statistics, the FBI reported an increase of 300% for cyberattacks since the start of the pandemic. On top of that, some stats from Security Magazine indicate that over 2,200 attacks occur each day. That translates into almost one cyberattack every 39 seconds.
What percentage of cyberattacks are phishing?
Based on the statistics about phishing, this form of attack is quite common. In fact, 94% of online attacks come from spam emails that criminals send to victims. In 2020, 96% of attacks involved a phishing email. An analysis of 55 million emails confirmed that one in 99 emails is a phishing attack. Then, 25% of these break into Office 365.
What is the most common cybercrime?
Cybercrime statistics from Statista reveal that the most common crime of this type in the US in 2020 was phishing. There were 241,342 complaints to the US Internet Crime Complaint Center. On top of that, there were 45,330 complaints about data breaches and 43,330 for identity theft.
How many cyberattacks happen per day?
Some statistics indicate that hacker attacks happen every 39 seconds on average. In 2018 there were 80,000 cyberattacks per day, with over 30 million attacks per year. Between 2019 and 2020, ransomware attacks increased 62% globally.
How big is the cybersecurity market?
Even back in 2004, the worth of the global cybersecurity market was $3.5 billion. However, this figure was projected to reach a spectacular $120 billion in 2017. Cybersecurity statistics meanwhile suggest that the market will keep growing to reach $1 trillion in 2021.
- Titan File
- Cybersecurity Magazine
- Cybersecurity Ventures
- Brand Essence Research
- Cybercrime Magazine
- Finances Online
- IT Governance
- RiskBased Security
- Helpnet Security
- Windows Central
- HIPAA Journal