Cybersecurity issues have long been a daily threat to businesses. Staying up-to-date on the latest cybersecurity statistics, trends, and facts helps you understand the risks and what you should be vigilant about.
The cybersecurity landscape is constantly changing, but it is obvious that cyber threats are becoming more serious and happening more frequently.
Here is a summary of some of the most interesting and alarming cybersecurity statistics for 2024:
- The yearly global cost of cybercrime is estimated to exceed $20 trillion by 2026. (Cybersecurity Ventures)
- 2,244 cyberattacks are happening every single day. (University of Maryland)
- 1.7 million ransomware attacks were happening every day in 2023. (Statista)
- 71% of organizations worldwide have been victims from ransomware attacks in 2023. (Cybersecurity Ventures)
- Organized crime is responsible for 80% of all security and data breaches. (Verizon)
- Ransomware attacks happen every 10 seconds. (InfoSecurity Group)
- 71% of all cyberattacks are financially motivated (followed by intellectual property theft, and then espionage). (Verizon)
and did you know that:
F-35 fighter jets face greater threats from cyber-attacks than from enemy missiles.
Source: Interesting Engineering ^
Thanks to its superior computing system, the F-35 stealth fighter jet is the most advanced plane in modern times. But its greatest feature becomes its greatest liability in a digitized world that’s under constant threat of cyber attack.
List of Statistics & Trends
Here is a list of the latest up-to-date cybersecurity statistics to help you understand what is happening in the field of infosec, as well as what to expect in 2024 and beyond.
The yearly global cost of cybercrime is estimated to exceed $20 trillion by 2026.
Source: Cybersecurity Ventures ^
As if the 2023 cost of cybercrime ($8.4 trillion) wasn’t staggering enough, experts predict that this figure will reach an eye-watering $20 trillion by 2026. This is an increase of almost 120%.
2024 prediction of global cybercrime damage costs:
- $8 Trillion per YEAR
- $666 Billion per MONTH
- $153.84 Billion per WEEK
- $21.9 Billion per DAY
- $913.24 Million per HOUR
- $15.2 Million per MINUTE
- $253,679 per SECOND
Cybercrime is expected to be up to 5 times more profitable than global transnational crimes combined.
The world will need to cyber-protect 200 zettabytes of data by 2025. This includes data stored on both public and private servers, cloud data centers, personal computers and devices, and Internet of Things items.
To put that into context, there are 1 billion terabytes per zettabyte (and one terabyte is 1,000 gigabytes).
The cybersecurity industry was worth over $222.6 billion in 2023.
Source: Statista ^
The cybersecurity market was estimated to be worth $222.6 billion in 2023. By 2027 it is forecasted to be a staggering $403 billion with a CAGR of 12.5%.
The need to protect computing platforms and data becomes more important as the world relies more on technology and digital assets. This is good news for the infosec industry and tech-minded job seekers.
There are 2,244 cyberattacks per day, equating to over 800,000 attacks per year. That’s almost one attack every 39 seconds.
Source: University of Maryland & ACSC ^
It’s hard to find up-to-date or fully accurate figures on this statistic, and the only reliable report dates back to 2003.
A Clark School study at the University of Maryland from 2003 is one of the first to quantify the near-constant rate of hacking attacks. The study found that 2,244 attacks happened daily, breaking down to almost one cyberattack every 39 seconds, and “brute force” was the most common tactic.
For 2024, we do not know the exact figure for the number of daily cyberattacks, but it will be significantly more than this report’s findings.
A more recent study from the Australian government’s Australian Cyber Security Centre (ACSC) agency found that between July 2019 and June 2020, there were 59,806 cybercrime reports (crimes reported, not hacks), which is an average of 164 cybercrimes per day or approximately one every 10 minutes.
The world will have 3.5 million unfilled cybersecurity jobs this year.
Source: Cybercrime Magazine ^
As the threat and cost of cybercrime ramps up, so does the need for experienced professionals to tackle the problem. There are 3.5 million cybersec-related jobs forecasted to be unfilled this year.
This is enough to fill 50 NFL stadiums and is equivalent to 1% of the US population. According to Cisco, back in 2014, there were only one million cybersecurity openings. The current cybersecurity rate for unemployment is at 0% for experienced individuals, and it’s been this way since 2011.
Malicious URLs from 2022 to 2023 have increased by 61%, equating to 255M phishing attacks detected last year.
Source: Slashnet ^
The massive 61% increase in malicious URLs from 2022 to 2023 equates to 255 million phishing attacks.
76% of those attacks were found to be credential harvesting which is the top cause of breaches. High-profile breaches of large organizations included Cisco, Twilio, and Uber, all of which suffered from credential theft.
Last year, the .com domain was the most common URL included in phishing email links to websites at 54%. The next most common domain was ‘.net’ at around 8.9%.
Source: AAG-IT ^
.com domains still reign supreme when it comes to being spoofed for phishing purposes. 54% of phishing emails contained .com links, while 8.9% of them had .net links.
The most commonly used brands for phishing are LinkedIn (52%), DHL (14%), Google (7%), Microsoft (6%), and FedEx (6%).
There were 1.7 million ransomware attacks every day, which means at total of 620 million ransomware attacks in 2023.
Source: Statista ^
Ransomware is a type of malware that infects a user’s computer and restricts access to the device or its data, demanding money in exchange for freeing them (using cryptocurrency because it is hard to trace).
Ransomware is one of the most dangerous hacks because it allows cybercriminals to deny access to computer files until a ransom is paid.
Even though 236.1 million ransomware attacks in six months is a huge amount, it still doesn’t compare with 2021’s colossal number of 623.3 million.
71% of organizations worldwide have been victimized by ransomware attacks.
Source: Cybersecurity Ventures ^
A huge number of organizations have experienced ransomware attacks. 71% of businesses have fallen victim. This is compared with 55.1% in 2018.
The average ransomware demand is $896,000, down from $1.37 million in 2021. However, organizations typically pay around 20% of the original demand.
A study conducted by the Poneman Institute claims cyber attacks against US hospitals increase mortality rates.
Source: NBC News ^
Two-thirds of respondents in the Ponemon study who had experienced ransomware attacks said the incidents had disrupted patient care. 59% found they increased the length of patients’ stays, leading to strained resources.
Almost 25% said the incidents led to increased mortality rates. At the time of the study, at least 12 ransomware attacks on US healthcare affected 56 different facilities.
Did you know that in September 2020, the Duesseldorf University Clinic in Germany was hit by a ransomware attack that forced staffers to direct emergency patients elsewhere. The cyberattack took down the entire IT network of the hospital, which led to doctors and nurses who were unable to communicate with each other or access patient data records. As a result, a woman seeking emergency treatment for a life-threatening condition died after she had to be taken over an hour away from her hometown because there wasn’t enough staff available at local hospitals.
The breakout trend of 2022 was the rise in zero-hour (never seen before) threats.
Source: Slashnet ^
54% of threats detected by SlashNext are zero-hour attacks. This marks a 48% increase in zero-hour threats since the end of 2021. The increase in the number of detected zero-hour attacks shows how hackers are paying attention to what is effective and what gets stopped.
A network or data breach is the top security breach to impact an organization’s resilience and accounts. 51.5% of businesses were affected in this way.
Source: Cisco ^
While network and data breaches are the top types of security breaches, network or system outages come in a close second, with 51.1% of businesses affected. 46.7% had experienced ransomware, 46.4% had a DDoS attack, and 45.2% had accidental disclosure.
The biggest data breach in 2023 was the DarkBeam data leak where 3.8 billion personal records were exposed.
Source: CS Hub ^
More than 3.5 billion of login credentials were leaked online by Russian hackers after a database was left unprotected. The leak was discovered on September 18 by the CEO of cyber security news site SecurityDiscovery, Bob Diachenko, who alerted DarkBeam to the leak.
In July 2022, Twitter confirmed the data from 5.4 million accounts had been stolen.
Source: CS Hub ^
In July 2022, a hacker stole email addresses, phone numbers, and other data from 5.4 million Twitter accounts. The hack resulted from a vulnerability discovered back in January 2022 that Twitter subsequently ignored.
Other high-profile attacks included the attempted sale of 500 million stolen Whatsapp user details on the dark web, more than 1.2 million credit card numbers leaked on the hacking forum BidenCash, and 9.7 million peoples’ information stolen in a Medibank data leak in Australia.
Over 90% of malware comes through email.
Source: CSO Online ^
When it comes to malware attacks, email remains the favorite distribution channel of hackers. 94% of malware is delivered via email. Hackers use this approach in phishing scams to get people to install malware onto networks. Nearly half of the servers that are used for phishing reside in the United States.
30% of cyber security leaders say they can’t hire enough staff to handle the workload.
Source: Splunk ^
There’s a talent crisis within businesses, and 30% of security leaders say there’s insufficient staff to handle an organization’s cyber security. Furthermore, 35% say they cannot find experienced staff with the right skills, and 23% claim both factors are a problem.
When asked how they plan to tackle the issue, 58% of security leaders chose to increase funding for training, while only 2% picked to increase the use of cybersecurity tools with artificial intelligence and machine learning.
Nearly half of all cyberattacks target small businesses.
Source: Cybint Solution ^
While we tend to focus on cyber attacks on Fortune 500 companies and high-profile government agencies, Cybint Solutions found that small businesses were the target of 43% of recent cyber attacks. Hackers find that many small businesses haven’t adequately invested in cyber security and want to exploit their vulnerabilities for financial gain or to make political statements.
Malware emails in Q3 2023 rose to 52.5 million and accounted for a 217% increase compared to the same period the previous year (24.2 million).
Source: Vadesecure ^
When it comes to malware attacks, email remains the favorite distribution channel of hackers. 94% of malware is delivered via email. Hackers use this approach in phishing scams to get people to install malware onto networks. The method of choice for most malware attacks is impersonating well-known brands, with Facebook, Google, MTB, PayPal, and Microsoft being the favorites.
On average, a malicious Android app was published every 23 seconds in 2023.
Source: G-Data ^
The number of malicious apps for Android devices has decreased by a significant amount. From January 2021 to June 2021, there were around 700,000 new apps with malicious code. This is 47.9% less than the first half of 2021.
One of the key reasons for the 47.9% drop in malicious apps for Android devices has been the ongoing conflict in Ukraine. Another reason is that cybercriminals are targeting other devices, such as tablets and Internet of Things items.
On average, a malicious app was published every 23 seconds in 2023. In 2021 a malicious app was published every 12 seconds, which is a huge improvement. Malicious app development could remain lower or rise significantly depending on how things play out between Russia and Ukraine.
Last year, the average cost of a data breach attack reached $4.35 million. This is an increase of 2.6% from the previous year.
Source: IBM ^
While data breaches are serious and cost businesses millions of dollars, it’s not the only problem they need to watch out for. Cybercriminals also have their attention on attacking SaaS (software as a service) and standalone 5G networks.
Selling cybercrime as a service is set to boom on the dark web, as are data-leak marketplaces where all of that stolen data ends up – for a price.
To add to the misery, the increased risks mean that cyber insurance premiums are set to soar, with premiums predicted to reach record levels by 2024. Additionally, any business suffering from a large security breach will face an equally large fine for not keeping its security tight enough.
In 2021, the FBI sub-division IC3 received a massive 847,376 internet crime complaints in the US, with $6.9 billion in losses.
Source: IC3.gov ^
Since the IC3 annual report began in 2017, it has amassed a total of 2.76 million complaints totalling $18.7 billion in losses. In 2017 the complaints were 301,580, with losses of $1.4 billion. The top five crimes recorded were extortion, identity theft, personal data breach, non-payment or delivery, and phishing.
Business email compromise accounted for 19,954 of the complaints in 2021, with adjusted losses of almost $2.4 billion. Confidence or romance scams were experienced by 24,299 victims, with a total of over $956 million in losses.
Twitter continues to be a key target for hackers after users’ data. In December 2022, 400 million Twitter accounts had their data stolen and put up for sale on the dark web.
Source: Dataconomy ^
The sensitive data included email addresses, full names, phone numbers, and more, with many high-profile users and celebrities included in the list.
This comes after another huge zero-day attack in August 2022, where over 5 million accounts were compromised, and the data was put up for sale on the Darkweb for $30,000.
In 2020 130 high-profile Twitter accounts were hacked, including the account of the current Twitter CEO – Elon Musk. The hacker gained around $120,000 in Bitcoin before scarpering.
Organized crime is responsible for 80% of all security and data breaches.
Source: Verizon ^
Despite the word “hacker” conjuring up images of someone in a basement surrounded by screens, the vast majority of cybercrime comes from organized crime. The remaining 20% consists of system admin, the end user, nation-state or state-affiliated, unaffiliated, and “other” persons.
One of the world’s largest security firms admits it was the victim of a sophisticated hack in 2020.
Source: ZDNet ^
The hack of IT security firm FireEye was quite shocking. FireEye consults with government agencies to improve the security of networks that store and transmit data related to U.S. national interests. In 2020, brazen hackers breached the company’s security systems and stole tools that FireEye uses to test government agency networks.
83% of businesses were exposed to phishing in 2023.
Source: Cybertalk ^
Phishing is the number one tactic that hackers use to get the data that they need for larger-scale attacks. When phishing is customized for a targeted person or company, the method is called “spear phishing,” and around 65% of hackers have used this type of attack.
Around 15 billion phishing emails are sent daily; this number is expected to rise by a further 6 billion in 2023.
According to Proofpoint’s “State of the Phish” report, there is a severe lack of cybersecurity awareness and training that needs to be addressed.
Source: Proofpoint ^
From a survey conducted with 3,500 working professionals across seven countries, only 53% could correctly explain what phishing is. Only 36% correctly explained ransomware, and 63% knew what malware is. The rest either said they didn’t know or got the answer wrong.
When compared to the previous year’s report, only ransomware had gained an increase in recognition. Malware and phishing dropped in recognition.
This proves that business owners really need to step up and implement training and awareness throughout their organizations. 84% of U.S. organizations said security awareness training had reduced phishing failure rates, so this shows it works.
Only 12% of organizations that allow corporate access from mobile devices use a Mobile Threat Defense solution.
Source: Checkpoint ^
Remote working has exploded in popularity bus organizations aren’t taking steps to protect their employees.
Considering that 97% of US organizations have faced mobile threats, and 46% of organizations have had at least one employee download a malicious mobile application, it seems unthinkable that only 12% of businesses have deployed security measures.
Furthermore, only 11% of organizations claim they don’t use any methods to secure remote access to corporate applications from a remote device. Nor do they carry out a device risk check.
In one of the largest data breaches reported in 2022, 4.11 million patient records were affected by a ransomware attack on the printing and mailing vendor OneTouchPoint.
Source: SCMedia ^
30 different health plans were targeted, with Aetna ACE bearing the brunt with over 326,278 compromised patient records.
Medical records are top-of-mind for hackers. Financial records can be canceled and reissued when cyberattacks are discovered. Medical records stay with a person for life. Cybercriminals find a lucrative market for this type of data. As a result, healthcare cybersecurity breaches and theft of medical records are expected to increase.
One out of three employees is likely to click on a suspicious link or email or comply with a fraudulent request.
Source: KnowBe4 ^
The Phishing by Industry Report that KnowBe4 published stated that a third of all employees failed a phishing test and are likely to open a suspicious email or click on a dodgy link. The education, hospitality, and insurance industries are most at risk, with insurance having a 52.3% failure rate.
Shlayer is the most prevalent type of malware and is responsible for 45% of attacks.
Source: CISecurity ^
Shlayer is a downloader and dropper for MacOS malware. It’s typically distributed via malicious websites, hijacked domains, and posing as a fake Adobe Flash updater.
ZeuS is the second most prevalent (15%) and is a modular banking trojan that uses keystroke logging to compromise victim credentials. Agent Tesla comes in third (11%) and is a RAT that logs keystrokes, captures screenshots, and withdraws credentials via an infected computer.
60% of businesses that experience ransomware attacks pay the ransom to get their data back. Many pay more than once.
Source: Proofpoint ^
Even though security agencies globally warned businesses to increase their online security, ransomware still managed to wreak particular havoc in 2021. Government and critical infrastructure sectors were particularly hard hit.
According to Proofpoint’s 2021 “State of the Phish” survey, over 70% of businesses dealt with at least one ransomware infection, with 60% of that amount actually having to pay up.
Even worse, some organizations had to pay more than once.
Ransomware attacks are common, and the lesson here is that you should expect to be the target of a ransomware attack; it’s not a matter of if but when!
In the US, the FTC (Federal Trade Commission) received 5.7 million total fraud and identity theft reports in 2021. 1.4 million of those were consumer identity theft cases.
Source: Identitytheft.org ^
Online fraud cases have increased by 70% since 2020, and the losses from identity theft cost Americans $5.8 billion. It is estimated that there is an identity theft case every 22 seconds and that 33% of Americans will experience identity theft at some point in their lives.
Credit card fraud is the most commonly attempted type of identity theft, and while it may cost you thousands, you’ll be shocked to hear that the average price for your data is only $6. Yep, that’s just six dollars.
Each time individuals have access to your personal data, you’re at risk of identity theft. Thus, you want to ensure that you’re always being smart with your data and protecting it from any potential hackers. You want to reduce any situation that may expose you and your personal data.
The United States suffers the most data breaches by location and receives 23% of all cybercrime attacks.
Source: Enigma Software ^
The United States has comprehensive breach notification laws, which drive up the number of reported cases; however, its 23% share of all attacks towers over China’s 9%. Germany is third with 6%; the UK comes fourth with 5%, then Brazil with 4%.
What are the emerging trends in Cybersecurity for the next 5-10 years?
Source: ET-Edge ^
- Revolutionizing Defense with AI and ML: Integrating Artificial Intelligence and Machine Learning is not just an upgrade; it’s a complete transformation of our cyber defense mechanisms. These cutting-edge technologies will become the cornerstone of cybersecurity, offering real-time detection and response capabilities that are smarter, faster, and more efficient than ever before.
- Quantum Computing: A Double-Edged Sword: As we enter the era of quantum computing, we face a paradox of progress. While quantum computing presents remarkable opportunities, it simultaneously poses a grave threat to existing encryption methods. Preparing for this quantum leap is no longer optional but critical for cybersecurity strategies in the coming decade.
- Securing the IoT Ecosystem: The Internet of Things is set to expand dramatically, weaving an intricate web of interconnected devices. From smart homes to industrial systems, the security of these networks will be paramount. The next decade will witness a surge in the development of robust security standards, advanced authentication protocols, and regular software updates, all aimed at fortifying the IoT against sophisticated cyber threats.
The journey into the future of cybersecurity is not just about staying ahead of threats; it’s about redefining our approach to digital security in an ever-connected world.
Questions & Answers
Wrap Up
Cybersecurity is a big issue, and it’s only getting bigger. As phishing attempts, malware, identity theft, and huge data breaches increase daily, the world is looking at an epidemic that will only be solved with worldwide action.
The cybersecurity landscape is changing, and it is obvious that cyber threats are becoming more sophisticated and harder to detect, plus they’re attacking with more frequency.
Everyone needs to do their part to prepare and combat cybercrimes. That means making INFOSEC best practices routine and knowing how to handle and report potential cyber threats.
Don’t miss this list of the best YouTube channels to learn about Cybersecurity.
Sources – References
- https://www.hornetsecurity.com/en/press-releases/cyber-security-report-2024/
- https://interestingengineering.com/cyber-attacks-more-likely-to-bring-down-f-35-jets-than-missiles
- https://www.statista.com/statistics/1280009/cost-cybercrime-worldwide
- https://www.statista.com/outlook/tmo/cybersecurity/worldwide.
- https://cybersecurityventures.com/stats
- https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report
- https://www.cisco.com/c/dam/en/us/products/collateral/security/security-outcomes-vol-3-report.pdf
- https://aag-it.com/the-latest-2022-phishing-statistics-updated-october/
- https://www.statista.com/statistics/494947/ransomware-attacks-per-year-worldwide/
- https://www.statista.com/statistics/204457/businesses-ransomware-attack-rate/
- https://venturebeat.com/security/report-ransomware-attack-frequency-and-amount-demanded-down-in-h1
- https://www.nbcnews.com/tech/security/cyberattacks-us-hospitals-mean-higher-mortality-rates-study-finds-rcna46697
- https://www.cshub.com/attacks/articles/the-biggest-data-breaches-and-leaks
- https://www.splunk.com/en_us/pdfs/gated/ebooks/state-of-security-2022.pdf
- https://www.vadesecure.com/en/blog/q3-phishing-and-malware-report
- https://www.govtech.com/security/hacking-top-ten.html
- https://venturebeat.com/security/report-average-time-to-detect-and-contain-a-breach-is-287-days/
- https://us.norton.com/blog/emerging-threats/cybersecurity-statistics#
- https://www.gdata-software.com/news/2023/08/37506-g-data-mobile-security-report-conflict-in-ukraine-causes-decline-in-malicious-android-apps
- https://www.ibm.com/reports/data-breach
- https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf
- https://dataconomy.com/2023/12/twitter-data-breach-400-million-user-hacker/
- https://www.cybertalk.org/2023/03/30/top-15-phishing-attack-statistics-and-they-might-scare-you/
- https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-state-of-the-phish.pdf
- https://www.enigmasoftware.com/top-20-countries-the-most-cybercrime/
- https://identitytheft.org/statistics/
- https://www.accountingtoday.com/news/average-price-of-stolen-digital-data-6-bucks-says-study
- https://www.scmagazine.com/feature/breach/most-of-the-10-largest-healthcare-data-breaches-in-2023-are-tied-to-vendors
- https://www.verizon.com/business/blog/resources/reports/dbir/2020/results-and-analysis/
- https://blog.checkpoint.com/2022/02/02/the-2022-workforce-security-report/
- https://www.knowbe4.com/typ-phishing-by-industry-benchmarking?submissionGuid
- https://www.cisecurity.org/insights/blog/top-10-malware-march-2022
If you want more statistics, check out our 2024 Internet statistics page here.