We may earn a small commission if you choose to purchase from our links (at no extra cost to you!)
Cybersecurity Statistics
Cybercrimes and the lack of cybersecurity are becoming more of an issue than ever before. Throughout the years it seems there are only more cybercrimes and data breaches happening every day. These attacks are directed towards large organizations (such as Facebook) and individuals like me and you.
Most companies have been found to have some level of unprotected sensitive data, additionally, most have weak spots in their cybersecurity. This makes companies and those who rely on those companies vulnerable to data breaches. Companies need to find successful ways to protect themselves from these breaches, this means they need to focus and improve on their current cybersecurity practices.
It’s estimated that the total damage that’s related to cybercrime will reach ~$6 trillion by the year 2023 (Cybersecurity Ventures).
Knowing the facts and statistics will give you a glimpse of the current cybercrime situation, understanding the situation will help you protect yourself and others from cybercrimes. The statistics below include hacking statistics, data breaches, types of cybercrime, and more. Without further ado here are the stats!
General Cyber Security Statistics
- The average cost of a malware attack on a company is around $2.4 million
- Damage from cybercrime is predicted to be around $6 trillion dollars annually by the year 2021.
- The average cost per stolen/lost record per person is $141. This varies depending on the location. In the United States, the average cost per stolen/lost record is $225 and in Canada, it’s $190
- Damage related to ransomware surpassed $5 billion in 2017.
- The most expensive aspect of a cyber attack is the loss of information which is ~43% of the cost.
- The average cost of a global cybercrime increase by more than 27% in 2017.
- Worldwide spending on cybersecurity is expected to exceed $130 billion in 2021 (Gartner)
- In the first half of 2019 data breaches exposed 4.1 billion records. (RiskBased)
- The cost of the Equifax breach was reported to be $4 billion.
- 25% of data breaches were motivated by espionage and 71% were financially motivated. (Verizon)
Cybercrime during the COVID-19 Pandemic increase 600%. The pandemic has caused intricate phishing emails to come up all around people’s mailboxes. Hackers are acting like the CDC (Center for Disease Control and Prevention) and even WHO (World Health Organization).
Cyber Security Attacks & Breaches Over The Years:
- 2007 – TJ Maxx reported 94 million records compromised
- 2010 – Over 77 million records of Sony’s PlayStation Network was compromised
- 2011 – Sony Online Entertainment was said to have over 24 million records compromised
- 2013 – Criminals hacked Yahoo’s 3 billion emails, gaining access to personal information
- 2014 – Cyber criminals accessed 145 million eBay accounts.
- 2014 – JPMorgan Chase was said to have 76 million households and 7 million small business accounts compromised. The Cybercriminals gained access to names, addresses, emails, and phone numbers.
- 2016 – It was said that 412.2 million FriendFinder Network accounts were compromised. Hackers gained access to names, email addresses and even passwords.
- 2016 – Once again 1 billion Yahoo accounts were compromised.
- 2017 – One of the biggest U.S. credit bureaus; Equifax reported having had 143 million accounts compromised. The information leaked was very sensitive as it leaked SSNs, addresses, driver licenses, and birth dates.
- 2017 – Nearly 200 million voters information was leaked from Deep Root Analytics.
- 2018 – Quora was hacked and criminals accessed information of over 100 million users.
- 2018 – 340 million Exactis accounts were compromized by an unknown marketing firm. This breach included very sensitive information such as names, addresses, habits, children, phone numbers, etc.
- 2019 – An individual hacked into a server that holds customer information for Capital One. This lead to over 100 million accounts being compromised.
- 2019 – Over 500 million Facebook accounts were compromised on the Amazon cloud servers.
- 2020 – 500,000 Zoom passwords were stolen and available for sale on the dark web.
Network Security Vulnerabilities
“A network security vulnerability is a weakness or flaw which can be exploited by a malicious actor to perform unauthorized actions within a computer system.” – Purplesec.us
Ransomware Statistics
Ransomware is a type of malware that encrypts all files of the victim’s computer. After encrypting, they demand a ransom payment from the victim in order to restore their files.
- A ransomware attack will happen every 11 seconds by 2021
- Windows systems are the most target as they get 85% of the attacks
- 65% of ransomware infections are received through phishing.
- Ransomware attacks grew by 350% since 2018
- The average damage that a ransomware attack caused was $133,000 in 2019.
- Ransomware costs businesses $75 billion a year
- 40% of ransomware victims paid the ransom fees
- Ransomware attacks are projected to cost around $6 trillion annually in 2021
- Over 50% of ransom fees were paid in BTC (Bitcoin)
- Over a million phishing websites are created monthly
- It’s estimated businesses lost over $8000 per hour of downtime caused by ransomware attacks.
- 10% of ransomware demands were over $5000
- $5 million dollars (plus 2.7 million went to emergency consultants and crisis managers) was spent rebuilding the computer network in Atlanta, Georgia, after being affected by the SamSam attack of 2018.
- 51% of businesses have been affected by ransomware in the past year.
- It’s estimated FexEx (TNT) lost around $300 million in 2017 from the NotPetya attack.
Malware Statistics
Malware comes from malicious software, it’s a term used to cover the following; viruses, trojans, worms, adware, file-less malware, hybrid attacks, or spyware. used to gain critical information and ultimately destruction. (Source) (Source 2)
- The number of malware infections has been growing significantly over the years…
- 2010 – 29.9 million total malware
- 2011 – 65.3 million total malware
- 2012 – 99.7 million total malware
- 2013 – 182.9 million total malware
- 2014 – 326 million total malware
- 2015 – 470 million total malware
- 2016 – 597.5 million total malware
- 2017 – 718.2 million total malware
- 2018 – 856.6 million total malware
- 2019 – 1001.5 million total malware
- 2020 – 1139.2 million total malware
- 2021 – 1145.7 million total malware (currently on-going)
- 51% of all malware are Trojans
- 92% of malware are spread by email
- 18% of healthcare devices are being infected with malware.
- Android devices are 98% of mobile malware targets
- Over 300,000 new malware programs are made daily. This is expected to increase.
- Over 20 million sites are infected with malware each weak.
- 90% of financial institutions said to have been targeted by malware.
- Third-party app stores distribute over 99% of all mobile malware.
Cryptojacking Statistics
Cryptojacking (a malicious form of cryptomining) is when cybercriminals access either business or personal devices (it can also be installed on websites) and install special mining software. The software then uses the computer’s resources and electricity to mine cryptocurrency or just steal the victim’s crypto wallets. It’s fairly easy to pull off using JavaScript and can be fairly rewarding in the end, but only for the cybercriminal. (Source) (Source 2)
- Cryptojacking increased by 450% during 2018
- There have been reported to be more than 33,000 websites running a crypto-mining script.
- Cryptojacking peaked around December 2017 into early January 2018, then over 8 million cryptojacking actions were blocked by Symantec.
- There are 6 active mining networks including CoinHive. Some of these networks say they are good for malicious purposes.
- It takes roughly about 5-10 times longer to load an application while a computer is used for crypto mining.
- It’s estimated that the hacker’s profit over 150,000 per month.
- It’s predicted that 25% of the WordPress plugins on Alexa’s most popular sites are flagged with crucial vulnerabilities. This means that they could mining crypto discreetly.
- 1 billion monthly visits are estimated to visit these types of websites.
Phishing Statistics
Phishing is a form of malicious activity. The hacker then randomly sends emails to many people in hopes of tricking people into giving them their sensitive information. This includes names, bank details, addresses, and more. (Souce) (Source 2)
The infographic above shows the most common type of phishing emails. Watch out!
- Fake invoices are the most common way of being tricked by phishing:
- Bill – 15.9%
- Email delivery error – 15.3%
- Law-related – 13.2%
- Document – 11.5%
- Package related – 3.9%
- The most common file types found within phishing emails:
- Office ( .docx, .doc, xls) – 38%
- Archive ( .zip, .rar, .tar, 7z) – 37%
- PDF ( .pdf) – 14%
- Other Extensions – 6%
- Binaries – 4%
- JS/HTML/XML – 1%
- Only about 3% of users reported phishing emails to others
- 85% of organizations reported having encountered a phishing attack at least one time
- It’s said that 78% of users understand the risks with malicious looking emails, but they still click. This is most likely due to curiosity
- 97% of people are unable to tell the difference between an authentic email vs a sophisticated malicious email
- Mobile attacks differ from attacks done on desktops. Mobile phishing attacks also tend to come with more issues
- Over 80% of mobile phishing attacks were executed outside of the email application
- It’s estimated that there are 1.5 million new phishing domains are established monthly.
- The percentage of ransomware found within phishing emails rose to 97.5% in 2016
- Over 500 data breaches were reported in the USA in the first half of 2020
- It’s predicted that the global information security mark is going to reach 170.4 billion in 2022
- 1 in 8 employees share information found on a phishing site
- It’s said that there were over 60,000 phishing sites in March 2020
- In 2020, 22% of data breaches were connected to phishing attacks
Data Breach Statistics
A data breach is a situation in which sensitive or private information is released unintentionally without authorization. Any size of a company can be targeted and impacted by a data breach. (Source)(Source 2)
- The worldwide average cost of a data breach (# in millions USD)
- 2014 – $3.50
- 2015 – $3.79
- 2016 – $4.00
- 2017 – $3.62
- 2018 – $3.86
- 2019 – $3.92
- 2020 – $3.86
- Cost of a data breach by country or region (# in millions USD)
- United States – $8.19
- Middle East – $5.97
- Germany – $4.78
- Canada – $4.44
- France – $4.33
- United Kingdon – $3.88
- Japan – $3.75
- Italy – $3.52
- The average total cost of a data breach by industry (# in millions USD)
- Health – $6.45
- Financial – $5.86
- Energy – $5.60
- Industrial – $5.20
- Pharma – $5.20
- Technology – $5.05
- Education – $4.77
- Main causes of data breaches within small businesses:
- Third-party accident – 41%
- Error in system
- Malicious insider – 5%
- Unknown reasons
- External criminal attacks – 27%
- Negligent employee or contractor – 48%
- Other – 2%
- The average time to identify and contain a break is 280 days
- The average size of a data breach is 25,575 records
- The average price per lost record is $150
- 63% of successful data breaches originated from internal members
- Targeted emails, also known as spear phishing is reported by businesses to be used in 91% of successful data breaches.
- 33% of data breaches involved social engineering
- 43% of data breaches were associated with small businesses
- On average every employee had access to over 17 million files with
- Email compromises cost $24,439 on average
- It’s predicted that 29.6% of companies will have experienced a data breach within the next two years
- Companies who’ve lost over 50,000 records due to a data breach are down an average of $6.3 million
- In 2018, the financial sector experienced 137 breaches that exposed 1.7 million accounts
- 67% of costs happen in the first year of a data breach
- A data breach cycle that lasts under 200 costs $1.2 million less than a data breach cycle that lasts over 200 days.
- Breaches caused a customer turnover rate of 3.9% in 2019
Social Engineering Statistics
Social engineering is the skill or art of manipulating individuals into giving up sensitive information. The type of information the hackers are looking for can change depending on the scenario. Those who can be affected by a social engineering attack can range from any age to any status. Even those who are the most experienced can be victims of this attack.
- 55% of all emails sent out are said to be spam (Symantec)
- 91% of attacks by modern cybercriminals originate from emails (Mimecast)
- Social engineering stole over $5 billion globally from 2013-2016 (PhishMe)
- 3% of malware tries to exploit a technical flaw within a system. The remaining 97% targets users through social engineering methods (KnowBe4)
- 98% of cyber attacks rely on social engineering to be successful (Purplesec)
- The most prominent emotional motivators behind successful phishes are rewards, recognition, social, and entertainment (PhishMe)
- 43% of IT professionals say they have been targeted by social engineering schemes (Purplesec)
- There was more than a 500% growth in social engineering attempts from the first to the second quarter of 2018 (Purplesec)
- The number of breach occurrences by type: (Purplesec)
- Identity theft – 65%
- Account access – 17%
- Financial access – 13%
- Nuisance – 4%
- Existential data – 1%
- The number of breach occurrences by source: (Purplesec)
- Malicious outsider – 56%
- Accidental loss – 34%
- Malicious insider – 7%
- Hacktivist – 2%
- Unknown – 1%
Cybersecurity Statistic FAQ
Here are some of the most commonly asked questions regarding cybercrimes and cybersecurity with answers.
How Many Cyber Attacks Happen Daily?
In 2018 there were over 30 million cyber attacks in the year so around 80,000 attacks per day.
What's A Cyber Risk?
Cyber risk is the ‘risk assessment‘ that is assigned to a certain type of cyber threat. Examples of cyber threats are data breaches, DDoS attacks, malware. phishing and much more. A measure of cyber risk can be both quantitative or qualitative.
What's A Cyber Threat?
A cyber threat is essentially a possibility of a cyber attack. Looking at the cyber risks can give you a better understanding of how probable an attack is.
What Does Cyberspace Mean?
Cyberspace is the virtual environment that is made up of computer networks and systems. This is where all computers talk to each other using networks and all networks are connected to one another. The term first appeared in sci-fi during the ’80s and starting gaining popularity in the ’90s. Currently, computer vendors are trying to rebrand cyberspace as the “Internet of Things”.
What's Malware?
Malware, a term taken from malicious software is often made by a group of hackers. Malicious software refers to software that is destructive, intrusive to computers. They’re usually looking to make some money, this can be done by spreading the malware by themselves or selling it to the highest bidder.
Sometimes, malware can be used for other reasons such as protesting, testing the security of a software or system, or even weapons against governments. (read more)
Malware has many forms, not just one. The types of malware are computer viruses, trojans, spyware (this includes adware and tracking), botnets, worms, and other programs.
For those who are more curious here a good website with more in-depth questions and answers!