How can cyber attacks be prevented? After all, the way things are looking right now, we have a lot to worry about as we become more dependent on the many connected devices we use in the different aspects of our lives. And with smart fridges, smart cars, smartphones, and other smart operating systems in our homes and on our work computers, we really need to take a look at what’s in store for us.
In the following cyber attack statistics, you will see how many attacks are caused by exploiting weak spots in your system and how many rely on tricking you with more old-fashioned tactics. You’ll see the threats small and mid-sized businesses face and the whopping losses of even the most protected enterprises.
You’ll also learn about why cybercrime is becoming the most profitable type of crime in general, especially considering the low risk of prosecution. What emerging types of cyber attacks can harm your software and your hardware, how many hacks happen in a day, and what can you do about it?
These stats mostly cover the years 2018 and 2019, with some reflections on the past 3–4 years, for reference and to give you a sense of scale. If you plan to stay safe, you’ll need to know what to keep an eye out and how to arm yourself with the most reliable tools.
Top 5 Cyber Attack Stats to Remember
43% of cyber attacks target small businesses
There is a cyber attack every 39 seconds
In the next 5 years, cybercrime can cost companies up to $5.2 trillion
91% of cyber attacks start as a spear phishing email
More than 75% of the healthcare industry was infected by malware cyber attacks in the last year
1. In terms of cyber attack frequency, hackers attack our devices every 39 seconds.
A recent study by the Clark School at the University of Maryland informed us of this alarming data. This is one of the first attempts at quantifying the nearly constant rate of online attacks.
2. Computers are attacked 2,244 times a day.
Luckily, even with a large number of cyber attacks per day, most of them are unsuccessful. Michel Cukier, Clark School assistant professor of mechanical engineering, and his two assistants came up with this figure. They learned that most attacks involved relatively unsophisticated “dictionary scripts,” or a brute force attempt at logging in with common usernames and passwords.
3. Over 400 million adults across 24 countries experienced cybercrime over a 12-month period.
The number of cyber attacks per year was determined in a 2017 Norton cybercrime study. The study also concluded that 40% of users don’t have the appropriate software security.
4. By 2022, there will be around 6 billion internet users (75% of the projected world population).
According to Cybersecurity Ventures, there are expected to be over 7.5 billion internet users by 2030 (90% of the projected world population of 8.5 billion, six years old or older). This leaves a huge number of vulnerable people, likely resulting in an increase in cyber attacks in the near future.
5. By 2020 there will be roughly 200 billion connected devices.
A 2019 Symantec report came up with this mind-blowing figure. That’s 26 smart devices per human being on this earth (not counting the current, and probably future, distribution of wealth, of course).
6. Only 38% of global organizations claim they’re properly prepared to handle a sophisticated cyber attack.
Take the following cyber attack statistics into account if you’re still unsure about just how discouraging this figure is: about 54% of organizations have experienced one or more significant attacks in the past year. Also, a Frost & Sullivan study commissioned by Microsoft revealed that the Asia Pacific companies can lose as many as $1.745 trillion to cybercrime.
7. 82% of respondents believe 2019’s new cyber threats will bring an increased risk of money and data theft via cyber attacks. 80% also expect an increase in operations disruptions.
This is no surprise if you consider the ways connected devices are becoming more and more integrated into our everyday lives. As many as two-thirds of respondents believed the number of fake news and identity theft cases will increase in 2019. These views of the current cyber threats show a distrust among the public of their personal safety, not to mention the honesty of their government.
8. The annual revenue for stolen trade secrets and IP theft is $500 billion.
Bromium derived this figure from two sources, namely, economic espionage revenue ($200 billion) and the cost of pirated music and films for the US ($300 billion). As we can see from the data breach that hit Sony, Netflix, and HBO, an attack can cost a company not only their confidential data and future viewership but also their jobs and reputations.
9. On September 25, 2018, 50 million user accounts on Facebook were compromised.
This vulnerability allowed hackers to access and then take over accounts. It turned out to be an unprecedented security issue for Facebook. In another instance of social media hacking, hundreds of Instagram accounts were taken over by hackers in August 2018.
10. The more common network attacks in Q2 of 2018 were server message block attacks (52%), denial of service attacks (13%), browser attacks (13%), and brute force attacks (9%).
According to a 2018 McAfee internet security threat report, these were the most common network attacks. The huge difference between the prominence of the first and third attacks is indicative of a run-of-the-mill trend present in cybercrime today. Not much effort is needed, it seems, to combat contemporary safety mechanisms and get results.
11. 43% of cyber attacks target small businesses.
When it comes to the types of cyber attacks affecting small businesses, the most common is micro malware, with online banking and ransomware attacks trailing close behind. Of these malware attack victims, 58% were categorized as small businesses in 2018. Almost half of the cyber attacks worldwide are directed at small businesses, as a majority of these companies have minimal visibility into their employees’ password practices.
12. Over 75% of the healthcare industry was infected by malware cyber attacks in 2018.
This Security Scorecard study examined 700 healthcare organizations and medical treatment facilities in their research. In addition, health insurance agencies and healthcare manufacturing companies were also included. In these kinds of attacks, millions of patients are put at risk and important operations are delayed—this urgency is probably what attracts criminals.
13. More than 90% of money mule activity has links to cybercrime activities.
Money muling refers to the transfer of illegally obtained funds between accounts on behalf of others. The stolen money often comes from phishing attacks, where an attacker sends emails while masquerading as a legitimate business; e-commerce fraud, where a cybercriminal uses stolen online bank or credit card information; credit card fraud; and other criminal activities.
Recent Cyber Attacks in 2018
14. Cisco’s Talos unit warns that 500,000 routers are networked for a cyber attack.
Cisco Inc.’s Talos cyber-intelligence unit announced in May 2018 that half a million routers from 54 countries have been infected by the malware that was previously detected in attacks on Ukraine. The allegedly state-sponsored attack uses VPNFilter, a sophisticated modular malware system.
15. One estimate suggests that energy utilities spent $1.7 billion protecting their systems from cyber-attacks in 2017.
In 2015, a suspected state-sponsored internet cyber attack left 230,000 people in the dark for hours on end. This only fueled fear in other countries. According to the 2019 Global Risk Report by Zurich Insurance, digitalization and the internet of things have increased the connectivity of the developed world’s infrastructure.
16. During 2018’s FIFA World Cup, Russia countered and stopped around 25 million cyber attacks on the IT Infrastructure.
The Russian government apparently saw this coming, and they strengthened the country’s cybersecurity services prior to the World Cup. These cyber attacks stats confirm that being over-prepared sometimes works when countering potential threats.
17. Over 140 international airlines were found to be affected by a major security breach.
The Amadeus ticket booking system—which is currently used by 141 international airlines and 44% of the global online reservation market—was compromised. Some of these major clients included Air Canada, Lufthansa, and United Airlines. Recent cyber attacks gave the criminals access to passengers’ names and all associated flight details.
18. A data leak through the Oklahoma government exposed 7 years worth of FBI investigations.
These recent attacks are an excellent example of why every company ought to invest more in protecting archived data. The oldest stolen data originated from 1986 and the most recent had been modified in 2016.
Cyber Attack Trends
19. In 2018’s Q2, over 40,000 new malware threats were discovered, according to a McAfee report.
There are so many threats our devices are already susceptible to—computer viruses, Trojans, worms, logic bombs, spyware, cryptomining malware—but there are so many new threats being developed. However, the most recent OS updates make adjustments based on these ever-increasing threat and the lessons learned from other recent attacks.
20. The total number of coinminer malware files grew by 86% in Q2 of 2018.
This amounts to more than 2.5 million new files added to the cyber attack database. The coin-mining malware is also considered the only cyber attack that can damage your hardware as well as your software. This attack can tax CPUs, shorten a device’s lifespan, run down your batteries, and even cause physical damage.
21. In Q2 of 2018, the top three malware threats connecting to control servers were GoScanSSH (52%), Wapomi (35%), and China Chopper (at only 4%).
One of the top kinds of current cyber security threats involves malware connecting to control servers, according to the 2018 McAfee report. GoScanSSH is a new strain of malware that has been targeting connected Linux-based SSH servers. And Wapomi is a cross-bred virus with Trojan-like behavior.
22. Over 30,000 new MacOS malware threats were detected in Q2, 2018, of the almost 450,000 total malware.
According to McAfee, the relatively strong defenses behind the MacOS make it challenging for a malware attack to persist long-term on Apple computers, even if they can get an initial foothold.
23. There were a bit under 2.5 million new mobile malware files in Q2 of 2018, and nearly 30 million total mobile malware.
Since users today spend twice as many minutes on their mobile devices than on their desktop, it’s safe to say that any self-respecting hacker will update their portfolio with mobile-targeting malware. This mobile-first user behavior was matched by mobile-targeting criminal activities, Smart Insights concluded.
24. 91% of cyberattacks start as a spear phishing email, commonly used to infect organizations with ransomware.
This kind of phishing is a sort of high-effort cybercrime compared to malware or ransomware. The attacker needs to research their victim in order to fool them with a fake email that looks like the real deal. A recent Trend Micro report estimated that around 1% of the emails an enterprise receives is a phishing attack.
In 2017, 76% of organizations claim that they have been targeted by phishing attacks. If you want to improve these phishing statistics, keeping your antivirus/antimalware software updated won’t cut it. You’d need to train your staff, a costly solution that still might not be entirely foolproof.
25. Only 15% of users claim they haven’t been exposed to email-based security threats.
Still, this observation is likely a touch generous with the truth, since we only know what those surveyed had observed. What makes someone an email attack victim is their very inability to recognize the infected emails before opening them.
26. 73% of internet security professionals claim the frequency of online email attacks is increasing, and 80% of organizations have faced some form of this type of attack in the past year.
The increase in attacks that target human beings as weak links instead of the devices they use is due to the strategy’s undeniable success. Symantec Security estimated that only 3% of malware is run via a hacker attack that exploits a technical flaw in a system. Social engineering is more resistant to anti-virus and anti-malware software. It also is not dependant on a specific operating system or any other particular type of device.
27. Large-scale DDoS attacks have increased by 500%, according to a Q2 2018 report.
Most DDoS attacks exploit botnets, thus adding to the level of cybercrime growth in a number of ways. According to Gartner, 33% of enterprises reported that one hour of downtime cost them $1–$5 million—so you can imagine how disastrous DDoS attacks can become. These attacks are increasingly used as smokescreens for ransomware attacks, data theft, IP theft, and an overall desire to drain a company of at least some of its resources.
The Cost of Cyber Attacks
28. McAfee found that the top countries hosting botnet control servers in 2018’s Q2 were the US at 36%, Germany at 14%, Russia and the Netherlands at 5%, and all others at 24%.
The actual criminals, their willing or unwilling accessories, and the potential for crime-as-a-service activities must all be taken into account when calculating the cyber attack statistics by country.
The millions of systems that are infected with malware and controlled by hackers are the results of multilayered criminal activities. While making your system an unwilling accessory to a crime is one thing, the crimes committed using a botnet are another. It’s these botnets that are usually used to commit DDoS attacks.
29. Cybercrime could cost companies up to $5.2 trillion over the next five years.
So here’s your answer if you’ve been asking, How much do cyber attacks cost? Around three years ago, The Wall Street Journal estimated that cybercrime had cost the US around $100 billion. Juniper Research estimated that global cybercrime will knock $2 trillion out of people’s pockets. And yeah, that’s trillion with a t. By 2020, over 300 billion passwords will require protection from cybercrime, leading to ever-increasing cyber security costs.
Still, the losses from successful attacks are only a part of the burden that individuals and companies have to bear. The annual prices of cybersecurity have been rising throughout the years. Venture capital funding totaled $5.3 billion in 2018, 20% more than in 2017.
30. For every cybercriminal that gets caught, 10,000 or more go free, according to CSO.
One of the most disturbing cyber attack statistics is that cybercriminals almost never get caught. If they live in countries with weak or non-existent cybercrime laws like Algeria, for example, cybercriminals can enjoy a passive income and know for a fact they won’t be punished. Even if a criminal is somehow prosecuted in a court of law, for every person that’s caught, 100 get off scot-free or with a warning.
31. The crime-as-a-service price per year for a DDoS attack/botnet for hire is around $13 million, malware for hire is around $11 million, and hire-a-hacker services are around $1.6 billion.
These numbers were estimated by Dr. Mike McGuire in his report for Bromium. Over the years, cybercrime has become a complex, even regulated online criminal industry. One can now purchase a number of zombified computers and malware tools within seconds. Current internet crime statistics show that you don’t even have to be actively engaged in cybercrime to make money on it now.
Remote criminal activities committed from one’s own bedroom can easily go unpunished, especially if the criminal is located in a country that has little-to-no cybercrime-related laws. This adds up to increasingly targeted and more sophisticated attacks that get better results in a shorter time span, adding up to deceptive cyber attack stats.
32. Only 18% of the cybersecurity laws brought forward in the US were passed In 2018, in spite of severe losses.
Perhaps because they fear getting no help from the authorities or because paying up to criminals is often easier, quicker, and even cheaper, in cases like ransomware attacks, many people still refuse to report an internet attack, according to the FBI. Still, this attitude will cause more trouble in the future, and it certainly helps keep the cybercrime business alive.
33. 20% of global organizations consider cyber espionage to be the most serious threat to business.
The Global IP Center claims that when it comes to global IP leaders—the US, the UK, Japan, and European Union (EU) countries—IP theft and corporate cyber attacks are becoming a huge issue. For example, 20% of US organizations have suffered a cyber-espionage-related attack.
It’s a good idea to update your OS regularly, train your employees on the potential dangers of social engineering, and avoid downloading unfamiliar apps from unknown sources if you plan on avoiding the risk of a cyber attack today. This is especially the case for companies that want to prevent any breaches or lawsuits. After all, you need to take extra care when securing your clients’ archived data.
If a cyber attack occurs and hackers demand payment, not reporting the cybercrime and giving in to the hackers by adhering to their demands might seem like the easy way out. However, the collective immunity to the most common cyber attacks depends on whether you report said crimes to the authorities and refuse to pay up. The responsible approach makes future attacks less likely.
Needless to say, the lack of awareness and understanding of what cybercrimes are and the impact they can have on other businesses across nearly every industry is a dangerous thing. Cybercrimes are becoming more targeted and sophisticated and are on the rise, according to these cyber attack statistics, meaning that individuals and businesses are going to have to put more and more effort into countering them.