The world is going digital at a more rapid pace than ever. Every activity, from watching the latest Netflix series to controlling our houses with smart-home appliances, is connecting us to the internet. But how do we make sure we keep ourselves and our information safe?
What is cyber security?
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These attacks are aimed at extorting money from users, interrupting normal business processes, and accessing, changing, or destroying sensitive information.
We have compiled a useful list of cyber security statistics to shed light on some of the critical online security issues that the world is struggling to tackle.
Read through them to learn about cybercrime: what emerging types of cyber attacks can harm your software and your hardware, how many hacks happen in a day, and what you can do about it.
We also took the opportunity to discuss how many cyber attacks are caused by weak spots in the system, and how many rely on old-fashioned trick tactics. But, we also aim to answer the question: How can cyber attacks be prevented?
Moreover, we covered the core aspects of statistics on how prepared businesses and governments are when it comes to cybersecurity. This includes information on estimated cyber security spending by industry, the workforce gap, and how organizations are countering the growing intensity of these attacks.
The Most Important Cyber Security Stats
In 2018, the global average cost of a data breach incidents was $3.86M
by 2012 there will be 3.5M unfilled cybersecurity jobs globally
Globally, Cyber attacks are the fastest-growing crime, estimated to cost $6T by 2021
By 2021, 70% of all cryptocurrency transactions will be for illegal activity
In the first half of 2018, 3.3B data records were compromised across 944 breaches worldwide
97% of all stolen data was in the US, making it the most popular target for attacks
In the past year, 76% of organizations worldwide experienced a phishing attack
By 2021, businesses will fall victim to a ransomware attack every 11 seconds and global ransomware damages will amount to $20B
The global cybersecurity market is worth over $120B
Data Traffic Statistics
1. The world’s digital content is expected to grow to 96 zettabytes by 2020.
With more than 1.9 billion websites out there, the amount of content present online will increase from 4 zettabytes (4 billion terabytes) in 2015 to 9 zettabytes in 2020. Since data is the building block of any digital economy, this presents incalculable opportunities for both innovation and cybercrime growth.
2. The Deep Web is estimated to be 5,000 times larger than the surface web.
The Dark Web, which is a part of the Deep Web, is intentionally hidden and used to conceal and promote criminal activities of all kinds. It isn’t accessible or indexed by search engines, but some estimates put its size to at least 5,000 times larger than the Surface Web. The Deep Web’s rate of growth is also believed to be much faster than the Surface Web’s
3. In just 2022, it’s predicted that more internet traffic will be created than in the 32 years since the internet started.
Increased connectivity brings increased digital security risks along with it. According to the latest Cisco Visual Networking Index (VNI), more IP traffic will cross global networks than in all prior “internet years.” This is being driven by better infrastructure, more ways to engage with online systems, and the decreasing prices of devices.
4. Cloud data center traffic will represent 95% of total data center traffic by 2021.
The rapidly increasing use of cloud and IoT applications, such as smart cars and connected health devices, will expand data-center demands. This will increase new forms of cybercrime, like IoT attacks. The total data stored in the cloud—including public clouds operated by vendors and social media companies, government-owned clouds accessible to citizens and businesses, and private clouds owned by mid-to-large-sized companies—will be a hundred times greater in 2022 than in 2019.
5. According to the 2019 Thales Global Data Threat Report, 97% of the companies who responded use sensitive data on digitally transformative technologies.
These technologies include cloud computing, big data, IoT, containers, and mobile environments, all of which create new attack surfaces and new risks for data. The idea isn’t to discourage companies from using these technologies, but to ensure they’re aware of the vulnerabilities—like IoT hacking—that they create. The goal is to take the necessary steps required to safeguard their and their customers’ data.
6. Only 30% of those respondents are using encryption within these environments.
Encryption might not prevent data breaches, but it does ensure that the data stolen cannot be misused. The data security statistics from the Thales study also show that far too many companies around the world have still not woken up to the value of data encryption, despite using new technologies that make data theft likelier.
7. By 2020, 300 billion passwords worldwide will need protection.
Even though biometrics and facial recognition –which do away with the need for passwords– are being used in more and more devices, it’s believed that the need for passwords won’t die out anytime soon. By 2020, over 300 billion passwords will require protection from cybercrime, leading to ever-increasing cyber security costs.
8. Mobile devices will account for 80% of the global IP traffic by 2025.
It’s estimated that smartphones will account for 55% of the total IP traffic by 2025, with other mobile devices taking the overall total to 80%. Personal devices carried to workplaces will, thus, pose a major security threat to enterprises in the coming years, making mobile cyber security a particular area of concern.
9. The number of connected devices on the internet will exceed 50B by 2020.
In other words, the number of IoT devices will be three times as high as the global population by 2021. By 2022, 1 trillion networked sensors will be embedded in the world around us, with up to 45 trillion in 20 years. All this connectivity is expected to put a great deal of stress on our cybersecurity preparedness.
Cyber Attack Statistics
10. In terms of cyber attack frequency, hackers attack our devices every 39 seconds.
A recent study by the Clark School at the University of Maryland revealed this data. This is one of the first attempts at quantifying the nearly constant rate of online attacks.
11. Computers are attacked 2,244 times a day.
Luckily, even with the large number of cyber attacks per day, most of them are unsuccessful. Michel Cukier, Clark School assistant professor of mechanical engineering, and his two assistants discovered this data. They learned that most attacks involved relatively unsophisticated “dictionary scripts,” or a brute force attempt at logging in with common usernames and passwords.
12. Over 400 million adults across 24 countries experienced cybercrime over a 12-month period.
The number of cyber attacks per year was determined in a 2017 Norton cybercrime study. The study also concluded that 40% of users don’t have appropriate software security.
13. By 2022, there will be around 6 billion internet users (75% of the projected world population).
According to Cybersecurity Ventures, there are expected to be over 7.5 billion internet users by 2030 (90% of the projected world population of 8.5 billion, six years old or older). This leaves a huge number of vulnerable people, likely resulting in an increase in cyber attacks in the near future.
14. Only 38% of global organizations claim they’re properly prepared to handle a sophisticated cyber attack.
Take the following cyber attack statistics into account if you’re still unsure about just how discouraging this figure is. About 54% of organizations have experienced one or more significant attacks in the past year. Also, a Frost & Sullivan study commissioned by Microsoft revealed that the Asia Pacific companies could lose as many as $1.745 trillion to cybercrime.
15. Eighty-two percent of respondents believe 2019’s new cyber threats will bring an increased risk of money and data theft via cyber attacks. Eighty percent also expect an increase in operations disruptions.
This is no surprise if you consider the ways connected devices are becoming more and more integrated into our everyday lives. These views of the current cyber threats show a distrust among the public in their personal safety, not to mention the honesty of their government.
16. The annual revenue for stolen trade secrets and IP theft is $500 billion.
Bromium derived this figure from two sources, namely, economic espionage revenue ($200 billion) and the cost of pirated music and films for the US ($300 billion). As we can see from the data breach that hit Sony, Netflix, and HBO, an attack can cost a company not only their confidential data and future viewership but also their jobs and reputations.
17. On September 25, 2018, 50 million user accounts on Facebook were compromised.
This vulnerability allowed hackers to access and then take over accounts. It turned out to be an unprecedented security issue for Facebook. In another instance of social media hacking, hundreds of Instagram accounts were taken over by hackers in August 2018.
18. The more common network attacks in Q2 of 2018 were server message block attacks (52%), denial of service attacks (13%), browser attacks (13%), and brute force attacks (9%).
According to a 2018 McAfee internet security threat report, these were the most common network attacks. The huge difference between the prominence of the first and third attacks is indicative of a run-of-the-mill trend present in cybercrime today. Not much effort is needed, it seems, to combat contemporary safety mechanisms and get results.
19. Forty-three percent of cyber attacks target small businesses.
When it comes to the types of cyber attacks affecting small businesses, the most common is micro malware, with online banking and ransomware attacks trailing close behind. Of these malware attack victims, 58% were categorized as small businesses in 2018. Almost half of the cyber attacks worldwide are directed at small businesses, as a majority of these companies have minimal visibility into their employees’ password practices.
20. Over 75% of the healthcare industry was affected by malware cyber attacks in 2018.
This Security Scorecard study examined 700 healthcare organizations and medical treatment facilities in their research. In addition, health insurance agencies and healthcare manufacturing companies were also included. In these kinds of attacks, millions of patients are put at risk and important operations are delayed—this urgency is probably what attracts criminals.
21. More than 90% of money-mule activity has links to cybercrime activities.
Money muling refers to the transfer of illegally obtained funds between accounts on behalf of others. The stolen money often comes from phishing attacks, where an attacker sends emails while masquerading as a legitimate business; eCommerce fraud, where a cybercriminal uses stolen online bank or credit card information; credit card fraud; and other criminal activities.
Statistics on Cyber Attack Trends
22. In Q2 of 2018, over 40,000 new malware threats were discovered, according to a McAfee report.
There are so many threats our devices are already susceptible to—computer viruses, Trojans, worms, logic bombs, spyware, cryptomining malware—but there are so many new threats being developed. However, the most recent OS updates made adjustments based on these ever-increasing threat and the lessons learned from other recent attacks.
23. The total number of coinminer malware files grew by 86% in Q2 of 2018.
This amounts to more than 2.5 million new files added to the cyber attack database. The coin-mining malware is also considered the only cyber attack that can damage your hardware as well as your software. This attack can tax CPUs, shorten a device’s lifespan, run down your batteries, and even cause physical damage.
24. In Q2 of 2018, the top three malware threats connecting to control servers were GoScanSSH (52%), Wapomi (35%), and China Chopper (at only 4%).
One of the top kinds of current cyber security threats involves malware connecting to control servers, according to the 2018 McAfee report. GoScanSSH is a new strain of malware that has been targeting connected Linux-based SSH servers. And Wapomi is a cross-bred virus with Trojan-like behavior.
25. Over 30,000 new MacOS malware threats were detected in Q2, of 2018.
According to McAfee, the relatively strong defenses behind the MacOS make it challenging for a malware attack to persist long-term on Apple computers, even if they can get an initial foothold.
26. There were almost 2.5 million new mobile malware files in Q2 of 2018, and nearly 30 million total cases of mobile malware.
Since users today spend twice as many minutes on their mobile devices than on their desktop, it’s safe to say that any self-respecting hacker will update their portfolio with mobile-targeting malware. This mobile-first user behavior was matched by mobile-targeting criminal activities, Smart Insights concluded.
27. Ninety-one percent of cyberattacks start as a spear phishing email, commonly used to infect organizations with ransomware.
This kind of phishing is a high-effort cybercrime compared to malware or ransomware. The attacker needs to research their victim in order to fool them with a fake email that looks like the real deal. A recent Trend Micro report estimated that around 1% of the emails an enterprise receives is a phishing attack.
In 2017, 76% of organizations claimed that they had been targeted by phishing attacks. If you want to see a decrease in these phishing statistics, keeping your antivirus/antimalware software updated won’t cut it. You need to train your staff, a costly solution that still might not be entirely foolproof.
28. Only 15% of users claim they haven’t been exposed to email-based security threats.
Still, this observation is likely slightly generous with the truth, since we don’t know what those surveyed had observed. What makes someone an email-attack victim is their inability to recognize the infected emails before opening them.
29. Seventy-three percent of internet security professionals claim the frequency of online email attacks is increasing, and 80% of organizations have faced some form of this type of attack in the past year.
The increase in attacks that target human beings instead of the devices they use is due to the strategy’s undeniable success. Symantec Security estimated that only 3% of malware is run via a hacker attack that exploits a technical flaw in a system. Social engineering is more resistant to anti-virus and anti-malware software. It also is not dependant on a specific operating system or any other particular type of device.
30. Large-scale DDoS attacks have increased by 500%, according to a Q2 2018 report.
Most DDoS attacks exploit botnets, thus adding to the level of cybercrime growth in a number of ways. According to Gartner, 33% of enterprises reported that one hour of downtime cost them between one and five million dollars. So you can imagine how disastrous DDoS attacks can become. These attacks are increasingly used as smokescreens for ransomware attacks, data theft, IP theft, and an overall desire to drain a company of at least some of its resources.
Statistics on The Cost of Cyber Attacks
31. McAfee found that the top countries hosting botnet control servers in Q2 of 2018 were the US at 36%, Germany at 14%, Russia and the Netherlands at 5%, and all others at 24%.
The actual criminals, their willing or unwilling accessories, and the potential for crime-as-a-service activities must all be taken into account when calculating cyber attack statistics by country.
The millions of systems that are infected with malware and are controlled by hackers are the results of multilayered criminal activities. While making your system an unwilling accessory to a crime is one thing, the crimes committed using a botnet are another. It’s these botnets that are familiar with committing DDoS attacks.
32. Cybercrime could cost companies up to $5.2 trillion over the next five years.
So here’s your answer if you’ve been asking, how much do cyber attacks cost? Around three years ago, The Wall Street Journal estimated that cybercrime cost the US around $100 billion. Juniper Research estimated that global cybercrime will knock $2 trillion out of people’s pockets. By 2020, over 300 billion passwords will require protection from cybercrime, leading to ever-increasing cyber security costs.
Still, the losses from successful attacks are only a part of the burden that individuals and companies have to bear. The annual prices of cybersecurity have been rising throughout the years. Venture capital funding totaled $5.3 billion in 2018, 20% more than in 2017.
33. For every cybercriminal that gets caught, 10,000 or more go free, according to the CSO.
One of the most disturbing cyber attack statistics is that cybercriminals almost never get caught. If they live in countries with weak or non-existent cybercrime laws like Algeria, for example, cybercriminals can enjoy a passive income and know for a fact they won’t be punished. Even if a criminal is somehow prosecuted in a court of law, for every person that’s caught, 100 get off scot-free or with a warning.
34. The crime-as-a-service price per year for a DDoS attack/botnet for hire is around $13 million, malware for hire is around $11 million, and hire-a-hacker services are around $1.6 billion.
These numbers were estimated by Dr. Mike McGuire in his report for Bromium. Over the years, cybercrime has become a complex, even regulated online criminal industry. One can now purchase a number of zombified computers and malware tools within seconds. Current internet crime statistics show that you don’t even have to be actively engaged in cybercrime to make money on it now.
Remote criminal activities committed from one’s own bedroom can easily go unpunished, especially if the criminal is located in a country that has little-to-no cybercrime-related laws. This adds up to increasingly targeted and sophisticated attacks that get better results in a shorter time span, adding up to deceptive cyber attack stats.
35. Only 18% of the cybersecurity laws brought forward in the US were passed In 2018, in spite of severe losses.
Perhaps because they fear getting no help from the authorities or because paying up to criminals is often easier, quicker, and even cheaper, in cases like ransomware attacks, many people still refuse to report an internet attack, according to the FBI. Still, this attitude will cause more trouble in the future, and it certainly helps keep the cybercrime business alive.
36. Twenty percent of global organizations consider cyber espionage to be the most serious threat to business.
The Global IP Center claims that when it comes to global IP leaders—the US, the UK, Japan, and European Union (EU) countries—IP theft and corporate cyber attacks are becoming a huge issue. For