What is cyber security? Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks that are aimed at extorting money from users; interrupting normal business processes; or accessing, changing, or destroying sensitive information.
The world is moving online at a more rapid pace than ever. Everything from watching the latest Netflix series to using smart home appliances is making people more connected to the internet. As these cyber security statistics show, while this opens up wonderful opportunities for entrepreneurs as well as consumers, it also raises critical online security issues that the world is struggling to tackle.
We have arranged the following statistics in clearly marked categories for an easy read-through. Beginning with some important data points on how massive the growth of data traffic is going to be in the coming years, we’ll move on to some general cyber attack statistics. The section after that will cover the different types of cybercrimes in greater detail.
After a brief section focusing on cybercrime and how it impacts and relates to small businesses, we cover the core aspect of these statistics: important data on how prepared businesses and governments are when it comes to cyber security. These include information on factors like the estimated cyber security spending by industry, the workforce gap, and the measures organizations believe they need to take to ensure they are well-prepared to counter the growing intensity and innovativeness of cyber attacks.
The Most Important Cyber Security Stats
In 2018, the global average cost of a data breach incidents was $3.86M
by 2012 there will be 3.5M unfilled cybersecurity jobs globally
Globally, Cyber attacks are the fastest-growing crime, estimated to cost $6T by 2021
By 2021, 70% of all cryptocurrency transactions will be for illegal activity
In the first half of 2018, 3.3B data records were compromised across 944 breaches worldwide
97% of all stolen data was in the US, making it the most popular target for attacks
In the past year, 76% of organizations worldwide experienced a phishing attack
By 2021, businesses will fall victim to a ransomware attack every 11 seconds and global ransomware damages will amount to $20B
The global cybersecurity market is worth over $120B
Data Traffic Statistics
1. The world’s digital content is expected to grow to 96 zettabytes by 2020.
With more than 1.9 billion websites on the World Wide Web, the amount of content present online will increase from 4 zettabytes (4 billion terabytes) in 2015 to 9 zettabytes in 2020. Since data is the building block of any digital economy, this presents incalculable opportunities for both innovation and cybercrime growth.
2. The Deep Web is estimated to be 5,000 times larger than the surface web.
The Dark Web, which is a part of the Deep Web, is intentionally hidden and used to conceal and promote criminal activities of all kinds. It isn’t accessible or indexed by search engines, but some estimates put its size to at least 5,000 times larger than the surface web used by most of us. The Deep Web’s rate of growth is also believed to be much faster than the surface web’s.
3. In just 2022, it’s predicted that more internet traffic will be created than in the 32 years since the internet started.
Increased connectivity brings increased digital security risks along with it. According to the latest Cisco Visual Networking Index (VNI), more IP traffic will cross global networks than in all prior “internet years.” This is being driven by better infrastructure, more ways to engage with online systems, and the decreasing prices of devices.
4. Cloud data center traffic will represent 95% of total data center traffic by 2021.
The rapidly increasing use of cloud apps as well as the growth of the Internet of Things (IoT) applications, such as smart cars and connected health devices, will expand data center demands, thus increasing new forms of cybercrime, like IoT attacks. The total data stored in the cloud—including public clouds operated by vendors and social media companies, government-owned clouds accessible to citizens and businesses, and private clouds owned by mid-to-large-sized companies—will be 100X greater in 2022 than it is in 2019.
5. According to the 2019 Thales Global Data Threat Report, 97% of the companies who responded use sensitive data on digitally transformative technologies.
These technologies include cloud computing, big data, IoT, containers, or mobile environments, all of which create new attack surfaces and new risks for data. The idea isn’t to discourage companies from using these technologies but to ensure they’re aware of the vulnerabilities—like IoT hacking—that these new technologies create and take adequate steps to safeguard their customers’ data, as well as their own.
6. Only 30% of those respondents are using encryption within these environments.
Encryption, as we have covered above, might not prevent data breaches, but it does ensure that the data stolen cannot be misused. The data security statistics from the Thales study also show that far too many companies throughout the world have still not woken up to the value of data encryption, despite using new technologies that make data theft likelier.
7. By 2020, 300 billion passwords worldwide will need protection.
Even though biometrics and facial recognition, which do away with the need for passwords, are being used in more and more devices, it’s believed that the need for passwords won’t die out anytime soon. By 2020, over 300 billion passwords will require protection from cybercrime, leading to ever-increasing cyber security costs.
8. Mobile devices will account for 80% of the global IP traffic by 2025.
It’s estimated that smartphones will account for 55% of the total IP traffic by 2025, with other mobile devices taking the overall total to 80%. Personal devices carried to workplaces will, thus, pose a major security threat to enterprises in the coming years, making mobile cyber security a particular area of concern.
9. The number of connected devices on the internet will exceed 50B by 2020.
In other words, the number of IoT devices will be three times as high as the global population by 2021. By 2022, 1 trillion networked sensors will be embedded in the world around us, with up to 45 trillion in 20 years. All this connectivity is expected to put a great deal of stress on our cybersecurity preparedness.
Cyber Crime Statistics
10. Cyber attacks are the fastest-growing crime globally, estimated to cost $6T by 2021.
How much does an expert expect cyber attacks to cost? Cyber attacks were already costing the world an estimated $3 trillion in 2015. This makes it a bigger drain on resources than natural disasters and a more profitable crime than the combined global trade of all major illegal drugs.
11. Well above 700 million people experienced some form of cybercrime in 2017–2018.
Symantec’s study reports a figure of 700 million across 21 countries. Given the increasing rate of people connecting online across the world, as well as the fact that many cyber crimes don’t even get detected or reported, the actual number is likely to be much higher. This also gives us an idea of how many cyber crimes occur per day. The above data point gives us an incredible figure of almost 2 million cyber crimes committed every single day.
12. Cyber criminals coaxed $1.5T out of their victims in 2017.
This cost is quite substantial, even if we examine the monetary costs alone and ignore other aspects like loss of reputation, psychological impact, etc. Today, cyber criminals aren’t just random hackers working on outdated systems. Cyber crime has become increasingly organized—as so many cyber security statistics have shown—with highly skilled people using their talents to extract money and sensitive information from their targets.
13. On average, it takes a company 197 days to identify that it’s been attacked.
That’s 197 days of the company’s processes partly or entirely busy dealing with the effects of the breach without realizing the main cause of the issues it’s dealing with. In some cases, incident response can take up to more than a year, especially when companies don’t adopt basic tools like automation and encryption. The Equifax Breach of 2017 is a noted example of the delay in threat identification. It was believed to have begun in May but was observed only in July. By this time, millions of consumer records had already been stolen.
14. It can take up to 3 years to discover identity thefts.
It takes most victims about three months to find out that something’s wrong, according to Identity theft statistics, but as many as 16% don’t find out for three years that they’ve been targets of identity fraud thefts. When used for a financial crime, for example, this gives the cyber criminal enough time to extract small sums over months without getting noticed.
15. The share of cyber warfare as the primary motivation behind attacks has grown to 4%.
While cybercrime maintains its dominance in motivations behind attacks (at 88.1%), according to cyber warfare statistics, the use of cyberattacks as a form of warfare has gone up to 4% as of January 2019 from less than 2% in December 2018. Both government and non-government actors are believed to be involved in cyber warfare.
16. 70% of all cryptocurrency transactions by 2021 will be for illegal activity.
This is a substantial increase from the current estimates that range from 20% for the top five major cryptocurrencies to 70% for Bitcoin. Cyber security stats from a paper published by the University of Sydney in Australia show that around $76 billion worth of illegal activity per year involves Bitcoin, close to the scale of the US and European market for illegal drugs.
17. Advertisers lost an estimated $19B to digital ad fraud in 2017.
This loss is equivalent to $51 million every day. According to cyber fraud statistics, this figure, representing techniques like invisible ads, impression laundering, ad hijacking, bots, popunders, and fake installs, is expected to rise to $44 billion by 2022.
18. As of March 2019, there are 69 entities in the FBI’s Cyber’s Most Wanted List.
This list includes the people or groups that have conspired to commit the most damaging cybercrimes against the US, including computer intrusions, wire fraud, identity theft, money laundering, espionage, trade secret theft, and false domain name registration. This list is a good proxy for the future of cyber crime in the US. The fact that this list has gone up from having just 19 entries in 2016 to 69 now shows the increasing level of threat from cybercrime.
19. Only 10% to 12% of the total number of cyber crimes gets reported in the US each year.
One of the more striking aspects of cyber security facts in 2018 was that cybercrimes continue to remain vastly underreported. There are several reasons for this, like embarrassment, fear of harm to reputation, and lack of belief in law enforcement agencies’ ability to help. Given the severity of crimes that do get reported, one can only imagine how serious the actual incidence of cybercrime is.
Statistics on Types of Cybercrimes
20. In 2018, the global average cost of a data breach incident was $3.86M.
While the number of data breaches has come down marginally over the same period a year earlier, the average cost per incident has gone up by 6.4%. This figure would approximate to more than $3 billion lost in the first half of 2018. This is the objective cost businesses are paying to cyber criminals, and it’s going up almost every year.
21. 3.3B data records were compromised across 944 breaches worldwide in the first half of 2018.
If you’ve been wondering about how many cyber attacks occur per day, here’s the answer for you. The above data translates to more than 5 breaches daily, causing more than a staggering 18 million records to be stolen every day in the first half of 2018! Compared to the same period in 2017, the number of lost, stolen, or compromised records has increased by 72%, though the total number of breaches slightly decreased over the same period, signaling an increase in the severity of cyber crime per incident. Of these 944, 189 (20%) had an unknown or unaccounted number of compromised data records.
22. By 2018, the likelihood of having a material data breach over the following 24 months rose to 32.3%.
Cyber attack statistics from 2018 indicate that the likelihood of a data breach involving a minimum of 10,000 records has consistently risen over the last five years. The 32.3% figure for FY2018 is a slight increase from 31.6% for FY2017. Interestingly, the larger the data breach an organization suffers once, the less likely it is to will have another breach in the next 24 months.
23. 65% of IT professionals worldwide say the severity of attacks has increased.
A theme common among global cyber crime statistics is that cyber criminals are using the most modern tools to target the security systems of organizations, making it more difficult by the day to counter attacks. 57% of professionals in the same survey also say that the time spent resolving an incident has increased. Plus, the increasing use of big data also raises the likelihood of big data security breaches.
24. The sector with the highest share of data breaches in 2018’s first half was healthcare, accounting for 27% of the total.
Social media ranks at the top for the number of records breached (76%) due to the high-profile customer data compromises at Facebook and Twitter, involving 2.2 billion and 336 million, respectively. Cyber attacks statistics from H1 2018 show that most sectors saw an increase in the number of incidents compared to the previous half. The exceptions were government, professional services, retail, and technology, though both retail and technology saw an increase in the number of records breached among fewer events.
25. 57% of data breaches and 97% of all records stolen were in the US, making it the most popular target for attacks.
Nevertheless, cyber attack statistics by country show that the number of incidents has gone down in the US by 17% compared to H2 2017. With the implementation of the Notifiable Data Breaches law, the number of incidents in Australia increased dramatically from 18 to 308, as could be expected. Europe saw 36% fewer incidents but a 28% increase in the number of records breached, indicating a growing severity in attacks. The United Kingdom remains the most breached country in the region. India had the highest number of notified attacks in Asia.
26. The August 2013 Yahoo data breach is the biggest incident in terms of records affected so far.
According to global data breach statistics, the ten biggest data breaches of all time, including the number of accounts hacked and the year the breach occurred in are Yahoo (3 billion, 2013), Marriott (500 million, 2014–2018), Adult FriendFinder (412 million, 2016), MySpace (360 million, 2016), Under Armor (150 million, 2018), Equifax Breach (145.5 million, 2017), eBay (145 million, 2014), Target (110 million, 2013), Heartland Payment Systems (100+ million, 2018), and LinkedIn (100 million, 2012).
27. In a global survey, 22% of organizations consider phishing the greatest cyber threat.
Cyber security statistics place malware at a close second at 20%, followed by cyberattacks to disrupt (13%), to steal money (12%), and to steal IP (8%). Although there has been quite a lot of discussion about insider threats and state-sponsored attacks, the fear for internal attacks shows up as number eight on the list, while espionage ranks bottom of the list.
28. Most malicious domains, at about 60%, are associated with spam campaigns.
Even as cyber threats are evolving, traditional ransomware—namely phishing emails containing malicious attachments, spam, malvertising, and malicious domains—continues to be one of the most feared cyber threats. According to a Cisco report, about 60% of the malicious domains that were analyzed were associated with spam campaigns.
29. 76% of organizations worldwide experienced a phishing attack in the past year.
Phishing statistics show that one of the most common forms of phishing attack is the BEC (Business Email Compromise) scam, where cyber attackers pass themselves off as a client or supplier in order to get money. Around 60% of BEC scam emails do not contain a link, making it harder for cybersecurity systems to detect them. 81% of heads of corporate IT security have detected an increase in the number of all types of phishing attacks.
30. BEC scams have cost more than $12.5B in losses over the last 4.5 years.
A BEC, aka Email Account Compromise (EAC), is a sophisticated scam targeting both businesses and individuals performing wire transfer payments. In the 4.5 years leading up to May last year, these scams have cost more than $12.5 billion in losses.
31. In a global survey, all 850 out of 850 organizations questioned had experienced at least one malware attack.
What percentage of companies have been hacked? The above data would indicate a figure of nearly 100%. Even though enterprise mobility management solutions were in place, 75% of the organizations in the studied sample had at least one jailbroken iOS device or rooted Android device connected to their corporate networks between H2 2016 and H1 2017. The average number of mobile malware attacks per organization was 54, and the average number of jailbroken devices was 35 per company. This is a concerning result, obviously, as jailbreaking strips away the built-in security provided by the iOS and Android operating systems, rendering the entire enterprise vulnerable to an easy attack.
32. Cryptomining affected 40% of organizations worldwide in 2018.
According to malware statistics like these, cryptomining, unlike ransomware, offers cyber criminals a much stealthier style of attack. The malware can remain on an organization’s servers for months without being detected. During this period, its authors earn a steady stream of passive income. Check Point’s research also found that over 20% of organizations are impacted every week by cryptojacking malware.
33. Cryptomining saw a 459% increase in 2018.
Reports show that cryptojacking, or cryptomining, participants are also using more sophisticated means to evade detection, to the point where they have a detection rate of just 50%. Because of this, cryptojacking has emerged as one of the top cybersecurity threats in recent times, growing at a tremendous pace.
34. Nearly 45% of malware incidents involve ransomware, up from less than 10% in 2015.
Cyber criminals are also growing bolder, with the share of personal devices targeted with ransomware coming down and that of enterprise servers, for which much greater ransoms can be demanded, going up. These recent ransomware statistics show that, given its low-risk and high-gain nature, ransomware has remained one of the most popular forms of cybercrime.
35. 56% of data breaches in H1 of 2018 were caused by malicious outsiders.
This was a decrease of 7% from H2 2017. In terms of the number of compromised records, the share is higher, at 73%. Data breach statistics show that accidental loss accounted for over 879 million (26%) of the records lost, the second most popular cause of data breaches. The number of records and incidents involved in malicious insider attacks fell by 60% this half compared to the same time period in 2017.
36. 55% of industrial organizations allow third parties such as suppliers, partners, and service providers to access their industrial control network.
Even though there’s a wider understanding of the risks of a third-party data breach, business cyber security statistics show that more than half of industrial organizations permit outsiders to access critical systems. It’s important to note that organizations that allow third-party access like this are also 63% more likely to experience a security breach as compared to those that don’t allow this access.
37. 83% of all records stolen in H1 of 2018 involved identity theft.
Identity theft has continued to be the leading type of data breach, at least since 2013. According to the most recent information security stats, while the number of identity theft breaches decreased by 26% over the first half of 2017, the number of records stolen through these incidents increased by 757%, representing 83% of all records stolen. There’s a disturbing trend in the escalation of data breach severity. Though the overall incident numbers are on the decline, 171 for H1 of 2017 and 123 for H1 2018, the number of records breached increased from 2.7 million to 359 million, respectively.
38. 28% of organizations say customer information or customer passwords are the most valuable information for cyber criminals.
The most expensive component of a cyber attack is information loss. 12% say it’s the companies’ financial information, while another 12% say their strategic plans are the top information cyber criminals are looking for. Other categories that rank slightly lower in terms of threat perception are R&D information, M&A information, and intellectual property.
39. In the US, identity theft makes up 13% of all recorded criminal complaints.
These identity theft stats show that it has emerged as one of the biggest crime issues in the US. The figure is believed to have risen in the last two years. Cyber criminals are getting more sophisticated, and the number of touch points where personal information can be accessed continues to increase.
40. Credit card fraud accounts for 30% of identity theft cases.
According to the FTC’s computer crime statistics for 2017, after credit card fraud, next on the list of the most common types of identity theft is employment or tax-related fraud, at 18.6% of all identity theft cases. Other common types are phone or utilities fraud (12.5%), bank fraud (11.4%), loan or lease fraud (6.8%), and government documents or benefits fraud (5.9%).
41. Cryptocurrency exchange hacks caused roughly $1B in losses in 2018.
Cyber attack stats show that the types of crypto crime are diverse and increasingly sophisticated, from Ethereum-based scams rising and falling with cryptocurrency prices, to darknet markets showing resilience against market trends, to hacks being carried out by professional organizations with distinct modus operandi.
42. The cost of the biggest cryptocurrency heist to date was $530M.
Based on the cyber attack statistics to date, the biggest cryptocurrency heist of all time was the 2018 Coincheck hack, involving the theft of 523 million NEM coins from a hot wallet. The five biggest Bitcoin hacks of all time are: Mt. Gox in 2011 (2609 BTC +750,000 BTC), BitFloor in 2012 (24,000 BTC), Poloniex in 2014 (12.3% of all BTCs – 97 BTC), BitStamp in 2015 (19,000 BTC), and Bitfinex in 2016 (120,000 BTC).
43. Zero-day cyberattacks are expected to reach one per day by 2021.
Cyber attack statistics by year show that zero-day attacks, which exploit a vulnerability that has either not been fixed or is unknown to the software vendor, are expected to rise from one per week in 2015 to one per day in 2021. 111 billion lines of new software code are produced every year, introducing the potential for a massive number of vulnerabilities to be exploited.
44. Globally, DDoS attacks are expected to double 2017’s numbers by 2022, reaching 14.5 million.
Hacking statistics show that Distributed-Denial-of-Service (DDoS) attacks represent the dominant threat observed by the vast majority of service providers, and they can represent up to 25% of a country’s total internet traffic while they’re occurring.
45. Basic malware can be obtained online for no more than $1.
Cybercrime has extremely low entry barriers, with hacking tools and kits for cyber attacks, identity theft, malware, ransomware, and other nefarious activities available in online marketplaces for very low prices. For instance, one can purchase 1 million compromised email IDs and passwords for $25 and a password stealer for $50.
46. The Trojan horse virus Ramnit affected 35% of all organizations in the banking sector globally in 2017.
Ramnit, a Trojan horse virus, has been around since 2010 but became particularly active in 2017. Multiple campaigns involving malware from the Ramnit family turned victim’s machines into malicious proxy servers and infected them with info-stealing programs. According to Cisco’s estimates, 53% of attacks in the banking sector in 2017 were caused by Ramnit, a Windows-based worm.
47. Global ransomware damage costs are predicted to hit $20B in 2021.
There’s been a consistently rapid increase in ransomware costs from just $325 million in 2015. According to some estimates, ransomware attacks saw a 350% increase in 2018. It’s estimated that by 2021, businesses will fall victim to a ransomware attack every 11 seconds.
48. Spending on security awareness training for employees will reach $10B globally by 2027.
This value was just $1 billion in 2014 and shows the extent of resources being spent on combating cybercrime—resources that could, otherwise, be put to more constructive use. Cyber security spending trends show that much of this employee training is centered on combating phishing scams (responsible for more than 90% of successful hacks and data breaches, according to some sources) and ransomware attacks.
49. The No More Ransom portal carries 59 free decryption tools.
The portal is now available in 35 languages and covers 91 ransomware families. So far, these tools provided on the site have managed to decrypt the infected computers of over 72,000 victims worldwide.
Small Business Data Breach Statistics
50. Small to medium businesses accounted for 58% of data breaches in 2017.
Small and medium-sized businesses are as much at risk as larger companies. This makes good sense considering that small businesses are less likely to have the resources available to beef up their cybersecurity in order to defend against these threats. With this in mind, several cyber security facts point to attackers preferring to make money from multiple small targets than a single big one. According to Privacy Rights Clearinghouse, an advocacy group, more than 90% of the breaches they have tracked since 2005 have affected fewer than 100,000 customers in one go.
51. 53% of the midmarket companies in 26 countries have experienced a data breach.
According to cyber crime statistics from 2018, more than half of the midmarket companies in some of the biggest economies have already been victims of at least one data breach. This is another indication of the vulnerability of SMBs, for whom the top security concerns tend to be targeted phishing attacks against employees, advanced persistent threats, ransomware, denial-of-service attacks, and employees being allowed to use their own mobile devices.
52. The primary cyber security challenge for 55% of small businesses in North America is a lack of resources or knowledge.
Small businesses make up 97% of the total number of businesses in North America. Small business cyber attack statistics show that, for the majority of them, the lack of resources is the greatest challenge they face when it comes to being prepared against cyber attacks. Given the skilled workforce shortage faced by large corporations, who can afford to be better paymasters, it’s little wonder that smaller companies find it even more difficult to bring qualified personnel on board.
53. 60% of the small companies that become victims of a cyber attack go out of business within 6 months.
This means that the average cost of a malware attack is much higher for small businesses. Small companies are much less resilient, making the issue of cybercrime a much bigger concern. According to data from Cisco, SMBs are also more likely to pay ransoms to their cyber attackers so that they can quickly resume normal operations after a ransomware attack.
54. The global cybersecurity market was estimated to be worth $120B in 2017.
How much does cyber security cost? Conservative estimates indicate a growth of about 35X in the size of the global cybersecurity market between 2004 and 2017, making it one of the fastest-growing industries in the world. The industry’s growth was expected to mirror the growth of the internet in general.
55. The cybersecurity market is expected to continue growing by 12–15% year-on-year until 2021.
The unprecedented increase in cyber crime worldwide has made it difficult for analysts to accurately track the growth of the cybersecurity industry. The growth estimates typically range from 8–10% to 12–15% year-on-year. According to the higher estimates, the market’s cumulative spending between 2017 and 2021 is expected to be over $1 trillion.
56. The global cyber identity theft protection services market is expected to be worth $18.7B by 2025.
The market was valued at $4.98 billion in 2017. The key drivers for growth in cyber security spending are considered to be the growth in e-commerce, increased comfort in making online payments, and the steady rise in identity theft numbers globally. Geography-wise, while North America accounts for close to three-quarters of the market value, the greatest growth in this period is expected to come from the Asia Pacific region.
57. Worldwide spending on information security is expected to reach $124B in 2019.
How much money do companies spend on cybersecurity? Global spending on information security products and services (a subset of the overall cybersecurity market) exceeded $114 billion in 2018, and it is expected to grow to $170.4 billion by 2022. The top three drivers for security spending are security risks, business needs, and industry changes. Privacy concerns are also becoming a key factor according to cybersecurity statistics for 2019.
58. The global blockchain market is expected to be worth $23.3B by 2023.
Cybersecurity will play a major role in the rapidly increasing use of blockchain technology. The global blockchain market was worth just $1.2 billion in 2018, indicating a whopping 80.2% CAGR during this projected period. The two factors that could slow this growth, cybersecurity facts show, are its unregulated environment and the limited availability of technical skills.
59. Two-thirds of institutional investors believe the blockchain will have the biggest impact on financial services and banking.
They expect to see these changes take place within the next two years. The sector with the next biggest impact according to one-third of the respondents will be healthcare.
60. The total venture capital funding for cybersecurity totaled $5.3B in 2018.
The surge in cyber attacks across the world means investors see value in the startups producing ways to counter them. Cybersecurity statistics from 2018 put the total funding amount at $5.3 billion, which would be a 20% increase over the $4.4 billion invested in 2017.
61. Israel accounts for 20% of worldwide cybersecurity funding.
The top four countries investing the most venture capital into cybersecurity are the US, Israel, the UK, and Canada. In 2018, the total amount of funding for cybersecurity companies based in Israel grew by 22% to over $1 billion and involved 66 new companies being funded. The top emerging fields among new startups in 2018 included new verticals within IoT security, security for cryptocurrencies and the blockchain, cloud-native security, and SDP (software defined perimeter). These drew considerably more attention than the more “traditional” cyber sectors like network security, email security, and endpoint protection. Additionally, according to cyber security statistics from 2018, the UK cybersecurity market is valued at $5 billion.
62. The cyber insurance policy market is estimated to be worth $20B by 2025.
Legislation like the EU’s General Data Protection Regularion is helping drive the demand for cyber insurance. Healthcare providers, financial services firms, and companies across all industries are tasked with keeping user data safe and recovering from data breaches and ransomware attacks. Cyber crime predictions for the insurance market’s size range from $14 billion in 2022 to $20 billion in 2025. This value was less than $1.6 billion in 2016.
63. 68% of US businesses haven’t purchased any form of cyber liability or data-breach insurance.
Businesses aren’t adopting cyber insurance coverage at a rate matching the rising risks they face. The situation is better, however, when it comes to protection measures taken by civic administrations. According to a Wall Street Journal survey, the majority of the US’s 25 most populous cities now have cyber insurance or are looking into buying it.
64. The world’s first commercial cyber risk pool worth $1B was launched in 2018.
To counter the global issue of low insurance coverage for cyber risks—especially in the face of worrisome cyber attack stats—the Singapore government launched the world’s first commercial cyber risk pool along with the Singapore Reinsurers’ Association. The pool will commit up to $1 billion in risk capacity and will be backed by capital from traditional insurance and insurance-linked securities markets to provide coverage.
65. The single largest investment in a cybersecurity facility by a US state was made in 2018.
The state of Georgia unveiled its $100 million Hull McKnight Georgia Cyber Center for Innovation and Training in 2018, marking the growth of the government’s spending on cyber security to strengthen state and federal defenses against cyberattacks. These facilities also aim to fill the workforce gap in this critical field.
66. The 2019 US President’s budget for cybersecurity rose to $15B.
This is an increase of $583.4 million or 4.1% over 2018, and it reflects the fact that the government understands the implications of these kinds of cyber attack statistics. The Department of Defense was the largest contributor to the budget and reported $8.5 billion in cybersecurity funding, a $340 million (4.2%) increase over 2018.
67. The US federal government’s demand for vendor-furnished cybersecurity products and services is expected to grow to $14.1B by 2023.
The complex federal IT environment makes effectively mitigating these threats a challenge. This is due to legacy IT, the increasing demand for mobile solutions and cloud-based technologies, and the desire to employ emerging technologies such as the blockchain and artificial intelligence. Driven by the federal government’s desire to enhance agency cyber security at every possible level, cyber security statistics from GovWin by Deltek forecast that the demand for vendor-furnished information security products and services by the US government will grow from 2018’s $10.9 billion to over $14.1 billion in 2023, at a CAGR of 5.3%.
68. By 2022, 1.8M additional cybersecurity professionals will be needed in the US.
This massive gap is estimated only for the US, which has a relatively better supply of qualified professionals. There were roughly half a million cybersecurity job openings in the US in 2017, with the gap between available workforce and demand growing exponentially. Cybersecurity statistics show an estimated 6 million job openings in the industry, with only 4.5 million professionals to fill those roles.
69. The annual job growth rate for information security analysts will be around 28% between 2016 and 2026.
The bureau also expects a 56% growth for information security jobs in computer systems design and related services from 2016 to 2026. An increased adoption of cloud services by small and medium-sized businesses and a rise in advanced cybersecurity threats like IoT hacking will create demand for managed security services providers. Ensuring the protection of personal data in other critical sectors like finance and healthcare is also expected to drive the demand for cybersecurity professionals.
70. Globally, there will be 3.5M unfilled cybersecurity jobs by 2021.
Over the last few years, there’s been a continuous increase in the estimated number of unfilled jobs in cybersecurity, thanks to the ever-growing cyber crime rates. The shortfall is high in all the important markets. Europe faces a projected shortage of 350,000 workers by 2022. India alone is expected to need one million cybersecurity professionals by 2020 to meet the demands of its rapidly growing economy. Australia has been hit harder than any other country by the cybersecurity skills shortage.
71. Maryland has a higher number of cybersecurity experts than any other US state.
Information security stats show that Maryland has more than 150,000 cyber-related engineering and data science professionals, and the state leads the US in cyber employment for classified government jobs. It also has the largest concentration of university-trained cyber engineering graduates in the world. In terms of cities, the highest concentrations of cybersecurity experts are in Washington DC and San Antonio.
72. 100% of large corporations will have a CISO or a similar position by 2021.
A chief information security officer oversees an organization’s cyber security preparedness. Cyber security statistics from 2018 show that about 70% of Fortune 500 or Global 2000 companies worldwide had a position like this. As for the companies that did not, they’re expected to catch up very soon. It’s a different matter that many of these positions will remain unfilled due to a lack of experienced candidates.
73. Freelance bug “bounty hunters” can earn more than $500,000 a year.
Finding the vulnerabilities created by flaws in software code is proving lucrative for the top freelance hackers. According to cybercrime statistics, the most successful among these can earn well above $500,000 every year. For most freelance hackers, though, the take-home pay is much lower and never guaranteed.
74. Cybersecurity engineers are expected to be the highest paid among all IT professionals in 2019.
With an average annual salary of $140,000, cybersecurity engineers are getting paid more than other IT professionals like systems administrators, IT auditors, software engineers, and software architects. For the top coders with leadership and cybersecurity skills, salaries can exceed $225,000.
75. 41% of organizations have sensitive files that can be accessed by their entire staff.
According to a 2018 report on cyber attack statistics, 41% of organizations across more than 50 countries keep data like credit card information, health records, and personal information such that it’s readily available to anyone with access to the system. This easily accessible data puts companies at a higher risk of malware attacks.
76. 87% of companies are experiencing delays in their sales cycle as a result of their current or prospective customers’ privacy concerns.
What is the cost of cybercrime? For businesses, it can mean monetary as well as other business-related costs. According to the companies surveyed in the 2019 Cisco Data Privacy Benchmark Study, this number is up from 66% last year. The rise is attributed to the increased privacy awareness brought on by the GDPR and the frequent coverage of data breaches by the media.
77. Investment in data privacy can reduce most sales cycle delays by up to 4 weeks.
Cyber security statistics show that if an organization invests in data privacy to meet the GDPR, it will experience shorter sales cycle delays caused by customers’ privacy concerns. The difference is 3.4 weeks vs. 5.4 weeks among the least GDPR-ready organizations. Overall, the average sales delay has come down from 7.8 weeks a year ago to 3.9 weeks.
78. Close to 88% of organizations meet all or most of the General Data Protection Regulation requirements today or will do so within a year.
Data security statistics from a survey of global organizations show that 59% of organizations are meeting all or most of the necessary requirements. Another 29% intend to be ready within a year. 9% said it would take more than a year for them to meet all the requirements, while the remaining 3% stated that the requirements did not apply to them.
79. The average cost of a data breach can be reduced by more than 50% by using an automated disaster recovery process.
Automation means codifying a set of manual disaster recovery steps by creating scripts that drive singular actions at component levels. Cyber security statistics show that the difference in the average cost of the data breach can be as much as 50% between the companies that don’t and those that do deploy an automated disaster recovery process.
80. The presence of a strong incident response team has the most positive effect on the costs of a data breach; third-party involvement has the most negative.
Out of 22 factors that can either increase or decrease the average cost of a data breach, having an incident response team is the most beneficial, potentially lowering the per capita data breach cost by $14. Equally critical are the factors that can increase the per capita cost, which include third-party involvement (by $13.4), extensive cloud migration ($11.9), compliance failures ($11.9), and extensive use of mobile platforms and IoT devices.
81. 61% of organizations worldwide cite the hiring of skilled personnel as the top reason for their improved cyber resilience.
Cybersecurity statistics from 2018 show that more than 70% of organizations say their cyber resilience has improved in the 2017–2018 period. The top reasons for this include better hiring, improved information governance practices, visibility into applications and data assets, and the implementation of new technology like cyber automation tools (such as artificial intelligence and machine learning).
82. 52% of organizations consider cloud computing a priority for cybersecurity investment in 2019.
Cloud computing will also see an increase in security spending by 57% of organizations. According to cybersecurity statistics, the other areas in the top five include cybersecurity analytics, mobile computing, the IoT, and robotic process automation.
83. Preparedness and agility are by far the most important factors in achieving a high level of cyber resilience.
How do you ensure cyber security? Asked to choose from seven key factors that help achieve effective cyber resilience, IT professionals from around the world gave the highest preference to preparedness and agility, placing them well above planned redundancies. The best way to counter the unpredictable and ever-present nature of cyber threats is to be prepared all the time.
84. 70% of IT professionals consider identity management and authentication an effective security technology.
In addition to people and processes, data security statistics show that the right technologies are essential for achieving cyber resilience. The seven most effective technologies for achieving cyber resilience are identity management and authentication, anti-virus/anti-malware, intrusion detection and prevention systems, incident response platforms, network traffic surveillance, encryption for data at rest, and security information & event management. Out of these seven, most IT professionals agree on identity management and authentication, making it the top security technology.
85. 88% of IT professionals agree that preventing unauthorized access to critical applications is the top cybersecurity process their organization needs to implement.
How can cyber attacks be prevented? While it’s impossible to predict how the next cyber attack will take place, IT professionals agree that there are certain preventive measures they can take to minimize the risks involved. These measures reduce the chinks in the security armor that cyber criminals eventually exploit to steal data. The top measures include curtailing unauthorized access to mission-critical applications and sensitive or confidential data. Other important measures are limiting the theft of data-bearing devices (including IoT), enabling efficient backup and disaster recovery operations, and preventing end-user access to unsecure internet sites and web-based apps.
Key Takeaways From 2019’s Cyber Security Statistics
- As customers, businesses, and governments move an increasingly large number of their processes and systems online, their vulnerability to cybercrime also increases.
- The only way we can collectively counter the threat of cybercrime is by increasing cybersecurity investments and deploying them in the right manner, with a focus on training more workforce.
As the above data points out, apart from answering critical questions like “How many cyber attacks were there in 2018,” we can see that the severity and variety of attacks are on the rise.