The world is going digital at a more rapid pace than ever. Every activity, from watching the latest Netflix series to controlling our houses with smart-home appliances, is connecting us to the internet. But how do we make sure we keep ourselves and our information safe?
What is cyber security?
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These attacks are aimed at extorting money from users, interrupting normal business processes, and accessing, changing, or destroying sensitive information.
We have compiled a useful list of cyber security statistics to shed light on some of the critical online security issues that the world is struggling to tackle.
Read through them to learn about cybercrime: what emerging types of cyber attacks can harm your software and your hardware, how many hacks happen in a day, and what you can do about it.
We also took the opportunity to discuss how many cyber attacks are caused by weak spots in the system, and how many rely on old-fashioned trick tactics. But, we also aim to answer the question: How can cyber attacks be prevented?
Moreover, we covered the core aspects of statistics on how prepared businesses and governments are when it comes to cybersecurity. This includes information on estimated cyber security spending by industry, the workforce gap, and how organizations are countering the growing intensity of these attacks.
The Most Important Cyber Security Stats
- In 2018, the global average cost of a data breach incidents was $3.86M
- by 2012 there will be 3.5M unfilled cybersecurity jobs globally
- Globally, Cyber attacks are the fastest-growing crime, estimated to cost $6T by 2021
- By 2021, 70% of all cryptocurrency transactions will be for illegal activity
- In the first half of 2018, 3.3B data records were compromised across 944 breaches worldwide
- 97% of all stolen data was in the US, making it the most popular target for attacks
- In the past year, 76% of organizations worldwide experienced a phishing attack
- By 2021, businesses will fall victim to a ransomware attack every 11 seconds and global ransomware damages will amount to $20B
- The global cybersecurity market is worth over $120B
Data Traffic Statistics
1. The world’s digital content is expected to grow to 96 zettabytes by 2020.
With more than 1.9 billion websites out there, the amount of content present online will increase from 4 zettabytes (4 billion terabytes) in 2015 to 9 zettabytes in 2020. Since data is the building block of any digital economy, this presents incalculable opportunities for both innovation and cybercrime growth.
2. The Deep Web is estimated to be 5,000 times larger than the surface web.
The Dark Web, which is a part of the Deep Web, is intentionally hidden and used to conceal and promote criminal activities of all kinds. It isn’t accessible or indexed by search engines, but some estimates put its size to at least 5,000 times larger than the Surface Web. The Deep Web’s rate of growth is also believed to be much faster than the Surface Web’s
3. In just 2022, it’s predicted that more internet traffic will be created than in the 32 years since the internet started.
Increased connectivity brings increased digital security risks along with it. According to the latest Cisco Visual Networking Index (VNI), more IP traffic will cross global networks than in all prior “internet years.” This is being driven by better infrastructure, more ways to engage with online systems, and the decreasing prices of devices.
4. Cloud data center traffic will represent 95% of total data center traffic by 2021.
The rapidly increasing use of cloud and IoT applications, such as smart cars and connected health devices, will expand data-center demands. This will increase new forms of cybercrime, like IoT attacks. The total data stored in the cloud—including public clouds operated by vendors and social media companies, government-owned clouds accessible to citizens and businesses, and private clouds owned by mid-to-large-sized companies—will be a hundred times greater in 2022 than in 2019.
5. According to the 2019 Thales Global Data Threat Report, 97% of the companies who responded use sensitive data on digitally transformative technologies.
These technologies include cloud computing, big data, IoT, containers, and mobile environments, all of which create new attack surfaces and new risks for data. The idea isn’t to discourage companies from using these technologies, but to ensure they’re aware of the vulnerabilities—like IoT hacking—that they create. The goal is to take the necessary steps required to safeguard their and their customers’ data.
6. Only 30% of those respondents are using encryption within these environments.
Encryption might not prevent data breaches, but it does ensure that the data stolen cannot be misused. The data security statistics from the Thales study also show that far too many companies around the world have still not woken up to the value of data encryption, despite using new technologies that make data theft likelier.
7. By 2020, 300 billion passwords worldwide will need protection.
Even though biometrics and facial recognition –which do away with the need for passwords– are being used in more and more devices, it’s believed that the need for passwords won’t die out anytime soon. By 2020, over 300 billion passwords will require protection from cybercrime, leading to ever-increasing cyber security costs.
8. Mobile devices will account for 80% of the global IP traffic by 2025.
It’s estimated that smartphones will account for 55% of the total IP traffic by 2025, with other mobile devices taking the overall total to 80%. Personal devices carried to workplaces will, thus, pose a major security threat to enterprises in the coming years, making mobile cyber security a particular area of concern.
9. The number of connected devices on the internet will exceed 50B by 2020.
In other words, the number of IoT devices will be three times as high as the global population by 2021. By 2022, 1 trillion networked sensors will be embedded in the world around us, with up to 45 trillion in 20 years. All this connectivity is expected to put a great deal of stress on our cybersecurity preparedness.
Cyber Attack Statistics
10. In terms of cyber attack frequency, hackers attack our devices every 39 seconds.
A recent study by the Clark School at the University of Maryland revealed this data. This is one of the first attempts at quantifying the nearly constant rate of online attacks.
11. Computers are attacked 2,244 times a day.
Luckily, even with the large number of cyber attacks per day, most of them are unsuccessful. Michel Cukier, Clark School assistant professor of mechanical engineering, and his two assistants discovered this data. They learned that most attacks involved relatively unsophisticated “dictionary scripts,” or a brute force attempt at logging in with common usernames and passwords.
12. Over 400 million adults across 24 countries experienced cybercrime over a 12-month period.
The number of cyber attacks per year was determined in a 2017 Norton cybercrime study. The study also concluded that 40% of users don’t have appropriate software security.
13. By 2022, there will be around 6 billion internet users (75% of the projected world population).
According to Cybersecurity Ventures, there are expected to be over 7.5 billion internet users by 2030 (90% of the projected world population of 8.5 billion, six years old or older). This leaves a huge number of vulnerable people, likely resulting in an increase in cyber attacks in the near future.
14. Only 38% of global organizations claim they’re properly prepared to handle a sophisticated cyber attack.
Take the following cyber attack statistics into account if you’re still unsure about just how discouraging this figure is. About 54% of organizations have experienced one or more significant attacks in the past year. Also, a Frost & Sullivan study commissioned by Microsoft revealed that the Asia Pacific companies could lose as many as $1.745 trillion to cybercrime.
15. Eighty-two percent of respondents believe 2019’s new cyber threats will bring an increased risk of money and data theft via cyber attacks. Eighty percent also expect an increase in operations disruptions.
This is no surprise if you consider the ways connected devices are becoming more and more integrated into our everyday lives. These views of the current cyber threats show a distrust among the public in their personal safety, not to mention the honesty of their government.
16. The annual revenue for stolen trade secrets and IP theft is $500 billion.
Bromium derived this figure from two sources, namely, economic espionage revenue ($200 billion) and the cost of pirated music and films for the US ($300 billion). As we can see from the data breach that hit Sony, Netflix, and HBO, an attack can cost a company not only their confidential data and future viewership but also their jobs and reputations.
17. On September 25, 2018, 50 million user accounts on Facebook were compromised.
This vulnerability allowed hackers to access and then take over accounts. It turned out to be an unprecedented security issue for Facebook. In another instance of social media hacking, hundreds of Instagram accounts were taken over by hackers in August 2018.
18. The more common network attacks in Q2 of 2018 were server message block attacks (52%), denial of service attacks (13%), browser attacks (13%), and brute force attacks (9%).
According to a 2018 McAfee internet security threat report, these were the most common network attacks. The huge difference between the prominence of the first and third attacks is indicative of a run-of-the-mill trend present in cybercrime today. Not much effort is needed, it seems, to combat contemporary safety mechanisms and get results.
19. Forty-three percent of cyber attacks target small businesses.
When it comes to the types of cyber attacks affecting small businesses, the most common is micro malware, with online banking and ransomware attacks trailing close behind. Of these malware attack victims, 58% were categorized as small businesses in 2018. Almost half of the cyber attacks worldwide are directed at small businesses, as a majority of these companies have minimal visibility into their employees’ password practices.
20. Over 75% of the healthcare industry was affected by malware cyber attacks in 2018.
This Security Scorecard study examined 700 healthcare organizations and medical treatment facilities in their research. In addition, health insurance agencies and healthcare manufacturing companies were also included. In these kinds of attacks, millions of patients are put at risk and important operations are delayed—this urgency is probably what attracts criminals.
21. More than 90% of money-mule activity has links to cybercrime activities.
Money muling refers to the transfer of illegally obtained funds between accounts on behalf of others. The stolen money often comes from phishing attacks, where an attacker sends emails while masquerading as a legitimate business; eCommerce fraud, where a cybercriminal uses stolen online bank or credit card information; credit card fraud; and other criminal activities.
Statistics on Cyber Attack Trends
22. In Q2 of 2018, over 40,000 new malware threats were discovered, according to a McAfee report.
There are so many threats our devices are already susceptible to—computer viruses, Trojans, worms, logic bombs, spyware, cryptomining malware—but there are so many new threats being developed. However, the most recent OS updates made adjustments based on these ever-increasing threat and the lessons learned from other recent attacks.
23. The total number of coinminer malware files grew by 86% in Q2 of 2018.
This amounts to more than 2.5 million new files added to the cyber attack database. The coin-mining malware is also considered the only cyber attack that can damage your hardware as well as your software. This attack can tax CPUs, shorten a device’s lifespan, run down your batteries, and even cause physical damage.
24. In Q2 of 2018, the top three malware threats connecting to control servers were GoScanSSH (52%), Wapomi (35%), and China Chopper (at only 4%).
One of the top kinds of current cyber security threats involves malware connecting to control servers, according to the 2018 McAfee report. GoScanSSH is a new strain of malware that has been targeting connected Linux-based SSH servers. And Wapomi is a cross-bred virus with Trojan-like behavior.
25. Over 30,000 new MacOS malware threats were detected in Q2, of 2018.
According to McAfee, the relatively strong defenses behind the MacOS make it challenging for a malware attack to persist long-term on Apple computers, even if they can get an initial foothold.
26. There were almost 2.5 million new mobile malware files in Q2 of 2018, and nearly 30 million total cases of mobile malware.
Since users today spend twice as many minutes on their mobile devices than on their desktop, it’s safe to say that any self-respecting hacker will update their portfolio with mobile-targeting malware. This mobile-first user behavior was matched by mobile-targeting criminal activities, Smart Insights concluded.
27. Ninety-one percent of cyberattacks start as a spear phishing email, commonly used to infect organizations with ransomware.
This kind of phishing is a high-effort cybercrime compared to malware or ransomware. The attacker needs to research their victim in order to fool them with a fake email that looks like the real deal. A recent Trend Micro report estimated that around 1% of the emails an enterprise receives is a phishing attack.
In 2017, 76% of organizations claimed that they had been targeted by phishing attacks. If you want to see a decrease in these phishing statistics, keeping your antivirus/antimalware software updated won’t cut it. You need to train your staff, a costly solution that still might not be entirely foolproof.
28. Only 15% of users claim they haven’t been exposed to email-based security threats.
Still, this observation is likely slightly generous with the truth, since we don’t know what those surveyed had observed. What makes someone an email-attack victim is their inability to recognize the infected emails before opening them.
29. Seventy-three percent of internet security professionals claim the frequency of online email attacks is increasing, and 80% of organizations have faced some form of this type of attack in the past year.
The increase in attacks that target human beings instead of the devices they use is due to the strategy’s undeniable success. Symantec Security estimated that only 3% of malware is run via a hacker attack that exploits a technical flaw in a system. Social engineering is more resistant to anti-virus and anti-malware software. It also is not dependant on a specific operating system or any other particular type of device.
30. Large-scale DDoS attacks have increased by 500%, according to a Q2 2018 report.
Most DDoS attacks exploit botnets, thus adding to the level of cybercrime growth in a number of ways. According to Gartner, 33% of enterprises reported that one hour of downtime cost them between one and five million dollars. So you can imagine how disastrous DDoS attacks can become. These attacks are increasingly used as smokescreens for ransomware attacks, data theft, IP theft, and an overall desire to drain a company of at least some of its resources.
Statistics on The Cost of Cyber Attacks
31. McAfee found that the top countries hosting botnet control servers in Q2 of 2018 were the US at 36%, Germany at 14%, Russia and the Netherlands at 5%, and all others at 24%.
The actual criminals, their willing or unwilling accessories, and the potential for crime-as-a-service activities must all be taken into account when calculating cyber attack statistics by country.
The millions of systems that are infected with malware and are controlled by hackers are the results of multilayered criminal activities. While making your system an unwilling accessory to a crime is one thing, the crimes committed using a botnet are another. It’s these botnets that are familiar with committing DDoS attacks.
32. Cybercrime could cost companies up to $5.2 trillion over the next five years.
So here’s your answer if you’ve been asking, how much do cyber attacks cost? Around three years ago, The Wall Street Journal estimated that cybercrime cost the US around $100 billion. Juniper Research estimated that global cybercrime will knock $2 trillion out of people’s pockets. By 2020, over 300 billion passwords will require protection from cybercrime, leading to ever-increasing cyber security costs.
Still, the losses from successful attacks are only a part of the burden that individuals and companies have to bear. The annual prices of cybersecurity have been rising throughout the years. Venture capital funding totaled $5.3 billion in 2018, 20% more than in 2017.
33. For every cybercriminal that gets caught, 10,000 or more go free, according to the CSO.
One of the most disturbing cyber attack statistics is that cybercriminals almost never get caught. If they live in countries with weak or non-existent cybercrime laws like Algeria, for example, cybercriminals can enjoy a passive income and know for a fact they won’t be punished. Even if a criminal is somehow prosecuted in a court of law, for every person that’s caught, 100 get off scot-free or with a warning.
34. The crime-as-a-service price per year for a DDoS attack/botnet for hire is around $13 million, malware for hire is around $11 million, and hire-a-hacker services are around $1.6 billion.
These numbers were estimated by Dr. Mike McGuire in his report for Bromium. Over the years, cybercrime has become a complex, even regulated online criminal industry. One can now purchase a number of zombified computers and malware tools within seconds. Current internet crime statistics show that you don’t even have to be actively engaged in cybercrime to make money on it now.
Remote criminal activities committed from one’s own bedroom can easily go unpunished, especially if the criminal is located in a country that has little-to-no cybercrime-related laws. This adds up to increasingly targeted and sophisticated attacks that get better results in a shorter time span, adding up to deceptive cyber attack stats.
35. Only 18% of the cybersecurity laws brought forward in the US were passed In 2018, in spite of severe losses.
Perhaps because they fear getting no help from the authorities or because paying up to criminals is often easier, quicker, and even cheaper, in cases like ransomware attacks, many people still refuse to report an internet attack, according to the FBI. Still, this attitude will cause more trouble in the future, and it certainly helps keep the cybercrime business alive.
36. Twenty percent of global organizations consider cyber espionage to be the most serious threat to business.
The Global IP Center claims that when it comes to global IP leaders—the US, the UK, Japan, and European Union (EU) countries—IP theft and corporate cyber attacks are becoming a huge issue. For example, 20% of US organizations have suffered a cyber-espionage-related attack.
37. In 2018, the global average cost of a data breach incident was $3.86 million.
While the number of data breaches has come down marginally over the same period a year earlier, the average cost per incident has gone up by 6.4%. This figure would approximate to more than $3 billion lost in the first half of 2018. This is the objective cost businesses are paying to cyber criminals, and it’s going up almost every year.
Cyber Crime Statistics
38. Cyber attacks are the fastest-growing crime globally, estimated to cost $6 trillion by 2021.
How much does an expert expect cyber attacks to cost? Cyber attacks were already costing the world an estimated $3 trillion in 2015. This makes it a bigger drain on resources than natural disasters and a more profitable crime than the combined global trade of all major illegal drugs.
39. Well above 700 million people experienced some form of cybercrime between 2017 and 2018.
Symantec’s study reports a figure of 700 million across 21 countries. Given the increasing rate of people connecting online across the world, as well as the fact that many cyber crimes don’t even get detected or reported, the actual number is likely to be much higher. This also gives us an idea of how many cyber crimes occur per day – almost two million.
40. Cyber criminals coaxed $1.5 trillion out of their victims in 2017.
This cost is quite substantial, even if we examine the monetary costs alone and ignore other aspects like loss of reputation, and psychological impact. Today, cyber criminals aren’t just random hackers working on outdated systems. Cyber crime has become increasingly organized—as so many cyber security statistics have shown—with highly skilled people using their talents to extract money and sensitive information from their targets.
41. On average, it takes a company 197 days to identify that it’s been attacked.
That’s 197 days of the company’s processes partly or entirely busy dealing with the effects of the breach without realizing the main cause of the issues it’s dealing with. In some cases, incident response can take up to more than a year, especially when companies don’t adopt basic tools like automation and encryption. The Equifax Breach of 2017 is a noted example of the delay in threat identification. It was believed to have begun in May but was observed only in July. By this time, millions of consumer records had already been stolen.
42. It can take up to three years to discover identity theft.
It takes most victims about three months to find out that something’s wrong, according to Identity theft statistics, but as many as 16% don’t find out for three years that they’ve been targets of identity fraud theft. When involved in a financial crime, for example, this gives the cyber criminal enough time to extract small sums over months without being noticed.
43. The share of cyber warfare as the primary motivation behind attacks has grown to 4%.
While cybercrime maintains its dominance in motivations behind attacks at 88.1%, according to cyber warfare statistics, the use of cyberattacks as a form of warfare has gone up to 4% as of January 2019 from less than 2% in December 2018. Both government and non-government actors are believed to be involved in cyber warfare.
44. Seventy percent of all cryptocurrency transactions by 2021 will be for illegal activity.
This is a substantial increase from the current estimates that range from 20% for the top five major cryptocurrencies to 70% for Bitcoin. Cyber security stats from a paper published by the University of Sydney in Australia show that around $76 billion worth of illegal activity per year involves Bitcoin, close to the scale of the US and European market for illegal drugs.
45. Advertisers lost an estimated $19 billion to digital-ad fraud in 2017.
This loss is equivalent to $51 million every day. According to cyber fraud statistics, this figure, representing techniques like invisible ads, impression laundering, ad hijacking, bots, popunders, and fake installs, is expected to rise to $44 billion by 2022.
46. As of March 2019, there are 69 entities in the FBI’s Cyber’s Most Wanted List.
This list includes the people or groups that have conspired to commit the most damaging cybercrimes against the US, including computer intrusions, wire fraud, identity theft, money laundering, espionage, trade-secret theft, and false domain name registration. This list is a good proxy for the future of cyber crime in the US. The fact that this list has gone up from having just 19 entries in 2016 to 69 now shows the increasing level of threat from cybercrime.
47. Only 10 to 12 percent of the total number of cyber crimes gets reported in the United States each year.
One of the more striking aspects of cyber security facts in 2018 was that cybercrimes continue to remain vastly underreported. There are several reasons for this, like embarrassment, fear of harm to reputation, and lack of belief in law enforcement agencies’ ability to help. Given the severity of crimes that do get reported, one can only imagine how serious the actual incidence of cybercrime is.
Statistics on Types of Cybercrimes
48. In the first half of 2018, 3.3 billion data records were compromised across 944 breaches worldwide.
If you’ve been wondering about how many cyber attacks occur per day, here’s the answer for you. The above data translates to more than five breaches daily, causing more than a staggering 18 million records to be stolen every day in the first half of 2018! Compared to the same period in 2017, the number of lost, stolen, or compromised records has increased by 72%, though the total number of breaches slightly decreased over the same period, signaling an increase in the severity of cyber crime per incident. Of these 944, 189 (20%) had an unknown or unaccounted number of compromised data records.
49. By 2018, the likelihood of having a material data breach over the following 24 months rose to 32.3%.
Cyber attack statistics from 2018 indicate that the likelihood of a data breach involving a minimum of 10,000 records has consistently risen over the last five years. The 32.3% figure for FY2018 is a slight increase from 31.6% for FY2017. Interestingly, the larger the data breach an organization suffers once, the less likely it is to have another breach in the next 24 months.
50. Sixty-five percent of IT professionals worldwide say the severity of attacks has increased.
A common theme among global cyber crime statistics is that cyber criminals are using the most modern tools to target the security systems of organizations, making it more difficult by the day to counter attacks. 57% of professionals in the same survey also say that the time spent resolving an incident has increased. Plus, the increasing use of big data also raises the likelihood of big-data security breaches.
51. Healthcare was the sector with the highest share of data breaches in the first half of 2018, accounting for 27% of the total.
Social media ranks at the top for the number of records breached (76%) due to the high-profile customer data compromises at Facebook and Twitter, involving 2.2 billion and 336 million, respectively. Cyber attacks statistics from 2018 H1 show that most sectors saw an increase in the number of incidents compared to the previous half. The exceptions were government, professional services, retail, and technology, though both retail and technology saw an increase in the number of records breached among fewer events.
52. Fifty-seven percent of data breaches and 97% of all records stolen were in the United States, making it the most popular target for attacks.
Nevertheless, cyber attack statistics by country show that the number of incidents has gone down in the US by 17% compared to the second half of 2017. With the implementation of the Notifiable Data Breaches law, the number of incidents in Australia increased dramatically from 18 to 308, as could be expected. Europe saw 36% fewer incidents but a 28% increase in the number of records breached, indicating a growing severity in attacks. The United Kingdom remains the most breached country in the region. India had the highest number of notified attacks in Asia.
53. The August 2013 Yahoo data breach is the biggest incident in terms of records affected so far.
According to global data breach statistics, the ten biggest data breaches of all time, including the number of accounts hacked and the year the breach occurred in are Yahoo (3 billion, 2013), Marriott (500 million, 2014–2018), Adult FriendFinder (412 million, 2016), MySpace (360 million, 2016), Under Armor (150 million, 2018), Equifax Breach (145.5 million, 2017), eBay (145 million, 2014), Target (110 million, 2013), Heartland Payment Systems (100+ million, 2018), and LinkedIn (100 million, 2012).
54. According to a global survey, 22% of organizations consider phishing the greatest cyber threat.
Cyber security statistics place malware at a close second at 20%, followed by cyberattacks to disrupt (13%), to steal money (12%), and to steal IP (8%). Although there has been quite a lot of discussion about insider threats and state-sponsored attacks, the fear for internal attacks shows up as number eight on the list, while espionage ranks at the bottom of the list.
55. Most malicious domains, at about 60%, are associated with spam campaigns.
Even as cyber threats are evolving, traditional ransomware—namely phishing emails containing malicious attachments, spam, malvertising, and malicious domains—continues to be one of the most feared cyber threats. According to a Cisco report, about 60% of the malicious domains analyzed were associated with spam campaigns.
56. Seventy-six percent of organizations worldwide experienced a phishing attack in the past year.
Phishing statistics show that one of the most common forms of phishing attacks is the BEC (Business Email Compromise) scam, where cyber attackers pass themselves off as a client or supplier in order to get money. Around 60% of BEC scam emails do not contain a link, making it harder for cybersecurity systems to detect them. And 81% of heads of corporate IT security have detected an increase in the number of all types of phishing attacks.
57. BEC scams have cost more than $12.5 billion in losses over the last 4.5 years.
A BEC, aka Email Account Compromise (EAC), is a sophisticated scam targeting both businesses and individuals performing wire transfer payments. In the 4.5 years leading up to May of last year, these scams have cost more than $12.5 billion in losses.
58. In a global survey, all 850 organizations questioned had experienced at least one malware attack.
What percentage of companies have been hacked? The above data would indicate a figure of nearly 100%. Even though enterprise mobility management solutions were in place, 75% of the organizations in the sample had at least one jailbroken iOS device or rooted Android device connected to their corporate networks between H2 2016 and H1 2017. The average number of mobile malware attacks per organization was 54, and the average number of jailbroken devices was 35 per company. This is a concerning result, obviously, as jailbreaking strips away the built-in security provided by the iOS and Android operating systems, rendering the entire enterprise vulnerable to an easy attack.
59. Cryptomining affected 40% of organizations worldwide in 2018.
According to malware statistics, cryptomining, unlike ransomware, offers cyber criminals a much stealthier style of attack. The malware can remain on an organization’s servers for months without being detected. During this period, its authors earn a steady stream of passive income. Check Point’s research also found that over 20% of organizations are impacted every week by cryptojacking malware.
60. Cryptomining saw a 459% increase in 2018.
Reports show that cryptojacking, or cryptomining, participants are also using more sophisticated means to evade detection, to the point where they have a detection rate of just 50%. Because of this, cryptojacking has emerged as one of the top cybersecurity threats in recent times, growing at a tremendous pace.
61. Nearly 45% of malware incidents involve ransomware, up from less than 10% in 2015.
Cyber criminals are also growing bolder, with the share of personal devices targeted with ransomware coming down and that of enterprise servers, for which much greater ransoms can be demanded, going up. These recent ransomware statistics show that, given its low-risk and high-gain nature, ransomware has remained one of the most popular forms of cybercrime.
62. Fifty-six percent of data breaches in the first half of 2018 were caused by malicious outsiders.
This was a decrease of 7% from H2 2017. In terms of the number of compromised records, the share is higher, at 73%. Data breach statistics show that accidental loss accounted for over 879 million (26%) of the records lost, the second most popular cause of data breaches. The number of records and incidents involved in malicious insider attacks fell by 60% this half compared to the same time period in 2017.
63. Fifty-five percent of industrial organizations allow third parties such as suppliers, partners, and service providers to access their industrial control network.
Even though there’s a wider understanding of the risks of a third-party data breach, business cyber security statistics show that more than half of industrial organizations permit outsiders to access critical systems. It’s important to note that organizations that allow third-party access like this are also 63% more likely to experience a security breach as compared to those that don’t allow this access.
64. Eighty-three percent of all records stolen in the first half of 2018 involved identity theft.
Identity theft has continued to be the leading type of data breach, at least since 2013. According to the most recent information security stats, while the number of identity theft breaches decreased by 26% over the first half of 2017, the number of records stolen through these incidents increased by 757%, representing 83% of all records stolen. There’s a disturbing trend in the escalation of data-breach severity. Though the overall incident numbers are on the decline, 171 for H1 of 2017 and 123 for H1 2018, the number of records breached increased from 2.7 million to 359 million, respectively.
65. Twenty-eight percent of organizations say customer information or customer passwords are the most valuable form of information for cyber criminals.
The most expensive component of a cyber attack is information loss. Twelve percent say it’s the companies’ financial information, while another 12% say their strategic plans are the top information cyber criminals are looking for. Other categories that rank slightly lower in terms of threat perception are R&D information, M&A information, and intellectual property.
66. Identity theft makes up 13% of all recorded criminal complaints in the United States.
These identity theft stats show that it has emerged as one of the biggest crime issues in America. The figure is believed to have risen in the last two years. Cyber criminals are getting more sophisticated, and the number of touch points where personal information can be accessed continues to increase.
67. Credit-card fraud accounts for 30% of identity theft cases.
According to the FTC’s computer crime statistics for 2017, after credit card fraud, next on the list of the most common types of identity theft is employment or tax-related fraud, at 18.6% of all identity-theft cases. Other common types are phone or utilities fraud (12.5%), bank fraud (11.4%), loan or lease fraud (6.8%), and government documents or benefits fraud (5.9%).
68. Cryptocurrency exchange hacks caused roughly $1 billion in losses in 2018.
Cyber attack stats show that the types of cryptocurrency crimes are diverse and increasingly sophisticated, from Ethereum-based scams rising and falling with cryptocurrency prices, to darknet markets showing resilience against market trends, to hacks being carried out by professional organizations with distinct modus operandi.
69. The cost of the biggest cryptocurrency heist to date was $530 million.
Based on the cyber attack statistics to date, the biggest cryptocurrency heist of all time was the 2018 Coincheck hack, involving the theft of 523 million NEM coins from a hot wallet. The five biggest Bitcoin hacks of all time were: Mt. Gox in 2011 (2609 BTC +750,000 BTC), BitFloor in 2012 (24,000 BTC), Poloniex in 2014 (12.3% of all BTCs – 97 BTC), BitStamp in 2015 (19,000 BTC), and Bitfinex in 2016 (120,000 BTC).
70. Zero-day cyberattacks are expected to reach one per day by 2021.
Cyber attack statistics by year show that zero-day attacks, which exploit a vulnerability that has either not been fixed or is unknown to the software vendor, are expected to rise from one per week in 2015 to one per day in 2021. Since 111 billion lines of new software code are being produced every year, this introduces the potential for a massive number of vulnerabilities to be exploited.
71. Globally, DDoS attacks are expected to double 2017’s numbers by 2022, reaching 14.5 million.
Hacking statistics show that Distributed-Denial-of-Service (DDoS) attacks represent the dominant threat observed by the vast majority of service providers, and they can represent up to 25% of any given country’s total internet traffic while they’re occurring.
72. Basic malware can be obtained online for no more than $1.
Cybercrime has extremely low entry barriers, with hacking tools and kits for cyber attacks, identity theft, malware, ransomware, and other nefarious activities available in online marketplaces for very low prices. For instance, one can purchase one million compromised email IDs and passwords for $25 and a password stealer for $50.
73. The Trojan horse virus Ramnit affected 35% of all organizations in the banking sector globally in 2017.
Ramnit, a Trojan horse virus, has been around since 2010 but became particularly active in 2017. Multiple campaigns involving malware from the Ramnit family turned victims’ machines into malicious proxy servers and infected them with info-stealing programs. According to Cisco’s estimates, 53% of attacks in the banking sector in 2017 were caused by Ramnit, a Windows-based worm.
74. Global ransomware damage costs are predicted to hit $20 billion in 2021.
There’s been a consistently rapid increase in ransomware costs from just $325 million in 2015. According to some estimates, ransomware attacks saw a 350% increase in 2018. It’s estimated that by 2021, businesses will fall victim to a ransomware attack every 11 seconds.
75. Spending on security awareness training for employees will reach $10 billion globally by 2027.
This value was just $1 billion in 2014 and shows the extent of resources being spent on combating cybercrime—resources that could otherwise be put to more constructive use. Cyber security spending trends show that much of this employee training is centered on combating phishing scams and ransomware attacks.
76. The No-More-Ransom portal carries 59 free decryption tools.
The portal is now available in 35 languages and covers 91 ransomware families. So far, these tools provided on the site have managed to decrypt the infected computers of over 72,000 victims worldwide.
Small Business Data-Breach Statistics
77. Small to medium businesses accounted for 58% of data breaches in 2017.
Small and medium-sized businesses are as much at risk as larger companies. This makes sense considering that small businesses are less likely to have the resources available to beef up their cybersecurity in order to defend against these threats. With this in mind, several cyber security facts point to attackers preferring to make money from multiple small targets than a single big one. According to Privacy Rights Clearinghouse, an advocacy group, more than 90% of the breaches they have tracked since 2005 have affected fewer than 100,000 customers in one go.
78. Fifty-three percent of middle-market companies in 26 countries have experienced a data breach.
According to cyber crime statistics from 2018, more than half of middle-market companies in some of the biggest economies have already been victims of at least one data breach. This is another indication of the vulnerability of SMBs, for whom the top security concerns tend to be: targeted phishing attacks against employees, advanced persistent threats, ransomware, denial-of-service attacks, and employees being allowed to use their own mobile devices.
79. The primary cyber-security challenge for 55% of small businesses in North America is a lack of resources or knowledge.
Small businesses make up 97% of the total number of businesses in North America. Small business cyber attack statistics show that, for the majority of them, the lack of resources is the greatest challenge they face when it comes to being prepared against cyber attacks. Given the skilled workforce shortage faced by large corporations, who can afford to be better paymasters, it’s no wonder that smaller companies find it even more difficult to bring qualified personnel on board.
80. Sixty percent of the small companies that become victims of a cyber attack go out of business within six months.
This means that the average cost of a malware attack is much higher for small businesses. Small companies are much less resilient, making the issue of cybercrime a much bigger concern. According to data from Cisco, SMBs are also more likely to pay ransom to their cyber attackers so that they can quickly resume normal operations after a ransomware attack.
81. The global cybersecurity market was estimated to be worth $120 billion in 2017.
How much does cyber security cost? Conservative estimates indicate a growth of about 35 times the size of the global cybersecurity market between 2004 and 2017, making it one of the fastest-growing industries in the world. The industry’s growth was expected to mirror the growth of the internet in general.
82. The cybersecurity market is expected to continue growing by 12–15% year-on-year until 2021.
The unprecedented increase in cyber crime worldwide has made it difficult for analysts to accurately track the growth of the cybersecurity industry. The growth estimates typically range from 8–10% to 12–15% year-on-year. According to the higher estimates, the market’s cumulative spending between 2017 and 2021 is expected to be over $1 trillion.
83. The global cyber identity-theft protection services market is expected to be worth $18.7 billion by 2025.
The market was valued at $4.98 billion in 2017. The key drivers for growth in cyber security spending are considered to be the growth in eCommerce, increased comfort in making online payments, and the steady rise in identity-theft numbers globally. Geography-wise, while North America accounts for close to three-quarters of the market value, the greatest growth in this period is expected to come from the Asia-Pacific region.
84. Worldwide spending on information security is expected to reach $124 billion in 2019.
How much money do companies spend on cybersecurity? Global spending on information-security products and services (a subset of the overall cybersecurity market) exceeded $114 billion in 2018, and it is expected to grow to $170.40 billion by 2022. The top three drivers for security spending are security risks, business needs, and industry changes. Privacy concerns are also becoming a key factor according to cybersecurity statistics for 2019.
85. The global blockchain market is expected to be worth $23.3 billion by 2023.
Cybersecurity will play a major role in the rapidly increasing use of blockchain technology. The global blockchain market was worth just $1.2 billion in 2018, indicating a whopping 80.2% CAGR during the projected period. The two factors that could slow this growth, cybersecurity facts show, are its unregulated environment and the limited availability of technical skills.
86. Two-thirds of institutional investors believe the blockchain will have the biggest impact on financial services and banking.
They expect to see these changes take place within the next two years. The sector with the next biggest impact, according to one-third of the respondents, will be healthcare.
87. The total venture capital funding for cybersecurity totaled $5.3 billion in 2018.
The surge in cyber attacks across the world means investors see value in the startups producing ways to counter them. Cybersecurity statistics from 2018 put the total funding amount at $5.3 billion, which would be a 20% increase over the $4.4 billion invested in 2017.
88. Israel accounts for 20% of worldwide cybersecurity funding.
The top four countries investing the most venture capital into cybersecurity are the United States, Israel, the United Kingdom, and Canada. In 2018, the total amount of funding for cybersecurity companies based in Israel grew by 22% to over $1 billion and involved 66 new companies being funded. The top emerging fields among new startups in 2018 included new verticals within IoT security, security for cryptocurrencies and the blockchain, cloud-native security, and SDP (software defined perimeter). These drew considerably more attention than the more “traditional” cyber sectors like network security, email security, and endpoint protection. Additionally, according to cyber security statistics from 2018, the UK cybersecurity market is valued at $5 billion.
89. The cyber insurance policy market is estimated to be worth $20 billion by 2025.
Legislation like the EU’s General Data Protection Regulation is helping drive the demand for cyber insurance. Healthcare providers, financial services firms, and companies across all industries are tasked with keeping user data safe and recovering from data breaches and ransomware attacks. Cyber crime predictions for the insurance market’s size range from $14 billion in 2022 to $20 billion in 2025. This value was less than $1.6 billion in 2016.
90. Sixty-eight percent of US businesses haven’t purchased any form of cyber liability or data-breach insurance.
Businesses aren’t adopting cyber insurance coverage at a rate matching the rising risks they face. The situation is better, however, when it comes to protection measures taken by civic administrations. According to a Wall Street Journal survey, the majority of the US’s 25 most populous cities now have cyber insurance or are looking into buying it.
91. The world’s first commercial cyber-risk pool worth $1 billion was launched in 2018.
To counter the global issue of low insurance coverage for cyber risks—especially in the face of worrisome cyber attack stats—the Singapore government launched the world’s first commercial cyber risk pool along with the Singapore Reinsurers’ Association. The pool will commit up to $1 billion in risk capacity and will be backed by capital from traditional insurance and insurance-linked securities markets to provide coverage.
92. The single largest investment in a cybersecurity facility by a US state was made in 2018.
The state of Georgia unveiled its $100 million Hull McKnight Georgia Cyber Center for Innovation and Training in 2018, marking the growth of the government’s spending on cyber security to strengthen state and federal defenses against cyberattacks. These facilities also aim to fill the workforce gap in this critical field.
93. The 2019 US President’s budget for cybersecurity rose to $15 billion.
This is an increase of $583.4 million or 4.1% throughout 2018, and it reflects the fact that the government understands the implications of these kinds of cyber attack statistics. The Department of Defense was the largest contributor to the budget and reported $8.5 billion in cybersecurity funding, a $340 million (4.2%) increase throughout 2018.
94. The US federal government’s demand for vendor-furnished cybersecurity products and services is expected to grow to $14.1 billion by 2023.
The complex federal IT environment makes effectively mitigating these threats a challenge. This is due to legacy IT, the increasing demand for mobile solutions and cloud-based technologies, and the desire to employ emerging technologies such as blockchain and artificial intelligence. Driven by the federal government’s desire to enhance agency cyber security at every possible level, cyber security statistics from GovWin by Deltek forecast that the demand for vendor-furnished information security products and services by the US government will grow from 2018’s $10.9 billion to over $14.1 billion in 2023, at a CAGR of 5.3%.
95. By 2022, 1.8 million additional cybersecurity professionals will be needed in the United States.
This massive gap is estimated only for the US, which has a relatively better supply of qualified professionals. There were roughly half a million cybersecurity job openings in the US in 2017, with the gap between available workforce and demand growing exponentially. Cybersecurity statistics show an estimated 6 million job openings in the industry, with only 4.5 million professionals to fill those roles.
96. The annual job growth rate for information security analysts will be around 28% between 2016 and 2026.
The bureau also expects a 56% growth for information security jobs in computer systems design and related services from 2016 to 2026. An increased adoption of cloud services by small and medium-sized businesses and a rise in advanced cybersecurity threats like IoT hacking will create demand for managed security services providers. Ensuring the protection of personal data in other critical sectors like finance and healthcare is also expected to drive the demand for cybersecurity professionals.
97. Globally, there will be 3.5 million unfilled cybersecurity jobs by 2021.
Over the last few years, there’s been a continuous increase in the estimated number of unfilled jobs in cybersecurity, thanks to the ever-growing cyber crime rates. The shortfall is high in all the important markets. Europe faces a projected shortage of 350,000 workers by 2022. India alone is expected to need one million cybersecurity professionals by 2020 to meet the demands of its rapidly growing economy. Australia has been hit harder than any other country by the cybersecurity skills shortage.
98. Maryland has a higher number of cybersecurity experts than any other US state.
Information security stats show that Maryland has more than 150,000 cyber-related engineering and data-science professionals, and the state leads the country in cyber employment for classified government jobs. It also has the largest concentration of university-trained cyber engineering graduates in the world. In terms of cities, the highest concentrations of cybersecurity experts are in Washington DC and San Antonio.
99. It is estimated that 100% of large corporations will have a CISO or similar position by 2021.
A chief information security officer oversees an organization’s cyber security preparedness. Cyber security statistics from 2018 show that about 70% of Fortune 500 or Global 2000 companies worldwide had a position like this. As for the companies that did not, they’re expected to catch up very soon. It’s a different matter that many of these positions will remain unfilled due to a lack of experienced candidates.
100. Freelance bug “bounty hunters” can earn more than $500,000 a year.
Finding the vulnerabilities created by flaws in software code is proving lucrative for the top freelance hackers. According to cybercrime statistics, the most successful among these can earn well above $500,000 every year. For most freelance hackers, though, the take-home pay is much lower and never guaranteed.
101. Cybersecurity engineers are expected to be the highest paid among all IT professionals in 2019.
With an average annual salary of $140,000, cybersecurity engineers are getting paid more than other IT professionals like systems administrators, IT auditors, software engineers, and software architects. For the top coders with leadership and cybersecurity skills, salaries can exceed $225,000.
102. Forty-one percent of organizations have sensitive files that can be accessed by their entire staff.
According to a 2018 report on cyber attack statistics, 41% of organizations across more than 50 countries keep data like credit card information, health records, and personal information such that it’s readily available to anyone with access to the system. This easily accessible data puts companies at a higher risk of malware attacks.
103. Eighty-seven percent of companies are experiencing delays in their sales cycles as a result of their current or prospective customers’ privacy concerns.
What is the cost of cybercrime? For businesses, it can mean monetary as well as other business-related costs. According to the companies surveyed in the 2019 Cisco Data Privacy Benchmark Study, this number is up from 66% last year. The rise is attributed to the increased privacy awareness brought on by the GDPR and the frequent coverage of data breaches by the media.
104. Investment in data privacy can reduce most sales-cycle delays by up to four weeks.
Cyber security statistics show that if an organization invests in data privacy to meet the GDPR, it will experience shorter sales cycle delays caused by customers’ privacy concerns. The difference is 3.4 weeks vs. 5.4 weeks among the least GDPR-ready organizations. Overall, the average sales delay has come down from 7.8 weeks a year ago to 3.9 weeks.
105. Close to 88% of organizations meet all or most of the General Data Protection Regulation requirements today or will do so within a year.
Data security statistics from a survey of global organizations show that 59% of organizations are meeting all or most of the necessary requirements. Another 29% intend to be ready within a year. And 9% said it would take more than a year for them to meet all the requirements, while the remaining 3% stated that the requirements did not apply to them.
106. The average cost of a data breach can be reduced by more than 50% by using an automated disaster recovery process.
Automation means codifying a set of manual disaster recovery steps by creating scripts that drive singular actions at component levels. Cyber security statistics show that the difference in the average cost of a data breach can be as much as 50% between the companies that don’t and those that do deploy an automated disaster-recovery process.
107. The presence of a strong incident response team has the most positive effect on the costs of a data breach while third-party involvement has the most negative.
Out of 22 factors that can either increase or decrease the average cost of a data breach, having an incident response team is the most beneficial, potentially lowering the per capita data breach cost by $14. Equally critical are the factors that can increase the per capita cost, which include third-party involvement (by $13.40), extensive cloud migration ($11.90), compliance failures ($11.90), and extensive use of mobile platforms and IoT devices.
108. Sixty-one percent of organizations worldwide cite the hiring of skilled personnel as the top reason for their improved cyber resilience.
Cybersecurity statistics from 2018 show that more than 70% of organizations say their cyber resilience has improved between 2017 and 2018. The top reasons for this include better hiring, improved information governance practices, visibility into applications and data assets, and the implementation of new technology like cyber-automation tools (such as artificial intelligence and machine learning).
109. Fifty-two percent of organizations consider cloud computing a priority for cybersecurity investment in 2019.
Cloud computing will also see an increase in security spending by 57% of organizations. According to cybersecurity statistics, the other areas in the top five include cybersecurity analytics, mobile computing, IoT, and robotic process automation.
110. Preparedness and agility are by far the most important factors in achieving a high level of cyber resilience.
How do you ensure cyber security? When asked to choose from seven key factors that help achieve effective cyber resilience, IT professionals from around the world gave the highest preference to preparedness and agility, placing them well above planned redundancies. The best way to counter the unpredictable and ever-present nature of cyber threats is to be prepared all the time.
111. Seventy percent of IT professionals consider identity management and authentication an effective security technology.
In addition to people and processes, data security statistics show that the right technologies are essential for achieving cyber resilience. The seven most effective technologies for achieving cyber resilience are identity management and authentication, anti-virus/anti-malware, intrusion detection and prevention systems, incident response platforms, network traffic surveillance, encryption for data at rest, and security information & event management. Out of these seven, most IT professionals agree on identity management and authentication, making it the top security technology.
Recent Cyber Attacks in 2018
Cisco’s Talos unit warns that 500,000 routers are networked for a cyber attack.
Cisco Inc.’s Talos cyber-intelligence unit announced in May 2018 that half a million routers from 54 countries have been infected by the malware that was previously detected in attacks on Ukraine. The allegedly state-sponsored attack used VPNFilter, a sophisticated modular malware system.
One estimate suggests that energy utilities spent $1.7 billion protecting their systems from cyber attacks in 2017.
In 2015, a suspected state-sponsored internet cyber attack left 230,000 people in the dark for hours on end. This only fueled fear in other countries. According to the 2019 Global Risk Report by Zurich Insurance, digitalization and the internet of things have increased the connectivity of the developed world’s infrastructure.
During the 2018 FIFA World Cup, Russia countered and stopped around 25 million cyber attacks on the IT Infrastructure.
The Russian government apparently saw this coming, and they strengthened the country’s cybersecurity services prior to the World Cup. These cyber attacks stats confirm that being over-prepared sometimes works when countering potential threats.
Over 140 international airlines were found to be affected by a major security breach.
The Amadeus ticket booking system—which is currently used by 141 international airlines and 44% of the global online reservation market—was compromised. Some of these major clients included Air Canada, Lufthansa, and United Airlines. Recent cyber attacks gave the criminals access to passengers’ names and all associated flight details.
A data leak through the Oklahoma government exposed seven-years worth of FBI investigations.
These recent attacks are an excellent example of why every company ought to invest more in protecting archived data. The oldest stolen data originated from 1986 and the most recent had been modified in 2016.
How can cyber attacks be prevented?
While it’s impossible to predict how the next cyber attack will take place, IT professionals agree that there are certain preventive measures they can take to minimize the risks involved. These measures reduce the chinks in the security armor that cyber criminals eventually exploit to steal data. The top measures include curtailing unauthorized access to mission-critical applications and sensitive or confidential data. Other important measures are limiting the theft of data-bearing devices (including IoT), enabling efficient backup and disaster recovery operations, and preventing end-user access to unsecure internet sites and web-based apps.
Key takeaways from our 2019 cyber security statistics:
- As customers, businesses, and governments move an increasingly large number of their processes and systems online, their vulnerability to cybercrime also increases.
- The only way we can collectively counter the threat of cybercrime is by increasing cybersecurity investments and deploying them in the right manner, with a focus on training a larger workforce.
- Apart from answering critical questions like “How many cyber attacks were there in 2018,” we can see that the severity and variety of attacks is on the rise.
- It’s a good idea to update your OS regularly, to train your employees on the potential dangers of social engineering and to avoid downloading unfamiliar apps from unknown sources if you plan on avoiding the risk of a cyber attack today.
If an attack occurs and hackers demand payment, not reporting the cybercrime and giving in to the hackers by adhering to their demands might seem like the easy way out. But, the collective immunity to the most common cyber attacks depends on whether you report crimes to the authorities and refuse to pay up. The responsible approach makes future attacks less likely.