The cyber warfare statistics are hard to get by due to the secrecy that this type of conflict implies. With no tanks and airplanes or visible death tolls and destruction to catch the public’s eye, the cyberwar manages to slip underneath our radar. However, it is global and influences our lives considerably.
What makes cyberwar interesting is that there are no clear favorites and underdogs here. Instead, countries that wouldn’t dream of openly confronting their much stronger opponents are equal on this battlefield. And that is what makes cyberwar so unpredictable.
To help you better understand the current situation on the cyber battlefield, we have collected some interesting statistics.
Important Cyber Warfare Stats – Editor’s Choice
- The US Federal Agencies registered 30,819 cybersecurity incidents in 2020, 8% more than in 2019
- Colonial Pipeline paid a $4.4 million ransom to get control of its pipeline network back from the hackers
- NotPetya ransomware caused more than $10 billion in damages
- Yahoo breaches left more than 3 billion records exposed
- Iran has more than 120,000 cyberwar volunteers at its disposal
- 35% of all cyberattacks in India in 2019 came from China
- 42% of all cyber espionage data breaches in the last six years happened in the Asia-Pacific region
- 39% of cyber espionage breaches are discovered after one or more years
Cyber Warfare: Attacks That Shaped the World We Live In
Every journey begins with a small step, and cyber warfare’s story isn’t very different. Although these first attacks look naive compared to today’s massive nationwide attacks, they paint a picture of how cyberattacks and cyberwar evolved over the years. As the digital devices became more advanced and innumerable, so did the attacks.
1. Ray Tomlinson, the inventor of email, created the first computer worm in 1972.
It was not a malicious worm, as it was designed to catch Creeper, a program running around the ARPANET network (the internet’s predecessor) and leaving breadcrumbs. We have to mention that computer worms and viruses are entirely different types of cyberattacks.
While the virus needs your computer’s resources, programs, and sometimes even your actions to become active, the worm is entirely independent. It has everything it needs to hit the ground running and start replicating as soon as it reaches the host device.
2. The first DDoS attack affected about 10% of all computers on the internet, and it was completely unintentional.
In 1988, Robbert Morris wanted to know how big the internet was, so he created a worm that would go from one device to another, replicate, and then send a pingback. Since there were no antivirus programs at the time, the software (later named Morris Worm) could run free and cause havoc.
The cyberattack statistics show that it had infected tens of thousands of computers, which was about 10% of the internet back then. When Morris saw that the pings clogged the network, he sent out warnings across the internet, and it took experts from Berkeley and Purdue three days to stop the worm.
3. One of the first hacking attacks happened in 1976 when a 16-year-old boy hacked into Ark, one of the most advanced computers at the time.
(Avast), (The Register)
This attack has a prominent place in hacking statistics because of the perpetrator’s age and the method used. Namely, Kevin Mitnick used social engineering to gain developer access to the Ark, the central computer at Digital Equipment Corporation.
By listening to the company’s calls, he managed to get enough information to convince the people in the company that he works as a developer there, and they’ve given him the passwords he needed.
4. 1989 witnessed one of the first ransomware cyberattacks, and stats show that it had affected medical research facilities across 90 countries.
Joseph Popp, Ph.D., an AIDS researcher, created and distributed malware that later became known as AIDS Trojan or PC Cyborg Virus. He sent out 20,000 floppy disks to AIDS research facilities across the globe, claiming that they contained important research material.
The malware was set up to activate after the computer was turned on 90 times. After activation, it would encrypt all the data and show a message demanding that $189 be sent to a Panama P.O. box.
5. One of the first examples of cyber warfare happened in 1986 when a hacker broke into the Pentagon’s computers.
German computer hacker Marcus Hess hacked his way into the US Army mainframe and was able to access 400 military computers, some of them belonging to the Pentagon. Fortunately, he was stopped before he could steal confidential data and sell it to the Russians.
Even though it was prevented, the attack was a sign that security had to be improved. It is no surprise that the following year both eastern and western blocks had their first commercial antivirus software, NOD32 and McAfee.
Contemporary Cybersecurity Statistics
6. The US budget for cybersecurity is planned at $18.78 billion, which is a decrease from 2020.
Despite the increasing threats, the national cybersecurity budget will decrease in 2021, from $18.79 to $18.78 billion. This is also surprising because the budget was constantly rising from 2017 when it was just $13.15 billion. Understandably, the government wants to save money due to the high cost of Covid-19 relief programs. However, this decision could also reduce the US cyber warfare capabilities.
Still, increasing cybersecurity could save billions of US taxpayers’ money. Namely, a considerable percentage of ID frauds in the past two years were related to the government’s Covid-19 relief program. The cybercriminals would set up false identities and get the government’s payments.
7. The Federal Agencies registered 30,819 cybersecurity incidents in 2020, which is an 8% increase from 2019.
Even though the numbers are high, they are still far below the record-breaking 2015, when 77,183 cyber incidents were reported. Unfortunately, cyber warfare statistics for 2021 will likely show much higher numbers because they will include cyber incidents related to the massive breach at SolarWinds that was first registered in December.
8. SolarWinds’ breach in December 2020 left more than 18,000 companies and government organizations exposed.
The latest (known) significant data breach happened in December 2020. Among the 18,000 affected organizations were the Pentagon, the Department of Homeland Security, the State Department, Microsoft, Cisco, Intel, and Deloitte.
The attack began in early 2020 when hackers found their way to SolarWinds’s mainframe. The company provides IT services to more than 30,000 clients, and cybersecurity statistics show that the attackers gained access to many Fortune 500 companies and government institutions. After an investigation, the US accused a Russian hacker group backed up by the Russian government of being responsible for the incident.
9. The biggest data breach so far is the Yahoo cyberattack, with more than 3 billion records exposed.
What enabled the hackers to access so many records was the fact that the breach was discovered in 2017, four years after the company’s security was compromised. This was not, however, the only significant attack on the company.
For example, in the 2014 breach (which was discovered in 2016), more than 500 million records were exposed. These are two of the largest cyber warfare attacks up to date, as they are both believed to be state-sponsored.
10. 40% of global cyber espionage happens in the finance, information, and healthcare sectors.
According to the 2020 data, there were 147 cyber espionage attacks in the finance sector. It is followed by information and healthcare sectors, with 145 and 119 attacks, respectively. The safest industries were accommodation and administrative, with 11 and 10 events.
Results like these are to be expected. The statistics on cyber warfare show that cyber espionage follows the money, and the highest-grossing sectors are the most tempting targets.
11. The top two methods of identifying cyber espionage are suspicious traffic detection and antivirus programs, with 48% and 23%, respectively.
Emergency response teams and law enforcement agencies are far behind on the list, with 7% and 4%, respectively. The numbers differ very much when it comes to detecting all data breaches. Here, law enforcement and fraud detection services discover almost half (47%) of this kind of cybercrime.
Global Cyber Warfare Statistics
It is challenging to determine if cyberattacks are state-sponsored or done independently by some interest groups who are after financial gains. But it’s not hard to imagine that plenty of independent groups out there are allowed to work by their governments in return for occasional services and a promise of not attacking the national interests. Something like privateers during the colonial era.
12. With more than 65,000 startups in 2019 and $135 billion investments in the high-tech sector, the USA is unmatched when it comes to cyber power.
According to the International Institute for Strategic Studies, the United States is unmatched in cyber power and its ability to conduct cyber warfare operations. It’s the only country in the Tier 1 group.
Countries like China, Russia, Australia, Canada, France, and Israel are placed in the Tier 2 group. The Tier 3 group is populated by North Korea, Iran, India, Indonesia, and Japan.
The research also suggests that even though countries like Russia, China, Iran, and North Korea have pretty limited cyber defenses, their ability to conduct attacks is very high. This is because their budgets are directed at developing different types of cyber warfare attacks rather than defensive capabilities.
13. Iran claims it has more than 120,000 cyberwar volunteers at its disposal.
(CSIS), (The Record)
Furthermore, Teheran constantly increases its cyber budget and has allocated an extra $71.4 million to cyberspace programs in 2021. According to experts, Iran is a classic example of how a medium-sized actor can become a considerable opponent when he invests enough determination and money.
The Iranian government claims it has more than 120,000 cyber warfare volunteers. With that kind of manpower, it could conduct thousands of cyberattacks per day.
Although experts believe the numbers are exaggerated, they still confirm that the Iranian government has an enormous recruitment pool in universities and religious schools.
14. 64% of experts agree that there was a worrying escalation of tension in 2020.
Around 75% of them agree that Covid-19 presented a great opportunity for some nation-states to exploit. Experts also note that countries and organizations must concentrate on cyber warfare preparation. Statistics back their recommendation, as the latest data show a cyberweapon stockpiling. Namely, 10-15% of purchases on the Dark Web are done by agents acting on behalf of other clients, presumably nation-states.
15. 35% of all cyberattacks in India in 2019 came from China.
(Subex Secure), (Indian Defence Review), (Business Standard)
In total, there were 50,000 cyberattacks against India in 2019 originating from China. Cyberattacks follow important geopolitical and local events. To illustrate the point, India was the most attacked country in the world during the spring of 2019.
During that period, it had limited armed conflict with Pakistan, local elections, and state-changing laws approved in the Parliament. Cyber warfare stats show that for the rest of the year, the US held the title of the most attractive target.
16. The US, UK, and EU accused China of sponsoring the Microsoft Exchange attack in 2021, which affected at least 30,000 organizations worldwide.
The episode started in January, when Hafnium, a Chinese-linked hacker group, started exploiting a weakness in Microsoft Exchange. The attack was targeted against the group’s usual marks, such as defense contractors, universities, and think tanks.
The breach was discovered and contained relatively quickly (in March), but not before more than 250,000 companies and organizations were exposed, and at least 30,000 were compromised. The Chinese government denies having to do anything with the attack.
17. Chinese cyberattack statistics show that the country has been a target of more than 2,700 sophisticated cyberattacks in the past few years.
The representative of 360, a Chinese cybersecurity company, stated that it identified more than 40 high-level hacker organizations and over 2,700 sophisticated cyberattacks against China and its interests.
Unfortunately, the reports don’t show how many attacks were there in total. Still, considering that the majority of attacks (in general) are low-level, we can assume that the total number is much higher.
18. World cyber warfare statistics show that 42% of all cyber espionage data breaches in the last six years happened in the Asia-Pacific region.
It is followed by Europe, Middle East, and Africa region with 34%. Surprisingly, North America is in third place with just 23%. The perspective changes when we look at the total data breaches numbers. Here, the North American region takes first place with 65% of all data breaches globally.
This clearly shows that most financially motivated data breaches happen in wealthy regions. In contrast, classic cyber espionage mostly happens in “unstable” and “underdeveloped” parts of the world.
Cybercrime Statistics and Trends
It is tough to distinguish if high-level cybercrimes are done for financial gain or to weaken a country’s economy. That’s because the financial loss that the company suffers is never the only consequence — it always causes market tremors on a national level, thus weakening a country’s economy. No one can say where financially motivated cybercrime ends and cyber warfare begins.
19. The average cost of a data breach is around $3.86 million.
(Insurance Information Institute)
A recent study showed that the average cost of one global cyberattack data breach is $3.86 million. But the study included only the direct costs like regulatory, legal, and technical expenses.
The cost and damages of the clients whose data was stolen were not calculated. That said, we can say that the total numbers are probably much higher than what the study suggests.
20. China has the highest rate of DDoS attacks, more than 800 million per day.
However, most of these attacks (about 97%) came from domestic hackers. The cybercrime statistics show that the percentage of overseas attacks is small, but the experts state that it is rising. They mostly came from the US, South Korea, and Japan. As expected, the attacks that came from abroad primarily targeted government and financial organizations.
21. 3% of all data breaches in 2020 can be attributed to cyber espionage.
Overall, cyber espionage ranks as the 7th most common data breach reason, and the number is declining. For instance, in the period 2014-2020, the percentage was much higher, standing at 11%.
However, the latest numbers in cyber espionage statistics may not tell the whole story. Namely, this type of attack is challenging to detect because it goes after a limited amount of important data and leaves a much smaller trail.
22. 39% of cyber espionage breaches are discovered after one or more years.
Since most attacks of this type are conducted by highly skilled professionals, they are well planned and executed. That makes them very difficult to detect. What’s worrying is the fact that 56% of the attacks discovered required several weeks to several years to be contained.
23. Cyberattack statistics by year show that the ransomware victims paid $350 million in 2020.
(Institute for Security and Technology)
This is a 311% increase from 2019. The average ransom payment also went up and reached $313,493 in 2020, which is a 171% increase from the previous year. As the ransomware’s quality increases, so does the ransom amount.
Unfortunately, that is not the only expense victims have to pay. They often have legal and reimbursement expenses and long-term damage such as loss of reputation. On average, it takes 287 days for a company to recover from a ransomware attack.
24. Cybercrime will cost the global economy $6 trillion annually, and it will be more profitable than the illegal narcotics trade.
Whatever the immediate causes of cyber warfare may be, it all comes down to money. By definition, cyber warfare involves attempts to weaken or destroy a rival country through computer technology. However, the attackers, in this case, aren’t destroying data — they’re stealing it.
They’re accumulating so many assets that experts predict cybercrime will soon become more lucrative than the drug trade. What’s more, if cybercriminals had a country of their own, it would be the world’s third-largest economy, just behind the US and China.
25. When it comes to nation-state cyber warfare, the statistics show a 100% increase in state-sponsored major attacks between 2017 and 2020.
Interestingly, only about 20% of the attacks involved sophisticated and custom-made malware. Instead, more than half of the attacks were conducted using simple and low-budget tools sold on the dark web.
There are different explanations for these numbers. But since the statistics record just episodes that are discovered, the most plausible is that hackers who use sophisticated tools don’t get caught that often.
Important Cyber Warfare Attacks
Even though millions of cyberattacks are happening in the world every day, a tiny percentage is actually successful. But, unfortunately, when they occur, they affect countless people, companies, and organizations. They cause substantial damage, influence public opinion, and instill a sense of insecurity in the country’s population.
26. In June 2021, Chinese hackers targeted MWD of Southern California, which operates several water plants and provides water to 19 million people.
June witnessed one of the most dangerous cyber warfare attacks on the US. Statistics show that attacks often follow important local events, and this incident just goes to prove that claim. For example, during one of the worst drought seasons in California, the attackers gained access to Pulse Connect’s mainframe and, through it, targeted MWD.
Luckily, they were stopped on time due to the early warning of possible cyberattacks sent out by Homeland Security. So far, US cyber warfare statistics show that there is no immediate damage from the attacks.
27. The most devastating cyberattack to date is NotPetya, a ransomware that caused more than $10 billion in damages.
The experts assume that the malware started off as a tool in Russia’s attempt to damage Ukraine’s economy during their unofficial conflict. But, in time, it became a global threat. It crippled companies across the world and caused $10 billion in damages. Data breach statistics show that, ironically, it even affected Rosneft, the Russian national oil and gas company.
28. In early 2021, the Colonial Pipeline had to pay a $4.4 million ransom to get control of its pipeline network back from the hackers.
The attacks on the infrastructure are one of the many types of cyber warfare. This ransomware attack was conducted by a Russian hacker group called DarkSide, and it lasted six days – until the ransom was paid. It led to fuel shortages across the East Coast and sent shockwaves across the industry, primarily because of the way it was done.
It wasn’t a sophisticated attack that you would expect when a company of this caliber is involved. Namely, the hackers used login credentials they found on the Dark Web. Even though the person using them was no longer a company employee, his account wasn’t shut down. This attack can easily be filed under the category of cyberterrorism, as statistics show that millions of people and thousands of companies were left for days without fuel.
The reality of the world we live in is that it’s all connected. We enjoy the benefits of being connected all the time, but there are also dangers we aren’t actually prepared for. Many of the attacks could have been prevented if simple cyber hygiene rules had been followed.
Unfortunately, as we saw in the article, some vital organizations fail to follow them. It’s incredible how a simple oversight can have such dramatic consequences.
The latest cyber warfare data shows that you no longer need ICBMs to reach and hurt countries across the globe. And if you want to steal your competitor’s secrets and research, there is no need to send a person to their HQ and make them go through laser beams and retina scans. All you need to do is to hack their account.
A simple code can achieve more in a split of the second than thousands of pieces of hardware could in years. So in a sense, it’s proven once more that the pen is mightier than the sword.
People Also Ask
Cyber warfare is a cheap, easy, and effective way for a country to reach its goals. That’s why more and more countries are turning to this way of waging war. Although it’s not in plain sight and we can’t see airplanes and tanks, the battlefield is global and constantly active.
For instance, the US Federal Agencies registered 30,819 cybersecurity incidents in 2020. China, which has the highest rate of DDoS attacks globally, reports more than 800 million DDoS attacks per day, and 24 million of them originate from foreign countries.
Many cyberattacks go unnoticed, and successful data breaches are sometimes discovered after months and even years. That’s why keeping track of cyberattacks is challenging.
But according to the latest data, US agencies had registered 30,819 cybersecurity incidents in 2020, which is approximately 84 per day or one every 17 minutes. Chinese agencies report even higher numbers – 800 million DDoS attacks per day.
Cyberattacks have a much more significant effect on our lives than we think. The most significant impacts are:
- Financial – Cyberattacks cause massive financial damages, both short-term and long-term.
- Consumer mistrust – Businesses and organizations lose credibility and reputation.
- Psychological effects – Because we are all connected, and the attack can happen without any warning, it instills a sense of insecurity.
- Widespread disruption – Attacks on organizations that provide utility or other essential services can completely disrupt a country’s economy and the everyday life of its residents.
In the first half of 2021, McAfee counted 668 threats per minute on average. The company also discovered more than 2.3 million new malware threats during the first quarter of 2021 alone.
The other data that illustrates the situation in cyberspace comes from Microsoft Azure. The company stated that the average number of DDoS attacks in 2021 is 1,392 per day. This is a 25% increase from last year.
Yes, cyber warfare is a serious problem, and it is very likely to become one of the most significant global problems in the future. There are no boundaries, no frontline, and anyone can be attacked anywhere. It is a cheap and effective way to hurt your opponent and steal money along the way.
The latest data show that the countries are stockpiling cyber warfare tools and information, with 10% to 15% of the information on the dark web being purchased by agents presumed to work for different countries.
The line between financially motivated cyberattacks and cyber warfare is blurry. There was a 100% increase in state-sponsored major cyberattacks between 2017 and 2020.
In addition, attacks on infrastructure are no longer taboo—the attack on the Ukrainian power grid in 2015, the Colonial Pipeline ransomware attack, and the prevented attack on California’s leading water supplier in 2021 are the best proof.
However, experts believe that the latest cyber warfare statistics imply that the line has to be drawn somewhere. They believe we may soon witness a cyber peace conference, where some basic rules of engagement will be established.
- Business Insider
- Business Standard
- CyberCrime Magazine
- Digital Guardian
- Global Times
- Indian Defence Review
- Institute for Security and Technology
- Insurance Information Institute
- IFSEC Global
- LA Times
- Subex Secure
- The Register
- The Record