Terrifying Cybercrime Statistics – Protect Yourself in 2021

Today we are almost entirely dependent on hackable technology. Your phone, your computers, your car, your bank and credit card purchases, even your smart home devices and alarm systems (IoT) can be hacked into.

In fact, a hacker attack takes place worldwide every 39 seconds, affecting one in three Americans each year. 

In the following article, you’ll get a chance to see some cybercrime statistics from a variety of dependable sources that will help you understand the real threat you’re facing as a business, a person, and an employee.

You’ll also learn a bit about how you can protect yourself. We offer the most recent info from 2018 and 2019, and some comparisons with the crime/security from recent history.

Cybercrime is almost constant, committed by professionals and often extremely well-organized groups. As you will see, it’s also increasing in scope, sophistication, and cost.

9 Key Cybercrime Stats (Editor’s Choice)

  • Cybercrime generates around $1.5 trillion per year
  • A hack occurs every 39 seconds
  • Global cybercrime damages are estimated to cost $6 trillion per year by 2021
  • Hackers earn around $30,000 per job, whilst their managers can make up to $2 million
  • 60% of fraud goes through mobile devices, 80% of which are generated from mobile apps
  • $1,077 is the average cash amount attackers demand
  • 81% of the US population has a social media account
  • Chinese cyber attacks accounted for over 20% of cyber attacks in 2017
  • $80 billion held in cryptocurrency is laundered annually

General Cybercrime Statistics, Scope and Frequency

1. In 2018, almost 700 million people were victims of some type of cybercrime. 

That’s in 20 countries, many of which have outdated or even no cybercrime laws. In some cases, you won’t even be aware that you were targeted. For example, your computer might have come a part of a bot network without you noticing. In other cases, you might even have to face financial losses.

2. Cybercriminals generate revenues of $1.5 TRILLION annually.

The people behind recent cybercrimes no longer fit the stereotypical idea of a kid in a hoodie operating from his mom’s basement…at least not entirely. Today, we are up against organized crime, a professionalized underground industry that pays off big time. 

3. Cybercrime will cost $6 trillion annually by 2021.

As if the previous information wasn’t bad enough, it appears that the damage and thus security demands on a global scale are only going to continue to grow, according to the Official 2019 Annual Cybercrime Report by Cybersecurity Ventures.

4. Businesses face attacks as many as 16,856 times per year. 

A natural person is not the only victim of cybercrime – many companies, usually small to midsized ones, have to face up to increasing data breach or denial of service risks. This can answer questions about how many cybercrimes are committed each year. Companies can lose a significant amount of money in lawsuits and permanently damage their clients’ trust.

5. At least 1.7 times per week, cybercrimes work and damage targets.

Cyber criminals know that not all attacks get through, so they will often play the numbers, even the ones who do more research and commit more targeted crimes. This seemingly small percentage of successful hacks still generates a large amount of disruption. As cybercrime is becoming more sophisticated, targeted attacks are more and more common, and the success rates are rising. 

6. 46 attacks are suffered per day, or two every hour.

The type of attacks in this stat vary a great deal. We’re talking about malware, viruses, attempts at identity theft, and even hijacking computers. These attacks also vary depending on the country, so answering the question of how many cyber attacks happen per day is no easy task. 

 7. It takes 196 days, on average, for a company to even realize it’s been hacked. 

That’s one of the most frightening cybersecurity statistics in 2018, since criminals can mess around with your confidential data for months on end before you even notice something’s wrong, and start fixing the damage. 

8. 57.24% of computers in China are infected by malware.

China is the country with the highest rate of infected computers in the world, which does suggest to a degree that China is primarily the victim, not the perpetrator of cybercrime. 

9. Taiwan has a 49.19% of malware-ridden PC victims.

For Taiwan, the second country in the world most affected by attacks, this undeniable threat is both increasingly dangerous, and a good opportunity for building new lines of business.

10. Turkey is the second runner-up, with 42.52% of computers infected.

A champion of malware statistics in Europe, the number of compromised computers has risen by 3% in 2018, and it is only getting worse. 

Types of Cybercrime

The most common cybercrimes experienced by consumers or someone they know include: 

11. 53% Getting infected by a virus or some other security threat 

This could lead to software and even hardware failure, identity or personal information theft or nothing at all, with no visible damage.

Even then, a Trojan could make your device a zombie server sending out spam, consuming your network and internet resources. 

Therefore, make sure to protect yourself with the finest antivirus software.

12. 38% Credit or debit card fraud

This is when a person steals your card information and then uses it to gain access to cards and bank accounts.

Even as banks try hard to make some types of attacks more difficult, criminals still turn a profit, and everyone needs to stay tuned to the new developments.

13. 34% Stolen account password 

Your password is a part of authentication, a secret only you are authorized to know, that helps you access a system.

Using upper and lowercase letters along with numbers and some symbols is one way to fight brute force attacks, but this confidential information is still often stored and easily accessible on poorly protected devices.

Or if you prefer, buy the best password manager for your needs to ensure all round protection.

14. 34% Email or social media hacking 

Once you’ve been hacked on a social media channel, the attacker will observe communication and use this insight to access other accounts for further criminal actions.

This is usually done for financial gain – asking a bank to transfer money, and/or causing emotional damage, in the case of extortion.

15. 33% Online shopping scams

This also happens when users are fooled by a fake retail website that may or may not have been advertised on social media.

Getting your money back after this one is almost unheard of. The thieves will close up shop and erase any trace of themselves.

16. 32% Phishing

This is when you give out account information to the attacker pretending to be your bank or other authority. Phishing is done via email, message (smishing) or phone support (vishing).

The attacker might ask for personal information like your password, or ID number, or they might ask you to configure your computer to suit your needs.

This is a very productive type of cyberattack as companies still ignore the human factor, and see security as a solely technical problem.

17. $172 billion, or $142 per victim, on average

 A result of these criminal efforts put together, this is how much money cybercrime victims have lost in 2017. 

18. Cyberwarfare has turned into a rising trend, especially among hackers.

This is the use or targeting of computers, online control systems or networks in a battlespace, to commit a crime. One of the most famous attacks of this sort was Turla from 2014, a long-running surveillance campaign that was left unnoticed.

Controversy ensued after Russian security outfit Kaspersky Lab revealed what it knew months after Britain’s BAE Systems and Germany’s G Data went public.

Cybercrime Stats Related to the Most Prevalent Types of Cybercrime

19. By 2020, ransomware attacks are expected to quadruple. 

A fairly popular type of attack, where a computer is targeted and systems are then encrypted and held hostage.

If the target wants the data back, they have to pay up. For a long while payment was arranged in bitcoins, and full-on support by the attacker was available to assist victims in making the payment. 

20. $1,077 is the average amount of cash attackers demand.

Which is A LOT, especially if you take into consideration that the amount was only $294 in 2015.

This is a ransom spike of as much as 266%. The United States is the most targeted country in the world when it comes to ransomware, as they are the most willing to actually pay up, thus accounting for most of the global ransomware profits

21. $1 billion is the minimum global revenue estimate from ransom malware.

This amount does sound huge, but the overall revenues from this type of attack are fairly low compared to other cybercrime categories.

A sharp spike in profits from 2014 left everyone with the impression that this is the most profitable type of cybercrime.

22. $25 million in ransom was paid in the USA.

The USA is the most popular destination worldwide for this crime. The idea that paying up is cheaper than losing large amounts of money on confidentiality breach lawsuits might be to blame.

The US legal system often makes the potentially wronged customers more dangerous for the company’s pocket than cyber criminals.

23. Only 3% of hacking reaches targets via a technical problem, and 97% of hacking crimes is done via social engineering.

One of the most important cyber crime statistics and trends today is that hacking is becoming less and less prevalent as a technical problem.

And as Medium noticed, using humans as the weak link is a growing trend, and it’s becoming more and more expensive and difficult to raise awareness of employees worldwide. 

24. Social engineering is behind 98% of social incidents and 93% of breaches. 

This popular type of cyberattack is conducted via phone call or an email campaign. Spear phishing is a targeted attack planned with more research.

It steals social security numbers, passwords, ID and passport info, credit card numbers, and even confidential information about one’s company. Along with pretexting, this was the most popular type of cybercrime.

25. 97% of potential targets were unable to identify the criminal emails.

As McAfee reported, it appears that raising awareness of phishing is an effective way to fight this crime, as employees are completely unaware of the dangers of these emails and are quick to give out confidential information. 

26. People click on 30% of these fake emails.

When talking about the general population that cannot be trained by companies, including customers, the stats are worrying. People tend to believe these pretend links are legit, and a fake website is dangerous to an untrained eye.

Other Kinds of Attacks

27. Over 400,000 fake sites pop up per month, with 13,000 fresh sites popping up every day.

Fake sites are still successful at tricking people, making this one of the most common cyber crimes.

28. Within the first hour after the initial attack, the criminal gets 70% of the info.

Not only does this work, it works fast. People are so uneducated in regards to the potential dangers that they will give out most private information almost immediately, as reported in an IBM study.

29. In 2017, people sent 15,690 complaints to the Internet Crime Complaint Center.

The social manipulation that hackers use to gain access to confidential info is so successful that even the FBI got involved. The adjusted costs amounted to over $675 million in the USA.

30. Cryptocurrency is used in only 4% of money-laundering schemes.

Cybercrime and Cryptocurrency have established quite a reputation for being interlinked, even though the most popular cryptocurrencies like bitcoin or monero are a relevant form of currency. However, their position is quite overhyped as part of the cybercrime economy.

31. The laundered money held in cryptocurrency amounts to $80 billion annually.

This is only 4%, but it’s still a fair amount. The blockchain system supporting the cryptocurrency is eroding criminals of their anonymity these days, since doing business is a matter of public record, and web cookies are quick to link money transfers to individuals. 

32. Over 400,000 DDoS attacks are reported every month.

DSoS, or distributed denial-of-service, is one of the most prevalent cybercrime trends and it is exactly what it sounds like: an effort to make a certain website unavailable for hours, days, even weeks at a time, by overflowing it with traffic from hijacked computer systems. 

33. There were almost 800,000 service denial attacks in the first couple of months of 2018.

Once the target network has crashed, it’s much easier to hack the system. Criminals often use this downtime to perform other criminal acts like data theft. The wired communications carrier industry has been the most targeted. 

34. There are about 6.5 million denial of service attacks per year.

One must take into account the fact that the same botnet is often hired to commit several crimes and is deployed on several occasions before being retired.

35. 43% of cyber crimes target small businesses.

This affects them a great deal, since 60% go out of business within the first couple of months of being hacked. These business cybercrime statistics matter a great deal when you have a small client base, and your reputation is important to you. 

36. A day of botnet activity for hire can cost $100-$200, or even $1,000.

It takes a huge amount of traffic to crash a website, and that’s why many botnets are sold on the underground online market, as a kind of a CaaS (Cybercrime-as-a-Service) activity, as Ablon et al, 2014 found. 

37. Small and midsized businesses are losing over $120,000 on service denial, on average.

This level of internet crime  is on the rise. Smaller companies are especially vulnerable because their servers are easily swamped with requests.

38. Enterprises lose over $2 million because of denial of service attacks.

With a bigger investment and larger pay, enterprises are mostly targeted by more professional crime organizations, and not by individuals. 

39. There are 17 billion connected smart devices worldwide.

Smart doorbells, smart fridges, smart lights, watches, heating, cars, home security systems, and even machines in your hospital are all easy to hack. Security is rarely a priority despite the fact that they are sleek mediators to stealing important data, or enabling DDoS attacks. 

40. In 2018, 61% of organizations had their IoT systems hacked. 

Hacked IoT devices are particularly worrying, though, as healthcare institutions have become an increasingly popular target for hackers over the last five years. 

41. The Anthem attack in the US, in 2015, claimed 78.8 million patient records.

This company then had to pay $115 million to settle lawsuits over the huge data breach. This settlement was a great deal for Anthem, as the cost per record breached falls just under $1.50. 

42. Singapore’s government health database was hacked, stealing 1.5 million records.  

In 2018, even the Prime Minister of Singapore, Lee Hsien Loong had his data stolen. The attackers had accessed, copied, and possibly sold info containing names, identity card (IC) numbers, addresses, and dates of birth. 

43. By 2020, 25% of enterprises are predicted to be attacked through IoT devices. 

These cybercrime statistics are a bigger deal than anyone seems to realize, since it is predicted that only 10% of IT security budgets will cover smart devices.

Worldwide, companies seem slow to learn the risks and security implications of this weak link. 

44. More than 24,000 cases of mobile malware is blocked on a daily basis.

This is no surprise with today’s mobile-first technology. Attackers have the same intent with mobile devices as they do with credit cards, bank account info, social media hacking, and any other range of accessible services.

45. 18.4 million cases of mobile malware was identified in 2016.

This is an increase of 100% compared to the previous year. These insane stats keep getting bigger from year to year, as cyber safety continues to be a challenge.

46. As much as 60% of fraud goes through mobile devices. 

This comes as no surprise in today’s mobile-first technology, as mobile apps generate 80% of said figure. Some of the more challenging security issues stem from the competitive market’s demand for opening up our systems for connected, online use.

The bank cyber crime statistics  are increasingly disturbing now that users’ data is available to third parties. Criminals take advantage of the convenient, single sign-in we use to view our information or pay our bills. Before this new trend, the bank systems were closed. 

47. 11,700 new Android malware programs were released per day in 2018.

This is 40% more than in 2017. Cyber attacks on Android mobile devices are on the rise as well.

48. Fraudulent mobile transactions are more than double the value of genuine ones.

Once a cybercriminal gains access to your mobile banking app, they are then able to set up new payees and make transfers. The fraudulent transaction value is $292, while the genuine one is $133, on average. 

49. 81% of the US population has at least one social media account.

That’s some reach we’re talking about when it comes to the endless possibilities for cybercriminals to steal data, commit extortion or perform other crimes. 

50. 1 in 3 adult Americans are aware that their account has been hacked.

According to a survey conducted online by the University of Phoenix in 2016, this is the way things are among 2,088 US adults aged 18 or older. As the number of social media users grows, so is the number of social media-related crime and social media hacking.  

51. 86% of the interviewees limit social media posts due to fear of being hacked.

The very nature of social networks gives hackers one huge advantage. As written by Sheera Frenkel, “the human error that causes people to click on a link sent in an email is exponentially greater on social media sites…because people are more likely to consider themselves among friends.”

As it turns out, users have picked up on this pretty quickly and decided to adhere to censorship in case of extortion, sextortion, or even financial losses. 

52. In 2017, hackers accessed the computer of a Pentagon official through a twitter link.

One worker in the Pentagon thought it was wise to click on a twitter link marketing a simple family vacation. The US Department of Defense has thousands of social media accounts, used as a means of communication between personnel, friends and family. This proved to be a huge liability.  

53. In 2017, 6 celebrity Instagram accounts were exposed

 including that of Harry Styles, Selena Gomez, Taylor Swift, and Emma Watson. The dark web was stacked with contact details and personal lifo.

A Close Look at Phishing

Too many people are willing to give out their personal information to strangers online without a second thought.

If a fake email account and a commanding tone are all it takes to get into someone’s bank account or access their credit card information, it should come as no surprise that thousands have made a living exploiting this weakness.

What Does Phishing Mean?

You might be sitting comfortably at your desk when you get a new email from your company, a client, or simply an offer to book a family holiday.

You click on the attachment or link to see what they’re writing about.

Before you know it, you’ve fallen victim to one of the most common phishing attacks.

You’ve unwittingly given criminals access to your company’s computer and all the sensitive data you’re authorized to view. 

How Phishers Hook You

Most phishers do plenty of research before sending you a fake email, to the point where they make an exact copy of your everyday work email.

Using this fake account, criminals could ask for or access passwords, login details, social security numbers, and company secrets.

They could even transfer funds into their own account. 

The only way to protect yourself, your employees, and your customers is to train yourselves to recognize these attacks, and to ignore them. Take a look at the following global phishing statistics  to learn more.

54. In the past year, 76% of organizations experienced a phishing attack.

This is according to the 2018 State of the Phish Report. While not all phishing efforts are successful, the obvious threat should be of concern. Staying informed about the most recent phishing attacks and trends is a necessity, not a choice.  

55. Phishing is the third most common cybercrime incident and the third most common cause of data breaches. 

In the Verizon 2018 Data Breach Investigations Report, an incident refers to a security event that compromises the integrity, confidentiality, or availability of information. A breach, on the other hand, results in the confirmed disclosure of data to an unauthorized party. 

56. 91% of cyber attacks start off as a spear phishing email, which are commonly used to infect organizations with ransomware. 

These spear phishing statistics from 2018 indicate that hackers are willing to take the time to deliver more targeted attacks. After all, spear phishing takes more effort compared to attacking with malware, ransomware, or regular phishing.

The attacker needs to monitor their victim’s everyday online behavior, social media profiles, and interests in order to put together a credible fake email.

A recent Trend Micro report indicated that 1% of enterprise emails are phishing attacks.

As many as 96% of criminals who spearphish do so to gather intelligence. 

57. For the first time since 2013, the overall number of ransomware infections dropped by more than 20% in 2018.

Enterprise ransomware detections influenced the trend, increasing by 12%. This clearly indicated that the issue of cybersecurity remains significant.

Still, since fewer ransomware cases took place in 2018, criminals may have begun to feel such an attack is no longer worth it. 

58. 59% of US businesses have been infected by ransomware via phishing emails. 

A phishing attack online can easily lead to the installation of ransomware. That puts you at risk not only of a data breach, but potentially a denial of service attack that could cost your business millions.

59. Phishing and pretexting comprise 98% of incidents involving social channels. 

Social engineering is a type of attack that relies primarily on human interaction.

Criminals manipulate people into revealing compromising information about themselves or their companies.

They then use that information to gain access to systems, networks, or physical locations, usually for financial gain.

60. Phishing and pretexting account for 93% of breaches. 

Phishing stats indicate a link between the cybercrimes that can have severe consequences for businesses.

Pretexting refers to an attacker who pretends to need either personal or financial data in order to confirm the identity of the recipient. More than 95% of the time, pretexting is financially motivated.

61. Email continues to be the most common phishing vector. (96%) 

It’s much easier than calling and pretending to be tech support, and it covers more ground. That’s why email is the go-to solution for cybercriminals. When you receive anywhere from dozens to hundreds of emails during your workday, it’s easy to let your guard down. 

62. Despite email malware remaining stable, the rate of phishing has declined, dropping from 1 in 2,995 emails to 1 in 3,207 from 2017 to 2018. 

The phishing threat is often accompanied by other issues, including ransomware and malware.

An email spiked with malware could contain either an attachment or a link that can infect the recipient’s computer.

Malware can then capture login data, using the credentials to access banking apps or other potentially sensitive information.

Phishing is often merely the precursor to malware installation, and it ultimately leads to the theft of confidential data.

Symantec email phishing statistics from 2018 show a rising trend for email malware worldwide. 

63. Motives for phishing are split between financial greed (59%) and espionage (41%).

Not all data breaches or phishing campaigns are about selling credentials on the black market for less than $5 a piece.

Corporate or government espionage and the theft of intellectual property is also a serious issue that can border on cyber warfare.

As corporations race to be the best in the business, other people’s ideas, solutions, and sensitive data can give them an unfair advantage.

The 2018 Verizon phishing report suggests the involvement of state-affiliated actors. 

64. 78% of people don’t click on a single phish all year. 

Luckily, most people never click on phishing emails. Results from phishing simulations, in the normal (median) organization show that most people are able to refrain from clicking on problematic emails when tested.

Still, one has to wonder whether employees who are overworked and possibly sleep deprived would perform as well.

65. On average, 4% of people in any given phishing campaign will click it.

One of the most important phishing facts to remember is it only takes one victim to bring down an entire system.

Hackers don’t care if the vast majority of employees ignore their message; all they need is one to fall for the bait.

When that happens, all the time and money the criminals spend on unsuccessful emails becomes irrelevant. 

66. On average, 53% of IT and security professionals who responded to the Wombat survey reported their organizations have experienced at least one more advanced, targeted spear phishing attack in 2017. 

The number of people or organizations who report a phishing attack is almost negligible.

With this in mind, the 53% of carefully plotted, targeted attacks security professionals admit to in the survey is huge.

Don’t forget that reporting an attack is vital, as it helps you respond quickly and adequately.

67. In Q1 2019, Kaspersky’s anti-phishing software prevented 111,832,308 attempts to direct users to scam websites. 

As indicated in a recent Kaspersky report, that’s a 24% increase compared to the Q1 2018 figure, which was 90,245,060.

The anti-phishing module implemented in Kaspersky Lab’s solutions offers three methods to keep you safe, and will never leave you wondering how to prevent phishing

First, Kaspersky will check if any website you’re trying to access is listed on the anti-phishing databases available on your device. Then, sites are checked for safety in a number of cloud databases.

Finally, a heuristic analysis helps with websites that aren’t blacklisted on either the online, or the offline list. This helps with new, more sophisticated attacks from criminal newcomers. 

68. In Q1 2019, as in the previous year, Brazil was the most successfully phished country, with 21.66% of users falling victim.

Brazillians seem to have a problem handling phishing. This year, criminals are coming back for more.

The call, text, and email phishing statistics of 2019 for the other top five countries are as follows: Australia (17.20%), Spain (16.96%), Portugal (16.86%), and Venezuela (16.72%). 

69. Phishing grew 40.9% in 2018. 

This cybercrime rose steadily during Q1 of 2018, remained high in Q2 and Q3, and then declined slightly in Q4. Financial institutions were the top most targeted industry in 2018, after years of fluctuations.

Meanwhile, the SaaS industry has acquired more users, and received an exponential number of phishing scams, and other cyber attacks. 

70. As many as 83.9% of phishing attacks targeted five key industries: financial, online services, cloud, payment, and SaaS services. 

In 2018, PhishLabs traced numerous phishing sites targeting 1,263 brands belonging to 773 parent institutions.

The company’s experts noticed that the total volume of phishing sites was similar to what they’d measured during previous years.

PhishLabs defines phishing attack websites as those that host phishing content on a unique, fully qualified domain.

71. Financial institutions were targeted by 28.9% of all phishing activity in 2018, compared to 21.1% in 2017.

After being displaced by online services in 2017, financial institutions were once again the top phishing target in 2018.

To nobody’s surprise, the banking industry is one of the top targets for phishing attacks, thanks to the direct access it offers to financial assets.

While strong safety protocols are built into banking websites and apps, human error is often a factor.

When employees don’t know how to detect phishing attacks, large thefts can be a result.

72. Online services accounted for 24.1% of phishing sites in 2018, compared to 26.8% in 2017.  

Despite a slight reduction in share, though, the actual volume of phishing activities in this industry increased by almost a quarter.

Even though online services accounted for a slightly reduced proportion of phishing sites in 2018, don’t let that fool you.

Attack volume continued to rise, and the industry has remained a popular target for phishers.

73. The proportion of phishing crimes targeting the cloud storage and file-hosting industry remained constant in 2018, at 12%. 

The cloud storage industry had the honor of moving one step ahead in the line of victims of the latest phishing attacks.

The slight decrease in the phishing volume within the payment services industry has done the trick, with cloud storage dropping to fourth place according to findings by PhishLabs. 

74. 98% of attacks that reach users’ inboxes contain no malware. 

The vast majority of the latest phishing email threats that reached corporate users consisted either of email scams or credential theft.

This suggests that email security technologies are good at detecting malware, but struggle to identify social engineering and credential theft phishing. Attacks using these methods are more likely to reach users’ inboxes undetected.

75. Organizations in the United States remained the most popular phishing victims in 2018, accounting for 84% of total phishing volume.  

As one of the most powerful countries in the world, the USA is by far the most popular target for phishing attacks. Still, anti-phishing efforts have resulted in a slight fall in share (from 85% in 2017).

The actual volume of phishing attacks targeting US organizations rose by more than 40% in 2018, and has more than doubled since 2015.

76. Nearly half (42%) of emails reported by corporate users pose some risk. 

Phishing has remained a persistent threat for decades because criminals constantly adapt their phishing efforts according to new technology and opportunities.

These new opportunities include free domains and hosts for phishing websites, as well as SSL certificates, to name a few. Cybercriminals who use phishing have successfully moved with the times, which is why it’s getting so hard to identify a phishing attack.

Approximate Malicious Email Rate By Organization Size

Organization Size

1 – 125

251 – 500

501 – 1000

1001 – 1500

1501 – 2500

2501 +

Malicious Email Rate (1 in)







Small business owners are more likely to be hit by email threats—including spam, phishing, and email malware—than those in large organizations. They are also less likely to ever recover and face a greater risk of going out of business as a consequence of these attacks. 

77. Nearly 50% of phishing sites use HTTPS encryption—a 40% increase over the previous quarter alone, and a nearly 900% increase since the end of 2016.

In the latest 2019 phishing news, the padlock icon next to a web address is no longer enough to let users know a site is secure and legitimate. According to research from PhishLabs, as many as half of all phishing-related scams are hosted on padlocked websites that begin with HTTPS.

It’s just more proof that hackers are getting smarter; the moment a new security solution comes up, they find a way to override it.

78. The average annual cost of phishing and social engineering attacks in 2018 was $1,407,214. 

How much money is lost to email scams every year? Well, the total annual cost of all types of cyber attacks is increasing. In 2017, the average annual cost of phishing and social engineering attacks amounted to $1,298,978. 

79. In 2018, Lookout revealed that 56% of mobile device users received and tapped on a phishing URL. 

The phishing statistics 2018 Lookout has published useful insight into just how worryingly uneducated mobile users are when it comes to phishing.

Mobile-optimized apps and websites make it even more difficult for users to recognize phishing, as simplified UI/UX options omit vital information like the hostname and full URL.

By the time you realize that a shady company is targeting you, you’ve already clicked on a malicious URL. 

80. According to a 2017 Keepnet study, the average successful spear phishing attack on a business could bring the attacker up to $1.6 million. 

Spear phishing is a hyper-targeted email attack seeking unauthorized access to sensitive data. The cost is low; the potential benefits are high.

That’s why this kind of crime is so appealing to cybercrooks. These attacks involve in-depth research and thorough cyberstalking efforts, which is why it’s usually large, organized groups of criminals that perpetrate them.

The criminals then share their profits. 

81. 13% of all spam messages come from the USA. 

According to the latest phishing email data analyses, the USA is the primary source of spam messages. The data shows that 13% of all spam messages sent in the last year originated in the USA.

82. Those over the age of 55 are more likely to know what phishing is compared to those aged 18-29. 

The fact that those over the age of 55 are more likely to recognize these scams than those between the ages of 18 and 29 shows how long data phishing has been around.

83. 82% of manufacturers have experienced a phishing intrusion in the past year.

The vast manufacturing sector covers not only the industrial supply chain, but also the numerous connected devices used in factory administration. Manufacturing organizations must focus on preventing unauthorized access to protect their business interests. 

84. 24% of all phishing attacks target healthcare organizations. 

The second most common victims of phishing attacks are healthcare organizations. These large, busy organizations are vulnerable to breaches, and the data they keep is particularly sensitive. This is yet another reason to report phishing websites, even if you aren’t involved in the healthcare industry.

What Are Some Examples of Cyber Crimes?

85. In 2017 Wikileaks released more than 8,761 classified CIA documents.

As the biggest ever leak of confidential documents from the CIA, this info describes in great detail the way that the CIA breaks into phones, communication apps and other electronic devices.  

86. In 2017, 2GB worth of emails sent by then presidential candidate, Emmanuel Macron, were leaked.

A searchable archive was posted online containing over 21,000 verified emails concerning the most prominent election figures.  

87. In 2018, 500 million guests were compromised in an attack on the Marriott hotel chain.

Leaked info from this web crime included passport info, credit card details, as well as names & phone numbers of guests who checked into the Starwood properties on or before Sept 10 of the same year.  

88. In 2017, Yahoo admitted that 3 billion user accounts were hacked.

This was namely all of them. The first time Yahoo came out with this info was in 2016, when only 500+ million breaches were accounted for, so it took a while to even realize the true scope of the breach.

The breach in 2017 is still the biggest breach in history and is not expected to be overtaken.

89. In 2016, FriendFinder Networks Inc was attacked, resulting in 339 million personal accounts being leaked.

As this is a dating and adult entertainment site, the particularly sensitive nature of the leaked information like sexual orientation and if a user was looking for extramarital affairs caused significant emotional harm. This is still one of the biggest breaches in this field.

90. In 2015, The Ashley Madison breach leaked info on 33 million users.

The results varied from disheartening to downright tragic. With Ashley being primarily an adultery dating site, the data breach lead to numerous divorces, and even 3 suicides confirmed to have been caused directly by the breach.

This distressing cybercrime incident, cost a staggering $11.2 million in lawsuits. 

91. In 2017, 2.4 million records containing personally identifiable information were stolen from Equifax.

This data analytics and technology company reported a huge data breach that affected 147.9 million customers.  

92. In 2015, Anthem Inc. faced a data breach that affected 78.8 million people.

Healthcare data is one of the most well known recent cybercrime cases. Leaked info contained social security numbers, medical IDs, birthdays, addresses, names, even income data. 

Cybercrime Statistics by Country:

93. Australia reports the lowest average cyberattack cost with $5.41 million.

Despite the fact that their security professionals’ salaries are among the highest in the world, their annual investment in cybersecurity was estimated to be among the lowest.

94. The United Kingdom had the lowest change in cost, with the shift of $6.58 million to $8.74 million from last year. 

While their overall results haven’t improved, the stagnant state might be considered a success by some. 

95. On the other hand, Japan has been getting significantly worse with a 22% increase since 2017, amounting to $10.46 million. 

This should come as no surprise since a Japanese minister in charge of cybersecurity has admitted that he has never used a computer in his professional life, and appeared visibly confused by the concept of a USB drive.

96. The amount the US government spent on cybersecurity in 2017 was $14 billion. 

US companies are spending $3.82 million and $3.40 million per incident to resolve rising cybercrime rates, especially malware and Web-based attacks respectively.

97. The average cost of cybercrime has risen 40%: from $12.97 million USD per firm in 2014 to $18.28 million USD in 2017.

Average cost of cyber crime for financial services companies globally has matched a significant cyber crime increase.

The abovementioned amounts are significantly higher than the average cost of $11.7 million USD per firm across all industries from the previous year.

The analysis focuses on the direct costs of the incidents and does not include the longer-term costs of remediation. 

98. An estimated 57.24% of all computers in China are infected by malware. 

According to research from Panda Security, the computer virus statistics runner-up is Taiwan, with 49.15% of all computers infected, followed by Turkey with 42.52% of all computers infected. 

99. In 2017, there was an average of 24,089 records breached per country.

India was by far the leading nation with as many as 33 thousand breached files. This kind of cybercrime in the USA amounted to 28.5 thousand. 

100. Over 22,000 websites were attacked in India between 2017 and 2018.

The Indian Computer Emergency Response Team stated that malware got to 493 websites, and 114 of those belonged to the government.

The main purpose of these attacks was data acquisition and gaining access to personal or confidential data. 

101. Chinese cyber attacks accounted for over 20% of cyber attacks in 2017.

The United States is responsible for only a small number by comparison, 11%, and just behind the US comes third place belonging to Russia, with 6%. 

Biggest Phishing Attacks

1. Operation Phish Phry

Victims entered their account numbers and passwords into fraudulent forms, granting criminals access to private data in 2009. The FBI ended up charging over 100 individuals for the crime.

2. Walter Stephan

An Austrian aerospace executive called Walter Stephan holds an unfortunate record in the world of phishing statistics and cybercrime in general. He lost his company more money from a single scam than anyone else in history: around $47 million in total.

3. The Target/FMS Scam

A data breach caused by a phishing attack affected 110 million users, including 41 million retail card accounts.

 4. The Ukranian Power Grid Attack

This incident rewrote the rules for phishing attacks statistics. A small team was the first to use automated, scalable malicious firmware to take down multiple power grids simultaneously. The criminals used email phishing as their original attack vector.

Latest Phishing Attacks 2019

Google’s 1.5 billion Gmail and Calendar users were recently affected by a major data breach.

Researchers have noticed attackers using this technique to effectively spam users with phishing links to credential-stealing sites. In this sophisticated scam, Gmail users are being targeted via malicious and unsolicited Google Calendar notifications. This case of Gmail phishing was only revealed in mid-June, 2019. 

In January 2019, Twitter failed to report a PayPal phishing scam.

This one was so obvious that the phishing URL misspelled “PayPal” as “Paypall.” A fake account posing as PayPal promoted a made-up end-of-year sweepstakes event. If you do happen to click on a ridiculously obvious, misspelled phishing link at the end of a workday, reporting PayPal phishing would be a good idea.

A phishing attack affected 5,000 patients at Metrocare Services.  

Metrocare Services, a mental health services provider in North Texas, was recently affected by a second phishing attack in the space of a few months. This latest attack saw an unauthorized individual accessing the email accounts of a number of employees. Statistics on phishing attacks indicated that the affected accounts contained the PHI of 5,290 patients.

Famous Cybercrime Convictions

Mark Vartanyan accessed personal info from 11 million computers worldwide, causing $500 million in losses.

This hacker was convicted of cyber theft and developing, maintaining and distributing malware between 2012 and 2013.

Evaldas Rimasauskas stole $100 million via email fraud.

In 2017, this Lithuanian hacker meant business, as he allegedly committed fraud against two major tech companies, while posing as a business affiliate. He is facing the possibility of 20 years in a US prison for his crimes of identity theft, wire fraud, and money laundering.

Susan Atrach hacked into celebrity email accounts in 2018.

This 21-year-old was charged for a number of hacking crimes after having hacked into Selena Gomez’s email account, taking hold of sensitive, personal data. Her crime involved stealing computer data to conduct fraud, identity theft, obtaining money or data using illegal means and hacking into celebrity accounts.

The US had the biggest number of cyberattack victims in the developed world.

As for US-related cybersecurity facts, in 2016, this was the top country. In fact, as many as 39% of  US citizens were victims of cybercrime, compared to 31 percent worldwide.

In the UK, 2 in 5 businesses were subject to cyberattacks.

Moving on to cybersecurity statistics in the UK – the  2018 Cyber Security Breaches Survey states that these attacks cost every business £3,000 per successful attack, on average. This amounts to billions of pounds, not counting the emotional damage and personal costs of buying into various types of fraud.

By 2022, the customer is predicted to be guilty of 95% of cloud security  failures.

When talking about digital security, it’s important to note that at this time, humans are by far the weakest link. Securing your cloud is becoming less and less important than using the cloud securely.

The average cost of a data security breach will be over $150 million by 2020.

This increase is due to the predicted higher connectivity of businesses worldwide. The moment you become available online, you are at risk.

By the end of 2019, cybercrime will cost businesses $2 trillion.

This amount is four times higher than it was back in 2015, showing a disturbing trend that’s going way too fast for most businesses or people to keep up with.

70% of businesses will experience some sort of significant data loss due to accidental data damage.

There’s something else to be considered when talking about IT security stats. Sometimes, spilling coffee or exposure to excessive heat and moist, power outages, or even people accidentally deleting files can cause a lot of damage.

A hacker earns around $30,000 per job, and hacker project managers can make up to $2 million.

When answering the question how much money do cyber criminals earn,  one must consider their level of expertise, whether they belong to an organization, and how many projects they are working on. Particularly successful cybercriminals make $166K+ every month. A middle-of-the road hacker makes up to $75,000+, while a low-earning one can get $3,500+ on a monthly basis.

A hacker’s earnings are 10-15% higher than those of non-cyber criminals.

And the earnings are rising steadily, with little change in the way the job is done. Note that the security risks are significantly lower with cybercrime, as some states don’t even have laws or precedent for prosecuting this type of crime.

$96 billion was spent on cybersecurity in 2018, 8% more than in 2017.

The ever-increasing number of cyberattacks and data breaches is forcing companies of all sizes across the world to invest in security.

How much money do companies spend on cybersecurity?

The amount has increased in recent years, in part because of the new regulations imposed by the General Data Protection Regulation (GDPR), a shifting buyer mindset, an increased awareness of emerging threats, and the overall evolution to a digital business strategy.

The starting cyber security assessment cost for a business with at least 50 employees is around $10,000.

The answer to the question how much does a cyber security assessment cost requires a multifactor analysis that relies on the individual scope, size, and complexity of your business, your industry (some are high-risk, and some are not), the size of your organization, number of offices, and even details like the complexity of your company’s inner workings.

In the case of evaluating the cost for cybersecurity and information security risk assessment, most analysts advise checking the total cost of ownership. This involves your methodology, experience and finally, product quality and value.


What is a phishing virus?

A phishing virus is a type of malware that usually infects the victim’s computer via email. It’s usually disguised as an attachment or a link in the body of the email. Once opened, it is most commonly used to steal data from infected computers or servers. In some instances, phishing viruses are used for the purpose of spying on individuals.

This type of phishing is slowly becoming extinct as people around the world are becoming more aware of it.

What is meant by phishing attack?

A phishing attack is a phrase that refers to a specific phishing incident: an attack that aims to obtain confidential information, launched by someone posing as a legitimate individual or entity in order to manipulate the victim into providing said information.

What is a phishing email and how can it be recognized?

This one is usually not too difficult, as misspelled domain names, poor grammar, and nonsensical messages meant for automated attacks are pretty common in phishing campaigns.

Most attackers come from non-English-speaking countries, and their grammar is often so terrible that it’s almost impossible to understand the message of the email.

In fact, most phishers rely on the fact that some people don’t even read their emails at work, but simply skip the boring part and click on the link to see what it’s about.

Don’t do that.

Of course, you may also receive a more targeted spear phishing attack. In that case, it’s important to be wary of simply any unexpected email or push notification that isn’t a part of your everyday routine. 

What can phishing lead to? 

Phishing can lead to identity theft, which can cause serious problems for victims. Criminals can use the personal information they obtain to open bank accounts, rent or buy properties, open businesses, and drive you into the ground financially.

What are the two types of phishing attack methods?

When speaking about phishing, we can differentiate between two major types.

The first is regular phishing, when not much is known about the victim except for their email address and perhaps their most basic info. This is a low-effort and low-payout form of phishing, in most cases. 

The second type of phishing is called spear phishing, and it’s a much more targeted scam.

Criminals choose individuals for maximum impact, which involves much more risk and effort, but also increases the potential gain.

Spear phishing vs phishing could be summarized as such: spear phishing is more difficult, expensive, and targeted than regular phishing, but also produces the most lucrative results for criminals.

How can I report a phishing scam?

In order to keep their users safe, most companies that deal with data have safety guides and reporting systems in place.

We’ve already discussed the measures of protecting oneself from email phishing, and all those principles apply to other services, too.

Phishing on social media is exactly the same as email phishing and typically involves links and messages that lead to malicious websites. You can report Facebook phishing and read more about it here.

Cybercrime is on the rise and we are becoming more and more dependent on technology, from our smart devices, to databases in schools and hospitals. The biggest hope in overcoming these issues seems to lie in sophisticated security techniques, and most of all, educating the general public as well as employees about dangers lurking within social engineering and the various types of fraud. 

Many companies lose millions of dollars on lawsuits caused by cyberattacks. Cybercrime has become a well thought-out, complex, and expensive form of organized crime. This is why any company with a good sense of risk assessment ought to get some sort of cybersecurity for their system. And don’t forget, educating your employees and protecting your IoT devices is a must.