Today we are almost entirely dependent on hackable technology. Your phone, your computers, your car, your bank and credit card purchases, even your smart home devices and alarm systems (IoT) can be hacked into. In fact, a hacker attack takes place worldwide every 39 seconds, affecting one in three Americans each year.
In the following article, you’ll get a chance to see some cybercrime statistics from a variety of dependable sources that will help you understand the real threat you’re facing as a business, a person, and an employee. You’ll also learn a bit about how you can protect yourself. We offer the most recent info from 2018 and 2019, and some comparisons with the crime/security from recent history.
Cybercrime is almost constant, committed by professionals and often extremely well-organized groups. As you will see, it’s also increasing in scope, sophistication, and cost.
9 Key Cybercrime Stats
Cybercrime generates around $1.5 trillion per year
A hack occurs every 39 seconds
Global cybercrime damages are estimated to cost $6 trillion per year by 2021
Hackers earn around $30,000 per job, whilst their managers can make up to $2 million
60% of fraud goes through mobile devices, 80% of which are generated from mobile apps
$1,077 is the average cash amount attackers demand
81% of the US population has a social media account
Chinese cyber attacks accounted for over 20% of cyber attacks in 2017
$80 billion held in cryptocurrency is laundered annually
General Cybercrime Statistics, Scope and Frequency
1. In 2018, almost 700 million people were victims of some type of cybercrime
That’s in 20 countries, many of which have outdated or even no cybercrime laws. Sometimes, you won’t even notice you were a target, like in case your computer becomes a part of a bot network. In some cases, you might even have to face financial losses.
2. Cybercriminals generate revenues of $1.5 TRILLION annually
The people behind recent cybercrimes no longer fit the stereotypical idea of a kid in a hoodie operating from his mom’s basement, at least not entirely. Today, we are up against organized crime, a professionalized underground industry that pays off big time.
3. Cybercrime will cost $6 trillion annually by 2021
As if the previous information wasn’t bad enough, it appears that the damages and thus security demands on a global scale are only going to continue to grow, according to the Official 2019 Annual Cybercrime Report by Cybersecurity Ventures.
4. Businesses face attacks as many as 16,856 times per year
A natural person is not the only victim of cybercrime – many companies, usually small to midsized ones, have to face up to increasing data breach or denial of service risks. This can answer questions about how many cybercrimes are committed each year. Companies can lose a significant amount of money in lawsuits and permanently damage their clients’ trust.
5. At least 1.7 times per week, cybercrimes work and damage targets
Cyber criminals know that not all attacks get through, so they will often play the numbers, even the ones who do more research and commit more targeted crimes. This seemingly small percentage of successful hacks still generates a large amount of disruption. As cybercrime is becoming more sophisticated, targeted attacks are more and more common, and the success rates are rising.
6. 46 attacks are suffered per day, or two every hour
The type of attacks in this stat vary a great deal. We’re talking about malware, viruses, attempts at identity theft, and even hijacking computers. These attacks also vary depending on the country, so answering the question of how many cyber attacks happen per day is no easy task.
7. It takes 196 days, on average, for a company to even realize it’s been hacked
That’s one of the most frightening cybersecurity statistics in 2018, since criminals can mess around with your confidential data for months on end before you even notice something’s wrong, and start fixing the damage.
8. 57.24% of computers in China are infected by malware
China is the country with the highest rate of infected computers in the world, which does suggest to a degree that China is primarily the victim, not the perpetrator of cybercrime.
9. Taiwan has a 49.19% of malware-ridden PC victims
For Taiwan, the second country in the world most affected by attacks, this undeniable threat is both increasingly dangerous, and a good opportunity for building new lines of business.
10. Turkey is the second runner-up, with 42.52% computers infected
A champion of malware statistics in Europe, the number of compromised computers has risen by 3% in 2018, and it’s only been getting worse.
Types of Cybercrime
The most common cyber crimes experienced by consumers or someone they know include:
11. 53% Getting infected by a virus or some other security threat
This could lead to software and even hardware failure, identity or personal information theft or nothing at all, no visible damage. Even then, a Trojan could even make your device a zombie server sending out spam, consuming your network and internet resources.
12. 38% Credit or debit card fraud
Where a person steals your card information and then uses it to gain access to cards and bank accounts. Even as banks try hard to make some types of attacks more difficult, criminals still turn a profit, and everyone needs to stay tuned to the new developments.
13. 34% Stolen account password
Your password is a part of authentication, a secret only you are authorized to know, that helps you access a system. Using upper and lowercase letters along with numbers and some symbols is one way to fight brute force attacks, but this confidential information is still often stored and easily accessible in poorly protected devices.
14. (34%) Email or social media hacking
Once you’ve been hacked on a social media channel, the attacker will observe communication and use this insight to access other accounts for further criminal actions. This is usually done for financial gain – asking a bank to transfer money, and/or causing emotional damage, in case of extortion.
15. 33% Online shopping scams
Or being fooled by a fake retail website, that may or may not be advertised on social media. Getting your money back after this one is almost unheard of. The thieves will close up shop and erase any trace of themselves.
16. 32% Phishing
Giving out account information to the attacker pretending to be your bank or other authority. This is done via email, message (smishing) or phone support (vishing), (32%). The attacker might ask for personal information like password, or ID number, or might ask you to configure your computer to suit your needs. A very productive type of cyber attacks as companies still ignore the human factor, and sees security as a solely technical problem.
17. $172 billion, or $142 per victim, on average
A result of these criminal efforts put together, this is how much money cybercrime victims have lost in 2017.
This is the use or targeting of computers, online control systems or networks in a battlespace, to commit a crime. One of the most famous attacks of this sort was Turla from 2014, a long-running surveillance campaign that was long left unnoticed. Controversy ensued after Russian security outfit Kaspersky Lab revealed what it knew months after Britain’s BAE Systems and Germany’s G Data went public.
Cybercrime Stats Related to the Most Prevalent Types of Cybercrime
19. By 2020, ransomware attacks are expected to quadruple
A fairly popular type of attack, where a computer is targeted and systems are then encrypted and held hostage. If the target wants the data back, they have to pay up. For a long while, payment was arranged in bitcoins, and full-on support by the attacker was available to assist victims in making the payment.
20. $1,077 is the average amount of cash attackers demand
Which is A LOT, especially if you take into consideration that the amount was only $294 in 2015, a ransom spike of as much as 266%. The United States is the most targeted country in the world when it comes to ransomware, as they are the most willing to actually pay up, thus accounting for most of the global ransomware profits.
21. $1 billion is a minimum global revenue estimate from ransom malware
This amount does sound huge, but the overall revenues from this type of attack are fairly low compared to other cybercrime categories. A sharp spike in profits from 2014 left everyone with the impression that this is the most profitable type of cybercrime.
22. $25 million in ransoms was paid in the USA
The most popular destination worldwide for this crime. The idea that paying up is cheaper than losing large amounts of money on confidentiality breach lawsuits might be to blame. The US legal system often makes the potentially wronged customers more dangerous for the company’s pocket than cyber criminals.
23. Only 3% of hacking reaches targets via a technical problem, and 97% of hacking crimes is done via social engineering
One of the most important cyber crime statistics and trends today is that hacking is becoming less and less prevalent as a technical problem. And as Medium noticed, using humans as the weak link is a growing trend, and it’s becoming more and more expensive and difficult to raise awareness of employees worldwide.
24. Social engineering is behind 98% social incidents and 93% breaches
Social security number, passwords, ID, passport info, credit card number, even confidential information about one’s company, this popular type of cyberattack is conducted via phone call or an email campaign. Spear phishing, is a targeted attack planned with more research. Along with pretexting, this was the most popular type of cybercrime.
25. 97% of potential targets were unable to identify the criminal emails
As McAfee reported, it appears that raising awareness of this phishing is an effective way of fighting this crime, as employees are completely unaware of the dangers of these emails and are quick to give out confidential information.
26. People click on 30% of these fake emails
When talking about the general population that cannot be trained by companies, including customers, the stats are worrying. People tend to believe these pretend links are legit, and a fake website you might be led is dangerous to an untrained eye.
27. Over 400,000 fake sites pop up per month, with 13,000 fresh sites popping up every day
Making this one of the most common cyber crimes, fake sites are still successful at tricking people.
28. Within the first hour after the initial attack, the criminal gets 70% of the info
Not only does this work, it works fast – with people being so uneducated in regard to the potential dangers that they will give out most information pretty much immediately, as reported in an IBM study.
29. In 2017, people sent 15,690 complaints the Internet Crime Complaint Center
A good proof that social manipulation hackers use to gain access to confidential info is so successful that even the FBI got involved. The adjusted costs amounted to over $675 million in the USA.
30. Only 4% of laundered money uses cryptocurrencies
Cybercrime and Cryptocurrency have established quite a reputation for being interlinked, even though the most popular cryptocurrencies like bitcoin or monero are relevant, although their position is quite overhyped as part of the cybercrime economy.
31. The laundered money held in cryptocurrency amounts to $80 billion annually
Only 4%, but still a fair amount. The blockchain system supporting the cryptocurrency is eroding criminals of their anonymity these days, since doing business is a matter of public record, and web cookies are quick to link money transfers to individuals.
32. Over 400,000 DDoS attacks are reported every month
DSoS, or distributed denial-of-service, is one of the most prevalent cybercrime trends and is exactly what it sounds like: an effort to make a certain website unavailable for hours, days, even weeks at a time, by overflowing it with traffic from hijacked computer systems.
33. There were almost 800,000 service denial attacks in the first couple of months of 2018
Once the target network has crashed, it’s much easier to hack the system. Criminals often use this downtime to perform other criminal acts like data theft. The wired communications carrier industry has been the most targeted.
34. There are about 6.5 million denials of service attacks per year
One must take into account the fact that the same botnet is often hired to commit several crimes and is deployed on several occasions before being retired.
35. 43% of cyber crimes target small businesses
This affects them a great deal, since 60% go out of business within the first couple of months of being hacked, these business cybercrime statistics matter a great deal when you have a small client base, and your reputation matters a great deal.
36. A day of botnet activity for hire can cost $100-$200, or even $1000
It takes a huge amount of traffic to crash a website, and that’s why many botnets are sold on the underground online market, as a kind of a CaaS (Cybercrime-as-a-Service) activity, as Ablon et al, 2014 found.
37. Small and midsized businesses are losing over $120.000 on service denial, on average
This level of internet crime is on the rise, and it pays off since it takes less investment to overflow a smaller company with information and get what you want, even with smaller profits.
38. Enterprises lose over $2 million because of denial of service attacks
A bigger investment and larger pay, enterprises are mostly targeted by more professional criminal organizations and not individuals.
39. 17 billion, the amount of connected smart devices worldwide
Smart doorbells, smart fridges, smart lights, watches, heating, cars, home security systems, and even machines in your hospital: their one big characteristic is that they are incredibly easy to hack, as security is rarely a priority despite the fact that they are sleek mediators to stealing important data, or enabling DDoS attacks.
40. In 2018, 61% of organizations had their IoT systems hacked
Hacked IoT devices are particularly worrying, though, involve healthcare IoT devices, as these institutions have become an increasingly popular target for hackers over the last 5 years.
41. Anthem attack in the US, in 2015, claimed 78.8 million patient records
This company then had to pay $115 million to settle lawsuits over the huge data breach. As you can see, these attacks are costly and that’s one of the biggest reasons why you need to stay safe. This settlement was a great deal for Anthem, as the cost per record breached falls just under $1.50.
42. Singapore’s government health database was hacked, stealing 1.5 million records
In 2018, even the Prime Minister of Singapore, Lee Hsien Loong had his data stolen. The attackers had accessed, copied, and possibly sold info containing names, identity card (IC) numbers, addresses, and dates of birth.
43. By 2020, 25% of enterprises are predicted to be attacked through IoT devices
These cybercrime statistics are a bigger deal than anyone seems to realize, since it is predicted that only 10% of IT security budgets will cover smart devices. Worldwide, companies seem slow to learn the risks and security implications of this weak link.
44. More than 24,000 mobile malware is blocked on a daily basis
This is no surprise with today’s mobile-first technology. The goal is similar to other types of attacks, credit card and bank account info, social media hacking, and any other range of accessible services.
45. Back in 2016, 18.4 million mobile malware was identified
An increase of than 100% compared to the previous year. These insane stats keep getting bigger from year to year, as keeping track and staying safe becomes a huge challenge.
46. As much as 60% of fraud goes through mobile devices
Coming as no surprise in today’s mobile-first technology, with mobile apps generating 80% of said figure. Some of the more challenging security issues stem from the competitive market’s demand for opening up our systems for connected, online use. The bank cybercrime statistics are increasingly disturbing now that users’ data is available to third parties. Criminals take advantage of the convenient, single sign-in we use to view our information or pay our bills. Before this new trend, the bank systems were closed.
47. 11,700 new Android malware was released per day in 2018
Even 40% more than in 2017, cyber attacks on Android mobile devices are on the rise as well.
48. Fraudulent mobile transactions are more than double the value of genuine ones
Once a cybercriminal gains access to your mobile banking app, they are then able to set up new payees and make transfers. The fraudulent transaction value is $292, while the genuine one is $133, on average.
49. 81% of the US population has social media accounts
That’s some reach we’re talking about when it comes to the endless possibilities for cybercriminals to steal data, commit extortion or perform other crimes.
50. 1 in 3 adult Americans are aware that their account had been hacked
According to a survey conducted online by the University of Phoenix in 2016, this is the way things are among 2,088 US adults aged 18 or older. As the number of social media users has grown, so has the number of social media-related crime and social media hacking.
51. 86% of the interviewees limit social media posts for fear of being hacked
The very nature of social networks gives hackers one huge advantage. As written by Sheera Frenkel, “the human error that causes people to click on a link sent in an email is exponentially greater on social media sites… because people more likely consider themselves among friends.” As it turns out, users have picked up on this pretty quickly and decided to adhere to censorship in case of extortion, sextortion, or even financial losses.
52. In 2017, hackers accessed a Pentagon’s official’s computer via a twitter link
One worker in the Pentagon thought it wise to click on a twitter link marketing a simple family vacation. The U.S. Department of Defense has thousands of social media accounts, used as a means of communication between personnel, friends, and family. This proved to be a huge liability.
53. In 2017, 6M celebrity Instagram accounts were exposed
Including that of Harry Styles, Selena Gomez, Taylor Swift, and Emma Watson. The dark web was stacked with contact details and personal iformation.
What Are Some Examples of Cyber Crimes?
54. 2017, Wikileaks released more than 8,761 classified CIA documents
The biggest ever leak of confidential documents from the CIA, this info describes in great detail the way that the CIA breaks into phones, communication apps, and other electronic devices.
55. In 2017, 2GB worth of emails sent by French President Emmanuel Macron, then a presidential candidate
A searchable archive was posted online containing over 21,000 verified emails concerning the most prominent election figures.
56. In 2018, 500 million guests were compromised in the attack on Marriott hotel chain
Leaked info from this web crime included passport info, credit card details, as well as names & phone numbers of guests who checked into the Starwood properties on or before Sept 10 the same year.
57. In 2017, Yahoo admitted that 3 billion user accounts were hacked
Namely, all of them. The first time Yahoo came out with this info was in 2016 when only 500+ million breaches were accounted for, so it took a while to even realize the true scope of the breach. The breach in 2017 is still the biggest breach in history and is not expected to be overtaken.
58. In 2016, FriendFinder Networks Inc was attacked, leaking 339 million personal accounts
As this is a dating and adult entertainment site, the particularly sensitive nature of the leaked information like sexual orientation and if a user was looking for extramarital affairs caused significant emotional harm. This is still one of the biggest breaches in this field.
59. In 2015, The Ashley Madison breach leaked info on 33 million users
The results varied from disheartening to downright tragic. With Ashley being primarily an adultery dating site, the data breach lead to numerous divorces, even 3 suicides confirmed to have been caused directly by the breach. Talking about distressing cybercrime incidents, this cost a staggering $11.2 million in lawsuits.
60. In 2017, 2.4 million records containing personally identifiable information was stolen from Equifax
This data analytics and technology company reported a huge data breach that affected 147.9 million customers.
61. In 2015, Anthem Inc. faces the data breach that affected 78.8 million people
Above, we mentioned the theft of healthcare data, One of the most well known recent cybercrime cases leaked info contained social security numbers, medical IDs, birthdays, addresses, names, even income data.
Famous Cybercrime Convictions
62. Mark Vartanyan accessed personal info from 11 million computers worldwide, causing $500 million in losses
This hacker was convicted of cyber theft and developing, maintaining and distributing malware between 2012 and 2013, and then again in 2012.
63. Evaldas Rimasauskas stole $100 million via email fraud
In 2017, this Lithuanian hacker meant business, as he allegedly committed fraud against two major tech companies, while posing as a business affiliate. He is facing the possibility of 20 years in US prison for his crimes of identity theft, wire fraud, and money laundering.
64. Susan Atrach hacked into celebrity email accounts in 2018
This 21-year-old was charged for a number of hacking crimes after having hacked into Selena Gomez’s email account, taking hold of sensitive, personal data. Her crime involved stealing computer data to conduct fraud, identity theft, obtaining money or data using illegal means and hacking into celebrity accounts.
65. The US had the biggest number of cyberattack victims in the developed world
As for US-related cybersecurity facts, in 2016, this was the top country. In fact, as many as 39% of U.S. citizens were victims of cybercrime, compared to 31 percent worldwide.
66. In the UK, 2 in 5 businesses were subject to cyber attacks
Moving on to cybersecurity statistics in the UK – the 2018 Cyber Security Breaches Survey these attacks cost every business £3000, per successful attack, on average. This amounts to billions of pounds, not counting the emotional damage and personal costs of buying into various types of fraud.
67. By 2022, the customer is predicted to be guilty of 95% of cloud security failures
When talking about digital security, it’s important to note that at this time, humans are by far the weakest link. Securing your cloud is becoming less and less important than using the cloud securely.
68. The average cost of a data security breach will be over $150 million by 2020
This increase is due to the predicted higher connectivity of businesses worldwide. The moment you become available online, you are under risk.
69. By the end of 2019, cybercrime will cost businesses $2 trillion
This amount is four times the higher than it was back in 2015, showing a disturbing trend that’s going way too fast for most businesses or natural persons to keep up with.
70. 70% of businesses will experience some sort of significant data loss due to accidental data damage
There’s something else to be considered when talking about IT security stats – sometimes, spilling coffee or exposure to excessive heat and moist, power outages, or even people accidentally deleting files can cause a lot of damage.
71. A hacker earns around $30,000 per job, and hacker project managers can make up to $2 million
When answering the question of how much money do cyber criminals earn, one must consider their level of expertise, whether they belong to an organization, and how many projects they are working on. Particularly successful cybercriminals make $166K+ every month. A middle-of-the-road hacker makes up to $75,000+, while a low-earning one can get $3,500+ on a monthly basis.
72. A hacker’s earnings are 10-15% higher than those of non-cyber criminals
And the earnings are rising steadily, with little change in the way the job is done. Note that the security risks are significantly lower with cybercrime, as some states don’t even have laws or precedent for prosecuting this type of crimes.
73. $96 billion was spent on cybersecurity in 2018, even 8% more than in 2017
The ever-increasing number of cyberattacks and data breaches is forcing companies of all sizes across the world to invest in security. So how much money do companies spend on cybersecurity has increased in recent times, in part because of the new regulations imposed by the General Data Protection Regulation (GDPR), a shifting buyer mindset, increased awareness of emerging threats, and the overall evolution to a digital business strategy.
74. The starting cyber security assessment cost for a business with at least 50 employees is around $10,000
The answer to the question how much does a cyber security assessment cost requires a multifactor analysis that relies on the individual scope, size, and complexity of your business, your industry (some are high-risk, and some are not), the size of your organization, number of offices, and even details like the complexity of your company’s inner workings.
In case of evaluating the cost for a cybersecurity and information security risk assessment, most analysts advise checking the total cost of ownership, that involves your methodology, experience and finally, product quality and value.
Cybercrime Statistics by Country
75. Australia reports the lowest average cyberattack cost with $5.41 million
Despite the fact that their security professionals’ salaries are among the highest in the world, their annual investment in cybersecurity was estimated to be among the lowest.
76. The United Kingdom had the lowest change in cost, with a shift of $6.58 million to $8.74 million from last year
While their overall results haven’t improved, the stagnant state might be considered a success by some.
77. On the other hand, Japan has been getting significantly worse with a 22% increase since 2017, amounting to $10.46 million
This should come as no surprise since a Japanese minister in charge of cybersecurity has admitted that he has never used a computer in his professional life, and appeared visibly confused by the concept of a USB drive.
78. The amount the U.S. government spent on cybersecurity in 2017 was $14 billion
U.S. companies are spending $3.82 million and $3.40 million per incident to resolve rising cybercrime rates, especially malware and Web-based attacks respectively.
79. The average cost of cybercrime has risen 40 percent: from $12.97 million USD per firm in 2014 to $18.28 million USD in 2017
The average cost of cyber crime for financial services companies globally has matched a significant cyber crime increase. The abovementioned amounts are significantly higher than the average cost of $11.7 million USD per firm across all industries from the previous year. The analysis focuses on the direct costs of the incidents and does not include the longer-term costs of remediation.
80. An estimated 57.24 percent of all computers in China are infected by malware
According to research from Panda Security, the computer virus statistics runner-up is Taiwan, with 49.15 percent of all computers infected… followed by Turkey with 42.52 percent of all computers infected.
81. In 2017, there was an average of 24,089 records breached per country
India was by far the leading nation with as many as 33 thousand breached files. This kind of cybercrime in the USA amounted to 28.5 thousand.
82. As for the cybercrime statistics in 2018 India, over 22,000 websites were attacked, 2017-2018
The Indian Computer Emergency Response Team stated that malware got to 493 websites, and 114 of those belonged to the government. The main purpose of these attacks was data acquisition and gaining access to personal or confidential data.
83. Chinese cyber attacks accounted for over 20 percent of cyber attacks in 2017
The US is responsible for only a small number by comparison, 11%, and just behind the US comes third place belonging to Russia, with 6%.
Cybercrime is on the rise and we are becoming more and more dependent on technology, from our smart devices, to databases in schools and hospitals. The biggest hope in overcoming these issues seems to lie in sophisticated security techniques, and most of all, educating the general public as well as employees about dangers lurking within social engineering and the various types of fraud.
Many companies lose millions of dollars on lawsuits caused by cyberattacks. Cybercrime has become a well thought-out, complex, and expensive form of organized crime. This is why any company with a good sense of risk assessment ought to get some sort of cybersecurity for their system. And don’t forget, educating your employees and protecting your IoT devices is a must.