As cyber-attacks and data breaches become increasingly common, protecting your business and personal devices from growing threats is more important than ever. Just like many businesses and homes have alarm systems to protect from intruders, the same prevention is necessary to ward off cybercrime. Let’s dig into the latest cybersecurity facts and statistics and why you should care about them.
What is Cybersecurity?
At its core, cybersecurity is protection against digital attacks. Cybersecurity methods protect against the multitudes of digital threats that come to individuals and businesses. The Department of Homeland Security says it best: “Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace.”
Types of Hackers
- White hat hacker. These hackers are legal professionals that break into protected systems to test their security. White hat hackers, or “ethical” hackers, detect vulnerabilities in networks and systems to expose them before malicious hackers do.
- Black hat hacker. Black hat hackers maliciously break into computer networks and security protocols to spread malware, steal data, modify it, or destroy it.
- Gray hat hackers. Like white hat hackers, gray hat hackers expose vulnerabilities in systems and report issues to the owners. However, similar to black hat hackers, this type of hacking is illegal because permission was never given. Grey hat hackers often request a fee to fix the issues they find.
Black hat hackers pose the largest threat to digital networks and systems. Not only do they break into networks and systems – they’ve created common attacks like phishing, ransomware, and crypto-jacking.
Need help taking the first steps toward securing your devices? Learn more about the different solutions you can implement as a first barrier.
The world of digital security is continuously changing and evolving, making it important to understand the current landscape to protect your devices from malware. To help illustrate the current state of cybersecurity, we’re sharing some eye-opening statistics.
Listen to the story of a user who caught a thief with his Mac at a cafe!
Cybersecurity Facts and Statistics that Matter in 2023
Top Cybersecurity Statistics
For starters, let's highlight some of the most relevant recent cybersecurity statistics of the past years
- Healthcare was the most expensive industry in data breach costs for the 12th year in a row! Coming in at a whopping USD 10.10 million in 2022. (IBM)
- IBM also found that it takes an average of 277 days to identify and contain a breach. 277 DAYS! How much damage can be done in 277 days? (IBM)
- With a loss of USD 70,811 on average per victim as of December 2022, investment fraud is the most expensive type of cybercrime. (AAG)
- The country with the highest data breach cost is the United States, at an average of USD 9.44M. (IBM)
- Phishing was the cybercrime with the most reports as of 2021, followed by Non-Payment/Non-Delivery, according to the FBI's Internet Crime Complaint Center. (IC3).
- As a result of data breaches, 60% of companies saw price increases passed on to customers. (IBM)
- 45% of the data breaches were cloud-based. (IBM)
Cybersecurity is an increasingly important issue in today's digital age. As more and more of our personal and professional lives move online, it becomes more and more important to protect ourselves from cyber attacks. Unfortunately, not everyone is as vigilant as they should be when it comes to cybersecurity:
- Only 40% of CISOs and IT leaders claim to have an enterprise-wide machine identity management strategy. The majority either have no plan (18%) or a restricted approach depending on the applications or use cases (42%). (SC Media)
- Humans and machines used more than 300 billion passwords worldwide in 2021. (Cybercrime Magazine)
- In 1994, after several attacks by Russian hackers, financial services major Citigroup (then Citicorp) established a specific cybersecurity division, appointing the first CISO in history. (Cybercrime Magazine)
- In 2022, women held 17% of CISO roles at Fortune 500 organizations (85 out of 500 companies). (Cybercrime Magazine)
- According to Cisco experts, DDoS attacks are predicted to increase to 15.4 million by 2023. More than twice as many attacks occurred in 2018 (7.9 million). (Small Business Trends)
- The number of cyber security incidents worldwide between November 2020 and October 2021 was over 24,000. 2,065 instances were found in small businesses out of this total. (Statista)
- In 2021, the cybersecurity market was estimated to be worth USD 150.37 billion; by 2027, it is anticipated to be worth USD 317.02 billion. (Mordor Intelligence)
- The AV-TEST Institute registers over 450,000 new malware and potentially unwanted applications (PUA) daily. (AVTest Institute)
- According to the AV-TEST Institute, most malware is developed for Windows and Android. (AVTest Institute)
- In the third quarter of 2022, Kaspersky discovered up to 153 thousand new kinds of dangerous mining software. Around 41,000 new crypto-jacking variations were discovered in Q2. (Atlas VPN)
- Data compromises in the United States reached a new high in 2021, up 68% from the previous year, according to the Identity Theft Research Center (ITRC). (iii)
- In 2020, 47% of Americans experienced financial identity theft, according to the Aite-Novarica Group. (iii)
- Tajikistan, Bangladesh, and China were ranked as the least cyber-safe countries, while Denmark was identified as the most cyber-safe. (Comparitech)
- Cybersecurity Ventures monitored the industry for eight years and discovered that the number of open cybersecurity positions increased by 350%, from one million in 2013 to 3.5 million in 2021. (Cybercrime Magazine)
- 25% more women were employed in cybersecurity in 2022 than in 2019. Women will make up 35% of the cybersecurity workforce globally by 2031, according to a prediction made by Cybersecurity Ventures. (Cybercrime Magazine)
- According to a Fortune Business Insights analysis, the global market for cyber security is expected to increase from USD 155.83 billion in 2022 to USD 376.32 billion in 2029. (PR Newswire)
- Over the following three years, we anticipate that the worldwide cost of cybercrime damage would increase by 15% yearly, reaching $10.5 trillion USD annually by 2025. (Cybercrime Magazine)
- Security services came in at the top of the charts regarding spending for 2020, costing USD 64,270 million. Infrastructure protection came in second at USD 17,483 million. (Gartner)
- 59% of firms don't use zero trust security, increasing average breach costs of USD $1 million compared to those who do. (IBM)
- Businesses that tested their incident response (IR) plan and had an incident response team reported reduced breach costs of USD 2.66 million on average than those that did not. (IBM)
- US businesses allocated an average of 13.7% of their IT budgets to security in 2021. (Comparitech)
Ransomware Attack Statistics
- More than 4,000 ransomware attacks occur every day. (FBI)
- A ransomware attack is expected to strike a business or consumer every 2 seconds by 2031. (Cybercrime Magazine)
- The cost of ransomware damage is expected to rise from $20 billion in 2021 to $265 billion by 2031. (Cybercrime Magazine)
- 91% of cyberattacks begin with a spear-phishing email, commonly used to infect organizations with ransomware. (KnowBe4)
- 109,183,489 "unique malicious objects" were identified by Kaspersky in 2022
- In 2022, ransomware Trojans targeted 271,215 users, including 8,931 users from small and medium-sized organizations and 77,256 corporate users. (Kaspersky)
- The average cost of a ransomware attack, not including the ransom itself, is USD 4.54 million. (IBM)
- In 2020, 78.5% of American businesses experienced a ransomware assault. After Australia, the US was the country with the second-highest impact. (Comparitech)
- Ryuk infected the computer systems of a U.S. county through a malicious link or attachment allegedly opened by a user. The attackers demanded over $1.2 million in Bitcoin for a decryption key. Instead of paying the ransom, officials rebuilt their systems and invested $1 million in new hardware and technical support. (FBI)
- According to Sophos, the average cost of remediating a ransomware attack in 2020 was $761,000. This amount skyrocketed in 2021, increasing by more than 50% to 1.85 million. (Comparitech)
Phishing Attack Statistics
- Phishing scam reports to the IC3 increased from 2020 to 2021, totaling 323,972 reports, representing 38% of all internet crimes reported to the IC3. (Comparitech)
- Kaspersky’s Anti-Phishing system was triggered 253,365,212 times in 2021, and their Mail Anti-Virus blocked 148,173,261 malicious attachments sent in emails. . (Kaspersky)
- Phishing scams cost victims $44,213,707 in 2021. (Comparitech)
- Phishing was the second most frequent cause of a breach (16%), and it was also the most expensive, with a cost of a breach of USD 4.91 million on average. (IBM)
- In January 2022, the Netherlands was the top target for phishing attempts, followed by Russia, Moldova, and the United States. (Eftsure)
- Phishing has steadily increased from pre-pandemic 2019 to post-pandemic 2022, with a 61% increase in malicious URLs from 2021. Credential harvesting was used in 76% of the attacks discovered in 2022. (SlashNext)
- The subject line of 67% of phishing emails is blank. Other subject lines attackers use include ‘Fax Delivery Report’ (9%), ‘Business Proposal Request’ (6%), ‘Request’ (4%), ‘Meeting’ (4%), ‘You have (1*) New Voice Message’ (3.5%), ‘Re: Request’ (2%), ‘Urgent request’ (2%), and ‘Order Confirmation’ (2%). (DigitNews)
- During the second quarter of 2022, the top 5 brands that appeared the most in phishing attempts were LinkedIn (45%), Microsoft (13%), DHL (12%), Amazon (9%), and Apple (3%). (Security Magazine)
- The increase in zero-hour (never seen before) threats was a major trend in 2022. The percentage of zero-hour threats increased by 48% from the end of 2021 to 2022, making up 54% of threats found. (SlashNext)
- Of the zero-hour attacks identified in 2022, the top 3 were spear phishing credential harvesting (76%), social engineering scams (15%), and malware, ransomware, and exploits (1%). And the top 5 industries that were the most targeted by this type of attack were Healthcare, Professional and Scientific Services, Information Technology, Construction and Engineering, and Finance and Insurance. (SlashNext)
- According to the Cofense Phishing Intelligence Trends Review, the most widely used file types by phishing attackers in Q1 2022 were .pdf, .html, and .htm. (Security Magazine)
- Cryptocurrency company Blockchain.com was the most spoofed crypto brand in 2022, with 662 phishing websites from April to June 2022. Crypto investing app Luno is the second on the list, followed by proof-of-stake blockchain platform Cardano. (DigitNews)
Understanding the state of cybersecurity is important to protect yourself, your family, and your businesses from digital threats. The statistics show that even though many individuals and companies are aware of cyber threats, their protection is failing due to the continued evolution of attacks.
So what can you do to protect your devices from cybercrime? The first steps are staying educated on current threats and investing in device security. Use the statistics we’ve shared to plan how you will prevent being part of the growing number of victims in 2023.