The statistics we're examining reveal crucial insights into the evolving landscape of cyber threats. They underscore a critical reality: cybercriminals are diversifying their tactics, and no sector remains unscathed. The staggering projected rise to $10.5 trillion in cybercrime costs by 2025 mirrors the increasing audacity and complexity of attacks.
From targeted ransomware crippling key industries to sophisticated phishing schemes and significant GDPR fines signaling regulatory tightening, each data point serves as a stark reminder. This environment demands not just vigilance but a proactive, multifaceted approach to cybersecurity, integrating advanced technologies and cross-sector collaboration to stay ahead of these ever-evolving threats.
Below are 90 cybersecurity statistics to provide a look at what we can expect in 2024 if the trends hold.
Cost and Frequency of Cyber Attacks
- Worldwide cybercrime costs are estimated to hit $10.5 trillion annually by 2025, emphasizing the need for enhanced cybersecurity measures (Cybersecurity Ventures).
- Cybercrime is predicted to cost the world $9.5 trillion USD in 2024, slightly lower than the projected growth rate (Cybersecurity Ventures).
- Global cybercrime damage costs are expected to grow by 15% per year over the next two years, reaching $10.5 trillion USD annually by 2025 (Forbes).
- For 2023, the United States continues to have the highest cost of a data breach at $5.09M (IBM).
- 75% of security professionals have observed an increase in cyberattacks over the past year (CFO).
- The global average cost of a data breach in 2023 was $4.45 million, a 15% increase over three years, highlighting the growing financial burden on organizations (IBM).
- Cyber insurance premiums in the US surged 50% in 2022, reaching $7.2 billion in premiums collected from policies written by insurers (Insurance Journal).
- When remote work is a factor in causing a data breach, the average cost per breach is $173,074 higher, underscoring the cybersecurity challenges in the evolving work landscape (IBM).
- For the 12th year in a row, the United States has the highest cost of a data breach at $5.09M (IBM).
Ransomware Statistics
- Globally, 72.7% of all organizations fell prey to a ransomware attack in 2023 (Statista).
- Ransomware costs are projected to reach around $265 billion USD annually by 2031, significantly up from $20 billion in 2021 (Cybersecurity Ventures).
- Nearly half (47%) of companies now have a policy to pay ransoms associated with cybersecurity threats, a 13% increase from the previous year (CFO).
- Ransomware is identified as the number one concern of the C-suite in 62% of surveyed organizations, up 44% from 2022 (CFO).
- The average cost of a ransomware attack was $4.54M (IBM).
- The average cost of recovering from a ransomware attack in 2023 was $1.82 million, excluding the ransom payment (SC Media).
- Only 8% of businesses that pay ransom to hackers receive all of their data in return (Sophos).
- Backdoors were deployed in 21% of all incidents remediated in 2022, while ransomware constituted 17% of the incidents (IBM Security X-Force 2023).
- Extortion was involved in 27% of attacks, indicating a growing trend in ransomware tactics (IBM Security X-Force 2023).
- In 2023, ransomware constituted 17% of security incidents, showing a decrease from 21% in 2021 (IBM Security X-Force 2023).
- In 2023, 66% of organizations reported being targeted by ransomware, with the average ransom payout rising from $812,380 in 2022 to $1,542,333 (SC Media).
- Ransomware affected 56% of organizations with revenues between $10-50 million and 72% of companies with revenues over $5 billion (SC Media).
- There was an 8% increase in global weekly cyberattacks in Q2 of 2023 (Check Point).
- The first half of 2023 saw ransomware extortion totaling $176 million more than in 2022 (Chainalysis Mid-year Update).
- 81% of organizations surveyed faced ransomware attacks 2023, and 48% paid the ransom (SpyCloud 2023 Ransomware Defense Report).
- The construction industry was most impacted by ransomware in 2023 (eCrime Ransomware and Data Leak Site Report 2023).
Phishing Statistics
- Phishing continues to be the most common email attack method, accounting for 39.6% of all email threats (Hornetsecurity’s Cyber Security Report 2024).
- 94% of malware is delivered over email (Panda).
- Spear phishing attachments were used in 62% of phishing attacks, while links were used in 33% and as a service in 5% (IBM Security X-Force 2023).
- Credit card information was targeted in only 29% of phishing kits in 2022, a 52% decline from 2021 (IBM Security X-Force 2023).
- Business Email Compromise (BEC), often involving spear phishing links, accounted for 6% of incidents, with spear phishing links used in half of these cases (IBM Security X-Force 2023).
- In 80% of the organizations where a BEC attack occurred, no multi-factor authentication (“MFA”) solution was in place before their incident (ArcticWolf).
- Phishing was identified as the primary infection vector in 41% of cybersecurity incidents. (IBM Security X-Force 2023).
- The number of thread hijacking attempts doubled in 2022 compared to 2021 (IBM Security X-Force 2023).
Business Interruption and Security Investments
- 45% of experts say cyber incidents are the most feared cause of business interruption, surpassing natural disasters or energy concerns (Allianz Risk Barometer).
- Spending on information security and risk management products and services is expected to grow by 14.3% in 2024, reaching more than $215 billion (Gartner).
- Cybersecurity is part of the core transformation team in 53% of organizations, indicating integration of cybersecurity in strategic business initiatives (Accenture).
- Another 53% of organizations require cybersecurity clearance before deploying any solution, showing a proactive approach to cyber risk management (Accenture).
- Only 39% of organizations prioritize collaboration with government agencies on policies and recommendations in response to geopolitical tensions (Accenture).
- 35% of organizations embed security controls in all transformation initiatives from the beginning, while 18% deployed security after the event, indicating varying approaches to cybersecurity in digital transformation (Accenture).
- 44% of business leaders emphasize the importance of CISOs in translating technical aspects of cybersecurity to CEOs and Boards, reflecting the growing strategic importance of cybersecurity in organizational decision-making (Accenture).
- The influence of geopolitical tensions is also evident through supply chain, physical infrastructure, and external network vulnerabilities, with 54% seeing third parties and external networks as the most susceptible areas for attack (Accenture).
- Extortion was noted as the primary impact in 27% of cyberattacks, with manufacturing being the most affected industry (IBM Security X-Force 2023).
- Exploitation of public-facing applications accounted for 26% of incidents (IBM Security X-Force 2023).
- Data theft was a factor in 19% of all incidents, highlighting the rising concern about information security (IBM Security X-Force 2023).
Geopolitical Influences in Cybersecurity
- The Asia-Pacific region was the most targeted by cyberattacks, representing 31% of all reported incidents, with Europe and North America following at 28% and 25%, respectively (IBM Security X-Force 2023).
- 97% of organizations saw an increase in cyber threats since the start of the Russia-Ukraine war in 2022, demonstrating the profound effect of geopolitical tensions on cybersecurity (Accenture).
- Following the escalation of the Russia-Ukraine conflict, 51% of organizations updated their business continuity and enterprise risk plans in 2023, indicating the need for revised strategies in the face of changing geopolitical dynamics (Accenture).
Industry-Specific Cybersecurity Statistics
Healthcare Industry Cybersecurity
- There has been a 239% increase in the number of large breaches involving hacking over the last four years (Chief Healthcare Executive).
- The average healthcare data breach was nearly $11 million in early 2023 (an 8% jump from the previous year. (IBM via Chief Healthcare Executive).
- 27% of healthcare cyber incidents involved backdoor attacks (IBM Security X-Force 2023).
- In healthcare-related cyber incidents, reconnaissance activities—where attackers scout for vulnerabilities and valuable data—were the leading type of impact, representing 50% of all observed cases, underscoring the critical nature of early-stage threat detection in this sector (IBM Security X-Force 2023).
- In the U.S., 88 million people have been affected by data breaches of their personal health information, an increase of 60% in 2023 (Chief Healthcare Executive).
- Of the 40 million healthcare records exposed in the first half of 2023, nearly 50% were exposed due to attacks aimed at third-party business associates of healthcare providers (Healthcare Dive).
- 70% of healthcare facilities have migrated to the cloud (DuploCloud).
Manufacturing
- Globally, the manufacturing sector was the most targeted, representing 20% of all cyber extortion campaigns (Orange Cyberdefense).
- The most common hostile action in these incidents was the deployment of backdoors, occurring in 28% of cases (IBM).
- The manufacturing sector contributed the most to confirmed incidents (32.43%), followed by Retail Trade (21.73%) and Professional, Scientific, and Technological Services (9.84%) (Orange Cyberdefense).
- Manufacturing accounted for 65% of industrial ransomware incidents in 2022 (NAM).
- Supply chain attacks increased by 600% in 2022 (CSO).
Finance and Insurance
- On average in the financial services sector, 449,855 sensitive files are exposed, with 36,004 of these files accessible to every member of the organization. This level of exposure is the highest among all compared industries (Varonis).
- Financial services organizations take, on average, 233 days to detect and contain a data breach (Varonis).
- 74% of financial and insurance attacks compromised clients' personal details (Verizon).
Education
- 29% of attacks on educational institutions originated from vulnerability exploitation and 30% from phishing campaigns on K-12 schools in 2023 (Infosecurity Magazine).
- Ransomware attacks on K-12 and higher education globally caused over $53 billion in downtime costs from 2018 to mid-September 2023 (Comparitech).
- These attacks breached over 6.7 million personal records across 561 incidents (Comparitech).
- In the U.S., 386 ransomware incidents cost an estimated $35.1 billion in downtime (Comparitech).
Other industries
- In North America, retail accounts for 14% of cyberattacks (IBM).
- In North America, the energy sector accounts for 20% of cyberattacks (IBM).
- 74% of all breaches are due in part to human error, privilege misuse, use of stolen credentials, or social engineering (Verizon).
IoT and DDoS Attacks
- Over 10.54 million IoT attacks were reported in December 2022 (Statista).
- A 15% increase in application-layer DDoS (Distributed Denial of Service) attacks occurred in the second quarter of 2023 (IBM).
- In 2022, 6,248 DDoS attacks were reported (Verizon).
- In the first quarter of 2023, we witnessed a massive 600% increase in cyber incidents targeting cryptocurrency firms, accompanied by a significant rise of 15% in HTTP DDoS attacks (Cloudflare).
AI and Cybersecurity
- 85% of cybersecurity professionals attribute the increase in cyberattacks to the use of generative AI by bad actors (CFO).
- Around 46% of respondents believe that the integration of generative AI in business operations will increase vulnerability to cyberattacks (CFO).
- Concerns about AI in cybersecurity include the potential for increased privacy concerns (39%), undetectable phishing attacks (37%), and a general increase in the volume and velocity of attacks (33%) (CFO).
- 85% of cybersecurity professionals attribute the rise in cyber attacks to bad actors using generative AI (CFO).
GDPR Compliance and Violations
- In 2023, the General Data Protection Regulation (GDPR) imposed record fines exceeding €1.6 billion – more than the total fines imposed in 2019, 2020, and 2021 combined (Statista).
- Meta was fined $1.3 billion for GDPR violations in 2023 (Reuters).
- TikTok was fined $370 million for breaching a number of GDPR rules in 2023 (Forbes).
- Spotify was fined $5.4 million in 2023 (CyberNews).
General & Miscellaneous Statistics
- 55% of cybersecurity experts have reported increased stress levels due to heightened cybersecurity threats and challenges (CFO).
- There was a noted increase in global cybersecurity vulnerabilities, with the total number tracked in 2022 rising to 23,964 from 21,518 in 2021 (IBM Security X-Force 2023).
- In a recent Gartner survey, 80% of organizations said they plan to increase their spending on information security in 2024. (Gartner).
- Lockbit 3.0, Clop, ALPHV/BlackCat, and Paly and Royal ransomware groups represented 57% of detected cyberattacks in 2023, but other hacktivist groups are an emerging threat as well (Infosecurity Magazine).
- Large enterprises were most impacted by cyber extortion (40%), followed by small organizations (25%) and medium-sized businesses (23%) (Orange Cyberdefense).
- Internal actors, whether deliberate or accidental, were responsible for 37.45% of detected incidents (Orange Cyberdefense).
- Europe experienced 85% of all hacktivist attacks seen in 2023, followed by North America (7%) and the Middle East (3%) (Orange Cyberdefense).
- Cryptocurrency payments to ransomware attackers reached $449.1 million in the first half of 2023 alone (Reuters).
- Smaller organizations (with 1 – 250 employees) have the highest targeted malicious email rate (at 1 in 323) (Comparitech).
FAQs
How many cyberattacks per day?
According to Security Magazine, there are over 2,200 attacks each day which breaks down to nearly 1 cyberattack every 39 seconds.
How many people get hacked each year?
With around 2,220 cyberattacks each day, that equates to over 800,000 attacks each year.
What percentage of cyberattacks include a social engineering aspect versus a technical problem?
According to Cybint, nearly 95% of all digital breaches come from human error.
Which year had the worst cyberattacks in history?
Unfortunately, the worst attacks appear to be broken with each passing year.
In 2021 though, there were two noteworthy large-scale cyberattacks that impacted the world which had a larger impact than anything we saw in 2022.
First, the Colonial Pipeline ransomware attack shut down one of the largest oil pipelines in the United States. Second, the Log4J vulnerability also hit the world in 2021, which hit many large infrastructure providers such as AWS. Explore more about the biggest hacker attacks in history.
How to prepare for a cyberattack?
This is a difficult question to answer without more context but in general, cybersecurity best practices should be followed such as strong passwords, 2-factor authentication, don’t click suspicious links, using antivirus software, backup your data, and limiting the personal information you share online.
Read more about how to prepare for a cyberattack with a guide from FEMA.
What is the prediction for cybersecurity in 2024?
Predictions for 2024's cyber landscape include:
- Next-gen security awareness programs geared toward generative AI in cyber threats.
- Protection against deepfakes in cyber attacks, with attackers expected to use it for social engineering, creating false narratives, and impersonating individuals in videos or voice calls.
- Explore more 2024 cybersecurity predictions created by the expert team at Cobalt.
How big is the cybersecurity market in 2024?
According to Mordor Intelligence, the cybersecurity market size is estimated at USD 182.86 billion in 2023 and is expected to reach USD 314.28 billion by 2028, growing at a CAGR of 11.44% during the forecast period (2023-2028).
Reports for Further Reading & Research
- IBM’s 2023 Cost of Data Breach Report
- Accenture’s 2023 State of Cyber Resilience Report
- Cisco’s Cybersecurity Reports
- IBM Security X-Force 2023
- Verizon’s 2023 Data Breach Investigations Report
- The State of Pentesting 2023
In closing, remember that knowing all the security statistics in the world won’t help you secure your assets. Instead, use these statistics to help receive buy-in from executives and team members trying to understand how investing in security pays dividends.