By all accounts, cyber attacks are a massive issue. Stolen data puts millions of people at risk, while compromised systems can shut down critical infrastructure, slow down supply chains, and prevent vital access to services. And the cost of cyber incidents can be shockingly high, and not just in terms of monetary damages.
With that in mind, here is a look at 32 key cyber attack statistics that are worth knowing.
Cyber Attack Statistics – By Type
1. 91% of Cyber Attack Start with Phishing Emails
Per one study, phishing emails had a hand in 91% of all cyber attacks, either directly, through downloading malicious software, or indirectly, such as giving login credentials to a hacker by mistake.
[Source: Deloitte]
2. Ransomware Cases Increased by 150% in 2020
The use of ransomware is on the rise, becoming one of the most widely used approaches criminals tap to get funds. In 2020, cyber attack cases involving ransomware rose by 150%.
[Source: Help Net Security]
3. Insiders Are Responsible for 60% of Data Breaches
Whether it’s intentional or not, 60% of data breaches occur because of the actions of an insider, such as a current or former employee. At times, it involves the employee leaving with sensitive, proprietary, or classified documents when exiting a workplace, though it can also take other forms.
[Source: Society for Human Resource Management]
4. 58% of Nation-State Cyber Attacks Originated in Russia
When it comes to national security, research suggests that Russia is a main concern. Overall, 58% of nation-state attacks originate from Russia, making it the most prevalent threat for this kind of activity.
[Source: Microsoft]
5. 40% of Phishing Command and Control Centers Are Located in the United States
While it’s easy to assume that most attacks originate from another country, the United States is actually home to 40% of all phishing command and control centers. However, that doesn’t mean the majority of all cyber attacks originate in the U.S, as phishing is only a single attack vector. Instead, China leads the way in that regard.
[Source: Cofense and ABC News]
6. Approximately 30% of DDoS Attacks Originate in China
When it comes to the sources of distributed denial of service (DDoS) attacks, China leads the way, coming in with approximately 30%. The United States is second, representing about 22 percent of attacks. After that is the U.K. with a bit more than 15%.
[Source: Research Gate]
7. 3.8+ Million Records Are Stolen Each Day
Every day, around 3.8 million records are stolen during data breaches. If you break that down, it comes out to about 44 records every single second.
[Source: University of North Georgia]
8. 58% of Breaches Involve Personal Data
When it comes to the general public, the biggest concern regarding breaches is typically compromised personal data. Often, this is spurred by identity theft fears, though it can also come down to a simple matter of privacy. In 2020, 58% of breaches involved personal data.
[Source: Verizon]
Cyber Attack Frequency Statistics
9. A Cyber Attack Happens Every 39 Seconds – to a Single Computer System
One study found that an average of 2,244 cyber attacks happen each day. That works out to approximately one attack every 39 seconds. But this study was only looking at a single computer system. If that’s how many attacks one system faces, you can only imagine how many billions of cyberattacks happen around the world every second.
[Source: Security Magazine]
10. Over 4,000 Ransomware Attacks Happen Daily
Since 2016, over 4,000 ransomware attacks have occurred each day. The attacks have targeted a range of systems, including home users, government agencies, and private businesses.
[Source: Department of Justice]
11. 3 Billion Phishing Emails Are Sent Every Day
Each day, 3 billion phishing emails designed to mimic messages from trusted senders are sent out by cybercriminals. They spoof the sender identity information to make the “from” field seem like a legitimate contact, mainly in hopes of luring victims with a false sense of security.
Those 3 billion fake emails represent approximately 1% of all email traffic.
[Source: ZDNet]
12. Nearly 4 Phishing Websites Are Registered by Google Every Minute
In 2020, Google registered 2 million phishing websites. That works out to a little less than four phishing websites every minute of every single day.
[Source: Forbes]
13. 30,000 Websites Are Hacked Every Day
Every day, 30,000 websites are hacked by attackers. Often, the goal is to use a legitimate site’s address to distribute malicious code, increasing the odds that unsuspecting visitors will encounter the attack, allowing it to spread faster.
[Source: Forbes]
14. 24,000 Malicious Mobile Apps are Blocked Daily
Many people rely heavily on mobile apps during the day. Often, it’s easy to assume that most of the apps you encounter are safe. However, each day, 24,000 malicious mobile applications are blocked, showing just how prevalent the threat can be with mobile devices.
[Source: Symantec]
15. 19 DDoS Attacks Occur Every Minute
In 2020, there were more than 10 million distributed denial of service (DDoS) attacks. When broken down, that works out to approximately 19 per minute.
[Source: Tech Republic]
Cyber Attack Target Statistics
16. 46% of Global Attacks Target Americans
When you look at potential targets broadly, Americans are the most widely targeted by global cyber attacks. Overall, 46% of the attacks are directed at Americans in some form or fashion.
[Source: CompTIA]
17. 300.6 Million People Were Impacted by Data Breaches in 2020
In 2020, 300.6 million people were impacted by data breaches. In total, around 1,108 breaches are known to have occurred during the year. Since some attacks can go undetected, the actual total could be higher.
[Source: Insurance Information Institute]
18. Nearly 20% of Computers Are Subjected to a Web Attack Every Year
Over the course of one year, 19.8% of user computers were subjected to one or more malware web attacks. While not all of those attacks succeed – with a percentage being blocked by security measures like antivirus software – it shows just how often individual computers are at risk.
[Source: Kaspersky]
19. 43% of Cyber Attacks Target Small Businesses
While it’s easy to assume that larger corporations, government agencies, or similar organizations would be the most common targets, that isn’t necessarily the case. Instead, 43% of cyber attacks actually target small businesses.
Considering that only 14% of small businesses are usually prepared to defend themselves, and the cost can be in the hundreds of thousands of dollars, even a single incident can put smaller companies out of business.
[Source: CNBC]
20. 75% of Healthcare Companies Are Infected with Malware at Least Once During the Year
When the entire healthcare industry is examined, 75% of organizations have had at least one malware infection over the past year.
[Source: PRN Newswire]
21. Over the Course of 12 Months, 53% of Healthcare Organizations Experienced a PHI Breach
In 2019, 53% of healthcare organizations experienced a data breach involving protected health information (PHI). The average breach in that sector involves over 7,200 confidential records and costs an estimated $1.8 million.
[Source: HIPAA Journal]
22. Money Was the Motivation Behind 63% of Cyber Attacks
With the rise of ransomware attacks, it shouldn’t be a surprise that money was a prime motivator for cybercriminals. Overall, financial gain was a driving force behind 63% of cyber attacks in 2020.
[Source: Government Technology]
Cyber Attack Timeline Statistics
23. Breaches Took an Average of 207 Days to Identify
While one would hope that companies would notice that a system or data was compromised quickly, that isn’t typically the case. In 2020, the average time it took to identify a breach was 207 days
[Source: IBM Security]
24. After Identification, It Takes an Average of 73 Days to Contain a Breach
Even when a breach is identified, that doesn’t mean it can be contained quickly. Overall, it takes an average of 73 days to get the situation under control. Couple that with the 207 days to identify a breach, and that brings to the total time of exposure up to 280 in total, or a bit more than nine months.
[Source: Source: IBM Security]
Cyber Attack Cost Statistics
25. The Average Cost of a Ransomware Breach Is Nearly $4.5 Million
Being targets by a ransomware attack can cost a pretty penny. Aside from the cost of the ransom itself, the hack can harm company systems, compromise data, and more. Overall, ransomware attacks came in with an average cost of $4.44 million in 2020.
[Source: Government Technology]
26. Data Breaches Cost an Average of $4.24 Million
In 2021, the average cost of a data breach reached $4.24 million. That’s a 10% increase over 2020.
[Source: Upguard]
27. Security Breaches Cost the Healthcare Industry $6 Trillion in 2020
While the healthcare industry isn’t the most widely targeted, the cost of attacks is high in that sector. Overall, security breaches came with a massive price tag for the healthcare industry, coming in at $6 trillion in 2020.
[Source: CompTIA]
28. Cybercriminals Bring in $1.5 Trillion in Revenue Each Year
Another way to view the cost of cybercrime is to explore how much cyber criminals bring in as revenue annually. Overall, they rake in $1.5 trillion each year.
Plus, while entry-level hackers may earn $42,000 per year, mid-tier ones often earn around $900,000 annually. Among those at the top, $2 million a year in earning isn’t out of the question.
[Source: Tech Republic and Computer Weekly]
29. By 2025, Cybercrime Will Cost an Estimated $10.5 Trillion
When examined globally, estimates indicate that cybercrime will cost approximately $10.5 trillion a year by 2025. If you break that down by the current population (about 7.9 billion), that comes out to around $1,329 per person.
[Source: Cybercrime Magazine and U.S. Census]
Cyber Attack Literacy Statistics
30. 64% of Americans Haven’t Checked to See If They’ve Been Impacted by a Data Breach
Even with large-scale breaches like the 2017 Equifax Data Breach – which impacted an estimated 147 million people – 64% of American adults haven’t checked to see if they were affected by any breach, including the big ones.
[Source: Federal Trade Commission and Varonis]
31. After a Breach, 56% of Americans Don’t Know What to Do
Regardless of whether they check if they’ve been affected by breaches, 56% of American adults say they don’t know what they should do if their information is compromised in a breach. That leaves just 44% who believe they know what steps to take.
[Source: Varonis]
32. Half of Companies with IoT Devices on Their Networks Don’t Adequately Secure Them
IoT devices are incredibly convenient for companies, but they can also introduce vulnerabilities if they aren’t properly secured, mainly because they connect directly to company systems and networks. However, while 84 percent of organizations have IoT devices on their networks, approximately 50% of the companies don’t have any security measures in place aside from default passwords
[Source: IoT World Today]
Bottom Line
Ultimately, cyber attacks are increasingly a part of daily life on this planet. They’re happening nearly every second of every day. Plus, they’re incredibly damaging, cost thousands, millions, or even trillions of dollars, depending on the scale. Additionally, nearly anyone can fall victim to a cyber attack. People, businesses, and government agencies are all potential targets, depending on the hackers’ motivations.
Being aware of the current state of threats is essential. That way, you can take action, ensuring the right protections are in place, and allowing you to protect yourself, your family, your employer, or your company from attackers.