36 Enlightening Cybersecurity Statistics

With cybercrime on the rise, it never hurts to know more about cyberattacks and how to prevent them. In this article, we’ll explore 36 cybersecurity statistics that paint a picture of this brave new world we live in.

Cybersecurity Statistics

1. More Than 3.8 Million Records Are Stolen Daily

On a daily basis, approximately 3.8 million records are stolen by attackers. That works out to approximately 44 records every single second.

[Source: University of North Georgia]

2. Cybercriminals Rake in $1.5 Trillion Annually

While law enforcement agencies like to say that crime doesn’t pay, it certainly can in the world of cybercrime. Overall, cybercriminals rake in about $1.5 trillion in revenue each year. While those new to the game may only bring in $42,000 annually, top hackers might earn $2 million or more.

[Source: Tech Republic and Computer Weekly]

3. Over 15 Years, the US Experienced 12,000+ Data Breaches Involving 11.1+ Billion Records

From 2005 to 2020, the US experienced just shy of 12,100 data breaches. Across every incident, around 11.1 billion records were ultimately compromised to some degree.

[Source: Comparitech]

4. Over 75% of Data Breaches Involve Organized Crime

Data breaches aren’t typically the goal of independent hackers. Instead, more than 75% of breaches involve organized crime groups. That can include private collectives operating together for a particular goal, as well as state-backed hacking agencies looking for political gain or to disrupt a rival nation.

[Source: Verizon]

5. 40% of Phishing Command and Control Centers are US-Based

While many would assume that the bulk of phishing command centers aren’t based in the United States, that isn’t the case. Around 40% of such entities operate on US soil. While that doesn’t mean that the US is the starting point for most cybercrimes, it does show that the country leads the way when it comes to this specific attack vector.

[Source: Cofense and ABC News]

6. Cyberattacks Happen Every 39 Seconds – to a Single System

One study found that an average of 2,244 cyberattacks happen every day, which comes out to one attack every 39 seconds. But the study in question only tested a single computer system connected to the internet. If attacks happen every 39 seconds to each of the billions of computers and smartphones around the world, you can only imagine the staggering number of cyberattacks happening all the time.

[Source: Security Magazine]

Cybersecurity Cost Statistics

7. Cybercrime Will Cost $10.5 Trilliin Per Year by 2025

At the rate cybercrime is growing, the amount of revenue cybercriminals will bring in is expected to skyrocket. Estimates suggest that it may total up to $10.5 trillion a year by 2025. As a matter of perspective, based on an estimated global population of 7.9 billion, that breaks down to about $1,329 per person.

[Source: Cybercrime Magazine and US Census]

8. Ransomware Breaches Cost an Average of Almost $4.5 Million

It isn’t surprising that ransomware can be costly, particularly since a payment is a key element of this attack vector. However, the total cost of a ransomware breach goes far beyond the ransom. On average, between the payments, damage to systems, harm to data, financial ramifications relating to customer information, and other factors, the average cost of ransomware is about $4.44 million.

[Source: Government Technology]

9. Average Ransom Payment Rises by 82%, Hitting $570,000

As mentioned above, ransomware costs go far beyond the price demanded by hackers in exchange for returning data and access to systems. However, with it comes to the payment, those are rising quickly. Year-over-year, the amount increased by 82%, bringing the average up to $570,000.

[Source: Purplesec]

10. Data Breaches Come with an Average Price Tag of $4.24 Million

Data breaches are expensive for several reasons. Along with damage to systems, companies often have to take steps to address harm to their customers. Plus, fines are a typical part of the equation, which can boost the total cost. Couple that with a loss of trust leading to declining business, and the final price tag averages out near $4.24 million.

[Source: Upguard]

11. Over 6 Years, the Cost of Phishing Scams Nearly Quadruples

Between 2015 and 2021, the cost of phishing scams skyrocketed. In 2015, the average was just shy of $3.8 million. By 2021, the cost reached a bit above $14.8 million, which is nearly a fourfold increase.

[Source: Proof Point]

12. The Most Expensive Computer Virus Ever Caused $38 Billion in Damage

Mydoom – the costliest computer virus ever created – began hitting systems in 2004. It infected systems with shocking speed and, using scraped emails to copy and send itself to others, at one point represented around 24% of all email traffic. In the end, it caused around $38 billion in damage.

While Mydoom is still around today, it’s far less harmful since most antimalware programs can detect it. Still, around 1.2 billion copies are created by the virus annually, and it still represents around 1% of all email traffic.

[Source: HP]

Data Breach Statistics

13. 294 Million People Were Impacted by Data Breaches in 2021

In 2021, the number of data breaches technically declined by 5% over the previous year. However, that still left around 294 million people impacted.

Part of the reason for the decline is hackers changing tactics. While large-scale data theft was once the approach du jour, many attackers are now using more targeted strategies, resulting in less impact on consumers overall.

[Source: CNET]

14. On Average, It Takes 287 Days to Discover a Data Breach and Another 80 Days to Contain It

While most would hope that data breaches would be spotted quickly, that’s rarely the case. Instead, it takes an average of 287 days (about 9 ½ months) to discover a breach.

Once discovered, many data breaches aren’t addressable immediately. Instead, it can take about 80 days (just shy of 3 months) to contain the breach. In total, that means it may take a full year to discover a breach and get it under control.

[Source: IBM]

15. Small Businesses Represent 43% of All Data Breach Targets

Many people would think that enterprise companies are more commonly targeted by cyberattacks. However, 43% of data breaches actually involve small businesses, making them the number one target for this kind of attack.

Usually, small businesses don’t have the same level of security as large companies. That makes them easier targets.

[Source: CNBC]

16. 82% of Breaches During the Past Year Involved the Human Element

Overall, the human element continues to play a major role in data breaches. Whether it’s clicking malicious links, providing credentials to a hacker masquerading as a trusted person or entity, or simply failing to secure a device or system, 82% of breaches during the past year involved a misstep by a person.

[Source: Verizon]

17. Insiders Are Involved in 60% of Data Breaches

While the human element plays a role in 82% of data breaches, 60% specifically involve an insider. This can include current and former employees, vendors, service providers, or others with direct and approved access to key systems.

The severity of the incident can vary. At times, it’s simply an exiting employee accidentally leaving with sensitive information. In others, it’s malicious, with an insider intentionally working to harm the company in some way.

[Source: Society for Human Resource Management]

18. 45% of US Companies Experienced Some Kind of Data Breach Last Year

While the size and nature of the data breaches can vary dramatically, a startling 45% of US companies experienced some form of data breach in 2021. While that’s lower than the 65% that were in the same boat in 2019, it still shows how common data breaches are overall.

[Source: Thales Group]

Attack Vector Statistics

19. 91% of Cyberattacks Begin with Phishing Emails

In the world of attack vectors, phishing emails are by far the most popular starting point. In many cases, this is because they require little effort to initiate and can launch attacks with just a single click on the part of the target.

Overall, phishing emails are involved in 91% of incidents. This can include attacks triggered when a person accesses a malicious attachment or link that automatically downloads harmful applications, as well as giving login credentials to unauthorized individuals masquerading as legitimate persons, giving them access to systems.

[Source: Deloitte]

20. For Targeted Attacks, Spear Phishing Is the Main Vector 65% of the Time

When you’re dealing with hacker groups and targeted attacks, spear phishing is traditionally their preferred strategy. Overall, it’s involved in 65% of targeted attacks.

[Source: Symantec]

21. Ransomware Attacks Rose by 13% in the Past Year

Year-over-year, ransomware attacks rose more than in the past five years combined. They increased by a startling 13% in just one year, showing how much hackers are favoring ransomware due to its ability to successfully monetize a breach and exploit access to critical data.

[Source: Verizon]

22. About 30% of DDoS Attacks Originate in China

When it comes to distributed denial of service (DDoS) attacks, China is the point of origin in around 30% of cases. The next most common origin country is the United States with about 22%, followed by the UK with a little above 15%.

[Source: Research Gate]

23. Each Day, 30,000 Websites Are Hacked to Deliver Malicious Code

Overall, 30,000 websites are hacked every day to make them deliver malicious code. That breaks down to about 21 sites every single minute.

Delivering malicious code by hacking a website and altering it is a popular attack vector. Often, it allows hackers to take advantage of an existing trust, as repeat visitors may engage with the site without worrying about safety or security risks. Plus, search engines may not immediately notice the problem, allowing the code to distribute longer than if a new site was created for that purpose.

[Source: Forbes]

24. More Than 90% of Malware Arrives Via Email

When it comes to malware distribution, email is by far the preferred approach. Overall, 92% of malware hits systems via email, typically through malicious attachments or harmful links that send recipients to malware sites.

[Source: Purplesec]

Business Cybersecurity Statistics

25. 93% of Company Networks Are Susceptible to Breaches

While many organizations do take steps to reduce the risk of a hack, a stunning 93% of company networks are susceptible to breaches. On average, a company’s internal network can be accessed in as little as two days, often due to issues like compromised credentials or brute force attack successes thanks to overly simple passwords

[Source: Forbes]

26. Each Year, 61% of Businesses Are Disrupted by Ransomware Attacks

Based on 2020 data, approximately 61% of organizations experience business-disrupting ransomware attacks during the year. While the duration and severity can vary, any ransomware attack usually results in financial losses, either through reduced productivity, lost sales, damaged data, or other related impacts.

[Source: Mimecast]

27. 80% of Critical Infrastructure Companies Were Targeted by a Ransomware Attack Last Year

During the last year, a shocking 80% of critical infrastructure organizations were targeted by a ransomware attack. While not all were successful, it shows how much interest hackers have in companies that may have little choice but to pay ransoms due to the nature of their role in society.

[Source: Forbes]

28. 52% of Companies Paid Their Ransoms, But Only 66% Got Their Data Back

After being targeted by a ransomware attack, 52% of companies actually pay the attackers. While one would hope that paying the ransom after being targeted by ransomware would essentially guarantee companies would regain access to data, that isn’t the case. Of those that paid the ransom, just 66% got their data back. The remaining 34% didn’t fully recover the losses.

[Source: Mimecast]

29. One in Five Companies That Experienced a Malicious Data Breach in 2021 Had Lost or Stolen Credentials

Among companies that experienced malicious data breaches, lost or stolen credentials were used to access systems in about one in five cases.

[Source: IBM]

30. 74% of Companies Have Seen Malware Spread from One Infected Device to Another

Malware spread is often a concern for organizations, as networked systems can allow various forms of malware to infect more machines with ease. In 2020, around 61% of organizations experienced malware moving between devices. By 2021, that number rose to 74%, representing a 13 percentage point increase in a single year.

[Source: Mimecast]

31. 75% of Healthcare Organizations Are Infected with Malware Annually

Over the course of a year, healthcare organizations are infected with malware with surprising regularity. Overall, 75% of healthcare organizations are infected at least once.

[Source: PRN Newswire]

Hacker Statistics

32. A Mere 4 to 5% of Cybercriminals Are Ever Apprehended

With cybercriminals operating all around the world and the myriad of ways they can avoid detection, it likely isn’t surprising that most hackers aren’t caught. However, the fact that a mere 4 to 5% are ever apprehended shows just how difficult it is to capture and prosecute cybercriminals.

Usually, there are several reasons it’s challenging. First, there’s identifying who is responsible for the crime. Second, some countries won’t extradite hackers, even if the evidence shows that the person is likely responsible for the crime. In some cases, the latter is due to the high cost involved. However, it can also be politically motivated.

[Source: Security IT Summit]

33. The Youngest Convicted Hacker Committed the Crimes at Age 15

The youngest hacker to ever be convicted for his crimes, Johnathan James, was only 15 when he committed the acts that led to the criminal charges. Along with hacking several companies while working under the alias cOmrade, he also hacked United States Department of Defense systems.

Johnathan James was arrested in 2000. He ultimately received a sentence of six months of hour arrest and was barred from the recreational use of computers.

[Source: Kaspersky]

34. Russian Intelligence Hackers Are 8x Faster Than Other Leading Intelligence Hackers

When it comes to intelligence hackers, Russians are far quicker than their counterparts. Overall, they’re eight times faster than Chinese, Iranian, and North Korean hackers. Plus, they’re quicker than many criminal hackers not involved with intelligence hacking or state-sponsored hacks.

[Source: NBC News]

35. Money Motivates 86% of Hackers

When it comes to why hackers do what they do, money is a key motivation for 86% of those who engage in this kind of criminal activity. They might use ransomware to receive payments directly or might intend to sell stolen data on the dark web, for example.

[Source: Security Boulevard]

36. 87% of US Ethical Hackers Are Male, and 42% Are White

When it comes to the demographics of your average ethical hacker in the United States, the most widely represented group in the field is white men. Overall, 87% of ethical hackers are male. Plus, 42% are white.

When it comes to other races, South Asians are the second largest group at 17%. Then comes East Asians with 11%, followed by Black or African Americans with 9%.

[Source: Career Explorer]