39 Key Cybersecurity Statistics: Insights and Trends

1. Not taking cybersecurity risks seriously will cost you. It’s forecast that cybercrime is predicted to cost $10.5 trillion annually by 2025!
2. It’s estimated that there are 2,200 cyber attacks every day.
3. If 2,200 is too many to get your head around, it may help to think of it differently – a cyber attack occurs every 39 seconds on average.
4. Cyber attacks are on the rise – IoT cyber attacks are expected to double by 2025.
5. Ransomware attacks are also becoming more frequent, so much so that by 2031 they’re expected to happen every two seconds.

Find out more about these top cybersecurity statistics in our full write-up below.

Tech is everywhere, so cybersecurity has never been more important. And as we grow more reliant on technology, the frequency and complexity of cyber attacks grows, too. Let’s look at some of the top cyber threat statistics that lay the problem bare in more detail.

These days there’s a cyber attack every 39 seconds on average, which means there’s 2,200 cyber attacks happening each day. And all those attacks have at least one criminal attached, whether they’ve enabled a team of bots to carry out attacks, or working as part of an actual team. That’s still a lot of people involved.

And these attacks have a real cost. By 2025, cybercrime will cost an eye-watering $10.5 trillion. That’s not just a huge figure, it’s a sobering reminder of the financial devastation cyber crimes cause all of us. Doesn’t matter if it’s us at home or at work.

And we’re contending with more types of cyber attacks. Take the Internet of Things (which are the connected devices into our homes and workplaces) which is now a special target. By 2025, IoT cyber attacks are expected to double, so this is a whole new area to protect too.

Ransomware (which we’ll go into more detail about in a little while) is a particularly nasty kind of cyber crime that targets whatever the criminals want, and generally involves them encrypting files and charging the owner to get them back. By 2031, these attacks will happen every two seconds.

These cybersecurity statistics are a wakeup call to take action and make sure you stay vigilant.

If we’re looking specifically at cyber attack statistics, what can we learn? There are lots of types of cyber attacks, and they’re all a little different from each other. While we check out cyber attack statistics in the section, we’ll give you a good run-down on the different types of website attacks to be aware of.

Phishing Statistics

Phishing involves tricking users into revealing sensitive information, pure and simple. The chances are pretty high that you’ve come across a phishing email or text at some point – perhaps texts claiming to be from Google or your bank that didn’t look quite right, or the time you clicked on an email link and ended up getting your eBay or Facebook account hacked.

Phishing attacks will send you messages from what looks like a safe source that you already trust. They’ll use web addresses that are nearly exactly the same as the real thing. The same lettering. The same backgrounds. The same sign-offs. But it’s all a lie.

It’s really common because it works. Phishing’s been the most common form of cyberattack for three consecutive years. This grim reality is echoed by the FBI’s Internet Crime Complaint Center, which found that phishing (including vishing, SMiShing, and pharming), is the leading cyber attack threat in the US with 300,497 complaints last year.

Malware Statistics

Malware (which is short for malicious software) is designed to get into a computer or phone or system and stealthily cause damage with viruses (malicious codes that infect whatever they touch), worms (viruses that infect your system and then go after your contacts), and trojans (malware that disguises itself as legit software and does its damage once you download it).

Hackers who spread malware like to target financial services – a full 25% of malware attacks target them according to a study cited by the Congressional Research Service. They’re so common that 47% of IT professionals have noticed them. Those who use Windows are particularly at risk – 54% of all malware infections occur on Windows Operating System.

Ransomware Statistics

Ransomware is a type of malware that attacks in a two-pronged way. First it encrypts files on the victim’s computer, then demands a ransom for their release. It’s like a digital kidnapper holding your data hostage and threatening you with blackmail or data theft until you pay up.

A lot of people simply pay the demand. The record for the largest known ransom payout stands at a staggering $40 million, paid by CNA Financial to the Phoenix cybercriminal group. Whether or not a victim pays, it’s still a very expensive crime – by 2031, ransomware damage costs will exceed $265 billion annually.

Hacking Statistics

By 2025, the collective data of everyone in the world will reach 175 zettabytes. That’s 175,000,000,000,000,000,000,000 bytes of data to keep secure from prying eyes and hands of hackers.

Hacking is simply the act of accessing computers or networks without permission and to cause some kind of trouble. It’s like a digital robbery. It’s really common – 1 in every 3 Americans has their data breached each year. It can be an individual person, or a small business that only has a few employees.

Or it can be entire government branches and large corporations, like T-Mobile’s this year, which suffered the theft of the personal data of 37 million customers. Unbelievably, T-Mobile had another security breach just months later.

IoT Attacks: The Emerging Threat

As mentioned above, the Internet of Things has created a new opportunity for cyber attacks. Most of us have direct contact with the Internet of Things, whether in our homes or workplace. Of course it’s really convenient to have our devices and electronics hooked up to one another. But they’re definitely open to attack – in the first half of 2022, there were 1.51 billion reported IoT breaches.

One of the big problems is the lack of visibility with the IoT. 51% of IT teams are unaware of the devices connected to their networks – and those are the experts! This might explain why in 2023, there was a 41% increase in weekly attacks targeting IoT devices compared to the previous year with 54% of organizations receiving cyber attack attempts on IoT devices every week.

Cybersecurity isn’t a one-size-fits-all thing. Different industries have their own vulnerabilities and challenges.  Cybersecurity statistics shed some light into how cyber attacks affect different sectors, to help you stay informed.

Government

Government entities, both local and national, can be excellent targets for cybercriminals because they often have access to a lot of money. They also hold lots of data, and some of it can be really sensitive. Most government data systems are outdated or (even worse) obsolete with no more security updates available.

That makes things easy for all kinds of cyber attacks to target them, from thrill-seeking hackers to much more serious terrorist or oppositional government groups that have a specific political agenda they want to push.

From 2018 to October 2022, the US government alone lost over $70 billion to ransomware attacks. The frequency of attacks is stratospheric – in the second half of 2022, there was a 95% increase in worldwide cyber attacks targeting governments. There are different motivations too – 80% is money, 18% to uncover secrets, 1% because they’re mad at the target, and 1% because of personal belief.

Businesses

Though we hear about data breaches at big corporations all the time, the biggest mistake we can make when thinking about cyber attacks on businesses is that size matters. It absolutely doesn’t. There is no business too small to be attacked.

A staggering 43% of cyber attacks target small businesses, and the aftermath can be devastating—with 60% of victims going out of business within six months. Ecommerce sites are at particular risk, attracting 75% of fraud and data theft, emphasizing why ecommerce security is so important.

Check out these further business cybersecurity breach statistics for small-to-midsize businesses:

• 51% of small businesses that fall victim to ransomware pay the money.
• 46% of all cyber breaches impact businesses with fewer than 1,000 employees.
• 55% of people in the U.S. would be less likely to continue doing business with companies that are breached.
• Just 17% of small businesses have cyber insurance and 48% of those didn’t buy insurance till after an attack.

Regardless of the size, 34% of all cyber attacks against businesses in 2022 were Business Email Compromise (BEC) attacks, which involves impersonating a business executive or partner to trick workers into transferring money or sensitive data.

Banking and Financial Services

It’s not shocking that cybersecurity is really important in banking and financial services – look at how much money changes hands, the sheer number of electronic transactions, and the sensitive data they hold!

The grand irony is that financial institutions are prime targets for cyber attacks. In 2022, this sector had the second-highest number of data breaches (after government).

And boy is it expensive. The average cost of a claim for a small business in the financial sector is $139,000. Furthermore, the rise in remote work and the use of personal devices for business purposes during the pandemic has created new vulnerabilities that cybercriminals are quick to exploit.

In 2022, the average cost of a data breach in the financial industry worldwide was nearly $6 million (USD).

The most common cyber attacks in the financial sector involve network and application anomalies, account anomalies, phishing attacks, and attacks on payment systems and the banks themselves. What makes this particularly nasty is that malware desktop attacks are more likely to target customers.

Protecting against these threats means a highly-complex infrastructure, constant employee recruitment and training, and never dropping the ball with cybersecurity awareness.

Education

Schools of all kinds are pretty tempting prospects for cyber attacks. Not only do they usually use outdated data programmes, but they are treasure troves of valuable personal data, like names, addresses, family info, medical data, and social security numbers.

Most students and staff have little idea how to spot and tighten up security risks.  And the criminals know it – by July 2022, the education sector suffered more than double the weekly cyberattacks – that’s an average of 2,000 attacks per organization every week.

Attacks on education bodies can have really damaging and even devastating consequences. Take the case of Lincoln College – a ransomware incident was the straw that broke the camel’s back, and they shut their doors in 2022 after educating people for 157 years.

Cyber attacks can target the students themselves. Take phishing – a student may get an email that looks like it’s from their teacher, or the Student Loan company, only to find out it was a scam. In New York, 565 schools had student data compromised due to a cyber attack on Illuminate Education’s systems.

It’s not just about the potential financial loss; it’s also about the betrayal of trust and the emotional toll it takes.

Healthcare

The healthcare industry might be the life-saving superhero that we all rely on, but it’s also a target for cyber attacks. In fact, it’s one of the chief targets.

It makes sense why – data tech may be out of date, and though data has to be shareable between medical organizations, the data kept is highly sensitive, personal, and confidential.

Names, addresses, family contact details, medical history, medical services, and financial information – this is gold for hackers. They can use it for money, identity theft, data theft, insurance fraud, and in some cases, blackmail.

The annual number of attacks against hospitals have doubled from 2016 to 2021. And it’s expensive – the average healthcare data breach in the US costs $10.93 million. Ransomware is the go-to method for most cyber criminals and the cost is more than money. Lifesaving operations can grind to a halt – like Jes Kraus’ chemotherapy which was shut down after the hospital was cyber attacked.

It’s always frustrating to think that we’re paying for the cyber attacks that criminals inflict on all of us. Cyber crime is like a thief that keeps coming back for more. We already know from the stat above that it’s predicted to cost $10.5 trillion annually by 2025. That’s more than most countries’ GDP.

If we want to get specific, last year investment fraud cost the most both collectively ($3.3 billion) and on average per victim ($108k). These include cryptocurrencies, ponzi schemes, and fake real estate investments.

You might be thinking that because you have a small online business that it won’t cost you. But if you get targeted, it will cost you. On average, U.S. companies had to cough up around $18,000 per attack in 2022, an 80% jump from the year before. Plus, nearly half (47%) of all U.S. businesses have been hit by a cyber attack.

That’s why it’s important to make sure you have the right ecommerce business insurance against cyber attacks. The market’s already exploded – expected to reach $14.8 billion by 2025 and $34 billion by 2031. It’s good that we’re waking up to the reality of cyber threats – and though insurance doesn’t reduce the likelihood of cyber attack, it certainly helps with cost and liability.

Data breaches are one of the most common problems, with the U.S. being the second-most breached country (after Russia).

And some of the breaches are enormous. In May of 2023, 84 million records were breached in three major security incidents. That’s 86% of the month’s total data records compromised.

There is some good news, however – the first quarter of 2023 brought a glimmer of hope with a 25.4% decrease in leaked U.S. accounts from the previous quarter.

Another positive is that, amidst these concerning stats, there are signs of proactive measures making a difference. Notably, a joint operation by Europol and the U.S. Department of Justice led to a significant blow against the Hive group, a notorious cybercrime network. More than 1,300 victims received decryption keys, and crucial information about 250 Hive affiliates was obtained.

These data breach statistics serve as a stark reminder of the digital dangers we face, but also the strides we’re making in combating them. As we press forward, let’s remember that every step toward enhanced cybersecurity isn’t just about numbers; it’s about safeguarding our digital lives.

Now that we’re all feeling anxious and deflated, what’s the takeaway here?

The cyber landscape is like the wild west. It’s exciting but also a little out of control with outlaws. Cyber attacks are the norm, and they eventually impact all of us.

Though we’re up against some serious challenges, as with any unsavory realities, being aware of them (and getting insurance against them) is the first step. We don’t have to feel helpless.

There are plenty of tools and strategies at our disposal – from cybersecurity defenses and tech to comprehensive cyber insurance. So as we try to navigate digital life, let’s stay informed, proactive, and vigilant. Stay safe out there!