Technological advancements are on the rise, and so are cyber crimes! It has been evident in many cybersecurity statistics, as various agencies across the world report regularly.
Numerous security initiatives aimed at tackling various cyber attacks are continuously employed. But cyber criminals become equally more innovative in their hacking tactics.
Whether you’re an ordinary citizen, small-sized business, or large company leveraging technology’s benefits, you ought to know these latest statistics on cybersecurity. Most of them sound scary, but they convey important messages that might help you or your business become more cyber resilient.
The list is quite long, so better grab something to help you stay energized as you read along!
(University of Maryland)
The Clark School at the University of Maryland conducted a study that found that computers are hacked 2,244 times a day, on average. The study identified that a computer is attacked by cyber criminals every 39 seconds. Further, the cybersecurity stats section revealed which usernames and passwords are non-secure.
In other words, 279 days is the amount of time it takes to contain a breach. Basically, this equates to more than nine months before an identified data breach can be controlled. It goes without saying that this can result in massive losses for affected businesses.
The faster a breach is contained, the better. However, IBM and Ponemon Institute’s study found that it took an average of 206 days to identify a threat, while the average time needed to contain it was 73 days.
In its 2019 Data Breach Investigations Report, Verizon revealed that email was (and still is) the top entry point of malware attacks. Sufficient amounts of data on malware were carefully analyzed, and it was concluded that more than 90% of the attacks had been carried out through email channels.
Since emails are essential means for day-to-day communication, users must be more vigilant about potentially malicious incoming emails.
This is probably one of the dismal cybersecurity facts. Human error in digital security is any unintentional action (or lack of action) by a user leading to a security breach. Using generic or weak passwords and downloading malicious attachments are just some of the examples of these actions. Therefore, the strongest weapon to combat these hacking methods is spreading awareness about the importance of practicing digital hygiene.
Analysis of the closing share prices of 28 New York Stock Exchange-listed companies showed that these companies hit the lowest point nearly 14 market days after a breach incident. On average, their share prices fell 7.27%. This also equates to -4.18% NASDAQ underperformance.
As the working environment becomes more advanced, cybersecurity stratagems also get sophisticated and more complex. This makes it harder for companies to detect a data breach. By the time a breach is detected, the companies will have been exposed for several months and lost a lot.
Besides the indictment of 18 Russian nationals, 19 Chinese organizations or individuals, 11 Iranians, and 1 North Korean were charged as well.
This shows a massive surge in the total number of indictments by U.S. authorities in 2018. These state-sponsored criminals employ various techniques to spy on the U.S. with the primary purpose of intelligence gathering, which was evident among 96% of groups. Their most popular tactics were “living off the land” and using destructive malware.
In other words, around 80 data records are compromised every single second. This approximates to 7 million data records compromised each day. Based on this figure, the number of records compromised in a year will be close to 2.55 billion.
As large organizations become more knowledgeable about its ins and outs of cybersecurity and learn to invest resources in it, cyber criminals tend to divert their attention toward smaller businesses. Considering the size of small businesses (especially in their early stages of operations), they probably do not deem cybersecurity their top priority, which makes them more vulnerable to internet security threats.
By definition, ransomware is a type of malicious software that infects computers. It then shows messages asking a user to pay a fee in order for the system to regain functionality. It’s an illegal money-making scheme, and countries with high numbers of the digital population, such as the U.S., are more susceptible to this kind of security threat. Based on recent ransomware statistics, the U.S. recorded the highest number of ransomware attacks — 18.2%.
As more employees have moved their work from office settings to their homes due to COVID-19, hackers took advantage of the opportunity to threaten highly vulnerable networks. Accordingly, the FBI Internet Crime Complaint Center (IC3) observed a skyrocketing of reported cyber crimes since the outbreak of coronavirus.
The department’s record reveals that detecting cyber attacks in 2020 has become more challenging since there are now between 3,000 and 4,000 complaints per day. In comparison, before the outbreak, the IC3 received 1,000 complaints per day.
Passwords are essential data associated with accounts, be it personal or business. Several security and account management experts predict that, by 2020, there will be 300 billion passwords used by humans and machines worldwide. Two-thirds of the passwords are expected to be used by machines. Fortunately, all of these passwords will be cyber protected.
The number of worldwide cyber attacks grows continuously, and so do the associated costs. In a span of just a little over a year (between May 2018 and July 2019), identified global losses grew by 100%.
Since more people became more aware of the scam, they were prompted to report any identified incident to authorities. This partly contributed to the said increase. Reports from the IC3 show that there were 166,349 domestic and international BEC/EAC incidents between June 2016 and July 2019.
The hospitality industry is one of the fastest-growing sectors of the economy, making it an attraction to cyber criminals. Cybersecurity statistics 2019 exhibited that the accommodation industry alone, which is a subdivision of the hospitality industry, incurred a total of 125 cyber attacks in the said year.
Marriott International, one of the largest contributors to the hospitality industry market share, experienced the second-largest personal data breach to date. It took more than five years for the company to realize that the personal information of more than half a billion of its properties’ guests has been compromised.
Analysis of email telemetry aimed to determine what types of file extensions in emails are usually malicious revealed that files of Microsoft Office format (i.e., Word, Excel, and PowerPoint) account for 38% of the identified malicious email attachments. That places these files at the top of malicious extensions, along with archive (37%) and PDF (14%).
(Cyber Defense Magazine)
Just how many compromised records are there with this number of breaches? The answer is — millions. And how much do these cost? Every record is priced anywhere from $120-$600. Setting the average price per record at $360, the total value of these breaches stands at billions.
Sadly, the number of cyber attacks per year grows continuously despite all the sophisticated methodologies that are being developed and deployed to resist them. While most people often talk about the costs associated with cybersecurity, they fail to realize the cost of not investing in it. The latter usually can cost the company more.
The year 2018 saw ransomware activity plummeting for the first time since 2013. This decline in overall ransomware infections is calculated following the removal of the most common worms (i.e., WannaCry, Petya, and copycat versions) from statistics.
More consumers now use mobile devices, opting for cloud backup, and lessening their exposure to ransomware threats. However, despite the decline of overall ransomware infections, statistics on cybersecurity indicate that enterprise infections accelerated in the same year. These infections mostly affected businesses, with email campaigns being the primary method of delivery.
As new business innovations are introduced, we get to witness the expansion of the threat landscape as cyber criminals see new opportunities to perform their malicious activities. A rise of 11% in security breaches was pointed to in 2018 cybersecurity statistics.
Generally speaking, organizations tend to put a premium on introducing new technological innovations to drive growth at the expense of cybersecurity. Following this, attackers have a chance to take advantage of the situation.
This number is the second-highest. So far, the country experienced the most data breaches in 2017 — 1,632 cases. As more and more companies use digital files and as users increasingly rely on digital data, a data breach has also leveled up. Government statistics on cybersecurity growth could clearly attest to this.
Interestingly, the most common type of data breach is identity theft. What’s more, it is said that identity theft is on the rise now because of COVID-19. Once again, the reason might lie in moving work-related operations from secure office settings to incredibly vulnerable home networks.
A total of 975,491,360 browser-based attacks located all over the world were kept at bay in 2019 thanks to Kaspersky’s products. Additionally, the leading provider of cybersecurity solutions and services worldwide uncovered unique malicious URLs. Based on the data, the exact number of incidents reported was 273,782,113.
A spike in online fraud was experienced in the first quarter of 2020 in light of the COVID-19 pandemic. Face-to-face transactions being restricted across the globe gave rise to digital transactions. Accordingly, fraud organizations were prompted to move quickly and leverage the inflation in digital activity.
Fraud and abuse attempts comprised 26.5% of all transactions — the highest cyber-attack rate that Arkose Labs reported. This also represents a 20% increase over the preceding quarter.
The number of cyber threats against the World Health Organization personnel has dramatically increased toward the end of April after the coronavirus hit. Around 450 active WHO email addresses and passwords were exposed online. This data leakage did not endanger the organization’s system, but it has caused damage to its older extranet system.
Scammers also continue to target the general public in emails pretending they’re from WHO to collect donations and channel these through a fake account instead of the real COVID-19 Solidarity Response Fund. This escalated the number of cyber attacks against the organization fivefold of that in the same period last year.
Along with the quick spread of coronavirus across the globe earlier this year, the skyrocketing of cyber attacks took place, particularly between the months of February and April. Modern Bank Heists survey found that 80% of the firms polled said they experienced more cyber threats over the past 12 months.
The figure only included those attacks that were reported to the public, which means the number could be even higher. The cyber crime statistics 2019 tackle the internet security aspects of various healthcare institutions, such as hospitals, health facilities, doctors’ offices, medical consultants, and many more. These organizations continue to be a favorite of ransomware attacks in recent years.
Threats to the supply chain continue to be on the rise, recording an uptick of 78% in 2018. A supply chain attack occurs when a cyber criminal attempts to compromise their main target using third-party software or services. Attackers continue to target developers for supply chain threats in several ways, such as injecting malicious code into authentic software and hacking software updates. Some would compromise third-party libraries tied to bigger software projects, while others are involved in credentials theft for version control tools.
Cyber criminals seem to target almost everyone they can victimize, be it a small business or a large corporation, a high profile celebrity, or just an ordinary individual. Those who are in the public sector have a higher probability of being attacked since the sector has the highest breach rate of 16%.
The healthcare industry was the second hardest-hit industry, with 15% of breach incidents recorded. This is expected given that medical records are highly attractive to attackers. Another desirable target was the financial industry (10% of breach incidents), given that the majority of cyber crimes are primarily financially motivated.
The said report looked into different email threats, such as spam, phishing, and email malware. It was found that employees of smaller organizations (1–250 employees) are more vulnerable to these types of threats. Approximately 1 in 323 emails are deemed malicious. Conversely, larger organizations (with 1,001–1,500 employees) display a far lower rate as 1 in 823 emails is considered malicious.
Cloud-based attacks originate from external actors whose main aim is to access cloud accounts and collaboration services, such as Zoom, Slack, Microsoft 365, etc.
McAfee, a cybersecurity company, disclosed in its “Cloud Adoption & Risk Report – Work-from-Home Edition” that this swelling in cloud-based attacks is correlated with the rise in the usage of cloud services and collaboration tools.
Aside from the lockdown prompting businesses worldwide to shift toward cloud services, other significant factors that intensified the number of cloud-based attacks include the upswing in cloud-native threats and access from unregulated devices.
Internet of Things (IoT) devices are smart gadgets built without considering cybersecurity. This made them very attractive in the eyes of attackers. Hacked IoT devices can become surveillance gadgets that capture the credentials of users secretly. In addition, hackers are capable of controlling these devices to jeopardize performance and usage.
A 2018 Symantec research found that, on average, IoT devices experienced 5,200 attacks per month. This number almost doubled the reported incidents in 2016, which then stood at 3,650. Moreover, more than half of organizations (61%) encountered IoT security incidents, the study claims.
Insider threats are those caused by individuals within an organization. A purely careless or malicious employee can be an internal actor. It’s quite alarming that the number of these attackers has been growing steadily since 2015.
Verizon disclosed in its cybersecurity 2019 statistics that nearly 34% of breaches are linked to internal actors, with 29% involving credentials theft, and 15% originating from authentic authorized users. Given that, businesses must prioritize securing their data from insider threats.
Cryptomining malware was one of the top web application attacks observed in early 2018, involving about 90% of all remote code execution threats. This malware attack occurs when an attacker tries to execute malicious code through a network connection from a remote server. This script is downloaded and installed locally on an unsafe machine, allowing the server to mine some cryptocurrencies.
Once infected by a remote code execution attack, the device CPU’s computing power weakens and becomes unable to perform other tasks required by the user.
Cyber attackers become more and more clever in finding ways to threaten their victims. The use of unique malicious files, such as HTML and scripts, has grown exponentially in 2019. In its latest report, Kaspersky revealed an outpouring of web skimmer files. Its web antivirus solution detected 510,000 malicious objects. As a result, web skimmers placed 10th in the overall ranking of the top 10 malicious objects caught online.
Mobile applications are less often assumed to cause security issues. The truth is, high-risk apps were found to be installed in 1 out of 36 mobile devices in 2018, internet security statistics assert. Unfortunately, mobile apps, along with their risks, are unavoidable. Since most people use mobile devices, be it for personal or business purposes, installing mobile apps is inevitable. This means catching malware is also highly likely. It is, therefore, important that these mobile applications are built with security protection.
Several other types of threats, such as the fileless malware, continue to prosper in 2019. This type of attack is considered zero-footprint since it does not write files to disk and thrives only in RAM. Since fileless attacks do not require the installation of new software on a user’s computer, they’re often overlooked by antivirus tools.
Ponemon Institute’s cybersecurity attacks statistics entitled “The State of Endpoint Security Risk Report” divulged that fileless attacks were estimated to have higher success rates by ten times compared to file-based attacks.
About one-fifth of the malicious domains were linked to malvertising campaigns, according to cybersecurity statistics. These campaigns usually direct users to utilize kits; some of them spread ransomware.
Malvertising campaigns are created using several well-worn, domain-related techniques (i.e., domain shadowing). This technique allows cyber criminals to steal authentic domain account credentials and subsequently build subdomains at malicious servers.
Other cyber criminals would create malicious domains and subdomains by taking advantage of free, dynamic DNS services. They would exploit compromised public sites or infected computers by changing hosting IPs repeatedly to distribute payloads.
An increasingly sophisticated form of a cyber attack, phishing lets threat actors use fraudulent websites and emails to collect personal data. It comprised about 80% of reported security incidents, making it the number one type of social engineering attack.
Attackers aim to deceive recipients of an email by making it appear legitimate and desirable, directing recipients to download an attachment or click a link. Examples of this type of email include bank requests or a note from someone in a recipient’s company.
As its name implies, Denial-of-Service (DoS) is a type of cyber attack where the actors try to disrupt, either temporarily or permanently, services of an internet host. This makes a network or machine inaccessible to its users.
When a user’s machine or network is flooded by redundant requests, resulting in system overload and inability to process legitimate requests, then it’s likely that the DoS attack has taken place. More than half of businesses (51%) experienced this type of cyber attack in 2018.
Loss of information is the fastest growing and most expensive result of cyber crime. Security data show that the cost of information loss or theft is currently at $5.9 million. The moment sensitive information is compromised or stolen, the loss of customer’s trust and respect is more than likely to follow, which can adversely impact the overall operations of the business.
Having knowledge of cybersecurity statistics helps improve vigilance as anyone with a device connected to the internet can fall victim to cyber attacks. Hackers are not only interested in targeting large corporations, financial institutions, and celebrities. They also victimize just about any user.
For that reason, global cyber crime costs amounted to $2.1 trillion in 2019 or 0.80% of the world’s GDP. Following this, it’s highly expected that cyber crime costs will grow more and more in the years to come.
While the costs of all types of cyber attacks are generally on the rise, the malware was found to be the most expensive of them all. The latest “Cost of Cyber Crime” research conducted by Accenture disclosed that, in 2018 alone, a single malware attack costs a company an average of $2.6 million.
It also represents an increment of 11% from 2017 and a 67% increase compared to five years ago. It is evident from this bit of cybersecurity statistics that malware is among the greatest contributors to revenue loss.
In 2017, the Ponemon Institute estimated the average cost per data record at $141, with the total cost of the global data breach at $3.6 million. This points to a decline in the average cost when compared with the previous year. However, despite the reduction, the average size of data breaches went up. The U.S. has significantly higher data breach costs — amounting to $7.35 million on average.
Data breach costs vary from country to country and from industry to industry. However, this can span, in general, anywhere from $1.25 million to $8.19 million. Currently, the average data breach cost is at $3.9 million, according to the latest “Cost of a Data Breach” report from IBM and Ponemon Institute. The figure indicates an uptick of 1.5% from the previous year.
In its survey of 500 SMB’s senior decision-makers, Keeper Security discovered that the majority of respondents aren’t prepared for cyber threats. In fact, only 9% consider cybersecurity a top priority for their business. What’s more, statistics on how small businesses rate their current cybersecurity evidently show the lack of a cyber attack prevention plan.
Surprisingly, almost half of the polled management group (43%) did not believe a cyber attack was likely to happen. No wonder more and more SMBs are being targeted by attackers.
Since 2018, budgets allotted for cybersecurity have been increasing steadily. It was that year when security services exceeded other investments for the first time. The following year, the budget was four times bigger than that of any other services. Thus, Forrester tagged 2019 as the year for security service.
Meanwhile, analysts from Gartner forecast that 50% of cybersecurity budgets will be allotted for security services in 2020. This progressive trend in security budgets is among the statistics showing why cybersecurity matters.
Cyber crimes grow quickly in size, style, and cost. Following this, the U.S. Cybersecurity Ventures estimated the annual cost of global crime to reach $6 trillion by 2021. This is double the amount reported in 2015 ($3 trillion), making it history’s largest relocation of economic resources.
While this could mean putting the incentives for investment and innovation at risk, more profits are more than likely to be generated.
(Data Center Frontier)
Adhering to the European Union’s General Data Protection Regulation (GDPR) law is mandatory, especially for data centers. However, recent surveys suggest that only 50% of companies affirm they are compliant with the GDPR. Complex changes in processes and data management technologies are the main reasons for this.
Google incurred the largest fine to date due to non-full compliance with GDPR, cybersecurity facts disclosed. CNIL, a French authority, fined Google €50 million, or approximately $57 million, for failure to disclose to users its manners of collecting data across its services, such as Google search engine, Google Maps, and YouTube, for personalized advertisements. This represents the fourth penalty against the company since GDPR was first implemented.
Marketing Week’s 2019 research uncovered that less than half of the surveyed consumers, representing only 31%, agree that there’s been an improvement in their overall experience with companies nearly a year since the GDPR was implemented.
To be fair, brands have exerted their best efforts to be compliant. It’s also worth noting that 93% of the consumers are somewhat aware of the GDPR’s existence. Some 39% even confirmed their knowledge of the data law to be of a fair amount.
(European Data Protection Board)
To get companies to comply fully with the GDPR’s terms, the data protection agencies have to impose punishments on non-compliant entities. Fines for non-compliance can be as high as €20 million, or up to 4% of the annual global turnover of the previous financial year. With $63 million fines issued in its first year, it can be concluded that companies have not taken the GDPR law seriously.
Compliance with the GDPR law requires companies to spend an average of $1.3 million initially and another $1.8 million additionally. Given that becoming fully compliant is quite expensive, less than half of the surveyed participants indicate that they are fully compliant with the GDPR. Also, one in five respondents claims that it’s truly impossible to become fully compliant, given the complex process and high costs involved.
IDG Security Priorities Study 2018 disclosed that more companies (69%) believe that there’s a strong need for IT security among organizations. Therefore, they are amenable to allocating some of their budgets for compliance with GDPR. This investment is seen to bring about positive changes in return. Beneficial effects include, but are not limited to, a unified policy, streamlined orchestration, and consistent execution.
At this point, we’re already convinced that the coronavirus pandemic has significantly impacted the cybersecurity sector. This was attested by yet another type of cyber attack that is COVID-19-themed, whose number has escalated in March. Barracuda Networks reported that spear-phishing emails linked to COVID-19 soared to a whopping 667% since February.
(Crystal Market Research)
In 2012, the cybersecurity market was worth $58.13 billion. With a forecasted 10.35% compound annual growth rate, this figure could reach $173.57 billion in a few years. Cloud storage develops rapidly, yet, simultaneously opens doors for cyber attacks and data breaches. Because of this, wireless and endpoint security implementation becomes highly necessary.
Another development in cybersecurity that is gaining more significance is the utilization of artificial intelligence, or AI, particularly in privacy compliance and risk management. In a separate survey, Gartner reflects that more than 40% of privacy compliance technology will have employed AIs by 2023.
This is a strategic move considering the implementation of increasingly tight laws on security and data privacy, plus the growing dependence of the cybersecurity industry on AIs.
This particular part of internet security statistics seems painful for the ecommerce industry, as it’s expected to suffer from huge losses due to online fraud payment by 2024. The estimated amount of loss will exceed $25 billion, while the growth rate over the next four years will be at 52%. This was confirmed by Juniper Research in its “Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2020-2024” report.
The IoT market grows increasingly with the rapid expansion of the tech sphere comprising IoT devices, apps, internet users. Currently, there are more than 5 billion users with cloud access that can store data on digital devices. It’s expected that connected IoT devices will reach 31 billion in 2020 and 75 billion by 2025.
Overall, awareness of important datasets for statistics projecting cybersecurity trends is necessary, especially now that we are in the digital information age. As nearly all interactions take place online, numerous attackers are on the lookout, trying to take advantage of vulnerable networks. Therefore, staying vigilant at all times and informed of the latest types of cyber attacks and their possible sources is critical.
Phishing email seems to be the quickest way cyber criminals can get access to one’s device, network, and important information. This was confirmed by PhishMe research reporting that 91% of cyber attacks start with a phishing email. The research further found that, despite receiving security awareness training, the healthcare sector is most at risk of phishing attacks.
In the U.S. alone, one falls victim to online identity theft every two seconds, according to new research. This means that there are about 43,200 incidents of personal data getting stolen in a day. Indeed, this high number of exposed data is alarming. In other statistics, Experian presented that 31% of data breach victims would later have their identity stolen.
Cyber crime is no joke. In fact, it’s the biggest threat to any business or individual with access to the Internet and digital devices. Cyber crimes have been making headlines across the world, involving both large corporations and small to medium-sized entities.
Currently, the average cost that a U.S. company involved in a data breach incurs is $8.9 million. Cybersecurity Ventures forecasts that the cost of cyber crimes worldwide will reach $6 trillion by 2021.
A spear-phishing attack is more personalized in nature compared to phishing in general. It is targeted at a certain person holding a key position in a company. In 2019, almost 90% (or precisely 88%) of organizations experienced spear-phishing attacks, according to ProofPoint’s State of the Fish report.
In 2018, 80,000 computer attacks were recorded per day or more than 30 million per year. In the first quarter of the year, the number of threats increased by 32%. That grew further in the next quarter, reaching a whopping 765 million cases (representing a 47% rise). The PurpleS cybersecurity statistics also reported that the associated losses eclipsed tens of millions of dollars.