As a result, cybersecurity is an essential tool for anyone who uses the internet. It is especially important for businesses with remote employees. Companies often invest in antivirus software, firewalls, and cyber insurance to protect their data and defend against cyber criminals. This article will provide important cybersecurity statistics and facts to help people avoid cyber threats and modify their online behavior to keep their information secure. To make sense of the upcoming trends in cybersecurity, take a look at our pick of the most notable cybersecurity statistics for 2022 and further.
General cybersecurity statistics
- According to a report by the CFO, 55% of cybersecurity professionals have observed an increase in stress due to rising cybersecurity threats and challenges.
- The total number of global security vulnerabilities rose from 21 518 in 2021 to 23 964 in 2022
- A study by Gartner reveals that 80% of surveyed companies plan to increase spending on cybersecurity in 2024.
- Cyber extortion impacts large enterprises the most (40%), followed by small organizations (25%), and lastly medium size organizations (23%).
- 37,45% of security incidents are caused by internal actors (both deliberate and unintentional actions).
- Hacktivist attacks targeted Europe the most (85%), followed by North America (7%) and the Middle East (3%).
- Small organizations (1-250 employees) are most targeted by malicious emails.
Sources: CFO, IBM Security X-Force 2023, Gartner, Orange Cyberdefense, Comparitech
Cybersecurity market statistics
- The worldwide healthcare cybersecurity market is expected to grow by 15% annually through 2025, hitting $125 billion. (Cybercrime Magazine)
- The predicted growth for cyber insurance between 2021 and 2028 is at 25,3% (CAGR), reaching $36,85 billion in 2028.
- By 2026, the global cybersecurity market will be worth $352.25 billion. (Mordor Intelligence)
- Banks' number one cybersecurity concern is phishing attacks targeting employees. (CSI)
- The cybersecurity market size is estimated at $ 182.86 billion in 2023 and is expected to reach $ 314.28 billion by 2028, growing at a CAGR of 11.44% during the forecast period (2023-2028).
Sources: Cybercrime Magazine, Fortune Business Insights, Mordor Intelligence
Cybersecurity statistics for cybercrime and cybersecurity costs
- By 2025, estimates state that the global costs associated with cybercrime will reach $10.5 trillion annually, underscoring the urgent need for stronger cybersecurity measures.
- Cybercrime is expected to inflict a global cost of $9.5 trillion USD in 2024, which is slightly below previous growth projections.
- The annual global cost of cybercrime damage projections announce an increase of 15% each year, culminating in $10.5 trillion USD by 2025.
- In 2023, the United States continues to have the highest cost of a data breach at $5.09M (12th year in a row).
- 75% of security professionals have noted a rise in cyberattacks within the last year.
- The average global cost of a data breach in 2023 was $4.45 million, marking a 15% rise over three years and emphasizing the escalating financial impact on businesses.
- Data breaches involving remote work lead to an additional cost of $173,074 per incident on average, highlighting the increased cybersecurity risks in a changing work environment.
-
Sources: Cybersecurity Ventures, Forbes, IBM, CFO
Cybersecurity statistics by threat
Ransomware Statistics
- In 2023, 72.7% of organizations worldwide experienced a ransomware attack.
- By 2031, annual costs related to ransomware are expected to surge to approximately $265 billion USD, a significant increase from $20 billion in 2021.
- Nearly half (47%) of companies now implement policies to pay ransoms in response to cybersecurity threats, marking a 13% rise from the previous year.
- Ransomware is the top concern for 62% of organizations' C-suite executives, an increase of 44% from 2022.
- The average financial impact of a ransomware attack was $4.54 million.
- The cost of recovery from a ransomware attack in 2023, not including the ransom payments, averaged $1.82 million.
- Extortion played a role in 27% of cyberattacks, reflecting an increasing reliance on ransomware tactics.
- Ransomware represented 17% of all security incidents in 2023, a decline from 21% in 2021.
- In 2023, 66% of organizations were targeted by ransomware attacks, with average ransom payments increasing from $812,380 in 2022 to $1,542,333.
- Ransomware impacted 56% of organizations with revenues between $10-50 million and 72% of those with revenues exceeding $5 billion.
- Ransomware extortion payments in the first half of 2023 were $176 million higher than in the same period of 2022.
- In 2023, 81% of surveyed organizations were affected by ransomware attacks, with 48% choosing to pay the ransom.
Sources: Statista, Cybersecurity Ventures, CFO, IBM, SC Media, IBM Security X-Force 2023, Chainalysis Mid-year Update, SpyCloud 2023 Ransomware Defense Report, eCrime Ransomware and Data Leak Site Report 2023
Phishing Statistics
- Phishing remains the predominant method of email attacks, constituting 39.6% of all email-related threats.
- Email is the delivery method for 94% of malware.
- In phishing attacks, 62% utilized spear phishing attachments, 33% employed links, and 5% were executed as a service.
- In 2022, credit card data was targeted in just 29% of phishing campaigns, marking a 52% reduction from 2021.
- Phishing was the leading initial attack vector in 41% of cybersecurity incidents.
- Attempts at thread hijacking doubled in 2022 compared to the previous year.
Sources: Hornetsecurity’s Cyber Security Report 2024, Panda, IBM Security X-Force 2023, ArcticWolf
Malware
- Globally, there were 5.4 billion instances of malware attacks in 2022.
- 40% of malware attacks lead to confidential data leaks.
- Over 70% of malware attacks are directed at specific targets.
- Threat actors conduct an average of 11.5 attacks every minute, as reported by Parachute.
- A dominant 92% of malware is transmitted via email.
- In the first half of 2022 alone, there were 2.8 billion malware attacks.
- The most frequently encountered type of malware in 2022 was the VBA Trojan.
- Spyware is the predominant type of malware used against individual targets.
- The U.S. experiences the highest number of malware attacks each year, which is nine times more than the second most affected, the UK.
- Seventy percent of organizations report that their users encounter malware ads while browsing.
Sources: Terranovasecurity, astra
IoT and DDoS Attacks
- In December 2022, there were more than 10.54 million attacks on Internet of Things (IoT) devices.
- There was a 15% rise in application-layer Distributed Denial of Service (DDoS) attacks during the second quarter of 2023.
- A total of 6,248 DDoS attacks were recorded in 2022.
- The first quarter of 2023 saw a substantial 600% surge in cyber incidents aimed at cryptocurrency companies, alongside a 15% increase in HTTP DDoS attacks.
Sources: Statista, IBM, Verizon, Cloudflare
Business Email Compromise
- Business Email Compromise (BEC) is responsible for 19% of data breaches.
- In 2021, BEC attacks led to damages totaling $1.8 billion.
- In 2022, BEC attacks constituted 34% of all cyber attacks.
- Gift card requests are the most frequent method for extracting funds during attacks, occurring in 68% of cases.
- 52% of individuals were deceived by phishing links because they thought the communications were from a senior executive.
- 29% of companies experienced the loss of a client in 2022 due to a business email compromise.
- Business Email Compromise (BEC) attacks, often involving spear phishing links, represented 6% of incidents, with such links being used in half of these cases.
- In 80% of the cases where a BEC attack occurred, the affected organizations lacked a multi-factor authentication (MFA) solution prior to the incident.
Sources: Terranovasecurity, astra
Cybersecurity statistics and user behavior
- When asked if they have access to cybersecurity advice or training, almost 50% of respondents, students and employees, answered ''no''.
- 61% of cybersecurity professionals believe that their cybersecurity team is understaffed.
- The number one cause of data breaches is human error accounting for 95% of cybersecurity breaches.
- In a Cybsafe survey, 43% of participants stated that they had never heard of Multi-Factor Authentication.
- More than 42% of employees admit to clicking malicious attachments within emails.
Sources: Judge, World Economic Forum, SecurityEscape
Cybersecurity statistics by industry
Healthcare
- Over the past four years, there has been a 239% increase in the number of significant breaches involving hacking.
- The average cost of a healthcare data breach in early 2023 neared $11 million, marking an 8% increase from the previous year.
- Backdoor attacks were involved in 27% of healthcare cybersecurity incidents.
- In healthcare-related cyber incidents, 50% of all observed cases involved reconnaissance activities, where attackers search for vulnerabilities and valuable data, highlighting the importance of early threat detection in this sector.
- In the U.S., data breaches affected the personal health information of 88 million people, a 60% increase in 2023.
- Nearly half of the 40 million healthcare records exposed in the first half of 2023 were due to attacks on third-party business associates of healthcare providers.
- 70% of healthcare facilities have transitioned to using cloud services.
Sources: Chief Healthcare Executive, IBM Security X-Force 2023, Healthcare Dive, DuploCloud
Manufacturing
- The manufacturing sector emerged as the most frequently targeted by cyber extortion campaigns worldwide, accounting for 20% of all incidents.
- In these extortion campaigns, the deployment of backdoors was the most common hostile action, occurring in 28% of the cases.
- The manufacturing sector had the highest rate of confirmed cyber incidents, making up 32.43%, followed by the Retail Trade at 21.73%, and Professional, Scientific, and Technological Services at 9.84%.
- In 2022, manufacturing was involved in 65% of all industrial ransomware incidents.
- There was a 600% surge in supply chain attacks in 2022.
Sources: Orange Cyberdefense, IBM, NAM, CSO
Finance and Insurance
- In the financial services sector, an average of 449,855 sensitive files are exposed, and 36,004 of these are accessible to all organization members, representing the highest level of exposure among all industries compared.
- It takes financial services organizations an average of 233 days to detect and contain a data breach.
- 74% of attacks on financial and insurance sectors result in the compromise of clients' personal information.
Sources: Varonis, Verizon
AI and Cybersecurity
- 85% of cybersecurity experts link the rise in cyberattacks to the malicious use of generative AI.
- Nearly half (46%) of the surveyed individuals think that incorporating generative AI into business processes will heighten cybersecurity risks.
- Key worries about AI in cybersecurity are heightened privacy issues (39%), more sophisticated phishing attacks that are harder to detect (37%), and a general escalation in the frequency and speed of attacks (33%).
- Eighty-five percent of cybersecurity professionals believe the escalation in cyberattacks is due to malicious uses of generative AI.
Sources: CFO
Cybersecurity facts
- Most business leaders think that their company does not have adequate tools to defend itself against cyber attacks.
- IoT devices can be compromised moment after being connected to the internet, more precisely, in less than a minute.
- Despite the growing concern regarding cybersecurity, the most common user password is still 123456.
- A company experiencing a data breach is not only suffering financial losses but reputational as well.
- Four out of ten companies hold more than 1000 unsecured sensitive files on their servers.
- Cybersecurity takes on five forms: network security, protecting critical infrastructure, computer applications, IoT security, and colud security.
- On average, there are 26 000 cyberattacks per day.
- One out of three user accounts on the internet is considered stale.
Final thoughts
It's important to recognize that merely knowing cybersecurity statistics isn't sufficient for safeguarding your assets. These figures should serve as a tool to communicate the real and present dangers of cyber threats, helping you to secure buy-in from both executives and team members. By emphasizing how strategic investments in cybersecurity can mitigate risks and protect organizational interests, you can make a compelling case for increased security measures. Highlighting specific statistics from this data can illustrate potential vulnerabilities and the financial implications of breaches, reinforcing the value of proactive security investments.
eBook: Beyond the Basics: A C-Suite Checklist for Banking Security Strategy
To guide you toward developing and maintaining a secure banking security strategy, ASEE offers a detailed security checklist to assist you in the process.
Feel free to contact us – zero obligation. Our ASEE team will be happy to hear you out.