Cybersecurity Statistics

Cybersecurity issues, such as data breaches, hacking, and phishing, are posing an ever-increasing threat to organizations of all sizes. More than 15 billion records were exposed in 2019 alone, which represented a 284% increase on the previous year despite the number of breaches only increasing by 1%, according to a RiskBased Security report. Compare that to 10 years ago, when just 103 million records were exposed by 986 reported breaches.

This monumental growth makes it absolutely vital for organizations to bolster their security defenses and for employees to understand the threats they face on a daily basis.

The ongoing COVID-19 pandemic has also had a major impact on cybersecurity. Online scams spiked by more than 400% in March 2020 compared to previous months, according to international law firm Reed Smith, while Google revealed it was blocking more than 18 million malware and phishing emails related to COVID-19 every day.

Cybersecurity statistics like these are important in helping people and organizations understand the challenges and risks they face. Cybersecurity insights are also vital to understanding common security mistakes, such as leaving data unprotected and using weak passwords, that leave organizations vulnerable to breaches. It is important that users and business leaders take note of cybersecurity statistics, while organizations must implement training processes that build awareness, prevention, and best practices into their culture.

The below cybersecurity statistics will offer insight into the threat posed by cyber crime, the key risks that organizations face, and the size of the cybersecurity industry. It will also explore major data breaches, common types of cyberattacks, and the level of spending going into protecting organizations.

Cyber crime impacts organizations of all sizes all over the world. As the number of cybersecurity incidents increase, so too does organizations’ spending on cybersecurity defenses. The impact of cyber crime is highlighted by the following key statistics.

1. The global information security market has been forecast to be worth $170.4 billion by 2022, according to Gartner research. Despite that huge spending, only 5% of organizations securely protect their data folders, according to Varonis research.
2. Data breaches and security attacks are massively on the rise. In the first six months of 2019 alone, data breaches exposed at least 4.1 billion records, according to a RiskBased Security report. 
3. According to Accenture, the number of security breaches has increased by 11% since the start of 2018 and by 67% since the start of 2014. 
4. As a result, organizations’ cyber-crime costs increased by 12% between 2017 and 2018, from $11.7 million to $13 million, says the same Accenture report. 
5. The average spending on security doubled from $584 per employee in 2012 to $1,178 per employee in 2018, Gartner data found.
6. Organizations must defend their networks, systems, and users against several major cybersecurity threats. For example, Verizon’s 2020 Data Breach Investigations Report (DBIR) found that 70% of breaches were caused by outsiders, 45% involved hacking, 86% were financially motivated, 17% involved some form of malware, and 22% featured phishing or social engineering.

Major hacking events have seen organizations suffer costly losses of data, customer details, financial records, and personal information. 

1. An attack against internet giant Yahoo! in 2013 resulted in the loss of data from more than 3 billion accounts. 
2. The data breach of hotel firm Marriott-Starwood resulted in the loss or compromise of information belonging to more than 500 million consumers. 
3. A major data breach saw the details of 412 million FriendFinder users stolen in 2016, while a hack of Under Armour’s MyFitnessPal app in 2018 affected 150 million users.
4. Approximately 143 million consumers were affected by an attack on Equifax in 2017, which ended up costing the business more than $4 billion. The organization was found liable for the breach and fined $425 million by the Federal Trade Commission.
5. One of the most damaging attacks in history was the WannaCry ransomware attack, which first appeared in 2017. The virus infected more than 230,000 machines in 150 countries, causing damage of at least $4 billion.
6. State-sponsored cyberattacks pose a major threat to organizations. Symantec data found that 19 people from China, 18 from Russia, 11 Iranians, and a North Korean had been indicted by the United States for state-sponsored activities and espionage.

Organizations need to be aware of the threat landscape and the most common attack types that cyber criminals use to target their data, systems, networks, and users. Furthermore, new strands of malware and viruses appear every day, which makes it vital for organizations to understand the latest types of attacks they face.

1. In 2019, 94% of malware attacks were delivered via email, according to Verizon’s DBIR data. The report also found that 34% of breaches came as the result of an insider threat.
2. Internet-of-Things (IoT) devices face 5,200 attacks a month, while one in every 36 mobile devices has high-risk apps installed on it, according to Symantec’s 2019 Internet Security Threat Report insights.
3. The same Symantec research also found that 65% of attackers use spear phishing as their primary attack vector, and one in every 13 web requests leads to a malware infection. 

As new threats emerge on a daily basis, not securing files and systems puts organizations at an increased risk. In addition to leaving them exposed to threats, it also sees them failing compliance, given the stricter data and privacy regulations such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act. 

1. Failing to secure corporate systems is a major risk. For example, 15% of organizations leave more than 1 million files and 22% of all folders accessible to employees, according to a Varonis report. The study also found that the average employee can access up to 17 million files and 17% of their organization’s sensitive files, while 61% of businesses have more than 500 users with passwords that do not expire. 
2. The magnitude of the task facing organizations was highlighted by researchers at the University of Maryland, who found that hackers launch an attack every 39 seconds or 2,244 times per day.
3. The first year of the GDPR resulted in 89,000 data breaches being recorded and 144,000 complaints and queries filed with enforcement agencies, says the European Data Protection Board.

Some industries face a higher risk of cyberattacks than others. This includes industries that typically have high-value organizations or hold a large amount of personal data, such as financial and healthcare. While these are big targets for cyber criminals, no organization, no matter how large or small, is immune from attack.

1. Verizon’s DBIR research found that 28% of all breach victims were small organizations. It also found that nearly 9% of breaches were suffered by public sector businesses, 13% targeted the healthcare industry, and 11% were against financial firms.
2. The healthcare industry is a particularly lucrative target for cyber criminals. For example, the WannaCry attack cost the U.K.’s National Health Service £92 million.
3. The banking and utilities industries continue to have the highest cost of cyber crime, increasing by 11% and 16%, respectively, in 2018, according to Accenture. The report also found that the banking industry saw the highest cost of cyber crime in 2018, with an annual cost of $18.37 million.

The increasing sophistication of cyber criminals means organizations need to up their defenses. But that is easier said than done with an ongoing cybersecurity skills gap, as portrayed by these statistics:

• The cybersecurity unemployment rate is currently 0% and is projected to stay that way through 2021. In addition, unfilled cybersecurity roles around the world are projected to reach 3.5 million by 2021.
• Approximately 70% of respondents to an Information Systems Security Association report believe the cybersecurity skills shortage has impacted their company. They also said the biggest cybersecurity challenge was being understaffed for the size of their organization (29% of respondents).

The above statistics paint a clear picture that cyber crime continues to evolve in both the number of attacks and the sophistication of techniques deployed by attackers. Organizations must take the fight back to cyber criminals by implementing the right technologies and best practices to secure all their corporate systems, networks, and users.