Cybersecurity Statistics

Cybersecurity is a growing concern for businesses of all sizes as cyber criminals’ increasingly sophisticated tactics continue to disrupt organizations. Gartner insight projected that businesses would spend more than $123 billion on security in 2020 and projects that figure to grow to $170.4 billion by 2022.

However, hackers still manage to compromise corporate data and systems with relative ease and on a regular basis. That is because organizations continue to lack cybersecurity awareness and utilize poor practices that result in their data being unprotected and vulnerable to theft and breaches.

The issue facing organizations has been further exacerbated by operating remote workforces, the increasing cybersecurity skills gap, and the growth of connected and Internet-of-Things (IoT) devices that are particularly vulnerable to cyberattacks.

The ongoing COVID-19 pandemic has also had a major impact on cybersecurity. Online scams spiked by more than 400% in March 2020 compared to previous months, according to international law firm Reed Smith, while Google revealed it was blocking more than 18 million malware and phishing emails related to COVID-19 every day.

Cybersecurity statistics like these are important in helping people and organizations understand the challenges and risks they face. Cybersecurity insights are also vital to understanding common security mistakes, such as leaving data unprotected and using weak passwords, that make organizations vulnerable to breaches. It is important that users and business leaders take note of cybersecurity statistics, while organizations must implement training processes that build awareness, prevention, and best practices into their culture.

The below cybersecurity statistics offer insight into the growing threat posed by cyber crime, the key risks that organizations face, and the size of the cybersecurity industry. We will also explore some of the major data breaches, the common types of cyberattacks, and the level of spending going into protecting organizations.

1. Data breaches resulted in 36 billion records being exposed in the first three quarters of 2020, according to RiskBased Security research. Despite this, the number of publicly reported breaches decreased by 51% compared to the same time last year.
2. The use of malware increased by 358% through 2020, and ransomware usage increased by 435% compared to the previous year, according to a study by Deep Instinct. July 2020 alone saw a 653% increase in malicious activity compared to the same month in 2019.
3. More than 90% of healthcare organizations suffered at least one cybersecurity breach in the previous three years, according to the U.S. Healthcare Cybersecurity Market 2020 report.

1. Cyber crime costs organizations $2.9 million every minute, and major businesses lose $25 per minute as a result of data breaches, according to RiskIQ research.
2. According to research by IBM, it takes 280 days to find and contain the average cyberattack, while the average attack costs $3.86 million.
3. The global cybersecurity market will be valued at $403 billion by 2027 with a compound annual growth rate (CAGR) of 12.5%, according to Brand Essence Research. The firm states the cybersecurity market was worth $176.5 billion in 2020.
4. The U.S. has the world’s highest data breach costs, with the average attack costing $8.6 million, according to IBM’s Cost of a Data Breach report.

The Digital Shadows Photon Research team found that more than 15 billion credentials from 100,000 data breaches were available on the dark web, of which 5 billion were unique. This included password and username pairings for music streaming services, online banking, and social media accounts.

1. IDC predicts there will be 55.7 billion connected devices by 2025, of which 75% will be connected to the IoT. IDC  also estimates that IoT devices will generate 73.1 zettabytes of data by 2025, up from just 18.3 zettabytes in 2019.
2. Cisco data estimates that distributed denial-of-service (DDoS) attacks will grow to 15.4 million by 2023, more than double the 7.9 million in 2018.
3. DDoS attacks became more prevalent in 2020, with the NETSCOUT Threat Intelligence report seeing 4.83 million attacks in the first half of the year. That equates to 26,000 attacks per day and 18 per minute.
4. More than four-fifths of data breaches in 2020 (86%) were financially motivated, according to Verizon’s 2020 Data Breach Investigations Report (DBIR).
5. Security threats against industrial control systems (ICS) and operational technology (OT) more than tripled in 2020, according to Dragos Inc.’s Year in Review report.
6. McKinsey insight finds 70% of security executives believe their budget will decrease in 2021, which will limit and reduce their spending on compliance, governance, and risk tools.
7. Organizations must defend their networks, systems, and users against several major cybersecurity threats. For example, Verizon’s 2020 DBIR found that 70% of breaches were caused by outsiders, 45% involved hacking, 86% were financially motivated, 17% involved some form of malware, and 22% featured phishing or social engineering.

Major hacking events have seen organizations suffer costly losses of data, customer details, financial records, and personal information.

1. An attack against internet giant Yahoo! in 2013 resulted in the loss of data from more than 3 billion accounts.
2. The data breach of hotel firm Marriott-Starwood resulted in the loss or compromise of information belonging to more than 500 million consumers.
3. A major data breach saw the details of 412 million FriendFinder users stolen in 2016, while a hack of Under Armor’s MyFitnessPal app in 2018 affected 150 million users.
4. Approximately 143 million consumers were affected by an attack on Equifax in 2017, which ended up costing the business more than $4 billion. The organization was found liable for the breach and fined $425 million by the Federal Trade Commission.
5. One of the most damaging attacks in history was the WannaCry ransomware attack, which first appeared in 2017. The virus infected more than 230,000 machines in 150 countries, causing damage of at least $4 billion. 
6. State-sponsored cyberattacks pose a major threat to organizations. Symantec data found that 19 people from China, 18 from Russia, 11 Iranians, and a North Korean had been indicted by the United States for state-sponsored activities and espionage.