The Ultimate List of Cyber Attack Stats (2023)
As humans become more dependent on digital technology to live, work, and play, the risk of cyberattacks has increased substantially.
According to a study conducted by Comparitech, more than 71 million people are victims of cybercrime each year. Further, the number of cyberattacks has continued to increase year over year.
As a result, healthcare organizations, financial institutions, and leaders in the cybersecurity industry have begun to search for ways to minimize the risk of a successful cyberattack. The cyberattack statistics below indicate that the best time to prioritize cybersecurity awareness was roughly two years ago before cyberattacks became the fastest growing crime in the United States.
Becoming familiar with the stats in this article can help you and your organization understands security incidents' prevalence and severity. Read on to learn about the latest information on cybersecurity spending, the average cost of a data breach and the ways cybercriminals look to steal an organization's sensitive data.
- Cybersecurity Statistics – Editor's Choice
- How Many Cyberattacks Happen Per Day?
- How Many People Get Hacked A Year?
- Cybercrime Up 600% Due To COVID-19 Pandemic
- Types / Cause Of Network Security Vulnerabilities
- Most Common Causes Of Data Breaches In Cybersecurity
- General Cybersecurity Statistics
- Recent Cyberattacks And Breaches
- Largest Data Breaches And Hacking Statistics
- Cybersecurity Job Statistics
Cyber Attack Statistics – Editor's Choice
- A cyberattack occurs roughly once every 39 seconds.
- More than 800,000 people fall victim to cyberattacks each year.
- Cybercrime rates have increased by 300% since the beginning of the COVID-19 pandemic.
- Organizations lose more than $17,000 every minute due to phishing.
- 17% of all data breaches involve malware infections.
- More than 700 million ransomware attack attempts occurred in 2021.
- Internet of Things attacks tripled between January and June of 2019.
- Criminal hacking causes more than 45% of sensitive data leaks.
- Malware attacks cost companies an average of $2.6 million.
- 95% of all breaches target government organizations, technological companies, or retail groups.
How many cyberattacks happen per day?
Cyberattacks have become more and more common. In fact, studies conducted by the University of Maryland's A. James Clark School of Engineering found that more than 2,200 cyberattacks occur each day. When broken down, that means someone becomes a victim of a data breach, phishing attack, or other cybercrime every 39 seconds.
Sources: University of Maryland
How many people get hacked each year?
There's not a definitive number indicating how many people fall victim to a cyberattack each year. However, based on certain industry studies, cybersecurity professionals estimate that more than 800,000 people experience ransomware attacks, phishing attacks, or data security breaches each year.
Sources: University of Maryland
Cybercrime Up 600% Due to COVID-19 Pandemic
Coronavirus Pandemic Impact on Cybercrime
The COVID-19 pandemic resulted in unexpected, widespread changes in virtually every area—especially where people from working at home experienced an uptick in advanced phishing messages from cyberattackers.
In many cases, these threat actors pose as representatives of major retailers, including PayPal, Apple, Amazon, and organizations in the healthcare sector. For example, many spear-phishing campaigns hide behind the names of national or international bodies like the Centers for Disease Prevention (CDC) or the World Health Organization (WHO).
- Remote working led to 47% of cyberattack victims falling for a spear-phishing attack.
- Phishing attacks account for 31% of cyberattacks.
- The FBI reported a 300% increase in cybercrime since the pandemic's beginning.
- The healthcare industry reported a 58% increase in confirmed data breaches in 2020.
- Remote work has resulted in a $137,000 increase in the average cost of a data breach.
Sources: F5 Labs, Tessian, IBM, The Hill, Verizon
Types / Cause of Network Security Vulnerabilities
Phishing Attacks Statistics
As mentioned above, phishing is the most commonly used cyberattack, making up roughly one-third of all data breaches reported and 78% of all cyber-espionage attacks.
85% of phishing schemes target login information, including email addresses, usernames, or passwords.
As a result, 20% of data breaches begin with stolen login information, which is especially troubling when you consider that 82% of all web users reuse passwords for multiple accounts.
- Hackers breach an average of 30,000 websites daily.
- Ransomware attacks related to phishing emails saw a 109% increase in 2017.
- On average, cybercriminals create nearly 1.5 million phishing sites per month.
- 88% of businesses worldwide experienced phishing in 2019.
- Phishing attacks make up nearly 90% of reported cybersecurity attacks.
- More than $17,000 is lost every 60 seconds due to phishing.
Sources: Verizon, IBM, PurpleSEC, Webroot, Proofpoint, Webroot, CSO Online
Since 2012, studies have shown an increase of 87% in malware incidents. Hackers and bots distribute more than 92% of all malware infections via email.
Hackers use 678 million different types of malware to infect computers throughout the world, too.
Even so, the majority of malware schemes occur in North America, where the number of automated robot infections exceeds malware attempts controlled by hackers.
- Email-based malware attacks increased 600% between 2019 and 2020.
- 98% of mobile malware variants target Android users.
- 17% of all data breaches involve malware infections.
- On average, a malware attack costs a company over $2 million.
- Google blocked 18 million daily phishing and malware emails related to COVID-19 in April 2020.
Sources: Statista, Statista, Sift, PurpleSEC, Verizon, Accenture, Google
Ransomware has become one of the most pervasive and fastest-growing threats to individuals and organizations worldwide. With attacks occurring every 11 seconds, cybersecurity professionals estimate that more than 700 million ransomware attack attempts happened throughout 2021.
- In 2019, businesses became victims of ransomware attacks every 14 seconds.
- Ransomware attacks increased by more than 30% in 2018.
- More than 18% of all ransomware attack attempts were detected in the United States.
- Due to ransomware attacks, the healthcare industry lost roughly $25 billion in 2019.
Sources: SonicWall, TechJury, PurpleSEC, Varonis
Cryptojacking is a form of e-crime in which hackers use an individual or organization's computer system to mine cryptocurrencies like Bitcoin or Ethereum. While relatively new, cryptojacking statistics indicate an uptick in mining activities.
- An estimated 25% of organizations have become victims of a cryptojacking attack.
- 1 in 4 WordPress plugins on popular websites may have vulnerabilities resulting in a cryptojacking attack.
- December 2017 saw the most cryptojacking activity to date, with more than 8 million attempts blocked by Symantec.
Sources: Security On-Demand, PurpleSEC
IoT, DDoS, and Other Attacks
In the first six months of 2021, attackers caused more than 1.5 billion Internet of Things (IoT) breaches, up from only 639 million in 2020. Most IoT network attacks occur via the telnet protocol, an interface that facilitates remote connection with a server or device.
Like many other types of digital security breaches, IoT cyberattacks showed a substantial increase in activity following the onset of the COVID-19 pandemic. Many mobile devices are still vulnerable to cyber risks like IoT or distributed denial-of-service (DDoS) attacks two years later.
- Cybersecurity experts predict that the number of global DDoS attacks will surpass 15 million in 2023.
- IoT device attacks tripled between January and June of 2019.
- 90% of remote code execution attacks involve crypto mining.
- 1 in every 36 mobile devices, including phones and tablets, contains a high-risk app.
Sources: IoT World Today, Cisco, CSO Online, PurpleSEC, Symantec
Most Common Causes of Data Breaches in Cybersecurity
With sophisticated phishing campaigns causing more than 30% of all data breach incidents worldwide, organizations have become increasingly aware of their substandard cybersecurity practices, which often contribute to the attacks.
Poor cybersecurity measures aren't the only reasons for data breaches, though. Other common causes include lack of cybersecurity awareness training, easily accessible systems, and a lack of managed security services or adequately trained cybersecurity professionals.
- Physical actions make up 4% of all data breaches, such as stealing paperwork or mobile devices.
- Social engineering attacks and financial pretexting account for 22% of security breach incidents worldwide.
- Criminal hacking is the most common cause of a data breach, with more than 45% of sensitive data breaches occurring due to hacking attacks, malware, malicious email attachments, or code injection.
Sources: IT Governance
The Cost of Cybersecurity
Cyberattackers have begun launching more advanced – and expensive – attacks in recent years. In 2020, the average cost of successful attacks reached $133,000. While high, the number doesn't come as a surprise since the cost of web attacks has increased by 15% annually since 2016.
Experts expect the numbers to continue to grow, with estimated global cybercrime costs reaching $10.5 trillion by 2025.
- On average, data breach incidents cost companies more than $3.9 million.
- The average cost of cybersecurity breaches increased by an average of 27% worldwide in 2017.
- Malware attacks cost companies an average of $2.6 million.
- Average cybersecurity spending per employee increased by roughly 14% between 2019 and 2020.
Sources: Cyber Security Ventures, IBM, CSO Online, Accenture, Deloitte
General Cybersecurity Statistics
Cybersecurity Growth Rate
With the number cyber threats increasing each year, it's only natural that the cybersecurity market has expanded as well. Statistics show that information security analyst roles will increase by 33% between 2020 and 2030, resulting in more than 16,000 open roles each year.
In addition, many expect the cybersecurity market to reach a total valuation of $366.1 billion by 2028.
- Nearly 70% of business leaders believe the risk of cyberattacks has increased.
- The cybersecurity industry growth rate is expected to expand by 12% annually.
- Experts expect predicted five-year cybersecurity spending forecasts to top $1 trillion globally.
- According to cybersecurity statistics, the worldwide cybersecurity market should reach $170.4 billion by 2022.
- Nearly 70% of organizations have experienced compliance mandates driving spending.
Sources: US Bureau of Labor Statistics, Fortune Business Insights, Accenture, PurpleSEC, Gartner, CSO Online
Data Breach Statistics
A data breach can have devastating consequences for organizations around the world. Alongside lack of trust and lost customers, companies can lose sensitive data due to a malicious link, business email compromise, or DDoS attacks.
Over the last decade, more than 300 data breaches have resulted in the loss at lest 100,000 sensitive files.
In 2018, the United States experienced more than 1,200 breaches that exposed 446.5 million records.
The first six months of 2019 saw even more breaches that resulted in sensitive data exposure, with 4.1 billion exposed records reported worldwide between January and June.
2021 broke records with a reported 1,291 breaches between January 1st and September 30th in the United States, indicating a 17% increase from the number of cyber breach incidences in 2020.
- Global data breach costs climbed to $3.92 million in 2019, up from $3.86 million in 2018.
- Employee or contractor negligence is the most common cause of a data breach incident, accounting for 48% of incidents worldwide.
- 43% of data breach incidents impact small businesses.
- 95% of all breaches impacted government organizations, retail companies, or technology companies.
- E-criminals use spear phishing or targeted emails to accomplish 91% of all successful breaches.
Sources: Forbes, Statista, Forbes, Security Magazine, PurpleSEC
Cyberattacks can cause numerous negative outcomes, ranging from disrupted computer networks, phone lines, or technological systems to electrical blackouts, national security secret leaks, and military equipment failures.
Often, cyberattacks lead to exposed data or identity theft, such as leaked user credentials, medical records, or financial data. Hackers may also steal data to sell it on the dark web or obtain additional information.
- Ransomware attack rates have increased by more than 350% year over year.
- 69% of organizations don't believe they have adequate virus and malware protection to fend off attacks.
- More than 41% of companies store over 1,000 sensitive files without adequate protection.
- IoT attacks increased by 600% in 2017 alone.
- Cryptojacking has become the most rapidly growing sector of e-crime, with an 8,500% increase in 2017.
Sources: Prey Project, Cisco, PurpleSEC, TechRepublic, Norton
Recent Cyberattacks and Breaches
In recent years, e-criminals have increased their efforts. As a result, even vanguard tech companies have seen some of the biggest cyberattacks and supply chain attacks on record, resulting in millions of exposed files, compromised user information, and an inability to continue daily operations.
Some of the most recently hacked organizations include:
- First American Financial Corporation
- Marriott International
Below, we'll look at some of the most impactful cyberattacks throughout various industries.
Federal and Local Government
In 2020, a cyberattack contributed to a Russian-backed group led to a string of data breach incidents throughout the United States federal government. The attack resulted in the exposure of extremely high-profile, sensitive records. Upon further investigation, analysts found that the hackers may have had access to files for as long as nine months before the US government discovered the breach.
Another breach–also contributed to a Russian hacking group–occurred in March 2021. Hackers accessed the US State Department's email server and stole thousands of communications.
At the same time, reports showed local government bodies experienced an increasing number of phishing attempts in 2020 and 2021, including DDoS attacks and zero-day attacks, which occur when hackers exploit a cybersecurity vulnerability.
Sources: New York Times, Center for Strategic & International Studies, International City/County Management Association
Small Businesses / Enterprise
According to cyberattack statistics, small businesses account for 43% of cybercrime.
Even so, less than 15% of enterprises are prepared for an attack.
Small businesses and enterprises often find themselves at the heart of cyber attacks for several reasons. First, they rarely have adequate security measures to protect their data and systems.
Secondly, cyberattacks have become increasingly frequent, with more than 66% of small businesses experiencing web attacks within 12 months. Lastly, e-criminals have launched sophisticated attacks, resulting in highly targeted attempts to breach websites, cloud-based systems, and databases.
Generally speaking, small businesses and enterprises most frequently experience phishing or social engineering attacks. However, compromised or stolen devices make up 33% of small business cyberattacks, while credential theft accounts for 30% of breaches.
Sources: Ponemon Institute, Embroker
Throughout 2021, the financial sector experienced a 238% increase in web attacks throughout the first few months. In addition, 75% of insurance groups and financial institutions have noticed a rise in cybercrime since the beginning of the pandemic.
Further, the US Department of Treasury's Financial Crimes Enforcement Network revealed in September 2020 that financial institutions had lost more than $1 billion in web attacks each month. In addition, more than 100 financial institutions experienced DDoS threats, while hackers turned to mobile banking apps for access to financial information, personal details, and more.
In total, the financial services sector experienced average costs of $5 million per breach. However, experts believe escalated, frequent attacks could result in higher costs or potential financial crises.
Sources: CyberTalk, Business Wire, Security Magazine, CyberScoop, CSO Online
Between June 2020 and December 2021, the CyberPeace Institute reported that the healthcare sector experienced nearly 300 cyberattacks. The attacks occurred throughout 35 countries and included 165 confirmed ransomware attacks and 98 suspected ransomware attacks on patient care services organizations, pharmaceutical companies, medical manufacturing companies, and other organizations in the healthcare industry.
Sources: HIPAA Journal
Higher Education and School Districts
Since 2005, higher education institutions have been involved in nearly 1,000 data breaches, resulting in roughly 18 million exposed records. According to experts, school districts and higher education institutes have become targets for hackers for several reasons, including large amounts of personal information, poor cybersecurity measures, and easily accessible databases.
Similarly, US school districts have experienced more than 1,000 cyberattacks since 2016. In 2020 alone, 53 school districts became the victim of an attack, costing more than $7.5 billion to the education sector.
Sources: Comparitech, K-12 Cybersecurity Resource Center, InfoSecurity
Largest Data Breaches and Hacking Statistics
Impactful Hacking Stats
2021 saw a number of significant (and well-publicized) cyberattacks, including:
- The Colonial Pipeline Attack: In May 2021, Colonial Pipeline, a major oil and gas company in the United States experienced the largest cyberattack of the year. The hacking group DarkSide breached Colonial Pipeline's network and halted pipeline operations, resulting in a fuel shortage in the Southeast. The group also threatened to release almost 100 gigabytes of data unless Colonial Pipeline paid a ransom of $4.4 million in Bitcoin.
- JBS Foods Hack: On May 30, 2021, the ransomware group REvil hacked JBS Foods, a meat processor that supplies most of the United States' beef and pork. JBS paid an $11 million Bitcoin ransom to restore its network operations less than a month later.
- CNA Ransomware Attack: CNA, a major insurance provider in the US, fell victim to a ransomware attack from a group called Phoenix. The hackers stole a substantial amount of data and demanded a record-breaking $40 million ransom for the information, far exceeding the average cost of a web breach.
- 95% of breaches occur due to human error.
- Only 5% of organizations' storage folders have adequate protection.
- Nearly 90% of all breaches are motivated by financial gain.
- 94% of impacted organizations have retrieved their encrypted data.
Sources: WhatIs, Vox, Chicago Tribune, Cybint, Varonis, Verizon, Sophos
Historic Data Breaches
Since the first cyberattack occurred in 1999, e-criminals have continued to ramp up their efforts and impact major corporations, government organizations, and social media platforms.
For example, the Wannacry virus affected thousands of groups worldwide, resulting in $4 billion or more costs. In contrast, MGM's 2019 breach exposed more than 142 million guests' personal information.
- Marriott experienced a security breach in 2020 that exposed the information of more than 142 million guests.
- A 2020 Twitter breach targeted accounts of former presidents and world figures like Elon Musk, resulting in 300 transactions worth $121,00 in Bitcoin.
- In 2016, hackers stole the information of more than 57 million Uber drivers and customers.
- In 2013, Yahoo experienced one of the largest data breaches of all time, with more than 3 billion accounts hacked.
Sources: Technology Inquirer, CPO Magazine, Marriot, CNBC, Uber, New York Times
Cybersecurity Job Statistics
Security Job Prediction Stats
As mentioned previously, experts predict that jobs in the cybersecurity industry will grow at an unprecedented rate of 33% between 2020 and 2030, resulting in more than 16,000 open jobs each year due to increasing demand for skilled cybersecurity professionals.
Ready to break into the cybersecurity field? You may consider a role as a cybersecurity engineer. Data shows the positions start at $140,000 annually, making it the highest-paid role in the industry.
- More than 60% of organizations don't think current cybersecurity applicants are qualified.
- The demand for Data Protect Officers has increased by more than 700% due to GDPR requirements.
- Open web security roles have increased by 350% from 2013 to 2021.
Sources: US Bureau of Labor Statistics, Cybint, ISSA, Reuters, Cybercrime Magazine
There's no doubt about it: cyber attacks have become an increasing concern for major organizations, small businesses, and individuals.
With data showing that the cybercrime industry will climb as high as $300 billion or more by 2028, it pays to invest in training, tools, and professionals to protect sensitive information from e-criminals.
For more related content, check out 8 Huge Cybersecurity Trends and Top 20 Cybersecurity Startups to Watch.