40+ Cybersecurity Statistics & Facts For 2022

Written by

Cybersecurity issues are becoming a daily threat to businesses. You can start to prepare yourself by staying up-to-date on the latest statistics, trends, and facts.

The cybersecurity landscape is constantly changing, but what is obvious is that cyber threats are becoming more serious, and they’re happening with more frequency. Here is a summary of some of the most interesting, and alarming, cybersecurity statistics for 2022:

  • 85% of cybersecurity breaches are caused by human error. (Verizon)
  • 94% of all malware is delivered by email. (CSO Online)
  • Ransomware attacks happen every 10 seconds. (InfoSecurity Group)
  • 71% of all cyberattacks are financially motivated (followed by intellectual property theft, and then espionage). (Verizon)
  • The annual global cost of cybercrime is estimated to be $10.5 trillion by 2025. (Cybersecurity Ventures)

and did you know that:

F-35 fighter jets face greater threats from cyber-attacks than from enemy missiles

Source: Interesting Engineering 🔖

The F-35 stealth fighter jet is one of the most advanced planes because of its superior computing system. But its greatest feature becomes its greatest liability in a digitized world that's under constant threat of cyber attack.

2022 Cybersecurity Facts & Statistics

Here is a list of the latest up-to-date cybersecurity statistics to help you understand what is happening in the field of infosec as well as what to expect in 2022 and beyond.

The yearly global cost of cybercrime is estimated to be $10.5 trillion by 2025

Source: Cybersecurity Ventures Magazine 🔖

Analysts at Cybersecurity Ventures predict that costs that are associated with cybercrimes will grow yearly by 15% over the next five years. They reach this conclusion by assessing historical cyber-attack financials and the future threat environment. Intellectual property thefts, stolen money, and the destruction of data are just some of the costs included in this projected $10.5 trillion dollar figure.

2021 prediction of global cybercrime damage costs:

  • $6 Trillion a YEAR
  • $500 Billion a MONTH
  • $115.4 Billion a WEEK
  • $16.4 Billion a DAY
  • $684.9 Million an HOUR
  • $11.4 Million a MINUTE
  • $190 Thousand a SECOND

Cybercrime is expected to be up to 5 times more profitable than global transnational crimes combined.

Drugs and human trafficking to oil theft, illegal mining, and fishing, to weapons trafficking, which is estimated to generate between $1.6 trillion and $2.2 trillion annually.

The cybersecurity industry is estimated to be worth over $400 billion by 2027

Source: Ce Pro 🔖

The cybersecurity market was estimated to be worth $176.5 billion in 2020. By 2027 it is forecasted to be a staggering $403 billion with a CAGR of 12.5%. As the world relies more on technology and digital assets, the need to protect computing platforms and data becomes more important. This is good news for the infosec industry as well as for tech-minded job seekers.

In 2021 the cybersecurity industry is expected to have a 0% unemployment rate

Source: Cybercrime Magazine 🔖

The future of cybersecurity is looking bright. Cybersecurity professionals can expect a 0% unemployment rate and high salaries in the next few years as an increasing number of cyberattacks are being planned, executed, and propagated with little to no resistance from security teams due to a lack of qualified workers.

The 2019/2020 Official Annual Cybersecurity Jobs Report predicts that there will be 3.5 million unfilled jobs globally by 2021 which means that the profession hit a 0% unemployment rate this year for those who have dedicated themselves professionally to it.

Over 80% of cybersecurity events involve phishing attacks

Source: CSO Online 🔖

Phishing is a cyber attack that uses disguised email as a weapon. The goal of the attacker is to trick the recipient into believing that they're receiving an important message, such as one from their bank or company; this request could be for them to click on a link or download something. After gathering the data, hackers use the information to install malware on critical systems.

Google discovered over 2.1 million phishing sites as of January 2021

Source: Tessian 🔖

Since phishing is one of the most popular tactics of hackers, cybersecurity experts keep track of increases in the use of phishing around the world. Google found 27% more phishing websites in January 2021 than were present in January 2020. These websites were dedicated to stealing personal data, login credentials, and medical data.

There was a ransomware attack every 10 seconds in 2020

Source: InfoSecurity Group 🔖

Ransomware is a type of malware that infects a user's computer and restricts access to the device or its data, demanding money in exchange for freeing them (using cryptocurrency because it is hard to trace). Ransomware is one of the most dangerous types of hacks because it gives cybercriminals the ability to deny access to computer files until a ransom is paid.

Over the next decade, the cost of ransomware attacks will exceed $265 billion

Source: Cybersecurity Ventures 🔖

The future of cybercrime has never been bleaker. Research from Cybersecurity Ventures shows that the damage caused by ransomware per year could cost businesses $265 billion worldwide, and at a rate of one attack every 10 seconds to both enterprises and consumers. Ransomware is nothing new in our digital age but it seems like this type of cybercriminal activity may be reaching its peak with global losses projected to skyrocket as time goes on- or until law enforcement catches up!

2020 saw the first known death from a ransomware related cyberattack

Source: Security Magazine 🔖

In September 2020, the Duesseldorf University Clinic in Germany was hit by a ransomware attack that forced staffers to direct emergency patients elsewhere. The cyberattack took down the entire IT network of the hospital, which led doctors and nurses who were unable to communicate with each other or access patient data records. As a result, a woman seeking emergency treatment for a life-threatening condition died after she had to be taken over an hour away from her hometown because there wasn't enough staff available at local hospitals.

Ransomware and phishing to remain major risk throughout 2021

Source: Dark Reading 🔖

While phishing schemes have always been popular with hackers, it seems that ransomware is the new rising star of cybercrimes. New technology allows hackers to circumvent computer defense mechanisms and encrypt data in more sophisticated ways. These cybercriminals are able to hit a target hard and fast and demand increasingly higher amounts of ransom payments.

In 2020, on average it took 207 days to identify computer security breaches

Source: Governing 🔖

It used to be that an organization's antivirus software would detect threats and block suspicious files from causing more widespread damage. Today, IT professionals must worry about advanced persistent threats that allow hackers to enter back doors and remain on networks undetected for months.

Marriott admits that a 2020 security breach exposed the data of at least 5.2 million guests

Source: Marriott 🔖

In early 2020, hackers breached Marriott's computer security and gained access to the login credentials of two of its employees. They proceeded to access guest information until the suspicious activity was flagged. Exposed guest data included contact information, birthdays, and loyalty rewards program numbers

After being notified of a data breach, 64% of Americans don't know the next steps to take

Source: Varonis 🔖

U.S. businesses have been the frequent targets of hackers in recent months. Governmental regulations compel them to disclose security breaches to customers. However, a recent study that Varonis published indicates that Americans don't know what to do after a business makes such an announcement. Few know how to verify their exposure, protect their data by changing passwords and canceling credit cards, and monitor their credit reports and bank statements for suspicious activity.

Over 90% of malware comes through email

Source: CSO Online 🔖

When it comes to malware attacks, email remains the favorite distribution channel of hackers. 94% of malware is delivered via email. Hackers use this approach in phishing scams to get people to install malware onto networks. Nearly half of the servers that are used for phishing reside in the United States.

1 out of 36 Android smartphones have risky apps installed

Source: Varonis 🔖

We love installing new apps on our mobile phones to help make our life more convenient, productive, and fun. However, many apps that show up in the Google Play Store aren't secure. Using these apps can lead to financial devastation and identity, and data theft.

The amount of malware (malicious software) installed on Android platforms has increased by 400 percent. Part of the problem is the fact that individuals are much more relaxed when it comes to their smartphones than their computers. While 72 percent of users have free antivirus software on their laptop computer, only 50 percent have any kind of protection on their phone.

Bear in mind, this is dangerous because mobile devices are now handheld personal assistants. They’re used to track everything from work-related information to family and friends to health information to finances. They’re a one-size-fits-all gadget and if any phones are the victim of cybercrime then all of that data becomes accessible to the hacker.

There are 2,244 cyberattacks per day, and 164 cybercrimes reported every day

Source: University of Maryland & ACSC 🔖

A Clark School study at the University of Maryland from 2003 is one of the first to quantify the near-constant rate of hacking attacks. The study found that 2,244 attacks happened every day which breaks down to almost 1 cyberattack every 39 seconds, and “brute force” was the most common tactic.

However this study is out of date, and for 2020 that number is expected to be a lot higher.

A more recent study from the Australian government's Australian Cyber Security Centre (ACSC) agency found that between July 2019 and June 2020 there have been 59,806 cybercrime reports (crimes reported, not hacks), which is an average of 164 cybercrimes per day or approximately one every 10 minutes.

Nearly half of all cyberattacks target small businesses

Source: Cybint Solutions 🔖

While we tend to focus on cyber attacks on Fortune 500 companies and high-profile government agencies, Cybint Solutions found that small businesses were the target of 43% of recent cyber attacks. Hackers find that many small businesses haven't adequately invested in cyber security and want to exploit their vulnerabilities for financial gain or to make political statements..

Data breaches exposed 36 billion records by the end of the third quarter of 2020

Source: Risk Based Security 🔖

You probably knew that hackers wouldn't take a break from their crimes just because of a global pandemic. However, few expected 2020 to be the worst year on record for data breaches. Cybercriminals are taking advantage of the global pandemic panic to flood inboxes with COVID-related phishing scams going after government relief funds and demand for masks, hand sanitizer, antiviral drugs. Some nation-state actors also targeted pharmaceutical companies and universities in a bid to steal research data on COVID.

Historic 2020 Twitter hack exposed the accounts of the “One Percenters”

Source: CNBC 🔖

Hackers compromised 130 accounts that included Elon Musk's account. They proceeded to send messages to followers of the accounts asking them to send them Bitcoin. Surprisingly, they received about $120,000 in Bitcoin before abandoning the scam. Twitter invited blockchain consultants at Elliptic to investigate the transactions. The social media giant concluded that the hack was initiated by an insider.

Cybersecurity breaches reduce the value of public companies by an estimated 8.6%

Source: Comparitech 🔖

Large businesses that experience security breaches must spend money to upgrade training, fix network vulnerabilities, and perform damage control with the public. In addition to these inherent costs, it appears that Wall Street also punishes these companies with reduced share prices.

One of the world's largest security firms admits it was the victim of a sophisticated hack in 2020

Source: ZDNet 🔖

The hack of IT security firm FireEye was quite shocking. FireEye consults with government agencies to improve the security of networks that store and transmit data that relates to U.S. national interests. In 2020, brazen hackers breached the company's security systems and stole tools that FireEye uses to test government agency networks.

66% of businesses were exposed to phishing in 2020

Source: Cobalt 🔖

Phishing is the number one tactic that hackers use to get the data that they need for larger-scale attacks. When phishing is customized for a targeted person or company, the method is called spear phishing. These types of cyberattacks are on the rise.

43% of small to medium-sized businesses (SMBs) haven't yet adopted cybersecurity assessment and mitigation plans

Source: Bull Guard (via Cision PRweb) 🔖

Security experts are ringing the alarm bells for SMBs to get their data security measures shored up. While statistics point out the network security vulnerabilities of SMBs, the warnings seem to be falling on deaf ears. A recent study shows that one-third of SMBs use some kind of free, consumer-grade cybersecurity tools to safeguard their systems. One in five use no tools at all. Nearly half of SMBs have no defense plans in place.

20% of small businesses allowed remote work without having a cybersecurity plan

Source: Alliant 🔖

Remote working brings plenty of benefits to companies and workers. However, it's known to increase cybersecurity risks when proper protocols and policies aren't established and made known to remote workers. Succumbing to the pressure of social distancing mandates, many small businesses sent their employees home to work without these plans in place.

Hackers stole over 9 million medical records in September 2020

Source: HIPAA Journal 🔖

When we think about data that is at high risk of getting stolen, we usually of financial data. However, medical records are top-of-mind for hackers. Financial records can be canceled and reissued when cyberattacks are discovered. Medical records stay with a person for life. Cybercriminals find a lucrative market for this type of data. As a result, healthcare cybersecurity breaches and theft of medical records are expected to increase.

About 30% of education workers failed a phishing test

Source: KnowBe4 🔖

The 2020 Phishing by Industry Report that was published by KnowBe4 stated that people who worked in the education industry weren't adequately trained to identify and handle phishing schemes when they encountered them. According to the report, employees in the education field were the most likely to fall prey to phishing and social engineering tactics out of any other workers in other industries, except for healthcare. The good news is that training works for them. After the employees received adequate training, the number of failures for the phishing test fell from 30% to 5%.

Over 40% of cybersecurity occurrences in education are caused by social engineering tactics

Source: Impact 🔖

The strongest locks will do no good if an insider unlocks the door and lets in the enemy. That's what's happening at the average higher education institution. Schools aren't providing enough training to make students, faculty, and staff aware of the real dangers of phishing and social engineering tactics. As a result, they don't recognize threats and let enemies inside. Once hackers are inside the network, they can gather valuable personal and financial data. They can also infect computer systems with malware; most malware attacks on university networks involve ransomware.

32% of businesses pay a ransom to get their data back

Source: Sophos 🔖

37% of businesses, over a third of the 5,400 surveyed in the Sophos “The State of Ransomware 2021” report, were hit by ransomware in 2020. 32% of businesses paid the ransom to get their data back, which is an increase of 26% compared to 2020. The average ransom businesses paid was US$170,404.

Ransomware attacks are common and the lesson here is that you should expect to be the target of a ransomware attack, it's not a matter of if, but when! Remember to make backups. Backing up your data is the number one method to use to get your data back after an attack.

Around 60 million Americans have been impacted by identity theft

Source: Norton.com 🔖

Personal data can be purchased within the range of $0.20 to $15.

What type of rate would you put on your personal data? Unfortunately, others might not value it as high. Since personal data sells for so little, you’ll want to beware. Individuals who are in the selling market are much more likely to try to accumulate as much data to sell as possible.

Credit card information sells on the higher end than other kinds of personal data. Making your information as difficult to resell as possible will make the value of it decrease to anyone attempting to make a buck or two off of your identity.

Each time individuals have access to your personal data, you’re at risk of identity theft. Thus, you want to make sure that you’re always being smart with your data and protecting it from any potential hackers out there. You want to reduce any situation that may leave you and your personal data exposed.

The United States suffers the most data breaches by location

Source: Risk Based Security 🔖

The United States has comprehensive breach notification laws, which drive up the number of reported cases. Organizations affected by a breach must inform their customers and any involved third parties, so the United States easily tops the ranked list.

According to Risk Based Security's report, 2,630 publicly disclosed breaches happened in the United States.

Frequently Asked Questions

How many cybersecurity attacks are there every day?

A Clark School study at the University of Maryland found that 2,244 attacks happened every day which is almost 1 cyberattack every 39 seconds.

A study from the Australian government’s Australian Cyber Security Centre (ACSC) agency found that an average of 164 cybercrimes happened per day or approximately one every 10 minutes.

What is the most alarming security issue on the Internet today?

Ransomware is the number one cybersecurity threat in 2021. Ransomware is one of the most dangerous types of hacks because it is relatively easy and cheap to carry out, and because it gives cybercriminals the ability to deny access to computer files until a ransom is paid.

How many cyber attacks happened in 2020?

A study from Arkose Labs estimated that by August 2020 that there had been around 445 million cyberattacks happened in 2020 globally, double that of the whole of 2019. Cybercrime is ramping up to an all-time high and it’s projected that this year there will be nearly one billion attacks on a global scale.

Where do most cyberattacks come from?

Russia, Brazil, and China are the top three countries where cyber-attacks originate.

Russian hackers tend to target banks in the U.S. and Europe. Since the 20th century, Russia's education system encourages the pursuit of scientific knowledge and curiosity in its students, which has had the side effect of fostering cybercriminals.

Brazilian hackers typically use simple Russian-inspired tactics that have little risk of exposure. Hackers in China send mass SMS messages in an attempt to coerce victims into fraudulent transfers.

How long do cyber attacks take to detect?

On average, it takes about 280 days to detect and stop a cyberattack. It takes about 197 days for a typical organization to identify a threat, but some breaches can avoid detection for a long time. How long it takes for your company to remove a threat depends on how robust your security system is.

Once detected, an attack often persists for another 69 days on average. Companies that can subdue attacks in less time can save hundreds of thousands of dollars in recovery costs.

What are the best cybersecurity prevention techniques?

Today, the best security techniques available are encryption, antivirus, firewall, digital signatures, and two-factor authentication.

Organizations are responsible for protecting customer data and keeping it from unauthorized access. As unsettling as these cybersecurity statistics might be, part of a company's duty is to ensure its cybersecurity defense system has everything it needs to succeed.

Cybersecurity Statistics: Summary

Cybersecurity is a big issue and it’s only getting bigger. As phishing attempts, malware, identity theft, and huge data breaches increase daily, the world is looking at an epidemic that will only be solved with worldwide action.

The cybersecurity landscape is changing, and it is obvious that cyber threats are becoming more serious, and they're happening with more frequency.

The 2020 cyber attack on the U.S. government's National Nuclear Security Administration's databases caught my attention, and the ransomware attack on Colonial Pipeline systems that left many motorists without fuel in May 2021 got the attention of everyone else.

Everyone needs to do their part to prepare and combat cybercrimes. That means making INFOSEC best practices routine and knowing how to handle and report potential cyber threats.

Don't miss out my list of the best YouTube channels to learn about Cybersecurity.


Home » Research » 40+ Cybersecurity Statistics & Facts For 2022

Join our newsletter

Subscribe to our weekly roundup newsletter and get the latest industry news & trends

By clicking 'subscribe" you agree to our terms of use and privacy policy.