Cybersecurity issues are becoming a daily threat to businesses. You can start to prepare yourself by staying up-to-date on the latest statistics, trends, and facts.
The cybersecurity landscape is constantly changing, but what is obvious is that cyber threats are becoming more serious, and they’re happening with more frequency. Here is a summary of some of the most interesting, and alarming, cybersecurity statistics for 2021:
- 85% of cybersecurity breaches are caused by human error. (Verizon)
- 94% of all malware is delivered by email. (CSO Online)
- Ransomware attacks happen every 10 seconds. (InfoSecurity Group)
- 71% of all cyberattacks are financially motivated (followed by intellectual property theft, and then espionage). (Verizon)
- The annual global cost of cybercrime is estimated to be $10.5 trillion by 2025. (Cybersecurity Ventures)
and did you know that:
The F-35 stealth fighter jet is
one of the most advanced planes because of its superior computing system. But its greatest feature becomes its greatest liability in a digitized world that's under constant threat of cyber attack.
Cybersecurity Facts & Statistics
Here is a list of the latest up-to-date cybersecurity statistics to help you understand what is happening in the field of infosec as well as what to expect in 2021 and beyond.
Analysts at Cybersecurity Ventures predict that costs that are associated with cybercrimes will grow yearly by 15% over the next five years. They reach this conclusion by assessing historical cyber-attack financials and the future threat environment. Intellectual property thefts, stolen money, and the destruction of data are just some of the costs included in this projected $10.5 trillion dollar figure.
2021 prediction of global cybercrime damage costs:
- $6 Trillion a YEAR
- $500 Billion a MONTH
- $115.4 Billion a WEEK
- $16.4 Billion a DAY
- $684.9 Million an HOUR
- $11.4 Million a MINUTE
- $190 Thousand a SECOND
Cybercrime is expected to be up to 5 times more profitable than global transnational crimes combined.
Drugs and human trafficking to oil theft, illegal mining, and fishing, to weapons trafficking, which is estimated to generate between $1.6 trillion and $2.2 trillion annually.
The cybersecurity market was estimated to be worth $176.5 billion in 2020. By 2027 it is forecasted to be a staggering $403 billion with a CAGR of 12.5%. As the world relies more on technology and digital assets, the need to protect computing platforms and data becomes more important. This is good news for the infosec industry as well as for tech-minded job seekers.
The future of cybersecurity is looking bright. Cybersecurity professionals can expect a 0% unemployment rate and high salaries in the next few years as an increasing number of cyberattacks are being planned, executed, and propagated with little to no resistance from security teams due to a lack of qualified workers.
The 2019/2020 Official Annual Cybersecurity Jobs Report predicts that there will be 3.5 million unfilled jobs globally by 2021 which means that the profession hit a 0% unemployment rate this year for those who have dedicated themselves professionally to it.
Phishing is a cyber attack that uses disguised email as a weapon. The goal of the attacker is to trick the recipient into believing that they're receiving an important message, such as one from their bank or company; this request could be for them to click on a link or download something. After gathering the data, hackers use the information to install malware on critical systems.
Since phishing is one of the most popular tactics of hackers, cybersecurity experts keep track of increases in the use of phishing around the world. Google found 27% more phishing websites in January 2021 than were present in January 2020. These websites were dedicated to stealing personal data, login credentials, and medical data.
Ransomware is a type of malware that infects a user's computer and restricts access to the device or its data, demanding money in exchange for freeing them (using cryptocurrency because it is hard to trace). Ransomware is one of the most dangerous types of hacks because it gives cybercriminals the ability to deny access to computer files until a ransom is paid.
The future of cybercrime has never been bleaker. Research from Cybersecurity Ventures shows that the damage caused by ransomware per year could cost businesses $265 billion worldwide, and at a rate of one attack every 10 seconds to both enterprises and consumers. Ransomware is nothing new in our digital age but it seems like this type of cybercriminal activity may be reaching its peak with global losses projected to skyrocket as time goes on- or until law enforcement catches up!
In September 2020, the Duesseldorf University Clinic in Germany was hit by a ransomware attack that forced staffers to direct emergency patients elsewhere. The cyberattack took down the entire IT network of the hospital, which led doctors and nurses who were unable to communicate with each other or access patient data records. As a result, a woman seeking emergency treatment for a life-threatening condition died after she had to be taken over an hour away from her hometown because there wasn't enough staff available at local hospitals.
While phishing schemes have always been popular with hackers, it seems that ransomware is the new rising star of cybercrimes. New technology allows hackers to circumvent computer defense mechanisms and encrypt data in more sophisticated ways. These cybercriminals are able to hit a target hard and fast and demand increasingly higher amounts of ransom payments.
It used to be that an organization's antivirus software would detect threats and block suspicious files from causing more widespread damage. Today, IT professionals must worry about advanced persistent threats that allow hackers to enter back doors and remain on networks undetected for months.
In early 2020, hackers breached Marriott's computer security and gained access to the login credentials of two of its employees. They proceeded to access guest information until the suspicious activity was flagged. Exposed guest data included contact information, birthdays, and loyalty rewards program numbers
U.S. businesses have been the frequent targets of hackers in recent months. Governmental regulations compel them to disclose security breaches to customers. However, a recent study that Varonis published indicates that Americans don't know what to do after a business makes such an announcement. Few know how to verify their exposure, protect their data by changing passwords and canceling credit cards, and monitor their credit reports and bank statements for suspicious activity.
When it comes to malware attacks, email remains the favorite distribution channel of hackers. 94% of malware is delivered via email. Hackers use this approach in phishing scams to get people to install malware onto networks. Nearly half of the servers that are used for phishing reside in the United States.
We love installing new apps on our mobile phones to help make our life more convenient, productive, and fun. However, many apps that show up in the Google Play Store aren't secure. Using these apps can lead to financial devastation and identity, and data theft.
The amount of malware (malicious software) installed on Android platforms has increased by 400 percent. Part of the problem is the fact that individuals are much more relaxed when it comes to their smartphones than their computers. While 72 percent of users have free antivirus software on their laptop computer, only 50 percent have any kind of protection on their phone.
Bear in mind, this is dangerous because mobile devices are now handheld personal assistants. They’re used to track everything from work-related information to family and friends to health information to finances. They’re a one-size-fits-all gadget and if any phones are the victim of cybercrime then all of that data becomes accessible to the hacker.
A Clark School study at the University of Maryland from 2003 is one of the first to quantify the near-constant rate of hacking attacks. The study found that 2,244 attacks happened every day which breaks down to almost 1 cyberattack every 39 seconds, and “brute force” was the most common tactic.
However this study is out of date, and for 2020 that number is expected to be a lot higher.
A more recent study from the Australian government's Australian Cyber Security Centre (ACSC) agency found that between July 2019 and June 2020 there have been 59,806 cybercrime reports (crimes reported, not hacks), which is an average of 164 cybercrimes per day or approximately one every 10 minutes.
While we tend to focus on cyber attacks on Fortune 500 companies and high-profile government agencies, Cybint Solutions found that small businesses were the target of 43% of recent cyber attacks. Hackers find that many small businesses haven't adequately invested in cyber security and want to exploit their vulnerabilities for financial gain or to make political statements..
You probably knew that hackers wouldn't take a break from their crimes just because of a global pandemic. However, few expected 2020 to be the worst year on record for data breaches. Cybercriminals are taking advantage of the global pandemic panic to flood inboxes with COVID-related phishing scams going after government relief funds and demand for masks, hand sanitizer, antiviral drugs. Some nation-state actors also targeted pharmaceutical companies and universities in a bid to steal research data on COVID.
Hackers compromised 130 accounts that included Elon Musk's account. They proceeded to send messages to followers of the accounts asking them to send them Bitcoin. Surprisingly, they received about $120,000 in Bitcoin before abandoning the scam. Twitter invited blockchain consultants at Elliptic to investigate the transactions. The social media giant concluded that the hack was initiated by an insider.
Large businesses that experience security breaches must spend money to upgrade training, fix network vulnerabilities, and perform damage control with the public. In addition to these inherent costs, it appears that Wall Street also punishes these companies with reduced share prices.
The hack of IT security firm FireEye was quite shocking. FireEye consults with government agencies to improve the security of networks that store and transmit data that relates to U.S. national interests. In 2020, brazen hackers breached the company's security systems and stole tools that FireEye uses to test government agency networks.
Phishing is the number one tactic that hackers use to get the data that they need for larger-scale attacks. When phishing is customized for a targeted person or company, the method is called spear phishing. These types of cyberattacks are on the rise.
Security experts are ringing the alarm bells for SMBs to get their data security measures shored up. While statistics point out the network security vulnerabilities of SMBs, the warnings seem to be falling on deaf ears. A recent study shows that one-third of SMBs use some kind of free, consumer-grade cybersecurity tools to safeguard their systems. One in five use no tools at all. Nearly half of SMBs have no defense plans in place.
Remote working brings plenty of benefits to companies and workers. However, it's known to increase cybersecurity risks when proper protocols and policies aren't established and made known to remote workers. Succumbing to the pressure of social distancing mandates, many small businesses sent their employees home to work without these plans in place.
When we think about data that is at high risk of getting stolen, we usually of financial data. However, medical records are top-of-mind for hackers. Financial records can be canceled and reissued when cyberattacks are discovered. Medical records stay with a person for life. Cybercriminals find a lucrative market for this type of data. As a result, healthcare cybersecurity breaches and theft of medical records are expected to increase.
The 2020 Phishing by Industry Report that was published by KnowBe4 stated that people who worked in the education industry weren't adequately trained to identify and handle phishing schemes when they encountered them. According to the report, employees in the education field were the most likely to fall prey to phishing and social engineering tactics out of any other workers in other industries, except for healthcare. The good news is that training works for them. After the employees received adequate training, the number of failures for the phishing test fell from 30% to 5%.
The strongest locks will do no good if an insider unlocks the door and lets in the enemy. That's what's happening at the average higher education institution. Schools aren't providing enough training to make students, faculty, and staff aware of the real dangers of phishing and social engineering tactics. As a result, they don't recognize threats and let enemies inside. Once hackers are inside the network, they can gather valuable personal and financial data. They can also infect computer systems with malware; most malware attacks on university networks involve ransomware.
37% of businesses, over a third of the 5,400 surveyed in the Sophos “The State of Ransomware 2021” report, were hit by ransomware in 2020. 32% of businesses paid the ransom to get their data back, which is an increase of 26% compared to 2020. The average ransom businesses paid was US$170,404.
Ransomware attacks are common and the lesson here is that you should expect to be the target of a ransomware attack, it's not a matter of if, but when! Remember to make backups. Backing up your data is the number one method to use to get your data back after an attack.
Personal data can be purchased within the range of $0.20 to $15.
What type of rate would you put on your personal data? Unfortunately, others might not value it as high. Since personal data sells for so little, you’ll want to beware. Individuals who are in the selling market are much more likely to try to accumulate as much data to sell as possible.
Credit card information sells on the higher end than other kinds of personal data. Making your information as difficult to resell as possible will make the value of it decrease to anyone attempting to make a buck or two off of your identity.
Each time individuals have access to your personal data, you’re at risk of identity theft. Thus, you want to make sure that you’re always being smart with your data and protecting it from any potential hackers out there. You want to reduce any situation that may leave you and your personal data exposed.
The United States has comprehensive breach notification laws, which drive up the number of reported cases. Organizations affected by a breach must inform their customers and any involved third parties, so the United States easily tops the ranked list.
According to Risk Based Security's report, 2,630 publicly disclosed breaches happened in the United States.
Frequently Asked Questions
How many cybersecurity attacks are there every day?
A Clark School study at the University of Maryland found that 2,244 attacks happened every day which is almost 1 cyberattack every 39 seconds.
A study from the Australian government’s Australian Cyber Security Centre (ACSC) agency found that an average of 164 cybercrimes happened per day or approximately one every 10 minutes.
What is the most alarming security issue on the Internet today?
Ransomware is the number one cybersecurity threat in 2021. Ransomware is one of the most dangerous types of hacks because it is relatively easy and cheap to carry out, and because it gives cybercriminals the ability to deny access to computer files until a ransom is paid.
How many cyber attacks happened in 2020?
A study from Arkose Labs estimated that by August 2020 that there had been around 445 million cyberattacks happened in 2020 globally, double that of the whole of 2019. Cybercrime is ramping up to an all-time high and it’s projected that this year there will be nearly one billion attacks on a global scale.
Where do most cyberattacks come from?
Russia, Brazil, and China are the top three countries where cyber-attacks originate.
Russian hackers tend to target banks in the U.S. and Europe. Since the 20th century, Russia's education system encourages the pursuit of scientific knowledge and curiosity in its students, which has had the side effect of fostering cybercriminals.
Brazilian hackers typically use simple Russian-inspired tactics that have little risk of exposure. Hackers in China send mass SMS messages in an attempt to coerce victims into fraudulent transfers.
How long do cyber attacks take to detect?
On average, it takes about 280 days to detect and stop a cyberattack. It takes about 197 days for a typical organization to identify a threat, but some breaches can avoid detection for a long time. How long it takes for your company to remove a threat depends on how robust your security system is.
Once detected, an attack often persists for another 69 days on average. Companies that can subdue attacks in less time can save hundreds of thousands of dollars in recovery costs.
What are the best cybersecurity prevention techniques?
Today, the best security techniques available are encryption, antivirus, firewall, digital signatures, and two-factor authentication.
Organizations are responsible for protecting customer data and keeping it from unauthorized access. As unsettling as these cybersecurity statistics may be, part of a company's duty is to ensure its cybersecurity defense system has everything it needs to succeed.
Cybersecurity Statistics: Summary
Cybersecurity is a big issue and it’s only getting bigger. As phishing attempts, malware, identity theft, and huge data breaches increase daily, the world is looking at an epidemic that will only be solved with worldwide action.
The cybersecurity landscape is changing, and it is obvious that cyber threats are becoming more serious, and they're happening with more frequency.
The 2020 cyber attack on the U.S. government's National Nuclear Security Administration's databases caught my attention, and the ransomware attack on Colonial Pipeline systems that left many motorists without fuel in May 2021 got the attention of everyone else.
Everyone needs to do their part to prepare and combat cybercrimes. That means making INFOSEC best practices routine and knowing how to handle and report potential cyber threats.