100+ Cybersecurity Statistics to Know in 2024

With the increasing sophistication of cyber criminals and the ever-growing dependency of society on digital platforms, understanding cybersecurity has become more essential than ever. To help you navigate this intricate digital maze, we’ve compiled a collection of over 100 compelling cybersecurity statistics.

These stats delve into a multitude of aspects, from the sheer frequency of attacks to the financial repercussions felt by businesses worldwide. Whether you're a seasoned expert looking for the latest data or someone simply trying to grasp the reality of today's cyber threats, this comprehensive list provides a robust picture of the current cyber landscape.

Cybersecurity Statistics: Editor’s picks

• Phishing continues to be the most common type of cyber attack, with an estimated volume of 3.4 billion spam emails circulated daily.
• Only 52% of companies managed to regain access to their data after submitting the ransom payment.
• 90% of cyber-attacks are due to human error.
• The total number of unique malware programs has now surpassed 1 billion.
• The total spending on IT security reached $71.68 billion in 2022
• IBM's latest yearly report says that in 2023, businesses spend an average of $4.5 million every time they get hit by a data breach. That's the most it's ever been, and it's a big jump — 15% more than what it cost them over the last three years.

Latest cybersecurity stats to watch for in 2023

Cost of cybersecurity data breach

• It is projected that by 2025, businesses will face enormous losses of around $10.5 trillion, averaging out to nearly $20 million per minute due to cybercrimes.
• A cyber breach could lead to an approximate 8.6% loss in value for public companies, illustrating the significant financial implications of cybersecurity for stakeholders.
• By 2024, the e-commerce sector is expected to bear substantial losses of $25 billion annually due to online payment fraud.
• The primary driving force behind most cyber-attacks, accounting for about 86%, is the prospect of financial gain, with state espionage being the second most common motive.
• Global cybercrime costs are forecasted to surge at an annual rate of 23% over the next five years, totaling approximately $23.84 trillion by 2027.
• In a recent study, nearly half of the participants, 45.5% to be exact, reported that their organizations were subjected to 1 to 5 successful cyber-attacks over the previous year.
• 69% of organizations have reported data breaches or exposures due to security misconfigurations in their multi-cloud environments. (Cloud security stats)

Cybersecurity attack statistics by type

Ransomware statistics

• Per Statista's report, around 71% of corporations became victims of ransomware invasions in 2022, leading to substantial financial hits. 
• Just over half, or 52%, of companies managed to regain access to their data after submitting the ransom payment. (Statista)
• The United States holds the unfortunate distinction of being the number one target for ransomware attacks globally. (Statista)
• Austria bore the brunt of these ransomware offensives more than any other nation. 
• In terms of the most colossal ransomware onslaught ever recorded, it was the government of Costa Rica that was hit the hardest, as documented by the Cyber Management Alliance.

• Security leaders rank ransomware among their top 10 concerns that cause sleepless nights.
• The average ransom paid following a ransomware attack rose by 71% in 2022, reaching $925,162.
• Projected global costs for ransomware in 2023 are estimated to reach $30 billion.
• Worldwide ransomware attacks experienced an 8% decrease in the third quarter of 2022 compared to the same period in the previous year.
• A VentureBeat survey of over 300 security professionals revealed that 90% of businesses reported being impacted by ransomware in 2022.
• A new organization becomes a target of ransomware every 14 seconds.
• Ransomware infection rates are continually escalating, especially in areas with high internet connectivity, such as the United States and Europe. (BlackFog)

Malware statistics

• Annually, the global count of ransomware attacks hits approximately 493.33 million.
• The mobile malware most commonly identified is known as RiskWare. (Statista)
• Each day, cybersecurity systems identify 560,000 new types of harmful software or malware.
• The total number of unique malware programs has now surpassed 1 billion.
• More than half (58%) of all malware are called Trojans, which secretly give cybercriminals access to your computer.
• On average, every minute, four companies around the world become victims of ransomware attacks, where their data is encrypted and held hostage.
• Android phones are much more likely to get infected than iPhones - they are 50 times more likely to have malware.
• The total number of malware infections has increased by 87% over the last 10 years.
• The total cost of all the damage caused by cybercrime is expected to reach an astounding $8 trillion in 2023.
• In the majority of software code (84%), vulnerabilities are found that could be exploited by hackers.

Zero Day exploits & DDoS attack statistics

• In 2022, the danger of DDoS attacks amplified, with a surge of 60% in malevolent attacks in the first six months of the year.
• One of the largest DDoS attacks recorded involved a Mirai botnet variant launching a 2.5 Tbps assault on a Minecraft server.
• Almost 50% of all zero-day exploits have occurred in the past ten years, indicating an upward trend.
• 50% of the zero-day exploits identified in 2022 are variations of vulnerabilities that had been fixed earlier.
• Apple uncovered 7 zero-day vulnerabilities in their technology during the first half of 2022.
• Kaspersky's DDoS Intelligence system identified nearly 60,000 attacks in the third quarter of 2022 (SecureList).
• As per a survey by Cloudflare, 1 in 5 respondents who experienced a DDoS attack stated that the attack included a Ransom DDoS or other threats.

Social engineering attacks

• According to IBM's 2022 Cost of a Data Breach report, data breaches initiated through social engineering techniques averaged costs over $4 million (IBM).
• A striking 90% of cyberattacks against organizations aim at individuals rather than IT and cybersecurity defenses (Verizon).
• Of the 2,249 incidents involving social engineering examined by Verizon, 1,063 were disclosed (Verizon).

Phishing statistics

A recent study by Statista demonstrated that The global landscape of cyber threats in 2022 saw over 1.27 million unique phishing sites, with financial institutions being the prime target. Here are the other key phishing statistics included:

• There were 1,270,883 unique phishing sites detected around the world.
• Financial Institutions form the industry most frequently targeted by phishing attacks.
• Vietnam has the highest incidence of phishing attacks among all countries.
• About 2.94% of employees tend to click on a link within a malicious email.
• The age group of 31-40 is most likely to click on a phishing email.
• Spam or phishing emails are the most common methods of delivering ransomware infections.
• Around 29% of phishing sites employ a brand name within the domain name.

Headline cybercrime statistics worldwide

• Phishing continues to be the most common type of cyber attack, with an estimated volume of 3.4 billion spam emails circulated daily.
• In the year 2022, there were an alarming 493.33 million instances of ransomware attacks identified by organizations around the globe.
• The universal average cost of a data breach was evaluated at $4.35 million in 2022.
• For 12 consecutive years, the healthcare sector has proven to be the most expensive in terms of data breaches, with the average cost of a data breach in 2022 amounting to a staggering $10.10 million.
• For the year 2022, breaches that occurred due to stolen or compromised credentials represented an average financial loss of $4.50 million.
• 86.2% of organizations surveyed experienced at least one successful cyberattack.
• Russia has nearly 17 times more leaked email accounts than the global average.
• When assessing cyber security across continents, Africa and Asia have the least frequent rates of breached email accounts, standing at 4 and 23 per 1,000 internet users, respectively.
• In contrast, Europe reported the most severe rates of security breaches in 2022, with 1 out of every 5 internet users experiencing a breach.

Government cybersecurity statistics

• The U.S. government’s proposed budget for cybersecurity is $10.89 billion in the financial year of 2023.
• The U.S. federal government spends $888.78 billion on information technology (IT). (Statista)
• The U.S. federal government’s allocated a budget of $9 billion for information technology (IT) to The Department of Homeland Security. (Statista)

Small business cybersecurity statistics

• Only 50% of small businesses are equipped with a dedicated cybersecurity strategy.
• Small enterprises are the targets of 43% of all cyber attacks.
• The majority of cyber attacks, 80% to be exact, are perpetrated by external individuals rather than internal employees.
• While a vast 96% of cyber attacks aim to procure financial gain across all organizations, this percentage falls to 71% for larger organizations.
• Only 14% of small businesses possess the necessary safeguards to protect themselves against cyber threats.
• Contrary to reality, 60% of small business owners believe that their businesses are not potential targets for cybercriminals.
• The most common cyber attack types faced by small businesses include phishing or social engineering, compromised or stolen devices, and credential theft. (Forbes)

Suggested reading: Best Cybersecurity Podcasts

Cybersecurity spending statistics

• As per recommendations from industry leaders like IBM, the portion of your overall IT budget allocated to cybersecurity should range between 9% and 14%.
• The total spending on IT security reached $71.68 billion in 2022, as reported by Statista.
• Cisco's data reveals that half of the large enterprises spend $1 million each year on security measures.

Cybersecurity statistics by industry

According to Tech Business News reports, the top five most targeted industries in 2022 were:

• Healthcare
• Financial services
• Retail
• Education
• Energy and utilities

Cybercrime statistics by industry:

Between November 2021 and October 2022, the global financial industry faced 173 web application attacks, more than any other sector.

The information sector followed closely, enduring 173 attacks, while the professional sector was the third most impacted, experiencing 113 basic web application attack incidents during the same period.

Healthcare cybersecurity statistics

• According to Check Point Research, there was a 74% increase in cyberattacks on healthcare organizations globally in 2022, with an average of 1,463 attacks occurring on a weekly basis, compared to the previous year.
• In the initial quarter of 2022 alone, the healthcare industry experienced 125 reported breaches, with ransomware attacks being a key concern and healthcare being the most targeted sector.
• Third-party data breaches have led to drastic repercussions, as evidenced by a single incident that affected 119 pediatric practices and disrupted the data of 2.2 million patients.
• The global healthcare cybersecurity market was projected to expand from $13.18 billion in 2021 to $15.70 billion in 2022.
• Cybercriminals often find it easier to exploit vulnerabilities in health systems. This was demonstrated in February 2022, when a ransomware attack on PFC Financial Company, an account receivable management firm, impacted hundreds of healthcare organizations, as reported by ITRC.
• In 2022, over half (61%) of healthcare respondents underwent an attack on their cloud infrastructure due to phishing, ransomware, or other types of malware.
• According to Cynerio’s State of Healthcare IoT Device Security 2022 report, over half (53%) of connected devices are vulnerable to cybersecurity attacks.

According to HIPAA (Health Insurance Portability and Accountability Act), the most common forms of healthcare data breaches in 2022 were:

• Hacking and IT incidents: 555

• Unauthorized access or disclosure: 113
• Physical theft: 35
• Improper disposal of records: 4

Education cybersecurity stats

• In the final month of 2022, the education sector was reportedly the source of 80% of approximately 7.2 million malware incidents.
• Verizon's 2022 Data Breach Investigation, which assessed 20 different sectors, reported 282 instances of cyber breaches, specifically in the education sector, last year.
• Ransomware was the principal weapon of choice, causing more than 30% of breaches in the education industry. (Verizon)
• Around 30% of education sector employees did not successfully identify a phishing attempt. However, post cybersecurity awareness training, this percentage decreased to roughly 5%.

SaaS cybersecurity statistics

• Nearly half, or 43% of organizations, have experienced security incidents that were a direct result of misconfigurations in Software as a Service (SaaS) systems. 
• This figure could rise to 63%, as a significant portion of organizations are not certain whether SaaS misconfigurations caused their security incidents.
• Only a small percentage, or 17% of organizations, have encountered security incidents due to misconfigurations in Infrastructure as a Service (IaaS) systems.
• A vast majority of organizations, about 81%, have exposed sensitive SaaS data, emphasizing the commonality of data vulnerabilities and the pressing need for improved security protocols.

Suggested reading: Top SaaS Security Risks and How to Mitigate

Financial services cybersecurity statistics

• The U.S. witnessed 1,802 instances of data compromise in the year 2022. (Statista)
• The largest-ever financial data breach recorded was by the First American Financial Corp. (Statista) Also see the biggest data breaches in U.S. history.
• The cost incurred due to a data breach in the financial sector globally in 2022 was 5.97 million USD. (Statista)
• The share of phishing attacks targeting the financial sector worldwide in 2022 stood at 36.3%. (Statista)

Remote work cybersecurity statistics

• A considerable 60% of remote employees access their company's network using personal devices that lack proper security.
• 49% of remote workers admit to being uninformed about the risks associated with using personal devices for work-related tasks.
• A significant 75% of employees acknowledge that they use the same passwords for both their work and personal accounts.
• More than 66% of small businesses believe they are at a higher risk of data breaches due to the transition to remote work.

Tip: You can use a SaaS security tool to find and secure every SaaS application your employees log in with business emails.

Cybersecurity insider threat statistics

• Security threats can originate from anyone having access to proprietary data, and insiders are involved in 25% of all security incidents.
• Recent insider threat statistics indicate that 69% of organizations have witnessed either an attempted or successful threat to or corruption of data in the previous 12 months.
• According to IBM research, the average annual cost of an internal data breach is 11.45 million USD, with negligence being the cause of 63% of these incidents.
• A significant 90% of cyber-attacks are due to human error.

Cybersecurity job statistics

“While Amazon, Meta, Twitter, Microsoft, Google, and the other tech giants are going through layoffs, our industry has hung out an enormous Help Wanted sign; we expect brisk hiring in the cybersecurity space for the rest of this year, and through 2025.” - Steve Morgan, founder of Cybersecurity Ventures, told FOX Business.

• As of December 2022, the United States was home to approximately 1.1 million cybersecurity professionals, as estimated by Cyber Seek.
• The count of unfilled positions in the field stabilized in 2022 and continues to remain at about 3.5 million in 2023, with over 750,000 of these vacancies in the U.S. Despite efforts to find new talent and address employee burnout, the gap between the demand for and supply of cybersecurity professionals is expected to persist at least until 2025.
• As per a recent FOX Business report, technology companies have cut over 300,000 jobs in the last two years, and further job reductions are anticipated. Layoffs.fyi, a redundancy tracker that has been monitoring layoffs since the pandemic began reports that 470 technology employers have downsized their teams.

Suggested reading: Is Cybersecurity Hard to Learn?

Cybersecurity awareness statistics

• The 2022 Data Breach Investigations Report (DBIR) by a leading communications company reveals that human-related vulnerabilities were involved in 80% of data breaches.
• Nearly 70% of companies are scaling up their investments in cybersecurity budgets.
• Over one-third of organizations, 36% to be exact, report that they have started large-scale cybersecurity awareness and SecOps cross-training.
• Regrettably, according to Proofpoint's 2022 State of the Phish report, only a quarter of organizations devote "two or more hours" to formal training on an annual basis.
• Roughly 38% of people are unaware of their susceptibility to identity theft, a statistic that reveals a concerning gap in public awareness. (Third-party data breach statistics)

Statistics on cybersecurity: FAQ

How many cyber attacks happen per day?

Approximately 2.200 cyberattacks happen daily, while hackers attack every 39 seconds on average. Non-secure usernames and passwords are one of the most common reasons to give hackers success.

How many cyber attacks happen per year?

Given that approximately 2,200 cyberattacks are happening daily, the annual number of people experiencing hacking could potentially exceed 800,000.

Which country is number 1 in cybersecurity?

The National Privacy Test conducted by NordVPN evaluates nations based on their citizens' comprehension of fundamental internet safety practices. In 2023, despite frequent news of data breaches and leaks, the United States demonstrated commendable results in this assessment.

Which country is best for a cyber security job?

Based on a survey, Washington D.C. is the best place for people looking for cybersecurity jobs because there are many job openings and the pay is high. On a global scale, Singapore has the most cybersecurity job openings, while Luxembourg pays the highest salaries for these jobs.

Which year had the worst cyberattacks in history?

In 2021, two significant cyberattacks occurred with substantial global impact. First, a ransomware attack on Colonial Pipeline, one of the United States' largest oil pipelines, led to its shutdown. 

Second, widespread exploitation of the Log4J vulnerability, affecting large infrastructure providers like Amazon Web Services (AWS), created a major security concern worldwide. These incidents highlighted the escalating severity and complexity of global cyber threats.

How many people get hacked each year? 

Approximately 111.7 million Americans, nearly one in three, experience a data breach each year. This figure underscores the widespread prevalence of hacking and cyber security threats within the United States, emphasizing the importance of proactive measures to protect digital information and infrastructure.

Reading streak?

• What is UPnP? Why It's Still a Security Risk
• What is a Keylogger? How to Prevent It
• Top 20 Cybersecurity Events