Cybersecurity is a common topic among consumers and businesses alike.
As we continue to spend more of our lives in the digital world, we’re all looking for ways to keep ourselves, and our data secure. Unfortunately, while digital transformation unlocks countless opportunities for better communication, innovation, and productivity, it also paves the way for new forms of cybersecurity attacks.
The consistent effort to secure the digital environment has driven an ever-growing cybersecurity market. By 2028, experts predict the industry will be worth around $372.04 billion. Already, the space stands at a value of around $179.96 billion as of 2021.
These cybersecurity statistics will tell you everything you need to know about the landscape.
Key Cybersecurity Statistics – Editor’s Choices
- Cybersecurity market size is growing at around 10.9% CAGR worldwide
- The 2020 pandemic caused a significant uptick in cybercrime and phishing.
- Healthcare is the most expensive industry for data breaches, with lost data causing around $7.18 million in losses during 2020.
- It can take up to 280 days for a cybersecurity breach to be discovered and contained.
- Around 95% of cybersecurity breaches are a result of human mistakes
Cybersecurity Statistics: The State of Cybersecurity
1. In 2020 total security spend was at $123 billion
Gartner found responding security issues is one of the biggest challenges companies faced in 2020. The overall average security spend for 2020 sat at around $123 billion, with many organizations investing in things like automated security checking and intelligent systems.
2. The number of data breaches increased by 2020
In 2020, RiskBased Security found that data breaches exposed around 36 billion records, just in the first half of the year. That’s double the number of records exposed throughout the whole of 2019. The study also found that around 43.6% of the companies reporting data breaches in 2020 omitted the number of records exposed, indicating a higher degree of loss.
3. Most security breaches are caused by humans
We often assume that bad technology is the cause for cybersecurity problems, but around 95% of security breaches actually come from human error, according to Cybint solutions. The best first-step for any security strategy may therefore be properly training teams to stay secure.
4. Cybercrime issues could account for around $5.2 trillion in losses
Accenture found that in the years from 2019 to 2024, the total losses experienced by cyber crime could add up to around $5.2 trillion. Notably, Accenture also found that malware is currently the attack type that costs the most to overcome. The price of dealing with malware has increased by 11%, while the cost of malicious insider attacks from within the business has risen by 15%.
5. 497 data records per second were stolen or lost on average in 2019
An Iomart study revealed that around 479 data records were either stolen or lost every second during 2019. This accounts for around $71,823 lost per second, or an average of $6,205,479,452 lost per day, according to the company’s calculation of information value.
A data breach can also cause a company to lose value in terms of stock and reputation. The average company would experience a value drop of around 7.27% after a cybercrime issue. This could lead to millions in loss for larger businesses.
6. Security services made up 50% of cybersecurity budgets in 2020
Gartner’s review of information security spending in 2019 found that worldwide investment in security services is increasing. In 2020, around 50% of spending for cyber issues was dedicated to security services designed to help companies overcome common vulnerabilities.
7. The most expensive component of a cyberattack is lost information
Accenture’s 2019 Cost of Cybercrime Study found that the most expensive component of any cybersecurity issue is information loss, equating to around $5.9 million. The report also found that people-based attacks are currently increasing the most today, with Malware increasing by 11%, and web-based attacks seeing an increase of 13%.
Cybercrime Statistics: Preparedness
8. 64% of Americans have no idea what to do in the event of a breach
Varonis found most American citizens don’t know what to do if they’re hit with a data breach. Around 64% said they wouldn’t know what to do if data was stolen, and another 64% have never even checked to see whether they’ve been victim to an attack.
9. It takes an average of 280 days to find and contain a data breach
According to the Ponemon institute, it takes up to 280 days on average for companies to find the source of a data breach after a cybersecurity issue. The number of days on average can vary depending on the industry. For instance, retail workers often find the source of a breach within 197 days.
10. Companies leave a huge number of sensitive files open to employees
The Varonis team found that the average employee has access to around 11 million files at work. Around 17% of all sensitive files are also accessible to all employees, and 15% of companies leave more than a million files available for any staff member. Even worse, the same Varonis study found that 60% of companies have over 500 accounts with non-expiring passwords.
11. Vulnerabilities are everywhere
Verizon notes that around 93% of all malware arrives on our computers via email, and phishing is currently the number one form of social engineering attack. Phishing accounts for around 80% of all reported incidents today. Of course, there are plenty of other sources of vulnerability today’s companies aren’t prepared for. Around 11,000 exploitable issues are listed by the CVE database today, and 34% had no patches available at the end of 2019.
12. 18% of SMBs still list security as their lowest priority
Despite a rising number of cybersecurity attacks, around 18% of SMBs in 2019 said they consider cybersecurity investment and protection to be their lowest priority. A further 66% of respondents said they consider a cyberattack to be an unlikely issue for their business, even though 67% of SMBs were hit by an attack in 2019.
Cybersecurity Statistics: Cybercrime Trends
13. Malware is the most common cybercrime attack
Audit analytics found that the most common form of cybercrime for 2020 was malware (34%), followed closely by Phishing (25%), and unauthorized access to specific pieces of personal information (20%). The report also found that social security numbers are being stolen at an increasing rate, with breaches increasing by 500% between 2016 and 2019.
14. Healthcare, IT, Finance, and Public Administration are the main target for data breaches
In 2020, the pandemic prompted healthcare to take the top spot as the most targeted industry for cybercrime and attacks. 341 reports were reported during Q3 of 2020 in healthcare, followed by 306 in Information, 274 in finance and insurance, and 259 in public administration.
15. The average ransomware payment rose by 33% in 2020
The cost of ransomware in cybercrime is increasing, particularly following the pandemic. According to Fintech News, Coronavirus has led to a 238% increase on attacks on banks. What’s more ransomware attacks 148% in March, with the average price of a ransomware payment raising by 33% in 2020 to $111,605.
16. Ransomware detections are more dominant in countries with high levels of internet connections
The more connected a country is, the more likely they are to face ransomware attacks. The US is the current leader in ransomware attacks, accounting for 18.2% of all breaches worldwide. Symantec has also found a rapid increase in the number of ransomware variants appearing each month.
17. By 2023, there will be an average of 15.4 million DDoS attacks worldwide
Cisco’s annual internet report for 2018 to 2023 notes that DDoS attacks are growing increasingly prevalent in the digital world. The report indicates there will be around 15.4 million DDoS attacks happening worldwide by 2023. Cisco also believes that new risks will emerge in the form of 5G, networked devices, and public Wi-Fi hotspots. Year over year, the number of DDoS attacks has increased by around 39%.
Cybersecurity and the 2020 Pandemic
18. Since the pandemic began in 2020, cybercrime reporting increased by 300%
Working together on a report into cybercrime, Google and the FBI Internet Crime Complaint center revealed a huge increase in attacks since the start of the pandemic. The number of complaints rose from around 1000 issues per day, to between 3,000 and 4,000 in the pandemic. Google also reported a massive increase in COVID-19 related phishing attacks.
19. Cybersecurity incidents have increased in almost every industry
According to Verizon, 2020 saw around 157,525 collected incident reports and 108.069 breaches. More than 100,000 of the breaches reported involved compromised credentials of individual users cloud data and bank account details. The most significant rise in incidents appeared to happen in the Accommodation industry, followed by administration, agriculture, construction, education, entertainment, finance, and healthcare.
20. Americans lost $97.39 million to Stimulus Check Scams
Many of the major issues with cybersecurity that arose from the pandemic came from criminals taking advantage of vulnerable people during lockdowns. Online shopping scams were particularly common, with 23,296 cases as of August 2020. However, Americans were also found to have lost around $97.39 million to COVID-19 stimulus check scams during 2020 too.
21. Remote work has increased the cost of data breaches
IBM’s research into global cybersecurity and data breaches found that the cost of a data breach has increased with the arrival of remote work. On average, the cost to a company for a single data breach can range to around $137,000. This might have something to do with the findings from other pandemic studies. For instance, 47% of employees cited distraction as the primary reason for falling for phishing scams at home.
22. Remote workers have caused security breaches in 20% of organizations
Research into the cybersecurity risks of remote work indicate that hybrid and distance workers could represent a significant problem for teams. Around 20% of companies say they dealt with security issues as a result of remote working activities. 24% said they had to pay to deal with a malware attack or cybersecurity breach following lockdown orders, and 18% admitted cybersecurity wasn’t a priority for their remote employees.
Cybersecurity Statistics by Industry and Business Size
23. Healthcare is a focus area for cybercrime
While all companies from any industry can face the threat of cyber criminals, healthcare is particularly at risk. During 2020, Healthcare breaches per month accelerated at an incredible rate. According to the HIPAA journal, around 95 breaches of 500 or more records were recorded during September, an increase of 156.75% compared to August.
24. The average cost of a financial services data breach is $5.85 million
The average cost of a data breach in financial services is around $5.84 million. In 2020, financial services also boasted the lowest average time to identify and contain data issues, however. The average company in this sector will take around 233 days to detect and contain an issue. Unfortunately, there are still a lot of risk factors. For instance, 64% of financial services companies have over 1000 sensitive files open to access for any employee.
25. Smaller organizations are still at risk
Many companies believe that it’s only the big brands targeted by criminals in cybersecurity events. However, smaller companies have the highest targeted malicious email (phishing) rate according to Symantec. Around 1 in every 323 emails are malicious.
26. 50% of larger enterprises are spending more than $1 million annually on security
Bigger companies are also dealing with significant levels of risk. Around 50% of large companies with more than 10,000 employees are spending more than $1 million each year on security. Cisco also found that around 43% of these employees were spending between $250,000 and $999,999 per year.
27. The US handles the highest data breach costs in the world
A report by IBM into data breaches caused by cybersecurity problems found the US is the most expensive country for data breaches. US companies spends around $8.46 million on average to respond to data breaches. The second more expensive region was the Middle East, at around $6.52 million. Of all industries in the US with data breach costs to consider, healthcare was the one most likely to lead to expensive outcomes.
Understanding Cybercrime Statistics
Cybercrime will always be a central concern for businesses in the digital world. As companies continue to rely more on access to the right technology for innovation and growth, the potential for cybercrime issues continues to increase. Being aware of the numbers could mean you can make better decisions about your cyber protection strategy.