Hacking statistics are becoming more worrying all the time. Whenever companies and security brands find a way to protect against hackers and cybercriminals, it seems like those criminals suddenly discover a new way to circumvent their safety measures.
According to experts, the cybercrime environment will cost the world an average of $10.5 trillion by the time we reach 2025. This is a huge increase from $3 trillion in 2015.
As we continue to spend more time online for the purpose of communication, productivity, entertainment, and shopping, hacking issues are greater than ever. We saw a particularly significant increase in the number of hacking issues facing today’s consumers during the pandemic of 2020, when criminals tried to take advantage of the increased time we spent online.
Today, we’re covering some of the most important hacking statistics you should be aware of as we head into 2022 and beyond.
Key Hacking Statistics – Editor’s Choices
- Globally, cybercrime costs the world more than $1 in economy opportunities each year.
- Remote workers are a particular target for many cyber criminals today
- Around 95% of all cybersecurity and hacking breaches are caused by human error
- The average cost of a hack for each company is around $3.86 million
- The average time to identify a breach in 2020 was around 207 days.
Hacking Statistics: The Costs of Hacking
1. Cybercrime costs the world economy more than $1 trillion per year
McAfee believes the cost of cybercrime around the world is around $1 trillion per year, accounting for around 1% of our total GDP.
The costs of cybercrime are often influenced by a number of factors of course, including the degree of damage caused, the theft of certain property (intellectual or otherwise), and the costs of stolen money. When companies lose data, there are hours of work put into fixing the problem.
2. The cost of hacking is increasing
(FBI and McAfee)
The FBI revealed that although they considered the cost of cybercrime to be around $3.5 billion for the US in 2019, the actual toll could be a lot higher, because many exploits and attacks go unnoticed.
Even without a clear view of un-reported crimes, the cost of cybercrime is increasing significantly on a yearly basis. McAfee found the costs of an attack are increasing, but that the costs of managing an event before and after an attack are higher now too.
3. The Average cost of a data breach is around $3.86 million
According to IBM, the average cost of a breach in data is around $3.68 million as of 2020. In 2021, this cost accelerated to $3.61 million in hybrid cloud environments. What makes the costs of data breaches even grater is that the average time to identify a breach is often around 287 days.
The average cost of a ransomware breach was around $4.62 million in 2021 according to IBM, and healthcare suffered the worst, with the highest total cost for a data breach according to industry.
4. The most expensive part of a hack is the lost information
According to Accenture’s report on the costs of cybercrime, the most expensive component of any breach is a loss of information. The los of information costs around $5.9 million, Accenture notes. What’s more, the number of hacking attacks focused on targeting specific people or personal data is increasing. Malware and web-based hacking attracts increased significantly in recent years.
RiskBased Security found in 2020, data breaches exposed around 36 billion records in the first half of the year – double the number of records exposed in all of 2019.
5. Attacks involving compromised passwords cost SMBs around $384,598 per attack
(Ponemon Institute and Keeper Security)
According to report by the Ponemon Institute and Keeper Security, 68% of SMBs worldwide say their employees passwords were lost or stolen in 2019. Additionally, 68% also said employees using weak passwords was one of the biggest causes of hacking issues. Attacks involving compromised passwords cost around $384,598 per attack.
Unfortunately, only 48% of companies require employees to use strong or unique passwords, and 55% of brands say they don’t have employee password usage policies. Only 38% of SMBs stop employees from using the same password on all internal systems.
6. In the past 5 years there have been over 2.2 million complaints about internet crime to the FBI
According to the Internet Crime Complaints Center – or IC3, the number of complaints issued to the center has increased significantly in the last five years. Around 2.2 million complaints were recorded in 2020. The FBI notes this is a significant increase since the beginning of 2016. What’s more, the cost of the cyber-attacks is higher too.
In 2016, complaints of hacking and cybercrime accounted for around $1.5 billion in losses. In 2020, the complaints accounted for around $4.2 billion.
7. White Hat Hackers are Earning Significant incomes
According to HackerOne, not all hackers are necessarily criminals. White hat hackers, the people responsible for checking the quality of security and data protection strategies for businesses, are helping companies to reduce their risk stgatus. The white hat hackers working within HackerOne in 2019 earned around $40 million in bounties.
Even more impressive, there were around 6 hackers on the platform who earned more than $1 million in lifetime earnings by attempting to hack companies.
8. 46% of organizations received malware via email in 2020
Hacking strategies can take place in a range of environments. According to Verizon’s annual data breach investigation, around 46% of organizations received malware intended to give hackers access to their servers through email. 96% social actions were also delivered by email, where only 3% were delivered through a website.
9. 55% of phishing sites used target brand identities in URLs for hacking
The 2020 report from F5 labs on phishing and hacking found a massive increase in the number of phishing attacks in 2020. In fact, there were 15% more phishing attacks in 2020 compared to 2019. 55% of all phishing attacks also used target brand names and identities of other companies in their URL, domain name, or path to trick customers.
10. In 2020 hackers sold over 500,000 Zoom passwords on the dark web
Criminals will often take advantage of events happening in the world, the concerns of their targets, and the vulnerability of society to make money. This was particularly evident in 2020, when countless hackers started sending COVID-themed phishing emails to attempt to hack personal and business accounts.
Forbes reported in April 2020 that hackers stole and sold over 500,000 passwords for the popular video-conferencing tool, Zoom, which ended up on the dark web. The information included personal user names too.
Hacking Statistics: Hacking trends
11. Credentials are the most sought-after data in a hack
Verizon’s report for 2021 on data security found that credentials are still one of the most sought-after data types, followed by personal data like social security numbers, names, and addresses. This demonstrates the importance of users protecting their own data and business data when using digital assets.
IBM’s data report for 2021 also found hackers to be in search of personal details. The most common records compromised in this report were customer PII and anonymized customer data.
12. Hacking attacks increased significantly during 2020
According to studies from Iomart, the number of cyberattacks, hacking, and their resulting costs have increased significantly during 2020. The number of breaches increased around 273% during the first quarter of 2020, compared to the same period in the year before. Not only has the number of attacks increased, but the severity of the hacks is higher too.
According to Japanese brand, Honda in June, a hacking attack hitting internal production systems cost the company around $250,000 in bitcoin.
13. Remote working may be causing increased hacking issues
According to IBM and the Ponemon Institute, there’s been a 10% increase in the average total cost of data breaches between 2020 and 2021. Remote working and digital transformation caused by the pandemic of 2020 increased the average cost of a data breach by around $1.07 million.
During the pandemic, IBM notes customer PII was the most common type of record lost, included in around 44% of breaches, and each record was worth around $180.
14. More than 85% of breaches in 2021 involved a human element
The Verizon Data Breach Investigations report for 2021 found around 85% of breaches involved a human element, and 61% involved using an employee’s credentials stolen from the business.
In 2021, the majority of attacks came from social engineering, phishing, and Denial of Service attacks, according to Verizon. Particularly, Phishing became one of the most significant threats during the pandemic.
15. 60% of senior decision-makers still aren’t taking cybersecurity seriously
A report by Keeper Security found around 60% of decision makers in small to mid-sized companies place cybersecurity at the bottom of their list for things to invest in. Small businesses with less than 500 employees in particular are most likely to believe they won’t fall victim to a cyber-attack. Two out of three senior SMB leaders say cyber attacks are unlikely.
Perhaps more worryingly, around one out of four senior leaders in this report said they have no idea where to get started with their cybersecurity measures.
16. 53% of users haven’t changed their password in the last year
Despite numerous reports in the last couple of years highlighting the impact of a poor password on data security and hacking issues, 53% of users worldwide haven’t changed their password in a year. 42% of customers say they believe a password should be easier to remember, rather than secure.
80% of users in this study said they’d be concerned if their password was compromised, but 48% wouldn’t change their password if it wasn’t required. When asked where they’d be tempted to create strong passwords, 69% of users said they would do so for financial accounts, and only 29% said they would create a strong password for work-related accounts.
17. In 2021 the most common initial attack vector was compromised credentials
IBM reported the most common initial attack vendor to be compromised credentials in hacking cases. In other words, this is when people lose their username or password. Compromised credentials accounted for around 20% of attacks, while phishing was responsible for 17%, and cloud misconfiguration led to around 15% of hacks.
Though business email compromise was responsible for only 4% of hacking incidents in this report, it also had the highest average cost at around $5.1 million per attack. The second most expensive initial attack vector was phishing, at around $4.56 million.
18. Over 80% of attacks are financially motivated
For the last several years, Verizon’s reports on the hacking and cyber crime landscapes have revealed the number one motivator for attacks to be finances. In 2020, the number of financially motivated attacks far outweighed the number of attacks prompted from reasons like espionage.
The most common figures behind hacking attacks are those in the organized crime world. Organized criminal syndicates account for around 80% of all attacks.
Verizon notes only around 5% of attacks in North American organizations in 2020 were motivated by espionage, while 3% were motivated by grudges, often involving former employees.
Stay Updated on Hacking Statistics
Even in the midst of a significant pandemic and global health issue, hackers have continued to act in malicious ways, attacking businesses and individuals alike. As technology advances, and we rely on the digital world more commonly after the pandemic, it’s important for everyone to be vigilant.
The latest hacking statistics show companies and individual users need to take more care in ensuring they protect themselves fully against criminal attacks. Whether it’s using stronger passwords via a dedicated password manager app or being more cautious about the files you open, we all need to do our part.