The risk of cyberattacks has increased substantially in recent years.
But just how prevalent are cyberattacks in 2024?
In this report we'll cover the latest data on cybersecurity threats, the average cost of a data breach, and the ways cybercriminals look to steal an organization's sensitive data.
Contents
- Top Cyberattack Statistics
- How Many Cyberattacks Happen per Day?
- How Many People Get Hacked Each Year?
- Phishing Attack Statistics
- Malware Statistics
- Ransomware Statistics
- Cryptojacking Statistics
- IoT, DDoS, and Other Attacks
- Most Common Causes of Data Breaches in Cybersecurity
- Cost of Cybersecurity
- Cybersecurity Growth Rate
- Data Breach Statistics
- Cybersecurity Risks
- Largest Data Breaches and Hacking Statistics
- Cybersecurity Job Statistics
Top Cyberattack Statistics – Editor's Choice
- A cyberattack occurs roughly once every 39 seconds
- More than 800,000 people fall victim to cyberattacks each year
- 17% of all data breaches involve malware infections
- Criminal hacking causes more than 45% of sensitive data leaks
- Malware attacks cost companies an average of $2.6 million
- 95% of all breaches target government organizations, technological companies, or retail groups
How Many Cyberattacks Happen per Day?
Cyberattacks have become increasingly common in recent years.
In fact, studies conducted by the University of Maryland's A. James Clark School of Engineering found that more than 2,200 cyberattacks occur each day.
When broken down, that means someone becomes a victim of a data breach, phishing attack, or other cybercrime every 39 seconds.
Source:University of Maryland
How Many People Get Hacked Each Year?
Based on industry studies, cybersecurity professionals estimate that more than 800,000 people experience ransomware attacks, phishing attacks, or data security breaches each year.
According to a study conducted by Comparitech, approximately 88.5 million people are victims of cybercrimes every year.
Source: University of Maryland, comparitech
Phishing Attack Statistics
Phishing is the most commonly used cyberattack, making up roughly one-third of all reported data breaches and78% of all cyber-espionage attacks.
17 in 20 phishing schemes target login information, including email addresses, usernames, and passwords.
As a result, 20% of data breaches begin with stolen login information.
This is especially troubling as 85% of all web users reuse passwords for multiple accounts.
As of Q1 2024, cybercriminals create nearly1 million phishing sites per month – that's almost 7x as many as in Q2 2020.
And as a result, over 300,000 phishing victims lost a total in excess of $52 million in the space of a year.
Sources:Verizon,IBM, Bitwarden, APWG, Forbes
Malware Statistics
In 2023, there were over 6 billion malware attacks worldwide. That figure has remained fairly steady, ranging from 5.4 billion to 6.06 billion between 2020 and 2023.
The single worst year for malware attacks over the last decade was 2018 (10.5 billion attacks).
Here's a breakdown of the number of malware attacks worldwide since 2015:
Year | Number of Malware Attacks |
2015 | 8.2 billion |
2016 | 7.9 billion |
2017 | 8.6 billion |
2018 | 10.5 billion |
2019 | 9.9 billion |
2020 | 5.6 billion |
2021 | 5.4 billion |
2022 | 5.5 billion |
2023 | 6.06 billion |
Hackers and bots distribute over 94% of all malware infections via email.
And on average, a malware attack costs a company over$5 million.
Sources:Statista, GuardSite, UpGuard
Ransomware Statistics
Ransomware has become one of the most pervasive and fastest-growing threats to individuals and organizations worldwide.
Withattacks occurring every 39 seconds, cybersecurity professionals estimate that more than 300 million ransomware attack attempts happened throughout 2023.
Here's a look at the number of ransomware attacks per year since 2017:
Year | Number of Ransomware Attacks |
2017 | 186.3 million |
2018 | 206.4 million |
2019 | 187.91 million |
2020 | 304.64 million |
2021 | 623.25 million |
2022 | 493.33 million |
2023 | 317.59 million |
North America currently receives the largest proportion of industrial ransomware attacks (43%).
Here's a breakdown of industrial ransomware attacks by region:
Region | Distribution of Ransomware Attacks |
North America | 43% |
Europe | 32% |
Asia | 14.4% |
South America | 4.4% |
Middle East | 2.5% |
Africa | 1.5% |
Australia | 1.5% |
Sources: SonicWall, WatchGuard, Dragos
Cryptojacking Statistics
Cryptojacking is a form of cybercrime in which hackers use an individual or organization's computer system to mine cryptocurrencies like Bitcoin or Ethereum. While relatively new, the latest data indicate an uptick in unauthorized mining activities.
Criminals may initiate a cryptojacking attack in several ways, such as installing malicious software through an email attachment or infecting a webpage with JavaScript that launches the mining process when opened in a browser.
Cryptojacking volume in Q1 2023 reached 332.3 million. And across the year attacks rose by659%.
Around 29% of WordPress plugins on popular websites may have vulnerabilities resulting in a cryptojacking attack.
IoT, DDoS, and Other Attacks
In H1 2021, attackers caused more than 1.5 billion Internet of Things (IoT) breaches, up from only 639 million in 2020.
And in 2022, there was a reported 400% rise in IoT malware.
Most IoT network attacks occur via the telnet protocol, an interface that facilitates remote connection with a server or device.
Sources:IoT World Today, TechRadar
Most Common Causes of Data Breaches in Cybersecurity
With sophisticated phishing campaigns causing more than 30% of all data breach incidents worldwide, organizations have become increasingly aware of their substandard cybersecurity practices, which often contribute to the attacks.
Poor cybersecurity measures aren't the only reasons for data breaches, though. Other common causes include a lack of cybersecurity awareness training, easily accessible systems, and a lack of managed security services or adequately trained cybersecurity professionals.
Physical actions make up 4% of all data breaches, such as stealing paperwork or mobile devices.
Social engineering attacks and financial pretexting account for 22% of security breach incidents worldwide.
Criminal hacking is the most common cause of a data breach, with more than 45% of sensitive data breaches occurring due to hacking attacks, malware, malicious email attachments, or code injection.
Source: IT Governance
Cost of Cybersecurity
Cyberattackers have begun launching more advanced – and expensive – attacks in recent years.
According to the latest available data, the average cost of a successful attack reached $133,000. While high, the number doesn't come as a surprise since the cost of web attacks has increased by 15% annually since 2016.
Experts expect the numbers to continue to grow, with estimated global cybercrime costs reaching $10.5 trillion by 2025.
On average, data breach incidents cost companies more than $3.9 million. And malware attacks cost companies an average of $2.6 million.
As of 2024, the average cybersecurity spending per employee is an estimated $52.16.
Sources:Cyber Security Ventures,CSO Online,Accenture, Statista
Cybersecurity Growth Rate
Statistics show thatinformation security analyst roles will increase by 33% between 2020 and 2030.
This will result in more than 16,000 open roles each year.
As of 2023, the cybersecurity market is worth $172.32 billion. The market is expected to reach a total valuation of $424.97 billion by 2030, growing at a rate of 13.8% annually.
Sources:US Bureau of Labor Statistics,Fortune Business Insights
Data Breach Statistics
Over the last decade, more than 300 data breaches have resulted in the loss of at least 100,000 sensitive files.
2021 broke records with a reported 1,291 breaches between January 1st and September 30th in the United States, indicating a 17% increase from the number of cyber breach incidences in 2020.
In the entirety of 2023, there were 3,205 breaches impactingover 350 million people.
Employee or contractor negligence is the most common cause of a data breach incident, accounting for 48% of incidents worldwide.
Almost half (43%) of data breach incidents impact small businesses. In total, 95% of all breaches impacted government organizations, retail companies, or technology companies.
E-criminals use spear phishing or targeted emails to accomplish 91% of all successful breaches.
Sources:Forbes, Statista,Forbes,Security Magazine, Governing,PurpleSEC
Cybersecurity Risks
In total,69% of organizations don't believe they have adequate virus and malware protection to fend off attacks.
And around 2 in 3 companies store over 1,000 sensitive files without adequate protection.
According to cyberattack statistics, small businesses account for 43% of cybercrime.
Even so, just 14%of enterprises are prepared for an attack.
Generally speaking, small businesses and enterprises most frequently experience phishing or social engineering attacks. However, compromised or stolen devices make up 33% of small business cyberattacks, while credential theft accounts for 30% of breaches.
Sources: Vumetric,Norton, Embroker
Largest Data Breaches and Hacking Statistics
2021 saw a number of significant (and well-publicized) cyberattacks, including:
- The Colonial Pipeline Attack: In May 2021, Colonial Pipeline, a major oil and gas company in the United States experienced the largest cyberattack of the year. The hacking group DarkSide breached Colonial Pipeline's network and halted pipeline operations, resulting in a fuel shortage in the Southeast. The group also threatened to release almost 100 gigabytes of data unless Colonial Pipeline paid a ransom of $4.4 million in Bitcoin.
- JBS Foods Hack: On May 30, 2021, the ransomware group REvil hacked JBS Foods, a meat processor that supplies most of the United States' beef and pork. JBS paid an $11 million Bitcoin ransom to restore its network operations less than a month later.
- CNA Ransomware Attack: CNA, a major insurance provider in the US, fell victim to a ransomware attack from a group called Phoenix. The hackers stole a substantial amount of data and demanded a record-breaking $40 million ransom for the information, far exceeding the average cost of a web breach.
In total, 95%of breaches occur due to human error.
And only 5% of organizations' storage folders have adequate protection.
Nearly 90% of all breaches are motivated by financial gain.
As many as 94% of impacted organizations have retrieved their encrypted data.
Sources:WhatIs,Vox,Chicago Tribune,Cybint,Varonis,Verizon,Sophos
Historic Data Breaches
Since the first cyberattack occurred in 1999, cybercriminals have continued to ramp up their efforts and impact major corporations, government organizations, and social media platforms.
For example, the Wannacry virus affected thousands of groups worldwide, resulting in $4 billion or more in costs. In contrast,MGM's 2019 breach exposed more than 142 million guests' personal information.
Notable Breaches:
- Marriott experienced a security breach in 2020 that exposed the information of more than 142 million guests
- A 2020 Twitter (now X) breach targeted accounts of former presidents and world figures like Elon Musk, resulting in 300 transactions worth $121,00 in Bitcoin
- In 2016, hackers stole the information of more than 57 million Uber drivers and customers
- In 2013, Yahoo experienced one of the largest data breaches of all time, with more than 3 billion accounts hacked
Sources:Technology Inquirer,CPO Magazine, Marriot,CNBC,Uber,New York Times
Cybersecurity Job Statistics
Experts predict that jobs in the cybersecurity industry will grow at an unprecedented rate of 33% between 2020 and 2030, resulting in over 16,000 open jobs each year due to increasing demand for skilled cybersecurity professionals.
Data shows the positionsstart at $140,000 annually, making it the highest-paid role in the industry.
More than 60% of organizations don't think current cybersecurity applicants are qualified.
Open web security roles have increased by 350% from 2013 to 2021.
Sources:US Bureau of Labor Statistics,Cybint, Cybercrime Magazine
Conclusion
There's no doubt about it: cyber attacks have become an increasing concern for major organizations, small businesses, and individuals.
With data showing that the cybercrime industry will climb as high as $300 billion by 2028, it pays to invest in training, tools, and professionals to protect sensitive information from cybercriminals.
For more related content, check out Huge Cybersecurity Trends and Top Cybersecurity Startups to Watch.