Cybersecurity Statistics – 2023

The number of malicious programs released online has reached a tremendous scale. Some estimates suggest that over 350,000 new malware samples are produced daily. Some 30 years ago, the internet was a new and captivating universe. Today it can be a dangerous place. That’s why we prepared the latest cybersecurity statistics which will hopefully help you and your business stay safe on the world wide web. 

Cybersecurity Statistics (Editor’s Choice)  

• 24% of cyberattacks in Bangladesh come from China. (Finances Online) 
• Denmark has the lowest percentage of computer malware infections at 3.15%. (Secure World)
• Enterprises will spend $12.6 billion on cloud security tools by 2023. (Forbes) 
• Small businesses are the target of 43% of cyberattacks. (Cybint Solutions) 
• 72% of Americans worry that they will become a victim of identity theft. (Statista)
• 76% of organizations believe insider abuse is their greatest security threat. (Security Boulevard) 
• 90% of executives complained of increased cyberattacks due to COVID-19. (Security Boulevard)

Cybersecurity Stats Rundown

1. The global cybersecurity market is expected to top $270 billion by 2026.

Cybersecurity threats have always been an issue for organizations worldwide. Data indicates that the global spending on external products and services to combat cyberthreats will increase by 8.4% per year, and from the current $173 billion, it’s expected to reach $270 billion by the end of 2026. Resources invested in in-house cybersecurity functions are expected to grow at an annual rate of 7.2%.

(Forbes) 

2. Bangladesh has the highest number of cyberattacks coming from China (24%).

Cybersecurity facts and figures show that 24% of all the cyberattacks in Bangladesh come from China. The other 13% are from North Korea, while 7% are from Pakistan and the US, respectively. 

(Finances Online) 

3. Personal information stolen on social media nurtures an underground economy worth about $630 million.

Social media facilitates theft and information breaches around the world, feeding an industry worth nearly $630 million. The general perception, as cybersecurity facts indicate, is that cybercriminal activities take place mostly via mysterious and secretive online channels, such as the dark web. In fact, studies on recent security breaches found that personal information like passwords, usernames, and stolen credit card info very often (45% to 50% of the time) goes in the hands of web criminals via social media platform breaches. 

(Security Boulevard) 

4. By 2023, enterprises will spend $12.6 billion on cloud security tools.

Cybersecurity stats reveal that businesses will most likely invest $12.6 billion in cloud security tools which means that since 2018 when the spending was $5.6 billion, the numbers are only going up. Cloud security solutions are another thing enterprises need to worry about, since this item too is expected to increase from $636 million in 2020 to $1.63 billion US dollars in 2023, reaching a 26.5% compound annual growth rate.

(Forbes) 

5. Information leaks are the most expensive and can cost up to $3.86 million per incident. 

There are many facts about cybersecurity to keep in mind when looking for maximum protection for your business, and one is that data breach is the most expensive cybersecurity issue facing businesses. In financial terms, information leaks are the costliest, causing enterprises annual losses in millions. At present, the US has the highest average cost per breach ($ 8.64 million). This comes on top of reputational damage and losing hard-earned customers.

(Gatefy) 

6. Cybersecurity breaches have increased by 67% since 2014.

Cybersecurity statistics only confirm what everyone already knows: when it comes to virtual space, threats are imminent. Stats show an increase in security breaches by 11% since 2018 and by a staggering 67% since 2014. Bearing in mind that breaches that happened in 2020 took an average of 207 days to identify and had an average lifecycle of 280 days until containment, to avoid major damages, enterprises must be entirely protected at all times. 

(Varonis) 

7. With 3.15%, Denmark has the lowest percentage of computer malware infections. 

In regards to the number of cyberattacks per year, Finland has the lowest percentage of mobile malware infections reported in 0.87% of mobile users. Similarly, Denmark is the leader as a super-protected country with computer malware infections reported by only 3.15% of users. Financial attacks, which are probably the most serious cybersecurity incidents, are lowest in number in Denmark, Ireland, and Sweden and have been reported by as little as 0.1% of users.

(Secure World)

8. By the end of 2021, cybercriminal activity was estimated to cause over $6 trillion worth of annual damages worldwide.

The damages inflicted by cybercriminals worldwide are set to pass the $6 trillion mark as soon as the end of 2021, doubling from $3 trillion in 2015, as suggested by cybersecurity threats statistics. Experts are unanimous that cybercriminal activity will be one of the greatest challenges facing humanity in the coming two decades.

(Data Privacy Group)

9. Some 146 billion records will be exposed between 2018 and 2023.

This forecast is part of a recent study by Juniper and reflects the number of actual, not reported breaches. Estimates are based on new legislation that will bring to light 90% of security breaches in North America. The US will keep its lead on the list of priority hacker destinations as it is the home of the most valuable information obtained through illicit cyberactivities.

(IRM Security) 

10. Only 10% of cyberattacks in the US get reported.

US cybersecurity trends show that authorities register only a 10%-to-12% fraction of the attacks that take place in the country. The key reason behind the vastly undercounted rate of cybercrimes is that they’re impossible to prove. Another factor that stops people short of notifying authorities about the crime is reputational harm. In some cases, hackers steal sensitive personal files, such as embarrassing photos, to seek ransom from their owners, who in turn don’t want to be exposed.

(CPO Magazine) 

11. 74% of Americans worry someone may steal their financial or personal info.

US cybersecurity facts show that in 2020, 74% of Americans felt threatened someone might steal their financial or personal info, but only 30% were afraid they could become victims of terrorism. Another 72% of Americans claimed they felt terrified of becoming a victim of identity theft, which makes sense considering how easy it is for cybercriminals to get their hands on private data.

(Statista)

12. The US President’s Budget has allocated $18.8 billion in cybersecurity funding. 

Trends in cybersecurity point to an increasing tendency on behalf of government institutions to allocate funds to combat cybercrime and the White House as an institution does not fall far behind in this endeavor. The current administration has dedicated nearly $18.8 billion to be spent on federal programs and initiatives to boost cybersecurity. Over one billion of this is intended for the Department of Homeland Security for their efforts to fight cybercrime.   

(Govinfo)

13. The global cyberinsurance market is set to grow to $20.4 billion by 2025.

In 2020 the global cyberinsurance market was $7.7 billion. However, the rate at which businesses face risks of cyberattacks is far higher than the one at which they’re adopting cyberinsurance. Cybersecurity statistics reveal that only 55% of business executives have allocated more funds for this item in 2021. Luckily, projections are that the market will top $20.4 billion by 2025, meaning companies and governments will be spending 3X more to be safe against data-breach or cyber-liability.

(Finances Online)  

14. More than 77% of organizations don’t have a cybersecurity incident response plan.

The importance of having a proper response plan for cybersecurity incidents is overlooked by a whopping 77% of organizations working today. Meanwhile, more than half of participating companies (54%) admit they have been the target of one or more cyberattacks in the past 12 months. 

(Cybint Solutions) 

15. Nine out of ten organizations say they are at risk of a cyberattack.

Cybersecurity attacks statistics mention that the majority of businesses (91%) believe that they could be victims of a potential cyberattack at any given time, which is why they are working on taking all possible measures to combat this threat. More bad news is that a massive 95% of CIOs are not optimistic that threats related to cybersecurity will get better any time soon. Instead, they claim it will only get worse.

(Securious) 

16. 48% of cyberattacks are motivated by malicious intent, and the rest are due to human error.

Cybersecurity stats show that a surprisingly high percentage of malicious attacks are caused by acts of human error or system failure. Some of the common issues facilitating cybercriminal have to do with a lack of training on external connectable devices (phones, USB flash drives, etc.), password updates, negligence, etc. Recent surveys mention that mobile apps are responsible for 63% of cybersecurity incidents, followed by device lock information (37%). 

(Best VPN) 

17. Small businesses are the target of 43% of cyberattacks.

Small business cybersecurity statistics show that hackers find small businesses an easy target as most of them are struggling as it is and are not making sufficient investments in programs to protect their data. Data also shows that web-based attacks were experienced by 64% of companies. Phishing and social engineering attacks were experienced by 62% of companies, while 59% of companies experienced attacks originating from malicious code and botnets. DoS attacks were experienced by 51% of companies.

(Cybint Solutions) 

18. 65% of American SMEs fail to act after suffering a cyberattack.

Cyberattack statistics by year confirm that over half of US SMEs were victims of a cyberattack in 2018. Of them, 44% suffered two or more attacks in the same year. What is interesting is that following one or more cybersecurity incidents, a total of 65% of businesses failed to act at all, let alone accordingly. One explanation is that a high percentage of smaller businesses do not even realize these incidents could lead to a cyberattack. 

(Top VPN) 

19. Only 5% of corporate files are efficiently protected against cybercrime.

Hacking statistics reveal an alarming fact: most business information is entirely unprotected against cybercriminals. A recent report by Varonis shows that 95% of files belonging to companies around the world are there for hackers to use as they like. In the first half of 2020 alone, data breaches had exposed 36 billion records.

(Varonis) 

20. Every month, 44% of retail firms and 83% of financial companies get hit by an average of 50+ cyberattacks.

Retail cybersecurity breach statistics published as part of a recent report by the Ponemon Institute show a cyberattack occurs in either of these types of businesses just short of twice each day. Obviously, cybercriminals aren’t picky about who or what they target, they just go for the biggest score. 

(Best VPN) 

21. 57.7% of organizations cite a lack of skills as the main challenge of their SOC team.

Despite cybersecurity being a growing concern for an increasing number of companies around the world, experts on the matter are rare. Cybersecurity jobs statistics reveal that it is the industry that has the most evident skill gap. Believe it or not, more than 3.5 million cybersecurity positions remain vacant. So, unless you want your SOC team to be part of the 57.7% citing lack of skills, act now before your expert goes to work for the competition.

(Cyberbit) 

22. Data breach statistics confirm that, in 2020, email malware attacks were up by 600% compared to 2019.

Cybersecurity breaches most often happen via email and phishing attacks. IT experts specializing in cybersecurity say that ensuring data is protected from phishing attacks is their top priority as $17,700 is lost every minute because of it. Stats further suggest that ransomware attacks increased by over 40% during the same period.

(CSO) 

23. Cyberattack statistics say a ransomware attack takes place somewhere around the world every 14 seconds.

In the plethora of cyber-attacks out there, ransomware attacks seem to stand out. And it’s not just businesses that suffer. Individuals, too, need to be extra careful. According to the 2019 Official Annual Cybercrime Report, a ransomware attack takes place every 14 seconds somewhere around the world, and the interval is set to shrink to 11 seconds by the end of 2021. 

(Privacy Crypts) 

24. Espionage was the motive behind 25% of security breaches, while 71% were motivated by financial gain.

Recent cyberattack and cybersecurity trends reveal the motive behind most cybercrimes (71%) is to illegally obtain financial resources. Around a quarter (25%) have to do with espionage, according to a report by Verizon. Other types of cybercrime in 2019 were social engineering (roughly 33%), followed by phishing (approximately 32%). Malware was the motive behind close to 28% of all breaches. The runner-up on this list is hacking, which was the reason for more than half (52%) of all breaches in 2019.

(Infosec Institute) 

25. For 33% of IT and cybersecurity professionals, “visibility in the cloud” is the top cybersecurity challenge.

Cybersecurity statistics show that the majority of organizations today see detecting and reacting to cybersecurity incidents in the cloud as their greatest challenge. 29% of over 450 IT and cybersecurity professionals interviewed as part of a survey by KPMG and Oracle expressed concern over the lack of qualified staff and skills. For 27%, the main problem is insufficient alignment between IT and security operations teams, while 26% pointed to the unauthorized use of cloud services. 

(Bricata) 

26. 76% of organizations believe insider abuse is their greatest security threat.

One of the more interesting facts about cybersecurity is that three-quarters of businesses are most concerned about the “enemy within”. The findings are part of KnowBe4’s 2019 Security Threats and Trends global survey, which covered more than 600 organizations worldwide. Insider threats come from end-users who carelessly and regularly put organizations at significant risk. These users engage with malware, ransomware, phishing emails, and other dangerous content frequently, and thereby cause substantial damage to their organizations.

(Security Boulevard) 

27. In just five years, cyberattacks targeting organizations have increased by 67%.

The average number of attacks targeting organizations went up to 145 in 2018 from 130 in 2017, cybersecurity facts show. Their number will continue to rise as cybercriminals grow more unpredictable and creative. According to experts, AI is also set to join the arsenal of illicit online behavior instruments. After all, cybersecurity companies are not the only ones utilizing the latest advancements in the world of technology. Hackers can also learn the ways of security systems in a bid to abuse and exploit them.

(IT Business Net) 

28. 37% of all malicious email attachments are .dot and .doc. 

The #1 spot on the list of top malicious email attachments is occupied by .dot and .doc format files (over a third), followed by .exe files with 19.5%. These cybercrime statistics featured in a Symantec report clearly show that email is the most practical tool for cybercriminals to commit breaches into business and individual information alike. The best way to maintain a high level of protection is, of course, to use antivirus programs. It doesn’t hurt to employ some common sense as well.

(Varonis)

29. 90% of executives complained of increased cyberattacks due to COVID-19.

Cybersecurity statistics from a recent study done by Tanium reveal that the pandemic had a significant impact on enterprise and government organizations. In fact, nine in ten IT leaders reported an increased number of cyberattacks while another 98% said that they were facing security challenges within two months of the start of the pandemic. At the same time, the study showed that 93% of companies delayed their security projects because they were forced to transition to remote work.  

(Security Boulevard)

30. Global healthcare organizations experience 626 weekly attacks on average.

Let’s be clear, this number is the average per organization and is much higher now than what cybersecurity stats showed only two months ago (430 attacks per week). Furthermore, financially motivated cyberattacks on the healthcare sector noted a record in Central Europe (145%), although the situation is most dire in Germany and Spain where the attacks have increased by as much as 220%. It seems North America was lucky and saw the lowest increase by only 37% with Canada being affected most (by 250%).

(InfoSecurity Magazine)

Frequently Asked Questions 

Why is cybersecurity important?

Cybersecurity is critical because the risk of cyberattacks is on the rise across a variety of platforms, methods, and technologies. Cybersecurity exists as a method of protection from cybercrime, and as such, is vital for keeping our daily lives undisturbed. Our society today relies on technology more than ever before. With the massive penetration of various cloud services (for storing personal information and sensitive data), as well as global connectivity, cybersecurity risk is ever-increasing. 

(Upguard)

How many cyberattacks happen per day?

More than 30,000 websites are threatened by hackers on a daily basis. However, cybersecurity statistics mention that there are many types of attacks that target both organizations and individuals, from exploiting human error to creating sophisticated assaults that can bypass even the best security systems.

(Spanning)

What are the types of cybersecurity?

There are 5 different types of cybersecurity:

1. Critical infrastructure security revolves around the physical and cybersystems that we rely on in our day-to-day activities, including water purification, electricity grid, shopping centers, traffic lights, hospitals, etc. 
2. Application security involves the hardware and software methods to engage and contain external threats that may arise in an application’s development stage. Examples include encryption programs, firewalls, and antivirus programs.
3. Network security prevents unauthorized access to your internal networks. Important cybersecurity facts suggest new passwords and extra logins are the most common examples of network security implementation.
4. Cloud security is a software-based security tool that monitors and protects the data in your cloud resources.
5. IoT (Internet of Things) security refers to a significant number of both critical and non-critical cyber-physical systems. Examples involve security cameras, printers, Wi-Fi routers, televisions, sensors, appliances, etc. 

(Comptia)

What percentage of cyberattacks is phishing?

Over 80% of attacks are a result of phishing. Also, as CISCO’s 2021 Cybersecurity Threat Trends report points out, roughly 90% of data breaches occur because of phishing. Spear phishing is the most common form of phishing attack, accounting for 65% of all phishing attacks.

(Spanning)

How big is the cybersecurity market? 

In 2021, the global cybersecurity market was worth $376.32 billion. According to forecasts, the cybersecurity market is expected to continue to grow by around $20 billion per year and reach 376.32 billion by 2029.

(Globe Newswire)

Conclusion

By all counts, in the coming years, cyberattacks will grow in reach, number, and sophistication. And our list of cybersecurity statistics clearly shows there are no indications that attacks are going away any time soon. Keeping cybercriminals at bay requires an entire culture of cybersecurity awareness and safety among your employees. Unfortunately, not a lot of companies are ready to go that far. Keep your eyes open and listen to the experts if you want to enjoy smooth, cyberattack-free sailing in the years to come.

Sources: Finances Online, Secure World, Forbes, Cybint Solutions, Statista, Security Boulevard, Security Boulevard, Gatefy, Varonis, Data Privacy Group, IRM Security, CPO Magazine, Govinfo, Securious, Best VPN, Top VPN, Cyberbit, CSO, Privacy Crypts, Infosec Institute, Bricata, IT Business Net, InfoSecurity Magazine, Upguard, Spanning, Comptia, Globe Newswire