The cybersecurity industry is growing at amazing rates as thousands of new websites pop out every day. Along the way, the amount of malicious programs released online has reached tremendous scales. According to some estimates, over 350,000 new malware samples are produced daily.
Some 30 years ago the internet was a new and captivating universe. Today it can be a dangerous place. This is all you need to know about the latest cybersecurity statistics to stay on the safe side in 2020.
Cybersecurity Stats Insights (Editor’s Pick)
- Nearly a third (28%) of US adult internet users have the same password for all their online accounts.
- After security breaches share prices drop by 7.27%, on average.
- Only 10% of cyberattacks in the US get reported.
- Only 5% of corporations have proper protection against cybercrime in place.
- Every month, 44% of retail firms and 83% of financial companies are hit by an average of over 50 cyberattacks.
- More than 77% of organizations don’t have a Cyber Security Incident Response plan.
- Cybersecurity experts are in short supply.
- 65% of IT security professionals expect to face a significant breach in the coming 12 months.
- In 2019, espionage was the motive behind 25% of security breaches, while 71% sought financial gain.
- Even after falling victim to cyberattacks, close to half of IT security professionals don’t implement significant changes in their security strategy.
Cybersecurity Stats List
1. Personal information stolen on social media nurtures an underground economy currently worth approximately $630 million.
Social media facilitates theft and information breaches around the world, feeding an industry worth nearly $630 million. The general perception is that cybercriminal activities take place mostly via mysterious and secretive online channels, such as the dark web. However, statistics on cybersecurity produced by Bromium found that personal information like passwords, usernames, and stolen credit card info very often (45% to 50% of the time) goes in the hands of web criminals via social media platform breaches. Keep this statistic in mind the next time you ask your browser to remember your login username and password.
2. Information leaks are the most expensive cybersecurity issue facing businesses.
There are many facts about cybersecurity to keep in mind when looking to come up with maximum protection for your business. Some of them can be pretty daunting, demonstrating the destructive and grave nature of cyberattacks in general. In financial terms, information leaks are costliest, causing enterprises annual losses worth nearly $6 million. And this comes on top of reputational damage and losing hard-earned customers.
(IT Business Net)
3. Most energy companies invest a scant 0.2% of their revenue in cybersecurity.
One of the shocking facts about cybersecurity has to do with the rising number of hacker attacks targeting the energy sector. The reasons vary greatly, though most of them are likely political. Still, energy companies around the world seem to be too slow and mingy in efforts to improve their defenses, sparing just 0.2% of their revenue for cybersecurity. As a recent analysis by consultancies Precision Analytics LLC and the CAP Group shows, this is less than 30% of the budgets allocated by banks and financial companies to protect their operations from hackers.
4. Only 5% of corporate files are efficiently protected against cybercrime.
Cybersecurity industry stats reveal an alarming fact: most information across the majority of businesses is entirely unprotected against hackers. A recent report by Varonis shows that 95% of files belonging to companies around the world are there for hackers to use as they like.
5. Every month, 44% of retail firms and 83% of financial companies get hit by an average of 50+ cyberattacks.
Retail cybersecurity statistics published as part of a recent report by the Ponemon Institute on cybersecurity shows a cyberattack occurs in either of these types of businesses just short of twice each day. Obviously, cybercriminals aren’t picky about who or what they target, but certainly know where the biggest score lies.
6. More than 77% of organizations don't have a cybersecurity incident response plan.
The importance of having a proper cybersecurity incident response plan is overlooked by a whopping 77% of organizations working today, according to recent cybersecurity research statistics featured in a survey by the Ponemon Institute. What’s worse, more than half of participating companies (54%) admitted they have been the target of one or more cyberattacks in the past 12 months.
7. Cybersecurity experts are in short supply.
Although cybersecurity is a growing concern for an increasing number of companies around the world, experts on the matter are rare. Believe it or not, more than 3.5 million cybersecurity positions are to remain vacant by 2021, according to cybersecurity workforce facts. Act now before your expert goes to work with the competition.
(The Ame Group)
8. By 2021, cybercriminal activity will cause over $6 trillion worth of annual damages worldwide.
The damages inflicted by cybercrime worldwide is set to pass the $6 trillion mark as soon as 2021, doubling from $3 trillion in 2015. Experts are unanimous that cybercriminal activity will be one of the greatest challenges facing humanity in the coming two decades.
9. Only 10% of cyberattacks in the US actually get reported.
US cybersecurity statistics show that authorities register only a fraction of cyberattacks that take place in the country. The key reason behind the vastly undercounted rate of cybercrimes is that they’re impossible to prove. Another factor that stops people short of notifying authorities about the crime is reputational harm. In some cases, hackers steal sensitive personal files, such as embarrassing photos, to seek ransom from their owners, who in turn don’t want to be exposed.
10. Nearly a third (28%) of US adult internet users have the same password for all their online accounts.
According to cybersecurity stats, a large chunk of adult internet users in the US are very careless when it comes to their online presence. Using the same password for Facebook as you do for your bank account or online payment portal is plain dangerous. The safest approach to creating the right password is a random combination of letters and numbers, including special characters. The longer the password, the better. And make sure to avoid any known or instinctive combinations, such as birthdays, anniversaries, and the like.
11. 65% of IT security professionals expect to face a significant security breach in the coming 12 months.
One of the worrisome cybersecurity attacks statistics, published in a recent report by Black Hat USA 2019, reveals that approximately two-thirds of IT security pros expect to have to deal with at least one major cybersecurity breach within the next 12 months. This is up 6% from last year’s number (59%). And it doesn’t end there: a critical infrastructure breach is also in the imminent future, according to 77% of IT security leaders. When asked whether the government is ready to respond adequately to a breach of such magnitude, only 21% were positive.
12. Stolen personal data costs anywhere from $0.20 to $15.00 on the black market.
Cybersecurity facts show that others may not value your data as highly as you would, especially if you look at the black market (typically dark web stuff). Instead of targeting high-value individuals, cybercriminals attempt to accumulate data from multiple ordinary web users. They then try to sell this data to the highest bidder, even though personal data doesn’t go for much these days.
(Website Hosting Rating)
13. 71% of Americans worry someone may steal their financial or personal info.
Global cybersecurity attack statistics shed light on an interesting fact: in 2019, 71% of Americans felt threatened someone might steal their financial or personal info, but only 24% were afraid they could become victims of terrorism. Makes sense, considering that in January 2019 alone cybercriminals got their hands on the private data of 1.76 billion internet users.
(Back Office Geeks)
14. Every 14 seconds, a ransomware attack takes place somewhere around the world.
In the plethora of cyberattacks out there, ransomware attacks seem to stand out. And it’s not just businesses that suffer. Individuals, too, need to be extra careful. According to cybersecurity flaw statistics from the 2019 Official Annual Cybercrime Report (ACR), every 14 seconds a ransomware attack takes place somewhere around the world. The interval is set to shrink to just 11 seconds by 2021.
15. 47% of US SMEs suffered at least one cyberattack in 2018.
Cyberattackers don’t target large firms only, small businesses are also on their radar. According to the 2018 Small Business Cyber Risk Report, 47% of small US companies were victims of a cyberattack in 2018. Of them, 44% suffered two or more attacks in the same year. What’s more, government cybersecurity statistics show that following a cybersecurity incident, 65% of small businesses fail to act at all, let alone accordingly.
16. In 2019, espionage was the motive behind 25% of security breaches, while 71% were motivated by financial gain.
The motive behind most cybercrimes (71%) is to illegally obtain financial resources. Around a quarter (25%) have to do with espionage, according to a report by Verizon. Other reasons for committing cybercrime in 2019 were social engineering (roughly 33%), followed by phishing (approximately 32%). Malware was the motive behind close to 28% of all breaches. The absolute runner up on this list is hacking, which was the reason for more than half (52%) of all breaches in 2019, cybersecurity awareness facts indicate.
17. Some 146 billion records will be exposed between 2018 and 2023.
This forecast is part of a 2018 study by Juniper and reflects the number of actual breachers, not the reported ones. Estimates are based on new legislation that will bring to light 90% of security breaches in North America. The US will keep its lead on the list of priority hacker destinations as it is the home of the most valuable information obtained through illicit cyber activities.
18. For 33% of IT and cybersecurity professionals "visibility in the cloud" is the top cybersecurity challenge.
Cybersecurity statistics show that the majority of organizations today see detecting and reacting to security incidents in the cloud as their greatest challenge. 29% of 450+ IT and cybersecurity professionals interviewed as part of a survey by KPMG and Oracle expressed concern over the lack of qualified staff and skills. For 27%, the main problem is insufficient alignment between IT and security operations teams, while 26% said their biggest pain had to do with unauthorized use of cloud services.
19. 76% of organizations believe insider abuse is their greatest security threat.
One of the cybersecurity fun facts is that three-quarters of businesses are most concerned about the “enemy within”. The findings are part of KnowBe4’s 2019 Security Threats and Trends global survey, which covered more than 600 organizations worldwide. Insider threats come from end-users who carelessly and regularly put organizations at significant risk. These users engage with malware, ransomware, phishing emails, and other dangerous content frequently, and thereby cause substantial damage to their organizations.
20. In just five years, cyberattacks targeting organizations have increased by 67%.
The average number of attacks targeting organizations went up to 145 in 2018 from 130 in 2017, cybersecurity facts show. Their number will continue to rise as cybercriminals become more and more unpredictable and creative. According to experts, AI is also set to join the arsenal of illicit online behavior instruments. After all, cybersecurity companies are not the only ones utilizing the latest advancements in the world of technology. Hackers can also learn the ways of security systems in a bid to abuse and exploit them.
(IT Business Net)
21. 68% of US businesses are not covered against data-breach or cyber-liability.
The rate at which US businesses face risks of cyberattacks is far higher than the one at which they’re adopting cyber insurance, cybersecurity statistics trends reveal. According to the findings of a Cisco report, two-thirds of US companies have not purchased any sort of data-breach or cyber-liability coverage, exposing their operations to significant risk. Not investing in cybersecurity when you’re clearly at risk from an attack practically means you’re inviting cybercriminals to take a crack at your defenses (if you have any in place, that is). (Finances Online)
22. 37% of all malicious email attachments are .dot and .doc.
The #1 spot on the list of top malicious email attachments is occupied by .dot and .doc format files (over a third), followed by .exe files at 19.5%. These cybersecurity crime stats featured in a Symantec report clearly show that email is the most practical tool for cybercriminals to commit breaches into businesses and individual information alike. The best way to maintain a high level of protection is, of course, to use antivirus programs. It doesn’t hurt to employ some common sense as well. Think whether you’re expecting an email from someone you don’t know. If not, it’s best to scan it or have your IT expert take a look at it.
23. 48% of cyberattacks are motivated by malicious intent, and the rest are due to human error.
Economic statistics about cybersecurity show that a surprisingly high percentage of malicious attacks are caused by acts of human error or system failure (52%). Of the 52%, 27% result from human error, and 25% come from IT and business process failures. Some of the common issues facilitating cybercriminals have to do with a lack of training on external connectable devices (phones, USB flash drives, etc.), password updates, negligence, etc.
24. After security breaches share prices drop by 7.27%, on average.
Knowledge of cybersecurity statistics may very well save your business from going down the drain. According to a study by Comparitech, payment and finance companies are the most common victims of share plummeting resulting from cybersecurity breaches. It takes approximately 14 market days for the lowest point of the drop to occur., according to the report.
25. Even after falling victim to cyberattacks, close to half of IT security professionals don't implement significant changes in their security strategy.
A recent CyberArk survey of approximately 1,300 IT decision-makers showed that more than 56% of organizations today have suffered at least one targeted phishing attack. Amazingly, even after a cyberattack, nearly half of IT professionals fail to change their security strategies substantially. Cybersecurity stats over history are a clear indication of the issue. To avoid damage, try updating your security defenses regularly to reflect the increasingly creative ways cybercriminals use to gain access to proprietary information. Staying up-to-date with threats (and sometimes even being ahead of the curve) is the name of the game when it comes to cybersecurity.
Frequently Asked Questions
1. What are the types of cybersecurity?
There are 5 different types of cybersecurity: critical infrastructure security, application security, network security, cloud security, and IoT (Internet of Things) security.
Critical infrastructure security revolves around the physical and cyber systems that we rely on in our day to day activities, including water purification, electricity grid, shopping centers, traffic lights, hospitals, etc.
Application security involves the hardware and software methods to engage and contain external threats that may arise in an application’s development stage. Examples of application security include encryption programs, firewalls, and antivirus programs.
Network security prevents unauthorized access to your internal networks. Important facts about cybersecurity suggest new passwords and extra logins are the most common examples of network security implementation.
Cloud security is a software-based security tool that monitors and protects the data in your cloud resources.
IoT security refers to a significant number of both critical and non-critical cyber-physical systems. Examples of IoT involve security cameras, printers, Wi-Fi routers, televisions, sensors, appliances, etc.
2. Why is cybersecurity important?
Cybersecurity today is critical because the risk of cyberattacks is on the rise across a variety of platforms, methods, and technologies. Cybersecurity exists as a method of protection from cybercrime, and as such, is vital for keeping our daily lives undisturbed. Our society today relies on technology more than ever before. With the massive penetration of various cloud services (for storing personal information and sensitive data), as well as global connectivity, cybersecurity risk is ever-increasing.
Our list of cybersecurity statistics clearly shows there are no indications that cybercrime is going away any time soon. By all counts, in the coming years, cybercrime will grow in reach, number, and sophistication. Effectively protecting your organization against cybercrime in the long run does not stop with a sound cybersecurity system. Keeping cybercriminals at bay requires an entire culture of cybersecurity awareness and safety among your employees. Unfortunately, not a lot of companies are ready to go that far. Keep your eyes open and listen to the experts if you want to enjoy a smooth, cyberattack-free sailing in the years to come.