Cybercrime and cybersecurity statistics
- Before diving into the specific types of cyber-attacks, you need to understand how much data is involved. By 2025, humanity’s collective data will reach 175 zettabytes — the number 175 followed by 21 zeros. This data includes everything from streaming video and dating apps to healthcare databases. Securing all this data is vital.
- The main goal for cybercriminals is to acquire information — names, passwords, and financial records, for example — that is then sold on the dark web. As explained below, attacks can happen at any time and both individuals and organizations are victims:
- Perhaps no cybersecurity trend has been bigger in the last several years than the scourge of attacks related to the supply chain. Cyber incidents, such as the breach at software management vendor SolarWinds and Log4j in the open-source world, put organizations around the globe at risk. Analyst firm Gartner predicted that by 2025, 45% of global organizations will be impacted in some way by a supply chain attack.
- The volume of reported vulnerabilities continues to rise. The HackerOne 2022 “Hacker-Powered Security Report” found that ethical hackers were able to discover over 65,000 vulnerabilities in 2022 alone, up by 21% over 2021.
- The cost of cybercrime is predicted to hit $8 trillion in 2023 and will grow to $10.5 trillion by 2025, according to Cybersecurity Ventures’ “2022 Official Cybercrime Report,” sponsored by eSentire.
- While businesses try to protect their own sensitive files from attack, customer information is stored in vulnerable databases all over the world. Identity fraud losses tallied a total of $52 billion and affected 42 million U.S. adults according to “2022 Identity Fraud Study: The Virtual Battleground” from Javelin Strategy & Research.
- It takes an average of 277 days for security teams to identify and contain a data breach, according to “Cost of a Data Breach 2022,” a report released by IBM and Ponemon Institute.
- Cryptojacking is incredibly prevalent, growing by 230% in 2022, according to Kaspersky Lab. The same study noted that most hackers earn variable amounts from cryptojacking, with an average of approximately $1,600 per month.
- According to the IBM “Cost of a Data Breach 2022” report, data breaches involving lost or stolen credentials take longer to identify and cost $150,000 more than the average data breach.
- The FBI’s Internet Crime Complaint Center reported the volume of complaints in 2021 as 847,376, an all-time high. Total losses from those complaints totaled over $6.9 billion.
Cybersecurity issues and threats
- There are many types of security threats. Unlike a breach, a security incident doesn’t necessarily mean the information has been compromised, only that the information was threatened. The biggest types of security threats are malware, ransomware, social engineering, phishing, credential theft, and distributed denial-of-service (DDoS) attacks.
- The human element is the most common threat vector; it was the root cause of 82% of data breaches, according to Verizon’s “2022 Data Breach Investigations Report.” The human element especially plays a role in phishing attacks and stolen credentials. Phishing is often delivered via email; these attacks trick a user into clicking a link or providing information that can lead to exploitation.
- Ransomware attacks are a constant threat affecting all sectors, and it’s only getting worse. Kaspersky Lab reported that the percentage of users impacted by targeted ransomware doubled in the first 10 months of 2022.
- Phishing attacks increased by 61% in 2022, according to the “2022 State of Phishing” report from SlashNext. The Anti-Phishing Working Group (APWG) reported that in the third quarter of 2022, it observed a total of 3 million phishing attacks, representing the worst quarter ever observed by the group.
- The maximum attack bandwidth for DDoS attacks grew by 57% to 957.9 Gbps in the first half of 2022 compared with the second half of 2021, according to Netscout’s 2022 “DDoS Threat Intelligence Report,” with a total of just over 6 million attacks globally. Across the world, attacks decreased by 9% in the Asia-Pacific region. Comparatively, DDoS attack frequency in North America increased by 2%.
The cost of cybercrime
- Cybercrime can affect a business for years after the initial attack occurs. The costs associated with cyber-attacks — lawsuits, insurance rate hikes, criminal investigations, and bad press — can put a company out of business quickly:
- Part of maintaining a high level of security is ensuring non-security employees know how security affects their day-to-day activities. Building a security awareness training program is a necessary part of any company’s security strategy. Employees ranging from associates to CEOs are constantly inundated with phishing emails. When you have mobile and IoT devices in your environment, creating a mobile incident response plan is a must. The cost of data breaches will rise from $3 trillion each year to more than $5 trillion in 2024, according to the “State of Cybersecurity Resilience 2021” report from Accenture.
- A single attack — be it a data breach, malware, ransomware, or DDoS attack — cost companies in the U.S. a median of $18,000 in 2022, up from $10,000 in 2021, with 47% of all U.S. businesses suffering a cyber-attack in some way, according to the “Hiscox Cyber Readiness Report 2022.”
- The average total cost of data breaches in 2022 was $4.35 million, according to the IBM/Ponemon Institute report mentioned above. Breaches in the healthcare industry were the costliest at $10.10 million on average. Breaches in the U.S. were the most expensive at $9.44 million.
- Though 43% of attacks are aimed at SMBs, only 14% of these businesses are prepared to defend themselves, according to Accenture.
- More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
- By 2027, global spending on cybersecurity training will reach $10 billion, according to Cybersecurity Ventures. As the number of online users increases, insider threats are as equally significant as threats from outside the enterprise. Training employees to recognize security threats and report them can bolster your cyberdefense strategy.