Cyber crime is no longer aiming at the big businesses only. All business sizes are now an important target, as criminals increasingly realize that they can always get something from anyone.
As you may already understand, the consequences of a cyber attack can be devastating for any business. In addition to the financial costs of data recovery and legal fees, your company's reputation can also suffer irreparable damage. Customers may lose trust in the company, leading to enormous losses in revenue. At worst, it could as well spell the end of your business.
With this level of losses, you cannot afford to stay in the dark. That’s why it’s important that you constantly stay abreast with the most critical cybersecurity and cybercrime statistics.
This is your ultimate guide to the most significant cybersecurity statistics.
At IT Companies Network, we have divided the statistics into different categories.
The most concerning cyber crime statistics worldwide
These are the statistics that stand out as the most worrying globally, regardless of the industry.
- According to Cybersecurity Ventures, the world is expected to incur a cost of $8 trillion USD due to cybercrime in 2023. This figure represents the total cost of direct and indirect damages caused by cybercriminal activities, including loss of revenue, theft of intellectual property, legal fees, and reputational damage.
- Cybercrime, if considered a country, would rank as the third-largest economy globally, following the United States and China — a stark reminder of the scale and impact of cybercrime.
- Through 2023, businesses across the world will incur a cost of roughly $667 billion each month, $154 billion every week, $21.9 billion each day, $913 million per hour, $15.2 million per minute, and $255,000 per second, due to cybercrime.
- Microsoft's Digital Defense Report revealed that the percentage of nation-state cyber attacks aimed at critical infrastructure increased by 20% between mid 2021 and mid 2022. Critical infrastructure includes systems that are essential for the functioning of society, such as power grids, water treatment plants, transportation networks, and healthcare systems.
- According to the report referenced above by Microsoft, approximately 80% of nation-state attacks targeted government agencies, think tanks, and non-governmental organizations. These entities often hold sensitive information and play critical roles in shaping public policy and international relations. As such, they are attractive targets for nation-state actors seeking to gain an advantage in geopolitical or economic competition.
- The same report by Microsoft shows that the United States experiences the highest frequency of nation state attacks, with over 45% of attacks globally directed at its citizens. The US is a global superpower with a vast and complex economy, sophisticated technological infrastructure, and a prominent role in international affairs. As such, it is a high-value target for nation-state actors.
- In 2022, fraudsters managed to pilfer 3.6% of the total revenue generated by e-commerce. According to Statista, the total global retail e-commerce sales for 2022 were $5.7 trillion. Therefore, 3.6% of $5.7 trillion would amount to approximately $205 billion. This means that fraudsters were able to steal more than $200 billion from e-commerce businesses in 2022.
- Cybercrime is expected to cost the world approximately $10.5 trillion by 2025, according to Cybersecurity Ventures. To put this figure into context, we can compare it to other economic indicators. According to the World Bank, the global GDP in 2021 was approximately $96.53 trillion, which means that the projected cost of cybercrime in 2025 would represent more than 10% of the global GDP.
- Phishing attacks in the technology industry are typically responsible for about 80% of reported cyber crimes. This attack type takes such a huge percentage because it's easy and inexpensive to carry out and has a high success rate.
- In 2022, the United Kingdom suffered the highest number of cyber crime victims per million internet users, standing at 4783, which marked a 40% increase from the figures that were recorded in 2020. The United States came in second, with 1494 victims per million internet users, representing a decline of 13% from 2020.
- According to the FBI, there are more than 4,000 cyberattacks reported daily. Sounds high, but it's likely to be an underestimate, as only a fraction of cybercrime incidents are formally reported to law enforcement agencies.
- In a research conducted by Kaspersky to identify the regions that produce the most spam, it was found that Russia (24.77%), Germany (14.12%), were the top two countries responsible for generating spam messages.
- Small businesses experienced a 26.8% rise in the average cost of data breaches, from $2.35 million in 2020 to $2.98 million in 2021.
- According to a report by Deloitte, the average cybersecurity budget for the surveyed companies was 10% of their annual IT budgets. The threat landscape is constantly evolving, and new vulnerabilities are being discovered all the time. As a result, cybersecurity requires ongoing investment.
Also Read: How to Remediate Cyber Threats
Cyber crime statistics by industry
In terms of industries, manufacturing leads as the most affected at 24.8%, Here is the breakdown of cyber attacks across the top 10 major industries, as per records from Statista:
- Manufacturing (24.8%)
- Finance & Insurance (18.9%)
- Professional Services (14.6%)
- Energy (10.7%)
- Retail & Wholesale (8.7%)
- Education (7.3%)
- Healthcare (5.8%)
- Government (4.8%)
- Transportation (3.9%)
- Media & Telkom (0.5%)
The manufacturing sector is a critical component of most economies, and its ability to function properly is essential for the production of goods and services. A cyberattack on a manufacturing company can have far-reaching consequences, not just for the company itself but also for its suppliers, customers, and the wider economy.
Here are the top stats focused on manufacturing:
- Through 2022, more than half of manufacturing companies fell victim to cyberattacks.
- The manufacturing industry has suffered the highest number of security breaches, accounting for over 61% of all breaches recorded during the previous five years leading up to 2022.
- The cyber attacks on the manufacturing industry increased by 300% in 2021 compared to the previous year, making the sector one of the most frequently targeted in the global economy.
- The average cost of a data breach across the manufacturing industry increased by 5.4% in 2022, resulting in a financial impact of $4.5M per breach.
- A research by Deloitte revealed that manufacturing executives have identified IP theft as the primary threat. Cybercriminals are often keen on stealing intellectual property (IP) because it can provide them with a significant advantage in the marketplace. The stolen IP can be used to create similar products without the cost of research and development, allowing them to quickly enter the market with competitive offerings. Additionally, stolen IP can be sold to competitors or other interested parties, providing a lucrative source of income for the criminals.
- The number of industrial IoT connections is expected to increase rapidly and reach $37 billion by 2025, with the manufacturing sector contributing about 60% of this growth, thus increasing the potential for cyber threats.
Finance & Insurance
Financial institutions and insurance companies are attractive targets due to the large amounts of money and valuable data they handle.
These are the trending statistics for this sector:
- As per Statista reporting, the Finance sector in the United States experienced 1802 data breaches in 2022 alone. Finance is a heavily regulated industry that is required to comply with strict cybersecurity and data protection standards. It’s thus worrying that despite this, the industry still experienced such a significant number of data breaches.
- The same Statista report shows that First American Financial Corp holds the record for being the most victimized company in financial data breaches of all time.
- From 2015 to 2020, the global finance and insurance industry was the primary target of cyber criminals. The intense digitization of financial services during this period may have made it easier for criminals to exploit vulnerabilities in online financial systems. The rise of mobile banking and other digital payment platforms has also created new opportunities for cyber attacks.
- Through ransomware attacks, cyber criminals have targeted 82% of the largest insurance carriers. One factor that makes insurance companies a top target for ransomware is the potential for large payouts. Many insurance companies have significant financial resources that they can use to pay a ransom to restore access to their data. This can be a tempting target for attackers.
- Small businesses in the United States are the target of 25% of attacks in this sector. These businesses may not have the budget to invest in advanced security measures, making them an easier target.
- Coveware's research reveals that professional services companies with fewer than 1,000 employees are impacted in 70% of ransomware incidents.
- The 2022 Professional Services Cybersecurity Census Report by Keeper Security found that a high number of incidents are directed at small businesses, with IT leaders reporting an average of 161 attacks in the last 12 months.
- Reports show that 77% of energy companies face the risk of ransomware attacks.
- According to IBM's 2022 X-Force Threat Intelligence Index, cyber criminals targeted the UK's energy industry more than any other sector, accounting for 24% of all attacks in the country.
Healthcare organizations are often under pressure to provide uninterrupted services to patients. This means that they may be more likely to pay a ransom to regain access to their data rather than risk disrupting patient care. Cybercriminals know this and may exploit the pressure.
- According to 2020 records, nearly 30% of cyberattacks in the healthcare industry resulted in the disruption of emergency services, while 17% caused serious impact on patients. This kind of disruption can have severe consequences, including delayed treatment, misdiagnosis, and inadequate care, which can lead to adverse patient outcomes, including death.
- The United States alone witnessed over 40 million patient records being compromised in 2021. One reason the United States’ healthcare industry is facing an enormous number of cyberattacks is the sheer size of the sector. The US healthcare industry is one of the largest and most complex in the world, encompassing a vast network of hospitals, clinics, insurance companies, and other providers. This complexity creates a significant number of entry points for cybercriminals to exploit. Read more about increasing attacks on US hospitals.
- 67% of healthcare organizations experienced attacks utilizing lookalike domains. Lookalike domains are fraudulent websites that are created to mimic legitimate websites and deceive users into providing sensitive information.
- A survey conducted by PwC in Germany found that 67% of the general public believed that hospitals should be legally required to provide cybersecurity training to their staff and educate them on appropriate behavior.
Cyber crime statistics by country (US, UK, China, India)
Each country witnesses a different landscape, which is often defined by factors such as the size of the economy, intensity of digital transformation activities and sometimes even politics.
Let’s see how this plays out, specifically for the United States, the UK, China, and India.
- The FBI has listed more than 100 individuals and groups on its Cyber's Most Wanted list for committing serious crimes against the United States, including wire fraud, computer intrusions, espionage, and identity theft.
- The U.S. government has allocated $10.89 billion for cybersecurity spending in 2023. This excludes the Department of Defense. The budget for the Department of Homeland Security is set at approximately $2.6 billion.
- CyberEdge Group’s Cyberthreat Defense Report indicates that 89.7% of US organizations have been victims of a cyber attack within a period of 12 months.
- The same CyberEdge report also found that US organizations increased their security budgets by 3.8% in 2021.
- The Hiscox Cyber Readiness Report shows that in 2022, a single cyber attack cost U.S. companies an average of $18,000. This is a significant increase compared to 2021 when the cost was at an average of $10,000.
There has been a significant increase in remote work due to the COVID-19 pandemic, which has created more opportunities for cybercriminals to exploit vulnerabilities in organizations' IT systems. This has been particularly challenging, as many organizations were not prepared for such a sudden shift to remote work and may have had to implement new technologies quickly without adequate cybersecurity measures in place.
- More than 80% of UK organizations experienced a successful attack in 2021/2022, according to the CyberEdge 2022 Cyberthreat Defense Report. The same report found that over 70% of UK organizations have been affected by ransomware attacks through a 12 month period.
- Sophos State of Ransomware Report for 2022 indicates that 13% of UK organizations ended up paying ransom.
- The average cost of ransomware attacks in the UK was around $1.08 million, according to the Sophos report.
- VPNpro has reported that the VPN market is being silently dominated by China, with six Chinese firms apparently owning 30% of VPN providers. Furthermore, 23 parent companies, many of which are headquartered in countries with not so strong privacy laws, operate 97 of the top VPNs.
- The report shows that the Chinese cybersecurity industry saw a growth rate of 15% annually from 2016 to 2020, surpassing 200 billion yuan ($29.23 billion) in 2021.
- A recent report by a research institute affiliated with China's Supreme Court revealed that cases of cybercrime in China have increased steadily since 2017, with over 40% of the cases related to online fraud. Courts in China dealt with over 282,000 cybercrime cases between 2017 and 2021, with fraud accounting for the largest proportion at 36.53%. Majority of the online fraud cases were associated with counterfeit loans, impersonation, and false job recruitment.
Also Read: Best VPN Solutions for Businesses
- India has emerged as one of the most breached and targeted countries globally, as per a study by Indusface, a Tata Capital-backed SaaS security firm. The study found that out of 829 million detected and blocked attacks globally in the fourth quarter of 2022, almost 59% were aimed at India.
- Statista forecasts India's cybersecurity services market to hit USD 13.05 billion by the end of 2023. India's cybersecurity services market is one of the fastest-growing markets in the world, driven by the increasing digital transformation of businesses across various industries.
- Attacks on Indian government agencies went up by 95% in 2022, nearly doubling and making it the most targeted country in this segment.
- PwC's Global Digital Trust Insights survey shows that more than 82% of Indian business executives plan to increase their cybersecurity budget in 2023. The survey also revealed that 65% of the respondents expect cyber criminals to have a significant impact on their organization in 2023, higher than the number recorded in 2022.
Cybersecurity statistics concerning talent
- As per the 2022 Cybersecurity Workforce Study by (ISC)2, the global shortage of cybersecurity personnel is estimated to be around 3.4 million people. The lack of awareness and inadequate education about cybersecurity as a career option has further contributed to the shortage.
- The report revealed that cybersecurity jobs increased by 11.1% in 2022, equivalent to 464,000 more jobs, compared to the previous year. The Asia-Pacific (APAC) region showed the highest growth at 15.6% while North America recorded the least growth at 6.2%.
- Nearly 70% of cybersecurity professionals believe that their organization lacks the necessary staff to ensure the effectiveness of cybersecurity measures.
- To address the shortage of cybersecurity professionals, more than 70% of organizations with a workforce of over 10,000 employees have started providing flexible working arrangements, investing in training, and actively seeking new talent.
- A majority of organizations, approximately 57%, plan to automate security tasks through technology.
- In 2022, there were over 150 cybersecurity positions available at the Cybersecurity and Infrastructure Security Agency (CISA), making it one of the most active government agencies in recruitment for this profession.
- The 2023 Technology Spending Intentions Survey by TechTarget's Enterprise Strategy Group revealed that 52% of organizations plan to increase IT spending in 2023, with cybersecurity being a top priority.
Cybercrime statistics by type
The main types of cyber crime activities are derived from the means by which the attackers use to gain entry into their targets.
Here are the statistics on the major types. Deepfake is relatively new but it’s important to include it because of the continued escalation of the risks it poses.
Also Read: The key cyber attack vectors
Supply chain attack statistics
Supply chain cyber attacks occur when hackers target the software and systems of a third-party vendor, supplier, or service provider to gain unauthorized access to a company's network. The goal is to compromise a single point in a supply chain and potentially gain access to multiple targets downstream.
Key supply chain stats to take note of include:
- Supply chain attacks have surpassed malware-based attacks by 40%, even though malware is typically considered the mainstay of most cyberattacks. A key factor contributing to the rise of supply chain attacks is the increasing complexity of supply chains themselves. As supply chains become more global and interconnected, more opportunities emerge for attackers.
- Lack of trust in open-source software is a significant security concern for organizations. Take for example that over the past four years, attacks on npm and PyPI repositories have increased by 289%.
Deepfake threat statistics
Deepfake is a type of artificial intelligence technology that can be used to create highly realistic digital manipulations of content such as images, video, and audio, often for the purpose of misleading or deceiving viewers. Specifically, deepfakes use deep learning algorithms to analyze and learn from large amounts of data and then apply this knowledge to create manipulated content that appears to be real. Find out more on deepfake as a new threat.
- VMware's Global Incident Response Threat Report for 2022 shows that 66% of organizations have had to deal with attacks originating from deepfake.
- Experts predict that deepfakes will be incredibly convincing, posing a threat not only to our digital identities but also to digital versions of our DNA. Our digital DNA could be vulnerable to exposure on the internet, allowing deepfakes to replicate and create digital humans.
- By 2031, we are likely to have ransomware attacks occurring every 2 seconds.
- In the first six months of 2022, there were nearly 236.7 million ransomware attacks worldwide.
- Ransomware incidents account for 10 percent of all security breaches worldwide.
- According to reports, 90% of ransomware attacks did not result in any data loss. It's possible that the attackers were unsuccessful in their attempts to encrypt the victims’ data, or the affected organizations had implemented strong security measures and disaster recovery plans. It's also possible that the organizations opted to pay the ransom to regain access to their data, although this is not recommended as it could encourage further attacks and there is no guarantee that paying the ransom will yield full cooperation from the criminals.
- Android users were mostly targeted in ransomware attacks that affected 10 million people. Android is the most widely used mobile operating system in the world, with a market share of over 70%. This makes it an attractive target for cybercriminals as they have a larger pool of potential victims.
- Nearly 70% of healthcare organizations experienced longer hospital stays and procedure delays due to ransomware attacks, as revealed in a survey by Herjavec Group.
- In the third quarter of 2022, one in 42 healthcare organizations was targeted in ransomware attacks. Out of this, 74% were hospitals, and 26% were secondary institutions like dental services and nursing homes.
- A study by Coalition found that ransomware accounted for 55% of all cyber insurance claims.
- Ransomware demands increased by 144% in 2021, with payouts averaging over $6 million for US victims. The number of ransomware complaints increased by 82% in the US, with a 449% rise in ransom payments between 2019 and 2021.
- According to Statista, 71% of global businesses were impacted by ransomware threats, and 62.9% of ransomware victims unfortunately paid the ransom.
- IBM’s X-Force found that 41% of attacks were executed through phishing, the leading attack avenue as per the report.
- As per the F5 Labs Phishing and Fraud Report of 2020, 10% of phishing websites are designed to mimic trusted brands, making it easier for attackers to obtain sensitive information.
- IBM's 2022 Data Breach Report found that it took an average of 295 days to identify and contain a breach caused by phishing, the third-longest mean time.
- Phishing scams make up nearly 22% of all data breaches, making it one of the most common types of cybercrime, as reported in the FBI's 2021 IC3 Report. Additionally, 83% of companies experienced phishing attacks in 2021.
- It is estimated that 47% of individuals fall for a phishing scam when working remotely.
Also Read: Zero Click Attacks
Cybersecurity market statistics
- By 2023, the Cybersecurity market is projected to generate a revenue of US$162 billion. Security services will be the biggest segment of the market, with an estimated market volume of $85.49 billion.
- According to a report by Fortune Business Insights, the global cybersecurity market is expected to grow at a CAGR of 13.4%, from $155.83 billion in 2022 to $ 376.32 billion by 2029.
- The largest portion of the cybersecurity services are targeted at the BFSI sector, followed by IT & Telkom, Retail, and Healthcare in third place.
- In terms of regions, North America takes the largest market share in cybersecurity services. This can be attributed to factors such as the high number of cyber attacks, a strong regulatory environment, advanced technological infrastructure, and a high level of awareness of cybersecurity threats. This has resulted in a higher demand for cybersecurity services
- He top companies in the cybersecurity market include Cisco, Microsoft, IBM, Proofpoint, and Fortinet.
- The public cloud is anticipated to be the most prominent segment in terms of deployment.
Cybersecurity insurance statistics
Cybersecurity Insurance is designed to offer protection against liabilities resulting from cyber attacks.
The policies typically cover a range of expenses, including legal fees, forensic investigations, notification costs, credit monitoring, public relations, and loss of income due to network downtime. Some policies may also offer coverage for extortion payments, cybercrime losses, and regulatory fines.
The coverage and terms of cybersecurity insurance policies can vary widely depending on the insurer and the specific policy. This resource we did some time back has all you need to know about cyber insurance. Please check it out.
Meanwhile here are the important statistics for this niche:
- Projections have shown that the global cybersecurity insurance market is expected to grow at a CAGR of 19.52% between 2022 and 2030, surpassing $38 billion by 2030.
- The largest market for cyber insurance is North America while the fastest-growing region is Europe. North America has traditionally been a leader in the cybersecurity insurance market due to the high level of awareness of cybersecurity risks among businesses and individuals. In Europe, the growth can be attributed to the increasing adoption of digital technologies, which has led to a higher level of exposure to cyber threats.
- Between 2013-2019, cyber insurance claims for data breaches, incident response, and crisis management accounted for 73% of all claims made, according to Security.org.
- According to the Marsh Global Insurance Market Index, US cyber-insurance prices increased by 79% compared to the previous year as of the second quarter of 2022.
- According to Statista, approximately 50% of organizations in the United States have signed up for some form of cyber insurance.
- The same Statista report shows that based on the number of direct premiums written, the leading cyber insurer in the US is Chubb Ltd, an insurance company that offers a range of insurance products and services to individuals and businesses. The company has a presence around the world and is known for its financial strength, underwriting expertise, and global network of distribution channels. Chubb has a long history, dating back to 1882, and has gone through various transformations over the years to become one of the largest insurance companies in the world.
Statistics about the impact of COVID-19 pandemic on cybersecurity
- In a 2020 report by Malwarebytes dubbed «Enduring from home: COVID-19's impact on business security,» it was discovered that a fifth of the surveyed companies experienced a security breach caused by a remote worker's actions, while 18 percent of organizations acknowledged that their employees did not prioritize cybersecurity.
- The UK's National Fraud & Cyber Crime Reporting Centre disclosed that by February 2021, over 6,000 cases of pandemic-related fraud and cybercrime had been reported, with a total loss of £34.5 million. This amount is more than triple the reported losses in July 2020, when 2,866 victims had reported losses of over £11 million in COVID-related schemes.
- The dark web was found to contain over 500,000 Zoom accounts being sold for $0.0020 each. Zoom and other players offered crucial services as many companies and individuals went remote at the peak of COVID. But criminals had other ideas, and took advantage.
- Cybercriminals sought to exploit the latest facet of the pandemic with the rollout of the COVID-19 vaccine. In January 2021, for example, Action Fraud UK released a warning about an email scam that targeted people waiting to receive the vaccine. The email, purportedly sent by the NHS, contained a link to an invitation to receive the vaccine. Victims were then prompted to provide personal information and banking details. Within a 24-hour period, the email was reported over 1,000 times.
- While many of the statistics here paint a rather bleak picture of the impact of COVID-19, Microsoft discovered that less than two percent of daily mailspam is actually related to COVID-19.
Also Read: Types of Email Attacks
Common actors in cyber threats
Most cyber threats tend to originate from the following groups of actors:
Fraud groups and individuals
We can term them as the typical ordinary cyber attackers. They are purely motivated by financial gain. So their aim is to break into computing systems for economic benefit.
These are individuals or groups who engage in cyber crime to further a political, ideological, or social agenda. They may use cyber attacks to disrupt critical infrastructure, cause economic damage, steal sensitive information, or spread fear and panic among the population. In other words while the typical cyber criminal is motivated by financial gain, cyber terrorists are driven by the need to stamp their selfish ideologies.
Insider threat actors are individuals within an organization with potential to pose a threat. They may be employees, contractors, consultants, or anyone else who has legal access to the organization's systems and data. We have a comprehensive guide on insider threats and warning signs.
According to the 2021 Data Breach Investigations Report by Verizon, insiders were found to be responsible for approximately 22% of security incidents.
Nation state actors
These are government-sponsored or government-directed groups that engage in cyber activities to further their country's interests. They are typically highly sophisticated and well-funded, and often have access to advanced tools that enable them to carry out complex attacks.
The incidents caused by significant nation-state actors increased by 100% between 2017 and 2021.
Given the dynamic nature of the cybersecurity landscape, changes are bound to occur rapidly. Because of this, we will keep updating the statistics to reflect the most current facts.
In the meantime, if you notice any particular areas that we may have overlooked but are essential to cover, kindly bring them to our attention, and we will gladly incorporate the relevant statistics here.