Cybersecurity Statistics in 2024 | #cybercrime | #infosec

As we become ever more dependent on devices and their connections to the internet, it’s no surprise that cybercriminals are finding more inventive ways of taking advantage of this dependence. However, it’s almost impossible to gauge the exact impact of cybercrime in the U.S. since most of these attacks are likely to go unreported or falsely reported.

However, according to a report by Cybersecurity Ventures, cybercrime has had a major impact on the global economy, with an estimated worldwide cost hitting $8 trillion in 2023 — translating to over $250,000 a second. The total annual cost of cybercrime is predicted to rise to $10.5 trillion by 2025. However, not all figures spell doom and gloom. People are generally becoming more aware of cybersecurity and adopting better ‘cyber hygiene,’ or common practices against cybercrime.

As an example, the number of people using VPNs rose by 16% between 2020 and 2022. While VPNs don’t necessarily protect you, they help keep your information private and secure. Nevertheless, online criminals are constantly looking for ways to extort online individuals and businesses. We’ve looked at some statistics across cybercrime and cybersecurity to paint a broader picture.

Cybercrime statistics: Key findings

Here are the key findings from our research into cybercrime:

  • According to Ipsos, almost one in three Americans said they fell victim to online financial fraud in 2023. 36% of people aged 35 to 54 have reported being a victim, compared to only 22% of Americans aged 18 to 34.
  • It was estimated that the total cost of cybercrime across the world would reach $8 trillion in 2023 — and is predicted to hit $10.5 trillion in 2025.
  • While there were fewer individual victims of cybercrime in 2023 (just over 350 million) compared to 2022 (over 425 million), there were over 1,400 more compromises in total.
  • The average amount of money lost by businesses as a result of cybercrime in 2023 was $1.3 million.
  • Across all industries, the average cost of a data breach was $4.45 million, with the healthcare industry facing the highest average data breach cost at $10.93 million.
  • It’s estimated that the total value of the cybersecurity market in 2024 is close to $200 billion — and this is forecasted to reach nearly $315 billion by 2029, according to Mordor Intelligence. 
  • According to Norton’s Cyber Safety Insights Report, 77% of Americans have taken steps to protect their personal data online.

How much money is lost to cybercrime every year?

A report on cyber security predicted that the cost of cybercrime would reach a massive $9.5 trillion in 2024 and would be in excess of $10.5 trillion in 2025. In the United States alone, an FBI report predicted the potential loss resulting from cyberattacks and fraud to hit over $10.2 billion in 2022.

The FBI’s Internet Crime Complaint Center received over 800,000 reported complaints in 2022, and while this is 5% lower than in 2021, the actual amount lost in dollars increased by 49%.

The most reported type of incident was phishing, followed by personal data breaches and non-payment/non-delivery, but investment fraud was the most costly, resulting in losses of $3.3 billion — up by 127% compared to 2021.

How many cybercrimes are committed each day?

It’s hard to know exactly how many cyber attacks happen per day as not all are reported. It’s estimated that one occurs every 39 seconds — but businesses were expected to be attacked every 11 seconds in 2021. The cost of damage caused by cyber-attacks globally is around $16.4 billion a day — or $190,000 a second, according to Cybersecurity Ventures.

It was predicted that businesses would fall victim to a ransomware attack every 11 seconds in 2021. But by 2031, it’s thought that attacks on businesses, consumers, governments and devices will happen every two seconds.

There are around 4.1 million websites that are affected by malware around the world, according to Sectigo. The report also stated that 48% of small business owners think their websites are too small and they won’t be a target.

Since the FBI set up the IC3 in 2000 to receive cybercrime-related complaints, it has received an average of 651,800 per year.

Small business cybersecurity statistics

45% of experts cite cyber incidents as what they fear most in terms of causing business interruptions. 

One of the biggest factors involved in cyber attacks on small-to-medium businesses is compromised passwords, with the cost of each attack estimated to be around $384,598 in 2019. According to figures from the Ponemon Institute, 55% of respondents in a survey on password practices say their companies don’t have or aren’t committed to a policy on passwords and biometrics. 

IBM research reveals that just over half of organizations (51%) asked in a survey intend to invest more in cyber security in direct response to a breach they experienced. Additionally, just 28% of companies use AI extensively as part of their cybersecurity efforts.

Figures also show how organizations of varying sizes are affected differently by cyber attacks — those with fewer than 500 employees saw a 13.4% increase in average losses resulting from data breaches. Companies with 500 to 1,000 employees saw an increase in average losses of 21.4%, while those with 1,001 to 5,000 employees also saw a rise of close to 20%. 

However, perhaps as an indication of investment in cybersecurity correlating with the size of a business, companies with more than 10,000 employees actually saw the average cost of data breaches fall slightly. Regardless of business size, 57% of organizations increased the prices of their products and/or services as a result of the data breach, showing that consumers often absorb the cost of cyber attacks. 

Following incidents concerned with ransomware, 37% of businesses affected did not end up getting law enforcement involved. They also paid almost 10% more in related costs, and their breach lifecycles lasted, on average, over a month longer.

The effects of emerging cyber security threats are often also felt by employees — with research from Mimecast suggesting that 99% of companies provide their workforce with cyber awareness training in some shape or form. 

Four in five employers believe careless or negligent employees put their companies at risk with inadvertent data leaks, and more than three quarters believe their company will be impacted by a serious email-related security issue.

Cybersecurity by industry

Here are some statistics about cybersecurity broken down by industry.

Healthcare cybersecurity statistics

The average cost of a healthcare data breach was $10.93 million, higher than any other industry and over double the average of all industries ($4.45 million). The healthcare industry has also seen a 239% increase in large data breaches reported to the HHS Office of Civil Rights over the last four years. 

According to the U.S. Department of Health and Human Services, there has been a 60% rise in the number of people affected by these data breaches in 2023. Almost four in five are caused by cyberattacks and the most commonly reported cause was malicious attacks. However, human failure was only given as the cause for 20% of incidents, the lowest of any root cause.

Cybersecurity in manufacturing

Manufacturing was the most targeted sector worldwide, with one-fifth of all cyber extortion campaigns targeting the industry. The deployment of backdoors was, according to IBM, involved in 28% of these campaigns, more than any other type of cyber attack.

The volume of events increased, but the number of confirmed incidents went down by 14% compared to 2022. The manufacturing industry still has the most confirmed cyber security incidents at 32.43%, ahead of retail trade (21.73%) and professional, scientific and technological services (9.84%).

Cybersecurity in finance and insurance

A Varonis report into data risks in the financial services sector found that businesses in this industry had more sensitive files (449,855) exposed to employees than any other. This meant employees were able to view, alter and delete the data in almost half a million files. 

They also had access to, on average, 20% of documents that contained sensitive data pertaining to customers and employees. This presents a major risk, especially as almost three-quarters of attacks on businesses in finance and insurance led to compromised client details.

Cryptocurrency is one sector at specific risk, with an increase of 600% in occurrences of cyber incidents related to crypto organizations.

Cybersecurity in education

The education industry has also fallen victim to cyber criminals — with K-12 schools revealed as a target. A Critical Start report suggests that over half of all attacks on the sector come from vulnerability exploitation (29%) and phishing campaigns (30%). It’s thought that the cost of downtime resulting from ransomware attacks on the education sector has been over $53 billion since 2018. During this time, over 6.7 million records of individuals were breached.

It seems the problem is growing, too. In just the first half of 2023, there were over 80 ransomware attacks globally on schools and universities — almost double that of 2022.

Data breach statistics

While there are many types of data breaches where cyber security is concerned, you can broadly define a data breach as an incident where confidential data or information is accessed without authorization. 

These are serious occurrences that can have significant ramifications for privacy and financial security. In fact, IBM data suggests that the average cost of a data breach around the world was $4.45 million in 2023.

At the same time, 2023 saw a record 3,205 data compromises, up by 78% from 2022. However, data from the Identity Theft Resource Center shows that the estimated number of individuals falling victim to data breaches has actually reduced by 16% over the last year, reaching just over 350 million individuals in 2023.

The ramifications of falling victim to a data breach can be significant, too. One in five companies that experienced a breach, according to IBM, faced a resulting fine of $250,000 or more. It will likely come as no surprise that the U.S. is the global leader in data breach costs, ‘achieving’ the highest data breach cost ($9.48 million) for the 13th year in a row. It was followed by the Middle East ($8.07 million) and Canada ($5.13 million).

Phishing statistics

Phishing is a fraudulent activity where attackers get in touch, usually by email, pretending to be from a real, reputable company in order to solicit personal and sensitive information. For example, spam emails that ask for your credit card information on the promise of an irresistible discount or deal. 

According to data from the FBI’s Internet Crime Report, phishing was the number one most-reported incident in 2022. IBM reports suggest that phishing is now the most used initial attack vector, making up 16% of all data breaches. However, the FBI’s figures show that phishing resulted in a loss of $52 million. This is relatively low in the grand scheme of things, with other types of cybercrime, like investment fraud, leading to losses of $3.3 billion. 

Hornetsecurity’s cyber security report revealed that over 43% of all cyber threats found in emails were phishing scams. At the same time, Panda Email Protection has found that almost all malware — 94%, in fact — is delivered by email. 

A key component of phishing emails is gaining the user’s trust by purporting to be a reputable company.

What percentage of cybersecurity incidents start with an employee getting phished?

It’s believed that more than 90% of cyber-attacks are initiated as a result of a phishing email, and data from Abnormal Security shows that a median of 28% of business email compromise attacks are opened by employees — and 15% of emails that are read are responded to. Worryingly, security teams only receive reports for around 2.1% of known attacks.

Ransomware statistics

Ransomware is a type of malicious software that usually locks access to some or all of your data, files and information and demands payment for its release. It is essentially holding your data for ransom.

According to figures from Cybersecurity Ventures, it’s projected that ransomware costs will hit $265 billion in 2031 — over 10 times what it was in 2021 ($20 billion). In the first half of 2023, the total cost of ransomware extortion was over $176 million more than the entirety of 2022. 

IBM numbers also show that the average cost of a ransomware attack in 2023 was $5.13 million, up by 13% from 2022. However, for incidents where law enforcement was involved, the average cost of ransomware attacks was around 9.6% less.

According to research from CFO and Sophos: 

  • 47% of companies now have a policy in place to pay cybersecurity ransoms. This is up by 13% from 2022. 
  • 42% of companies from the survey said they had paid for the return of stolen data. 
  • Figures from Sophos state, however, that only 8% of businesses that pay ransoms get all of their data back.

BEC attacks statistics

BEC attacks are a specific type of phishing designed to target businesses in order to acquire money or sensitive data. BEC attacks target the technology industry more than any other, followed by construction, advertising and marketing, finance, transportation and media/entertainment. All of these industries are seeing more than three weekly attacks for every 1,000 mailboxes.

The frequency of these attacks more than doubled in 2023, according to Abnormal Security. FBI data from 2013 to 2022 shows that, in the United States, BEC attacks resulted in over $17 million in losses. However, a DBIR report from Verizon in 2023 estimated that 93% of ransomware attacks had no losses.

DDoS attacks statistics & Botnet attack statistics

DDoS attacks, also known as a Distributed Denial-of-Service attack, is when an attacker overloads their target’s servers with internet traffic to essentially force downtime. A botnet attack, however, is when the attacker essentially hijacks a network of connected computers or devices with malware and then uses them to execute further malicious attacks. DDoS attacks often make use of botnet networks to create traffic overloads.

  • According to Medium, there were over 13 million bot requests made per day in mid-2023.
  • Russia had the most blocked IP addresses at 8.2 million. 
  • The U.S. had the second-most blocked IP addresses at 3 million. 
  • China had the third-most blocked IP addresses at 1.4 million.

Additionally, other research and studies show the following:

  • IBM data reveals a 15% rise in application-layer DDoS attacks. 
  • Corero research shows DDoS attacks can cost up to $50,000 per attack.
  • Corero also found that almost seven in 10 organizations had experienced between 20 and 50 DDoS attacks every month. 

Social media scams and hacking statistics

With social media so integral in many of our lives and even work, it’s little surprise that cybercriminals have found ways to exploit it. Social media scams often involve fraudsters creating fake profiles to communicate with users and send malicious links through spam messages. 

Research from the Federal Trade Commission shows that:

  • Social media scams have resulted in $2.7 billion in losses since 2021.
  • More money was lost from social media scams during this time than any other method, including emails, texts and phone calls. 
  • 44% of losses between January 2023 and June 2023 came from online shopping scams. 
  • 20% of losses between January 2023 and June 2023 were investment-related scams. 
  • Romance scams and other frauds during that time resulted in 37% of social media scams. 

Cybersecurity statistics industry overview

Here is an overview of some key statistics about the cybersecurity industry:

  • It’s estimated that the cybersecurity market is currently valued at just over $180 billion in 2024, with that number forecasted to reach nearly $315 billion by 2029.
  • Just in the U.S., the cybersecurity market was worth over $73 billion in 2023, and it’s expected to exceed $108 billion in revenue by 2028.
  • More than 9 in 10 businesses plan to or currently are using AI and machine learning to enhance their cybersecurity operations.
  • It’s expected that total spending on information security and risk management will grow over 14% to exceed $215 billion by 2024.

Cybersecurity jobs

The cybersecurity workforce employs over five million Americans. Despite that large number, an ISC2 report estimates that there are still another four million cybersecurity workers needed to cover the workforce gap. 

Participants in the ISC2 study were concerned that skill gaps among employees were leaving organizations more vulnerable to cybersecurity attacks. This is becoming an even bigger concern with the development of AI. 75% of employees who participated in the study claimed that the past five years have been the most difficult in terms of threats.

Cyber insurance statistics

Cyber insurance is a crucial outlay for businesses in the current era — and it’s estimated that the global cyber insurance market is valued at $9.2 billion and forecasted to hit $22.1 billion by 2025. 


1. Cybersecurity Ventures.

2. Ipsos – 2023 Ipsos Poll (Wells Fargo).

3. Identity Theft Resource Center – 2023 Data Breach Report.

4. Mordor Intelligence – Cybersecurity Market Size & Share Analysis – Growth Trends & Forecasts (2024-2029).

5. Federal Bureau of Investigation.

6. Allianz – Allianz Risk Barometer 2023 – Rank 1: Cyber incidents.

7. Ponemon Institute – 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses (SMB).

8. IBM Security – Cost of a Data Breach Report 2023.

9. Mimecast – The State of Email Security Report.

10. U.S. Department of Health and Human Services – HHS’ Office for Civil Rights Settles Ransomware Cyber-Attack Investigation.

11. Orange Cyberdefense – Orange Cyberdefense releases Security Navigator 2024.

12. Varonis – 2021 Data Risk Report.

13. Cloudflare – DDoS threat report for 2023 Q2.

14. CriticalStart – Cyber Threat Intelligence Report.

15. Comparitech – Since 2018, ransomware attacks on the education sector have cost the world economy over $53 billion in downtime alone.

16. CISA – General Information – Stop Ransomware.

17. Abnormal Security – H1 2023 – “Read” Alert: Data Shows 28% of BEC Attacks Opened by Employees.

18. – 85% of Cybersecurity Leaders Say Recent Attacks Powered by AI: Weekly Stat.

19. Sophos – Ransomware Recovery Cost Reaches Nearly $2 Million, More Than Doubling in a Year, Sophos Survey Shows.

20. Verizon – 2023 Data Breach Investigations Report (DBIR).

21. Medium – Q2 2023 DDoS Attacks Statistics and Overview.

22. Cocero – Impact of DDoS on Enterprise Organizations.

23. Federal Trade Commission – Social media: a golden goose for scammers.

24. Gartner – Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024.

25. ISC2 – How the Economy, Skills Gap and Artificial Intelligence are Challenging the Global Cybersecurity Workforce 2023.

26. Statista – Global cyber insurance market size in 2018 and 2020, with forecast for 2025.

Source link


Click Here For The Original Source.


National Cyber Security