39 Key Cybersecurity Statistics: Insights and Trends

If you click to purchase a product or service based on our independent recommendations and impartial reviews, we may receive a commission. Learn more

For business owners and customers alike, the internet has done wonders for connecting people. Building websites is easier than ever thanks to website builders, and online shopping offers customers a world of products in the palm of their hand. However, this ease and connectivity also comes with complications – cyber attacks. There are people who will use weaknesses in website security for their own gain.

Unfortunately, this can cause real damage to your business’ profits, reputation, and customer trust. The good news is that if you’re aware of the current situation, you’re more equipped to safeguard against cyber attacks in the future. So strap yourselves in as we plunge into the nitty-gritty of cybersecurity statistics!

Top Cybersecurity Statistics

  1. Not taking cybersecurity risks seriously will cost you. It’s forecast that cybercrime is predicted to cost $10.5 trillion annually by 2025!
  2. It’s estimated that there are 2,200 cyber attacks every day.
  3. If 2,200 is too many to get your head around, it may help to think of it differently – a cyber attack occurs every 39 seconds on average.
  4. Cyber attacks are on the rise – IoT cyber attacks are expected to double by 2025.
  5. Ransomware attacks are also becoming more frequent, so much so that by 2031 they’re expected to happen every two seconds.

Find out more about these top cybersecurity statistics in our full write-up below.

Tech is everywhere, so cybersecurity has never been more important. And as we grow more reliant on technology, the frequency and complexity of cyber attacks grows, too. Let’s look at some of the top cyber threat statistics that lay the problem bare in more detail.

These days there’s a cyber attack every 39 seconds on average, which means there’s 2,200 cyber attacks happening each day. And all those attacks have at least one criminal attached, whether they’ve enabled a team of bots to carry out attacks, or working as part of an actual team. That’s still a lot of people involved.

And these attacks have a real cost. By 2025, cybercrime will cost an eye-watering $10.5 trillion. That’s not just a huge figure, it’s a sobering reminder of the financial devastation cyber crimes cause all of us. Doesn’t matter if it’s us at home or at work.

And we’re contending with more types of cyber attacks. Take the Internet of Things (which are the connected devices into our homes and workplaces) which is now a special target. By 2025, IoT cyber attacks are expected to double, so this is a whole new area to protect too.

Ransomware (which we’ll go into more detail about in a little while) is a particularly nasty kind of cyber crime that targets whatever the criminals want, and generally involves them encrypting files and charging the owner to get them back. By 2031, these attacks will happen every two seconds.

These cybersecurity statistics are a wakeup call to take action and make sure you stay vigilant.

Cyber Attack Statistics: Unmasking the Reality of the Digital Battlefield

If we’re looking specifically at cyber attack statistics, what can we learn? There are lots of types of cyber attacks, and they’re all a little different from each other. While we check out cyber attack statistics in the section, we’ll give you a good run-down on the different types of website attacks to be aware of.

Phishing Statistics

Phishing involves tricking users into revealing sensitive information, pure and simple. The chances are pretty high that you’ve come across a phishing email or text at some point – perhaps texts claiming to be from Google or your bank that didn’t look quite right, or the time you clicked on an email link and ended up getting your eBay or Facebook account hacked.

Phishing attacks will send you messages from what looks like a safe source that you already trust. They’ll use web addresses that are nearly exactly the same as the real thing. The same lettering. The same backgrounds. The same sign-offs. But it’s all a lie.

It’s really common because it works. Phishing’s been the most common form of cyberattack for three consecutive years. This grim reality is echoed by the FBI’s Internet Crime Complaint Center, which found that phishing (including vishing, SMiShing, and pharming), is the leading cyber attack threat in the US with 300,497 complaints last year.

Top Tip: When it comes to choosing a safer password, length is better than complexity, but both together is best.
phisgin email simulation asking user to click on a link
This is a phishing email simulation, showing just how convincing they can be!

Malware Statistics

Malware (which is short for malicious software) is designed to get into a computer or phone or system and stealthily cause damage with viruses (malicious codes that infect whatever they touch), worms (viruses that infect your system and then go after your contacts), and trojans (malware that disguises itself as legit software and does its damage once you download it).

Hackers who spread malware like to target financial services – a full 25% of malware attacks target them according to a study cited by the Congressional Research Service. They’re so common that 47% of IT professionals have noticed them. Those who use Windows are particularly at risk – 54% of all malware infections occur on Windows Operating System.

Ransomware Statistics

Ransomware is a type of malware that attacks in a two-pronged way. First it encrypts files on the victim’s computer, then demands a ransom for their release. It’s like a digital kidnapper holding your data hostage and threatening you with blackmail or data theft until you pay up.

A lot of people simply pay the demand. The record for the largest known ransom payout stands at a staggering $40 million, paid by CNA Financial to the Phoenix cybercriminal group. Whether or not a victim pays, it’s still a very expensive crime – by 2031, ransomware damage costs will exceed $265 billion annually.

Hacking Statistics

By 2025, the collective data of everyone in the world will reach 175 zettabytes. That’s 175,000,000,000,000,000,000,000 bytes of data to keep secure from prying eyes and hands of hackers.

Hacking is simply the act of accessing computers or networks without permission and to cause some kind of trouble. It’s like a digital robbery. It’s really common – 1 in every 3 Americans has their data breached each year. It can be an individual person, or a small business that only has a few employees.

Or it can be entire government branches and large corporations, like T-Mobile’s this year, which suffered the theft of the personal data of 37 million customers. Unbelievably, T-Mobile had another security breach just months later.

IoT Attacks: The Emerging Threat

As mentioned above, the Internet of Things has created a new opportunity for cyber attacks. Most of us have direct contact with the Internet of Things, whether in our homes or workplace. Of course it’s really convenient to have our devices and electronics hooked up to one another. But they’re definitely open to attack – in the first half of 2022, there were 1.51 billion reported IoT breaches.

One of the big problems is the lack of visibility with the IoT. 51% of IT teams are unaware of the devices connected to their networks – and those are the experts! This might explain why in 2023, there was a 41% increase in weekly attacks targeting IoT devices compared to the previous year with 54% of organizations receiving cyber attack attempts on IoT devices every week.

Recap: Cyber Attack Statistics

  1. Phishing scams have been the most common form of cyberattack for three consecutive years.
  2. There were  300,497 phishing complaints in the US last year, making it the leading cyber attack threat.
  3. 25% of malware attacks target financial services.
  4. 47% of IT professionals have noticed malware attacks.
  5. 54% of all malware infections occur on Windows Operating System.
  6. The largest known ransom payout was $40 million, paid by CNA Financial to the Phoenix cybercriminal group.
  7. By 2031, ransomware damage costs will exceed $265 billion annually.
  8. Every year, 1 in every 3 Americans has their data breached.
  9. There were 1.51 billion reported IoT breaches in the first half of 2022.
  10. There’s a lack of visibility over IoT systems, with 51% of IT teams unaware of the devices connected to their networks.
  11. There was a 41% increase in weekly attacks targeting IoT devices in 2023 compared to the previous year.
  12. Every week, 54% of organizations undergo cyber attack attempts on IoT devices.

Cybersecurity Statistics by Industry

Cybersecurity isn’t a one-size-fits-all thing. Different industries have their own vulnerabilities and challenges.  Cybersecurity statistics shed some light into how cyber attacks affect different sectors, to help you stay informed.

Government

Government entities, both local and national, can be excellent targets for cybercriminals because they often have access to a lot of money. They also hold lots of data, and some of it can be really sensitive. Most government data systems are outdated or (even worse) obsolete with no more security updates available.

That makes things easy for all kinds of cyber attacks to target them, from thrill-seeking hackers to much more serious terrorist or oppositional government groups that have a specific political agenda they want to push.

From 2018 to October 2022, the US government alone lost over $70 billion to ransomware attacks. The frequency of attacks is stratospheric – in the second half of 2022, there was a 95% increase in worldwide cyber attacks targeting governments. There are different motivations too – 80% is money, 18% to uncover secrets, 1% because they’re mad at the target, and 1% because of personal belief.

Website article about Boulder County sending a check worth $228k to a fake account.
Boulder County made headlines after falling victim to a phishing scam last year.

Businesses

Though we hear about data breaches at big corporations all the time, the biggest mistake we can make when thinking about cyber attacks on businesses is that size matters. It absolutely doesn’t. There is no business too small to be attacked.

A staggering 43% of cyber attacks target small businesses, and the aftermath can be devastating—with 60% of victims going out of business within six months. Ecommerce sites are at particular risk, attracting 75% of fraud and data theft, emphasizing why ecommerce security is so important.

Check out these further business cybersecurity breach statistics for small-to-midsize businesses:

  • 51% of small businesses that fall victim to ransomware pay the money.
  • 46% of all cyber breaches impact businesses with fewer than 1,000 employees.
  • 55% of people in the U.S. would be less likely to continue doing business with companies that are breached.
  • Just 17% of small businesses have cyber insurance and 48% of those didn’t buy insurance till after an attack.

Regardless of the size, 34% of all cyber attacks against businesses in 2022 were Business Email Compromise (BEC) attacks, which involves impersonating a business executive or partner to trick workers into transferring money or sensitive data.

Top Tip: Check your data! On average, it takes security 277 days to identify and contain a data breach. That’s over nine months where your data could potentially be exploited.

Banking and Financial Services

It’s not shocking that cybersecurity is really important in banking and financial services – look at how much money changes hands, the sheer number of electronic transactions, and the sensitive data they hold!

The grand irony is that financial institutions are prime targets for cyber attacks. In 2022, this sector had the second-highest number of data breaches (after government).

And boy is it expensive. The average cost of a claim for a small business in the financial sector is $139,000. Furthermore, the rise in remote work and the use of personal devices for business purposes during the pandemic has created new vulnerabilities that cybercriminals are quick to exploit.

In 2022, the average cost of a data breach in the financial industry worldwide was nearly $6 million (USD).

The most common cyber attacks in the financial sector involve network and application anomalies, account anomalies, phishing attacks, and attacks on payment systems and the banks themselves. What makes this particularly nasty is that malware desktop attacks are more likely to target customers.

Protecting against these threats means a highly-complex infrastructure, constant employee recruitment and training, and never dropping the ball with cybersecurity awareness.

Education

Schools of all kinds are pretty tempting prospects for cyber attacks. Not only do they usually use outdated data programmes, but they are treasure troves of valuable personal data, like names, addresses, family info, medical data, and social security numbers.

Most students and staff have little idea how to spot and tighten up security risks.  And the criminals know it – by July 2022, the education sector suffered more than double the weekly cyberattacks – that’s an average of 2,000 attacks per organization every week.

Attacks on education bodies can have really damaging and even devastating consequences. Take the case of Lincoln College – a ransomware incident was the straw that broke the camel’s back, and they shut their doors in 2022 after educating people for 157 years.

Cyber attacks can target the students themselves. Take phishing – a student may get an email that looks like it’s from their teacher, or the Student Loan company, only to find out it was a scam. In New York, 565 schools had student data compromised due to a cyber attack on Illuminate Education’s systems.

It’s not just about the potential financial loss; it’s also about the betrayal of trust and the emotional toll it takes.

Lincoln College website showing announcement of closure
The Lincoln College website announced its closure due to financial struggles following COVID-19 and a cyber attack in 2021.

Healthcare

The healthcare industry might be the life-saving superhero that we all rely on, but it’s also a target for cyber attacks. In fact, it’s one of the chief targets.

It makes sense why – data tech may be out of date, and though data has to be shareable between medical organizations, the data kept is highly sensitive, personal, and confidential.

Names, addresses, family contact details, medical history, medical services, and financial information – this is gold for hackers. They can use it for money, identity theft, data theft, insurance fraud, and in some cases, blackmail.

The annual number of attacks against hospitals have doubled from 2016 to 2021. And it’s expensive – the average healthcare data breach in the US costs $10.93 million. Ransomware is the go-to method for most cyber criminals and the cost is more than money. Lifesaving operations can grind to a halt – like Jes Kraus’ chemotherapy which was shut down after the hospital was cyber attacked.

Recap: Cybersecurity Statistics by Industry

  1. Between 2018 and October 2022, the US government lost over $70 billion to ransomware attacks.
  2. In the second half of 2022, there was a 95% increase in worldwide cyber attacks targeting governments.
  3. There are various motivations for cyber attacks on governments: 80% is money, 18% to uncover secrets, 1% because they’re mad at the target, and 1% because of personal belief.
  4.  43% of cyber attacks target small businesses, and 60% of victims go out of business within six months.
  5. 75% of fraud and data theft involve ecommerce sites.
  6. 51% of small businesses that fall victim to ransomware pay the money.
  7. 46% of all cyber breaches impact businesses with fewer than 1,000 employees.
  8. 55% of people in the U.S. would be less likely to continue doing business with companies that are breached.
  9. Just 17% of small businesses have cyber insurance and 48% of those didn’t buy insurance till after an attack.
  10.  34% of all cyber attacks against businesses in 2022 were Business Email Compromise (BEC) attacks.
  11. On average, it takes security 277 days to identify and contain a data breach.
  12. In 2022, the financial sector had the second-highest number of data breaches after government.
  13. The average cost of a claim for a small business in the financial sector is $139,000.
  14. As of 2023, the average cost of a data breach in the financial industry worldwide is $5.9 million.
  15. In the first half of 2022, Education and Research saw an average of 2,297 attacks against organizations every week, which is a 44% rise from 2021.
  16. In January 2022, 565 New York schools in the state had private student data compromised due a cyber attack on Illuminate Education’s systems.
  17. The number of annual attacks against hospitals have doubled from 2016 to 2021.
  18. The average healthcare data breach in the US costs $10.93 million.

Cybercrime Cost Statistics

It’s always frustrating to think that we’re paying for the cyber attacks that criminals inflict on all of us. Cyber crime is like a thief that keeps coming back for more. We already know from the stat above that it’s predicted to cost $10.5 trillion annually by 2025. That’s more than most countries’ GDP.

If we want to get specific, last year investment fraud cost the most both collectively ($3.3 billion) and on average per victim ($108k). These include cryptocurrencies, ponzi schemes, and fake real estate investments.

You might be thinking that because you have a small online business that it won’t cost you. But if you get targeted, it will cost you. On average, U.S. companies had to cough up around $18,000 per attack in 2022, an 80% jump from the year before. Plus, nearly half (47%) of all U.S. businesses have been hit by a cyber attack.

That’s why it’s important to make sure you have the right ecommerce business insurance against cyber attacks. The market’s already exploded – expected to reach $14.8 billion by 2025 and $34 billion by 2031. It’s good that we’re waking up to the reality of cyber threats – and though insurance doesn’t reduce the likelihood of cyber attack, it certainly helps with cost and liability.

Top Tip: You don’t have to have an online business to get cyber attack insurance. You can get it attached to your personal insurance (like car/house/life) and as a freelancer.

Recap: Cybercrime Cost Statistics

  1. Last year, in 2022, investment fraud cost the most both collectively ($3.3 billion) and on average per victim ($108k).
  2. On average, U.S. companies had to cough up around $18,000 per attack in 2022, an 80% jump from the year before.
  3.  Nearly half (47%) of all U.S. businesses have been hit by a cyber attack in the past 12 months.
  4. The cyberinsurance market is expected to reach $14.8 billion by 2025 and $34 billion by 2031.

Data Breach Statistics

Data breaches are one of the most common problems, with the U.S. being the second-most breached country (after Russia).

And some of the breaches are enormous. In May of 2023, 84 million records were breached in three major security incidents. That’s 86% of the month’s total data records compromised.

There is some good news, however – the first quarter of 2023 brought a glimmer of hope with a 25.4% decrease in leaked U.S. accounts from the previous quarter.

Another positive is that, amidst these concerning stats, there are signs of proactive measures making a difference. Notably, a joint operation by Europol and the U.S. Department of Justice led to a significant blow against the Hive group, a notorious cybercrime network. More than 1,300 victims received decryption keys, and crucial information about 250 Hive affiliates was obtained.

These data breach statistics serve as a stark reminder of the digital dangers we face, but also the strides we’re making in combating them. As we press forward, let’s remember that every step toward enhanced cybersecurity isn’t just about numbers; it’s about safeguarding our digital lives.

Recap: Data Breach Statistics

  1. The U.S. is the second-most breached country after Russia in Q1 of 2023.
  2. In May 2023, just three data breaches accounted for more than 84 million breached records, equating to 86% of the entire month’s total of breached records.
  3. The US saw a 25.4% decrease in leaked accounts from Q4 of 2022 to Q1 of 2023.
  4. Law enforcement delivered encryption keys to more than 1,300 victims following an operation against the Hive ransomware group.

Summary

Now that we’re all feeling anxious and deflated, what’s the takeaway here?

The cyber landscape is like the wild west. It’s exciting but also a little out of control with outlaws. Cyber attacks are the norm, and they eventually impact all of us.

Though we’re up against some serious challenges, as with any unsavory realities, being aware of them (and getting insurance against them) is the first step. We don’t have to feel helpless.

There are plenty of tools and strategies at our disposal – from cybersecurity defenses and tech to comprehensive cyber insurance. So as we try to navigate digital life, let’s stay informed, proactive, and vigilant. Stay safe out there!

Written by:
Smiling headshot of Amanda Graham
I started writing for Website Builder Guide in 2022. I love copywriting for ecommerce, website, automation, and website brands and I’ve ghostwritten and content strategised for some of the largest multinational brands in the world. I have years of writing experience for the BBC, including documentaries, scripts, and Twitter campaigns. With such a wealth of experience to draw on, some of my best work on Website Builder Guide focuses on topics such as ecommerce strategies, marketing tips, and small business advice. I hope you enjoy my articles!

Leave a comment

Your email address will not be published. Required fields are marked *