100 or So Cybersecurity Facts and Figures to Know

If you’re interested in getting a quick glimpse at the state of cybersecurity, this post is for you. That’s because one way to gain a greater appreciation for the overall cybersecurity landscape is to dive into historical data and current trends. 

Awareness is a key component in the ongoing battle against cyber threats. It helps to ensure that individuals, organizations, and governments are well-equipped to protect themselves.

In this post, we’ve outlined some broad numbers and evidence from the world of cybersecurity to help with decision making, risk mitigation, and education.  

The Cost and Frequency of Cyber Attacks

Cyberattacks have become increasingly common and costly, posing a significant threat to organizations of all sizes.

1. Daily Attacks: Around 2,328 cybercrimes are estimated to occur each day, with over 6.5 million incidents reported from 2001 to 2021.
2. Cost of Cybercrime: The global annual cost of cybercrime is predicted to reach $9.5 trillion in 2024, which breaks down to: $793 billion per month; $182.5 billion a week; $26 billion per day; $1 billion an hour; $18 million a minute; and $302,000 every second.
3. Phishing Attacks: Phishing attacks account for 80% of reported cybercrimes in the technology sector, and phishing was the second-most-common reason for data breaches, averaging $4.91 million in breach costs
4. Crime Pays: Cybercrime earns cybercriminals $1.5 trillion annually, with small businesses accounting for 43% of cyber attacks.
5. Impact of Cybercrime: In 2022, an estimated 53.35 million US citizens were affected by cybercrimes, with losses totaling $6.9 billion, including romance scams, investment scams, and business email compromise. 
6. Global Size: If cybercrime attacks were measured as an individual country, then it would be the world’s third-largest economy after the U.S. and China.

In 2020, the FBI estimated that more than $4 billion was lost to cybercrime in the United States, with critical sectors such as healthcare providers being increasingly targeted by ransomware.

Cybersecurity Industry Stats at a Glance

Cyber security professionals are the unsung heroes of the digital age, working tirelessly to protect data and systems from attacks. And yet, they’ll forever be outnumbered by the amount of those looking to take advantage of software and systems for personal gain. 

1. Number of Professionals: As of 2023, there are over 1.3 million qualified cybersecurity professionals in the United States.
2. Average Salary: The average cybersecurity salary was over $110,000 in 2021.
3. Gender Distribution: In the United States, 21.5% of all cybersecurity analysts are women, while 78.5% are men. For cybersecurity specialists, 16.8% are women, and 83.2% are men.
4. Ethnicity Distribution: Among cybersecurity specialists, 65.7% are White, 9.6% are Asian, and 9.2% are Black or African American.
5. Age: The average age of cybersecurity analysts is 42 years old, while the average age of cybersecurity specialists varies based on ethnicity and gender.
6. Location: There are around 8,400 cybersecurity firms in North America, and the majority of cybersecurity professionals are based in various regions across the United States.
7. Industry Distribution: The most common industries for cybersecurity analysts and specialists in the United States include technology, professional services, finance, and government.
8. Cybersecurity Firms: There are around 8,400 cybersecurity firms in North America, with an average of 159 employees per firm.
9. Tenure: The average cybersecurity specialist stays at their job for 1-2 years.
10. Board Members: By 2025, 35% of Fortune 500 companies will have board members with cybersecurity experience, and by the time we reach 2031, it will rise to more than 50%.

Small Businesses and Cybercrime

Small businesses are particularly vulnerable to cyberattacks due to their limited resources and often lack of advanced cybersecurity measures. They may not have the budget to hire dedicated cybersecurity professionals or invest in sophisticated security solutions. As a result, small businesses are more likely to be targeted by cybercriminals who see them as easy prey.

Cyberattacks can have a devastating impact on small businesses, causing financial losses, reputational damage, and business closures. Data breaches can expose sensitive customer information, leading to identity theft and financial fraud. Ransomware attacks can cripple operations and disrupt business processes. And even small-scale attacks can damage a company’s reputation and erode customer trust.

1. Victimization Rate: 50% of small to medium-sized businesses (SMBs) have been the victims of cyber attacks, and over 60% of those attacked go out of business.
2. Data Breaches: 43% of all data breaches target small businesses, and 46% of cyber-attacks are against small businesses with 1,000 or fewer employees
3. Ransomware: 82% of ransomware attacks in 2021 were against companies with fewer than 1,000 employees
4. Financial Impact: On average, small and medium-sized businesses (SMBs) lose between $826 and $653,587 on cybersecurity incidents
5. Customer Data: 87% of small businesses have customer data that could be compromised in an attack, and 27% of small businesses haven’t taken any cybersecurity protections despite collecting credit card and financial data
6. Social Engineering: Employees of small businesses experience 350% more social engineering attacks than those at larger enterprises
7. Cybersecurity Spending: Despite the increasing cyber threats, small businesses often have inadequate cybersecurity measures, with 23% of SMBs using no device security and 32% relying only on free solutions

Biggest Cyber Attacks and Data Breaches

Data breaches are incidents in which sensitive information is accessed without authorization. These breaches can have a devastating impact on individuals and organizations, leading to financial losses, reputational damage, and legal challenges.

1. China and Russia: China was involved in 108 cyber incidents with losses of more than $1 million each from 2006 to 2018, while Russia has been responsible for 98 major cyber incidents since 2006 with similar losses
2. Melissa Virus: The Melissa Virus is one of the earliest and biggest cyber attacks in history, launching in 1999 and costing around $80 million to repair. 
3. Ransomware Attacks: Healthcare remains the top target of ransomware attacks.
4. Phishing Attacks: Phishing attacks increased by 48% in the first half of 2022, with reports of 11,395 incidents costing up to $12 million. 
5. Adobe Cyber Attack: The Adobe cyber attack was first thought to have breached the data of 2.9 million users.
6. WannaCry Ransomware Cyber Attack: The 2017 WannaCry ransomware cyber attack was a significant cybersecurity incident. It impacted nearly 200,000 computers in over 150 countries, and cost roughly $7.6 billion to fix.
7. Yahoo Cyber Attack: The 2014 cyber attack on Yahoo was one of the largest data breaches in history, with 500 million accounts compromised.
8. IoT Security: More attacks on Internet of Things (IoT) are expected, making it an area of interest when it comes to cybersecurity.
9. Cybersecurity Spending: Statista reports $71.68 billion in IT security spending in 2022, and 50% of large enterprises are spending $1 million annually on security.

Industries Impacted by Cyber Crime

Virtually every business is impacted by cybercrime, but cybercriminals often focus their attacks on specific industries. Per Investopedia and cyber insurance stats, these are industries that are most often targeted:

1. Energy: 90% of the world’s largest energy companies experienced a third-party breach in 2023, according to SecurityScorecard.
2. Financial Services: Financial services companies are among the most targeted by cybercriminals, with 23% of all cyber attacks targeting this sector. The financial industry is particularly impacted by data breach incidents, with finance firms losing approximately $5.9 million per data breach, which is 28% higher than the global average.
3. Manufacturing: Manufacturing companies are also heavily targeted by cybercriminals, with 22% of all cyber attacks targeting this sector
4. Technology: Phishing attacks account for 80% of reported cybercrimes in the technology sector, and phishing was the second most common reason for data breaches, averaging $4.91 million in breach costs
5. Pharmaceuticals: Companies in the pharmaceutical sector have also endured significant losses due to cybercrime.
6. Healthcare: Healthcare remains the top target of ransomware attacks, and the healthcare sector has also been heavily targeted by cybercriminals
7. Government: Government agencies are also heavily targeted by cybercriminals, with 16% of all cyber attacks targeting this sector
8. Retail: Retail companies are also targeted by cybercriminals, with 14% of all cyber attacks targeting this sector
9. Education: Educational institutions are also targeted by cybercriminals. In fact, education has become the fifth-most-targeted industry for data breaches.

Cybersecurity Tools

Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Virtual Private Network (VPN), and Managed Detection and Response (MDR) are all tools that are used to improve cybersecurity. These tools help to protect sensitive data, such as financial records, personal information, and intellectual property, from unauthorized access, security breaches, and theft.

1. EDR (Endpoint Detection and Response): 96% of organizations use the cloud, and 82% rate the effectiveness of their EDR positively in its ability to identify and remediate cyber threats.

2. SIEM (Security Information and Event Management): 84% of organizations believe their organizations would benefit from cloud-native SIEM. 75% believe SIEM is very important to extremely important to their organization’s security posture.

3. AI/ML (Artificial Intelligence/Machine Learning): The SIEM market was worth $5.2 billion in 2022 and is on track to reach $8.5 billion in the next five years.

4. VPN (Virtual Private Network): 71% of organizations use a security configuration management tool.

5. MDR (Managed Detection and Response): Cloud-native SIEMs are gaining mind-share and will continue to outshine legacy ones.

Email and Cyber Crime

Email is a critical tool for communication and collaboration, but it is also a major vulnerability in cybersecurity. Email accounts are often targeted by hackers, who use them to spread malware, steal sensitive information, and launch phishing attacks. The cybersecurity statistics around email can be harrowing:

1. Malware Delivery: 92% of malware is delivered via email, with 300,000 new malware created every day
2. Phishing Emails: More than 1% of all emails sent are sent with malicious intent, which means we receive 3.4 billion phishing emails daily
3. Data Exposure: 91% of organizations have experienced email data loss, and 98% of organizations have suffered from phishing attacks in a single year.
4. Phishing Attacks: In 2022, there were 2.8 billion malware attacks, and 255 million phishing attacks reported
5. Spear Phishing: Around 88% of organizations face spear phishing attacks in a year, and 65% of cyber-attacks are perpetrated through spear phishing
6. Spam Emails: In 2022, the share of spam in global email traffic declined from 51.02% in Q1 to 46.16% in Q4
7. Phishing Reports: The US-based IC3 received 300,497 reports from victims of phishing in 2022
8. Email Security Incidents: In a poll of cybersecurity leaders, 71%  said they view inbound and outbound email security as an important issue to tackle together.
9. Email Security Threats: 96% of organizations reported at least one phishing attack in the last year, with 52% believing these threats to be more sophisticated

Conclusion

If these statistics prove anything, it’s that cybersecurity businesses need to be constantly vigilant to protect themselves from the latest threats. By investing in cybersecurity tools and training and by following best practices, businesses can significantly reduce their risk of cyberattacks and protect their data, systems, and reputation.