100+ Cyber Security Statistics 2024
The Latest Cyber-Security Stats to Know in 2024
Cyber threats are on the rise, making cyber security more important than ever in 2024. The Cyber Security Statistics 2024 shows that cybercrime is growing rapidly every year. In fact, cybercrime is expected to inflict damages totaling over $10 trillion by 2024 if current trends continue.
With cyber-attacks becoming more frequent and sophisticated, organizations need to make cybersecurity a top priority. Implementing effective security measures and training employees on best practices can help reduce risk. The Cyber Security trends and data highlights key trends that security professionals should understand in order to develop robust defenses against emerging threats.
By analyzing the latest data on cyber attacks, organizations can gain valuable insights to strengthen their security posture and avoid becoming the next victim.
Cyber Attacks and Cyber Security Data
The cybersecurity market is rapidly expanding, driven by the increasing sophistication and frequency of cyber-attacks. Businesses and governments are investing heavily in cyber insurance, threat intelligence, and advanced security technologies to stay ahead of the curve.
Industry analysts forecast continued growth in the cybersecurity sector, with the market expected to reach billions in value by the mid-2020s.
As organizations grapple with the complexity of modern cyber threats, the ability to effectively measure, manage, and mitigate risk will be a key factor in their success.
- The cyber insurance market is expected to be worth $20 billion by 2025
- By 2025, 60% of organizations will use cybersecurity risk as a key factor for transactions and business engagements with third parties
- The cybersecurity market is expected to grow to $300 billion by 2024
- 38% of CISOs expect more serious attacks via the cloud in 2023
- The USA had 759% more victims of cybercrime in 2021 than the next-highest country, Canada
- The number of material breaches respondents suffered rose 20.5% from 2020 to 2021
- Global spending on cybersecurity exceeded $1 trillion in 2021
- Cybersecurity Ventures tracked more than $23 billion in venture capital devoted to cybersecurity companies in 2021
- The top cybersecurity investment is upskilling cybersecurity and IT staff (46% of companies)
- The most used cybersecurity framework was ISO 27001/27002 (48% of companies)
- The largest DDoS attack was 1.3 terabytes per second
- The average time to detect a data breach is 118 days
- The average security budget of small businesses is $500
- Only 38% of companies say they have made notable improvements after a breach
- Only 29% of companies reported using multi-factor authentication
- Only 23% of companies say their cybersecurity metrics are well understood by the board and senior executives
- Cybersecurity budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80%
- Just 23% of security leaders monitor their partners and vendors in real-time for cybersecurity risks
- 98% of web applications are vulnerable to attacks
- 95% of data breaches are due to human error
- 93% of data breaches are motivated by financial gain
- 73% of companies in North America use browsers that are out of date
- 72% of vulnerabilities were due to flaws in web application coding
- 70% of cybersecurity professionals claim that their organization is impacted by the cybersecurity skills shortage
- 63% of companies have some form of email security measure
- 62% of users have shared a password over email or text messages
- 62% of incidents in the System Intrusion pattern involved threat actors compromising partners
- 57% of users reported having a password written down on a sticky note
- 56% of Americans do not know the steps to take after being a data breach victim
- 55% of companies run internal cybersecurity assessments
- 50% of companies outsource their cybersecurity operations center
- 46% of organizations test cyber incident response time and planning every quarter
- 46% of all cyber breaches are done on companies with fewer than 1,000 employees
- 44% of users reported recycling passwords across personal and business-related accounts
- 43% of SMBs do not have a cybersecurity plan in place
- 41% of organizations identified hybrid IT situations as their biggest cybersecurity challenge
- 41% of cybersecurity executives report using Zero Trust architecture principles
- 37% of employees use their employer’s name as a portion of their password
- 31% of executives said their main cybersecurity challenge was improper identification of key risks
- 30% of small businesses consider phishing attacks to be the biggest cyber threat
- 30% of executives said their budgets aren’t sufficient to ensure proper cybersecurity
- 26% of companies reported using AI and machine learning solutions to predict and handle breaches
- 17% of cyber-attacks target vulnerabilities in web applications
Malware and Phishing
Malware and phishing campaigns continue to be a significant concern for organizations across all industries. Threat actors are constantly evolving their tactics, deploying increasingly sophisticated techniques to bypass security measures and gain access to sensitive data.
From mobile banking trojans to targeted spear-phishing attacks, these cyber threats can result in financial losses, data breaches, and system disruptions. Understanding the latest malware and phishing trends is essential for developing proactive defense strategies and educating employees to recognize and avoid these threats.
- Ursnif/Gozi and IceID were the most popular trojans of 2022
- There were 5.4 billion malware attacks in 2022, with Iran being the leading target
- 405,684 malicious installation packages were detected in 2022, mostly mobile banking trojans
- Cyber attacks on the retail sector increased by 117% in 2021
- 71% of malware attacks have a specific target
- 70% of organizations have users being served malware ads on their browser
- 40% of malware attacks result in confidential data leakage
- 17% of malware attacks target individuals
- The financial services industry saw 5 times more phishing attempts than any other industry in 2022
- 18-24 is the age group that fell for phishing emails the most in 2022
- Credential theft is the top goal of phishing attacks at 51.8% in 2021
- Phishing and business email compromise results in over $500 million in losses per year
- 96% of phishing attacks are delivered via email
- 90% of data breaches are the result of phishing attacks
- 85% of mobile phishing attacks happen outside of email
- 50% of people who fell for a phishing email said it was because they were tired or distracted
Ransomware
Ransomware has witnessed a significant surge in recent years, as it has proven to be one of the most financially rewarding cyber-attacks. Industries where technology access is critical to their core operations, such as healthcare and government, continue to be the primary targets of ransomware threats.
This type of attack has become well-known to consumers, as it often leads to data breaches and disruptions in service. Industries that are targeted by ransomware should remain vigilant, as these attacks are increasingly tied to the abandonment or shutdown of essential services.
The rise in ransomware incidents has heightened awareness among both businesses and the general public, underscoring the need for robust cybersecurity measures and preparedness to mitigate the substantial risks posed by this evolving threat.
- Over 72% of businesses worldwide were affected by ransomware attacks as of 2023
- It takes an average of 49 days to identify a ransomware attack
- 623.3 million ransomware attacks around the world in 2022
- Ransomware attacks surged by 105% in 2021
- The average downtime experienced after a malware attack is 21 days
- The average cost of a ransomware attack is $4.54 million, excluding the ransom
- Ransomware breaches have seen a 13% increase in the last 5 years
- 79% of attacks on the retail sector involve ransomware
- 63% of cyber-attacks against government agencies use ransomware
- 45% of security and IT execs expect a further rise in ransomware attacks
- 83% of respondents paid the ransom in the wake of an attack, with over half paying more than $100,000.
Finance and Healthcare
The financial services and healthcare industries are consistently among the most targeted sectors for cyber-attacks, owing to the high value and sensitivity of the data they hold.
Ransomware, data breaches, and other sophisticated threats have had significant consequences, including financial losses, regulatory penalties, and reputational damage. These industries face unique challenges, such as the need to comply with strict regulations, secure legacy systems, and protect vulnerable populations.
Implementing robust security controls, enhancing employee awareness, and fostering strong public-private partnerships will be crucial for safeguarding these critical sectors.
- The finance sector is the second most targeted industry for basic web application attacks
- Ransomware accounts for 64% of successful cyber-attacks against the financial sector
- On average, a financial services employee has access to 13% of the company’s total files
- Finance sector data breaches are amongst the most expensive to fix, costing $5.85 million on average
- 63% of financial institutions reported an increase in destructive cyber attacks
- 57% of banking executives identified cybersecurity as a top priority
- Healthcare data breach costs have increased by 53.3% since 2020
- Over 93% of healthcare organizations have experienced a data breach in recent years
- Medical devices have an average of 6.2 cybersecurity vulnerabilities each
- Healthcare institutions spend 4-7% of their budget on cybersecurity, compared to 15% for other industries
- Healthcare email fraud has increased by 473% since 2019
Education
The education sector has emerged as a relatively new, yet increasingly popular, target for cyber attacks, especially with the rise of online learning in recent years. From elementary schools to higher education institutions, these organizations possess a vast trove of personal data that can have devastating consequences if compromised.
The recent surge in attacks on K-12 schools has rightfully elevated cybersecurity as a top priority for school administrators worldwide. Education establishments, which often operate with limited resources, face the daunting challenge of protecting sensitive student and employee information, as well as ensuring the continuity of critical educational services.
Proactive measures, such as robust security protocols, staff training, and technological safeguards, are essential for the education sector to mitigate the growing risks posed by cyber threats and safeguard the wellbeing of their communities.
- Educational institutions experienced 2,507 attempts per college or university per week in 2023
- SonicWall reported an 827% spike in attacks on K-12 schools in 2022
- 1,847,000 students have been impacted by ransomware attacks in the US since 2020
- The average cost to remediate a ransomware attack in higher education is $1.42 million
- Only 4% of institutions reported recovering 100% of their data after paying the ransom
- Ransomware attacks result in 3 days to up to 3 weeks in lost learning time
- 66% of education organizations reported being hit by a ransomware attack
- 65% of higher education institutions have designated data security as a top priority
- 62% of education administrators have reported difficulties in hiring cybersecurity staff
- 50% of education organizations reported having to use multiple restoration methods after a ransomware attack
Business Email Compromise (BEC)
Business Email Compromise (BEC) remains a highly damaging cyber threat, causing billions in losses annually. However, this attack type is one of the most effectively mitigated through cybersecurity awareness training, as it relies on manipulating human vulnerabilities.
- 29% of companies reported losing a client in 2022 due to a BEC attack
- BEC attacks led to $1.8 billion in damages in 2021
- Gift card requests are the most common way to retrieve funds from a BEC attack, constituting 68% of such attacks
- 52% of people who clicked on a phishing link did so because they thought it came from a senior executive
- 19% of data breaches are the result of BEC
Cyber-Security Statistics Reference URLs:
- https://aag-it.com/the-latest-2022-cyber-crime-statistics/
- https://blackbookmarketresearch.newswire.com/news/healthcare-data-breaches-costs-industry-4-billion-by-years-end-2020-21027640
- https://blog.checkpoint.com/2021/01/14/brand-phishing-report-q4-2020/
- https://blog.protenus.com/2022-healthcare-data-breach-trends
- https://cdn2.assets-servd.host/gifted-zorilla/production/files/H2-2022-Email-Threat-Report.pdf
- https://cybernews.com/editorial/mobile-phishing-attacks-are-scary-and-on-the-rise-85-are-outside-of-email/
- https://cybersecurityventures.com/patient-insecurity-explosion-of-the-internet-of-medical-things/
- https://dataprot.net/statistics/cyber-security-statistics/
- https://docs.apwg.org/reports/apwg_trends_report_q4_2021.pdf
- https://er.educause.edu/articles/sponsored/2023/9/three-cybersecurity-facts-campus-leaders-should-know
- https://f.hubspotusercontent20.net/hubfs/1670277/%5BCollateral%5D%20Tessian-Research-Reports/%5BTessian%20Research%5D%20Psychology%20of%20Human%20Error%202022.pdf?__hstc=170273983.0e1a1a3388028dc9e6a3c1c37aa63da6.1667853183009.1667853183009.1667853183009.1&__hssc=170273983.1.1667853183010&__hsfp=2478973190
- https://geminiadvisory.io/gift-card-shop-breached/
- https://info.varonis.com/hubfs/docs/research_reports/2021-Financial-Data-Risk-Report.pdf?hsLang=en
- https://learn-cloudsecurity.cisco.com/umbrella-library/2021-cyber-security-threat-trends-phishing-crypto-top-the-list
- https://securelist.com/it-threat-evolution-in-q2-2022-mobile-statistics/107123/
- https://thoughtlabgroup.com/cyber-solutions-riskier-world/
- https://thoughtlabgroup.com/wp-content/uploads/2022/05/Cybersecurity-Solutions-for-a-Riskier-World-eBook_FINAL-2-1.pdf
- https://venturebeat.com/security/ransomware-attacks-surged-2x-in-2021-sonicwall-reports/
- https://www.ajmc.com/view/understanding-the-relationship-between-data-breaches-and-hospital-advertising-expenditures
- https://www.bankingexchange.com/news-feed/item/8682-cyber-risks-facing-financial-services-organizations-in-2021-and-beyond
- https://www.beckershospitalreview.com/healthcare-information-technology/a-prescription-for-better-healthcare-cybersecurity-strategies-in-the-new-year.html
- https://www.blazeinfosec.com/post/cyber-threats-for-finance-2023/
- https://www.chronicle.com/article/higher-eds-hiring-challenges-are-getting-worse
- https://www.csiweb.com/what-to-know/content-hub/blog/bankers-identify-top-three-cybersecurity-threats-for-2022/
- https://www.csoonline.com/article/3571734/the-cybersecurity-skills-shortage-is-getting-worse.html?upd=1598452040833
- https://www.cybertalk.org/2022/03/30/top-15-phishing-attack-statistics-and-they-might-scare-you/
- https://www.forbes.com/sites/chuckbrooks/2022/01/21/cybersecurity-in-2022–a-fresh-look-at-some-very-alarming-stats/?sh=77c0868d6b61
- https://www.gao.gov/products/gao-23-105480
- https://www.highereddive.com/news/enrollment-data-hiring-top-college-risk-worries/639884/
- https://www.hipaajournal.com/healthcare-email-fraud-attacks-have-increased-473-in-2-years/
- https://www.ibm.com/downloads/cas/3R8N1DZJ
- https://www.ibm.com/downloads/cas/E3G5JMBP
- https://www.ic3.gov/Media/Y2017/PSA170504#fn3
- https://www.infosecurity-magazine.com/news/exploitation-29-education-sector/
- https://www.keeper.io/hubfs/PDF/Password%20Malpractice%20Campaign/Infographic%20-%20Workplace%20Password%20Malpractice.pdf
- https://www.mastercard.us/en-us/business/overview/safety-and-security/cyber-security.html
- https://www.ptsecurity.com/ww-en/analytics/cybersecurity-threatscape-2021/
- https://www.ptsecurity.com/ww-en/analytics/cybersecurity-threatscape-2022-q2/
- https://www.ptsecurity.com/ww-en/analytics/security-threats-in-the-retail-sector/
- https://www.ptsecurity.com/ww-en/analytics/web-vulnerabilities-2020-2021/
- https://www.pwc.com/dti
- https://www.slashnext.com/wp-content/uploads/2022/10/SlashNext-The-State-of-Phishing-2022.pdf
- https://www.sonicwall.com/medialibrary/en/white-paper/2021-cyber-threat-report.pdf
- https://www.sonicwall.com/medialibrary/en/white-paper/2022-sonicwall-cyber-threat-report.pdf
- https://www.sophos.com/en-us/press/press-releases/2022/04/ransomware-hit-66-percent-of-organizations-surveyed-for-sophos-annual-state-of-ransomware-2022
- https://www.statista.com/statistics/881214/share-out-of-date-browsers-enterprise-devices/
- https://www.varonis.com/blog/data-breach-literacy-survey
- https://www.verizon.com/business/en-gb/resources/reports/dbir/
- https://www.verizon.com/business/resources/reports/dbir/
- https://www.verizon.com/business/resources/reports/dbir/2022/financial-services-data-breaches/
- https://www2.deloitte.com/content/dam/Deloitte/nz/Documents/risk/the-future-of-cyber-survey-report.pdf