Cybersecurity issues are becoming a day-to-day struggle for businesses. Recent trends and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.
Additionally, recent security research suggests that most companies have unprotected data and poor cybersecurity practices in place, making them vulnerable to data loss. To successfully fight against malicious intent, it’s imperative that companies make cybersecurity awareness, prevention and security best practices a part of their culture.
In order to give you a better idea of the current state of overall security, we’ve compiled the 110 must-know cybersecurity statistics for 2020. Hopefully, this will help you paint a picture of how potentially dire leaving your company insecure can be as well as show the prevalence and need for cybersecurity in business. This includes data breaches, hacking stats, different types of cybercrime, industry-specific stats, spending, costs and the cybersecurity career field.
For more in-depth security insights check out our cybersecurity whitepapers.
11 Impactful Cybersecurity Facts and Stats
There are many important facets to cybersecurity, which are covered in greater detail below. Here we wanted to include statistics that give a good idea of the cybersecurity field as a whole, along with the overall impact of cyber attacks.
To learn more about a variety of cybersecurity topics, drop in for a free security webinar!
- Worldwide spending on cybersecurity is forecasted to reach $133.7 billion in 2022. (Gartner)
- 62% of businesses experienced phishing and social engineering attacks in 2018. (Cybint Solutions)
- 68% of business leaders feel their cybersecurity risks are increasing. (Accenture)
- Only 5% of companies’ folders are properly protected, on average. (Varonis)
- Data breaches exposed 4.1 billion records in the first half of 2019. (RiskBased)
- 71% of breaches were financially motivated and 25% were motivated by espionage. (Verizon)
- 52% of breaches featured hacking, 28% involved malware and 32–33% included phishing or social engineering, respectively. (Verizon)
- Between January 1, 2005 and April 18, 2018 there have been 8,854 recorded breaches. (ID Theft Resource Center)
- While overall ransomware infections were down 52%, enterprise infections were up by 12% in 2018. (Symantec)
- The top malicious email attachment types are .doc and .dot which make up 37%, the next highest is .exe at 19.5%. (Symantec)
- By 2020, the estimated number of passwords used by humans and machines worldwide will grow to 300 billion. (Cybersecurity Media)
Largest Data Breaches and Hacking Statistics
The increasing amount of large-scale, well-publicized breaches suggests that not only are the number of security breaches going up — they’re increasing in severity, as well. Data breaches expose sensitive information that often leave exposed users at risk for identity theft, ruin companies’ reputations and almost always leave the company liable for compliance violations.
- Security breaches have increased by 11% since 2018 and 67% since 2014. (Accenture)
- Hackers attack every 39 seconds, on average 2,244 times a day. (University of Maryland)
- The average time to identify a breach in 2019 was 206 days. (IBM)
- The average lifecycle of a breach was 314 days (from the breach to containment). (IBM)
- 500 million consumers, dating back to 2014, had their information compromised in the Marriott-Starwood data breach made public in 2018. (Marriott)
- 64% of Americans have never checked to see if they were affected by a data breach. (Varonis)
- 56% of Americans don’t know what steps to take in the event of a data breach. (Varonis)
- The average cost of a data breach is $3.92 million as of 2019. (Security Intelligence)
- 83% of enterprise workloads will move to the cloud by the year 2020. (Forbes)
- In 2016, 3 billion Yahoo accounts were hacked in one of the biggest breaches of all time. (NY Times)
- In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers. (Uber)
- Uber tried to pay off hackers to delete the stolen data of 57 million users and keep the breach quiet. (Bloomberg)
- In 2017, 412 million user accounts were stolen from Friendfinder’s sites. (Wall Street Journal)
- In 2017, 147.9 million consumers were affected by the Equifax Breach. (Equifax)
- The Equifax breach cost the company over $4 billion in total. (Time Magazine)
- In 2018, Under Armor reported that its “My Fitness Pal” was hacked, affecting 150 million users. (Under Armour)
- 18 Russians, 19 Chinese individuals, 11 Iranians and one North Korean were involved in indictments for their alleged state-sponsored espionage against the United States. (Symantec)
Cyber Crime Statistics by Attack Type
It’s crucial to have a grasp of the general landscape of metrics surrounding cybersecurity issues, including what the most common types of attacks are and where they come from. Some of these most common attacks include phishing, whaling, social engineering, Distributed Denial of Service (DDoS) attacks, malware and ransomware.
There are new malware and viruses being discovered every day. Varonis recently discovered the Monero cryptojacking malware during a cryptojacking investigation that secretly plagued a company for over a year.
- 94% of malware was delivered by email. (Verizon)
- Phishing levels declined, dropping from 1 in 2,995 emails in 2017, to 1 in 3,207 emails in 2018. (Symantec)
- 34% of data breaches involved internal actors. (Verizon)
- 51% of businesses experienced denial of service attacks in 2018. (Cybint Solutions)
- 61% of organizations have experienced an IoT security incident. (CSO Online)
- Malicious PowerShell scripts blocked in 2018 on the endpoint increased 1,000%. (Symantec)
- 100,000 groups in at least 150 countries and more than 400,000 machines were infected by the Wannacry virus in 2017, at a total cost of around $4 billion. (Technology Inquirer)
- IoT devices experience an average of 5,200 attacks per month. (Symantec)
- 90% of remote code execution attacks are associated with cryptomining. (CSO Online)
- The average cost of a ransomware attack on businesses is $133,000. (SafeAtLast)
- 92% of malware is delivered by email. (CSO Online)
- 48% of malicious email attachments are office files. (Symantec)
- 69% of organizations don’t believe the threats they’re seeing can be blocked by their anti-virus software.(Ponemon Institute’s Cost of Data Breach Study)
- Gandcab 5 requires that victims pay $2,499 for the decryption key. (McAfee)
- 1 in 36 mobile devices had high risk apps installed. (Symantec)
- In 2018, an average of 10,573 malicious mobile apps were blocked per day. (Symantec)
- 65% of groups used spear-phishing as the primary infection vector. (Symantec)
- Mirai distributed denial of service (DDoS) worm remained an active threat and, with 16% of the attacks, was the third most common IoT threat in 2018. (Symantec)
- 1 in 13 web requests lead to malware. (Symantec)
- Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations. The United States ranks highest with 18.2% of all ransomware attacks. (Symantec)
- Most malicious domains, about 60%, are associated with spam campaigns. (Cisco)
- About 20% of malicious domains are very new and used around 1 week after they are registered. (Cisco)
Cybersecurity Compliance and Governance Statistics
With new threats emerging every day, the risks of not securing files is more dangerous than ever, especially for companies. More severe consequences are being enforced as stricter legislation passes in regions across the world. Some stand-outs from recent years include the European Union’s 2018 General Data Protection Regulation (GDPR) and California’s 2020 California Consumer Privacy Act (CCPA). Companies need to take note of lessons from the GDPR, as more iterations are expected to pass across the globe in the coming years.
It’s crucial to properly set permissions on files and get rid of stale data. Keeping data classification and governance up to par is instrumental to maintaining compliance with data privacy legislation like HIPAA, SOX, ISO 27001 and more.
Try a free risk assessment to see where your vulnerabilities lie.
- 69% of companies see compliance mandates driving spending. (CSO Online)
- 53% of companies had over 1,000 sensitive files open to every employee. (Varonis)
- 22% of all folders were available to every employee. (Varonis)
- 88% companies spent more than $1 million on preparing for the GDPR. (CSO Online)
- Google was fined $57 billion for GDPR violations by CNIL, a French data protection agency. (TechCrunch)
- Companies reportedly spent $9 billion on preparing for the GDPR. (Forbes)
- By December 2018, only 50% of companies believed they were GDPR compliant. (Data Center Frontier)
- 15% of companies found 1,000,000+ files open to every employee. (Varonis)
- 17% of all sensitive files were accessible to all employees. (Varonis)
- On average, every employee had access to 17 million files. (Varonis)
- The GDPR fines totaled $63 million in its first year. (GDPR.eu)
- 1,000 news sources blocked EU readers to avoid the GDPR compliance rules. (Nieman Lab)
- 61% of companies have over 500 accounts with non-expiring passwords. (Varonis)
- Businesses spent $1.3 million on average to meet compliance requirements and are expected to put in an additional $1.8 million. (IAAP)
- Legal advice and teams cost UK FTSE 350 companies about 40% of their GDPR budget or $2.4 million. (Forbes)
- Since the GDPR was enacted, 31% of consumers feel their overall experience with companies has improved. (Marketing Week)
- In the GDPR’s first year, there were 144,000 complaints filed with various GDPR enforcement agencies and 89,000 data breaches recorded. (EDPB)
- Equifax was found liable for their 2017 breach and was fined $425 million by the Federal Trade Commission (FTC) in 2019. (FTC)
Industry-Specific Cyber Stats
When it comes to cybersecurity, not all industries are created equal. Industries that store valuable information like healthcare and finance are usually bigger targets for hackers who want to steal Social Security numbers, medical records and other personal data. But really, no one is safe because lower-risk industries are also targeted due to the perception that they’ll have fewer security measures in place.
Take a free 30-minute demo and see how Varonis can help keep your organization’s name out of data breach news.
- 43% of breach victims were small businesses. (Verizon)
- Financial and Manufacturing services have the highest percent of exposed sensitive files at 21%. (Varonis)
- Financial services had 352,771 exposed sensitive files on average while Healthcare, Pharma and Biotech have 113,491 files on average — the highest when comparing industries. (Varonis)
- 15% of breaches involved Healthcare organizations, 10% in the Financial industry and 16% in the Public Sector. (Verizon)
- The banking industry incurred the most cybercrime costs in 2018 at $18.3 million (Accenture)
- Smaller organizations (1–250 employees) have the highest targeted malicious email rate at 1 in 323. (Symantec)
- WannaCry ransomware attack cost the National Health Service (NHS) over $100 million. (Datto)
- The estimated losses in 2019 for the healthcare industry are $25 billion. (SafeAtLast)
- Lifestyle (15%), and Entertainment (7%) were the most frequently seen categories of malicious apps. (Symantec)
- Supply chain attacks are up 78% in 2019. (Symantec)
- Trojan horse virus Ramnit largely affected the financial sector in 2017, accounting for 53% of attacks. (Cisco)
- The financial services industry takes in the highest cost from cybercrime at an average of $18.3 million per company surveyed. (Accenture)
- The industry with the highest number of attacks by ransomware is the healthcare industry. Attacks will quadruple by 2020. (CSO Online)
Security Spending and Cost Statistics
Average expenditures on cybercrime are increasing dramatically, and costs associated with these crimes can be crippling to companies who have not made cybersecurity part of their regular budget. Cybersecurity budgeting has been increasing steadily as more executives and decision-makers are realizing the value and importance of cybersecurity investments.
- By 2020, security services are expected to account for 50% of cybersecurity budgets. (Gartner)
- The average cost of a malware attack on a company is $2.6 million. (Accenture)
- $3.9 million is the average cost of a data breach. (IBM)
- Healthcare had the highest data breach costs at $429 per record. (IBM)
- The average cost per record stolen is $150. (IBM)
- The total cost of cybercrime for each company increased by 12% from $11.7 million in 2017 to $13.0 million in 2018. (Accenture)
- The average annual security spending per employee doubled, from $584 in 2012 to $1,178 in 2018. (Gartner)
- The cost of lost business averaged $1.42 million. (IBM)
- The average cost in time of a malware attack is 50 days. (Accenture)
- The most expensive component of a cyber attack is information loss at $5.9 million. (Accenture)
- The average cost per lost or stolen records per individual is $141 — but that cost varies per country. Breaches are most expensive in the United States ($225) and Canada ($190). (Ponemon Institute’s Cost of Data Breach Study)
- In companies with over 50k compromised records, the average cost of a data breach is $6.3 million. (Ponemon Institute’s Cost of Data Breach Study)
- Including turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill, the cost of lost business globally was highest for U.S. companies at $4.13 million per company. (Ponemon Institute’s Cost of Data Breach Study)
- Damage related to cybercrime is projected to hit $6 trillion annually by 2021. (Cybersecurity Ventures)
- Ransomware damage costs will rise to $11.5 billion in 2019 and a business will fall victim to a ransomware attack every 14 seconds at that time. (Cybersecurity Ventures)
- The United States and the Middle East spend the most on post-data breach response. Costs in the U.S. were $1.56 million and $1.43 million in the Middle East. (Ponemon Institute’s 2017 Cost of Data Breach Study)
- 50% of large enterprises (with over 10,000 employees) are spending $1 million or more annually on security, with 43% spending $250,000 to $999,999, and just 7% spending under $250,000. (Cisco)
Cybersecurity Job Statistics
The demand for cybersecurity professionals continues to rise along with the rates of attacks and increases in cybersecurity budgets. The imbalance of the amount of skilled cybersecurity workers along with the high demand to fill cybersecurity positions has caused a cybersecurity skills shortage.
Interested in entering the field? Now is the time as the job field and average salary is only projected to grow. Looking for cybersecurity talent? Best of luck, it may be necessary to come up with creative cybersecurity skills shortage solutions — like outsourcing tasks, starting apprenticeships and partnerships with educational and military institutions to find fresh talent.
- 82% of employers report a shortage of cybersecurity skills. (ISSA)
- 61% of companies think their cybersecurity applicants aren’t qualified. (ISSA)
- The cybersecurity unemployment rate is 0% and is projected to remain there through 2021. (CSO Online)
- It’s predicted that by 2021, 100% of large companies globally will have a CISO position. (Cybersecurity Ventures)
- By 2021, it’s projected that there will be 3.5 million unfilled cybersecurity jobs globally. (Cybersecurity Ventures)
- Information Security Analysts job positions in the US are expected to grow 32% from 2018–28. (Bureau of Labor Statistics)
- Computer Network Architect job positions in the US are expected to grow 5% from 2018–28. (Bureau of Labor Statistics)
- Computer Programmer job positions in the US are expected to decline 7% from 2018–28. (Bureau of Labor Statistics)
- Since 2016, the demand for Data Protection Officers (DPOs) has skyrocketed and risen over 700%, due to the GDPR demands. (Reuters)
- 500,000 Data Protection Officers are employed (IAAP)
- 66% of cybersecurity professionals struggle to define their career paths. (ISSA)
- 60% of cybersecurity professionals aren’t satisfied with their current job. (ISSA)
Below is a visual guide of some of the most important facts and figures that shape the cybersecurity field.
Interested to see how the landscape has changed? Click the button below to see our 2019 visual data compilation.
Cybersecurity Statistic FAQs
Below are some of the most frequently asked questions about cybersecurity with answers supported by cybersecurity statistics and facts.
Q: What’s the Biggest Cybersecurity Threat to Businesses?
Q: What Are the Most Common Types of Cyber Attacks?
Q: How Many Cyber Attacks Happen a Day?
A: On average, hackers attack 2,244 times a day. (University of Maryland)
8 Cybersecurity Statistics Reports
Below are some helpful cybersecurity studies and articles to deepen your knowledge about the cybersecurity landscape.
- Accentures’s 2019 Cost of Crime Study
- Cisco’s Cybersecurity Reports
- Cybersecurity Venture’s Job Study
- Symantec 2019 Internet Security Threat Report
- RiskBased Mid-Year Data Breach Report
- Varnois’ 2019 Data Risk Report
- Verizon’s 2019 Data Breach Investigations Report
- World Economic Forum’s 2019 Global Risk Report
There’s no question that the situation with cybercrime is dire. Luckily, by assessing your business’s cybersecurity risk, making company-wide changes and improving overall security behavior, it’s possible to protect your business from most data breaches.
Make sure you’ve done everything you can do to avoid becoming a victim to an attack. The time to change the culture toward improved cybersecurity is now.