54 Cybersecurity Statistics from 2023: Stay Safe in the New Decade
Updated · May 20, 2023
Cybersecurity and online safety rarely are things that come to mind. We casually surf the internet with no concern for the dangers that lurk in the digital realms of the 21st century.
Even those among us cautious of their online safety can be affected by cybercrime. Numerous instances of data leaks and security breaches in companies widely considered safe are proof of that. Yahoo, Imgur, and many health companies had sensitive data stolen. Some others, like Facebook, even allegedly sell data for profit.
Yet, many of us keep ignoring the issue as if it doesn’t matter in the slightest.
So let me show you the seriousness of the problem with some numbers
Some Scary Cybersecurity Statistics For 2022 (Editor's Choice):
- By 2021, the cybersecurity damage is expected to reach $6 trillion.
- Not so surprising, given that 50% of users would click on a link from an unknown sender…
- …and that the majority of IoT devices reduce overall security.
- 43% of cyber attacks are aimed at small businesses.
- 58% of malware attacks are directed at small businesses.
- Still, financial companies pay the most – on average, $18.3 million per surveyed company.
- 90% of the CIOs state their cybersecurity budget is spent inefficiently.
We at Web Tribunal want to raise awareness about online safety and help you understand how much of a threat some innocent browsing can pose. Here is a sizeable list of cybersecurity statistics:
General Cybersecurity Facts and Stats
Sadly, cybercrime happens way more often than we’d like to think.
1. The US had a proposed budget of $18 billion for cybersecurity in 2021.
(Source: Homeland Security Today)
A sizeable chunk of the 2021 US budget is dedicated to cybersecurity. At least $18 billion will be spent on various activities related to fighting and preventing cyber attacks, and some sources predict $100 billion in spending for the five-year period 2020-2025.
The Department of Defense gets $9.8 billion to boost the nation’s cybersecurity, while Homeland Security gets around $2.6 billion. The fine print says that due to the nature of some activities, the amount of $18 billion doesn’t represent the entire spending on cybersecurity.
2. Cybersecurity damages are estimated to hit $6 trillion in 2021.
(Source: Cybersecurity Ventures)
Cyber attack statistics by year show an exponentially growing damage caused by cybercrime.
Cybercriminals are one of the largest threats to modern-day companies. Many are rightfully afraid of the damage that lackluster cybersecurity can cause.
In 2015, the estimated damages from cybercrime were $3 trillion. By 2021, the annual damage caused by malicious online activity is expected to reach $6 trillion; that’s more than losses caused by drug trafficking.
3. A hacker attack occurs every 39 seconds in the US.
A hacking attack is happening every 39 seconds in the US. On a yearly basis, every third person in the country is affected by hacker attacks.
4. 300 billion passwords will be in use by 2020.
(Source: SC Media)
Cybersecurity stats show that 300 billion passwords will be in use by humans and machines around the world in 2020. The report submitted by the market and intelligence firm Cybersecurity Ventures says that the employees of Fortune 500 companies will each have an average of 90 business and personal accounts that have password requirements.
5. 28% of adults in the US use the same password for all of their online accounts.
(Source: Business Insider)
The statistic that 28% of US adults use the same password for all their accounts shows how careless we are with the personal information we leave online. We access our banking accounts with the same passwords we use for Facebook, which is outright reckless. Variety is what keeps your passwords safe, even though you might struggle to remember them. Various combinations of letters and numbers, which don’t include your name or birthday, with an added special character, are the safest approach toward crafting a password. Ideally, you should have a new one for every online account you open.
6. The most commonly used password in 2022 is 123456.
Another prime example of the general lack of care about online safety is the fact that the most commonly used password in 2022 is 123456. This also shows a lack of imagination and willingness to put in any effort whatsoever to protect our sensitive data. The 2021 increase in cyber-attacks should come as no surprise.
The second most popular password was 123456789, which is just sad. The extra three digits aren't throwing anyone off your trail.
7. IoT devices decrease overall cyber security.
The Internet of Things, the idea that every device in our life is interconnected in order to make our lives easier and to which many companies gravitate, negatively impacts overall cybersecurity.
Research conducted by Symantec in 2015 found that smart door locks, as well as 50 other IoT devices, can be remotely accessed without a password and without much hassle. Granted, the technology will improve over time, but the concern for our security must remain high.
8. 50% of Internet users will click on a link from an unknown sender.
Internet scams and phishing attacks are here to stay, according to cybersecurity statistics. Mostly due to our lack of awareness and education on the topic of online safety, scammers make thousands of dollars with relative ease.
The average scammer can expect approximately 50% of people to click the link he’s sent them, as this is the estimated %age of internet users who click on links from unknown senders.
9. 16.7 million Americans were victims of identity fraud in 2017.
2018 identity fraud study conducted by Javelin found that 16.7 million US residents fell victim to this crime in 2017. This number represents an 8% increase from the year before, with most of the identity frauds happening because of poor online safety. Americans need to be more cautious about where and with who they share their personal data.
10. 90% of hackers use encryption in order to cover their tracks.
Hacking stats show that 90% of hackers use encryption to hide their activity and cover their tracks. The 10% that don’t use encryption are either white hat hackers paid to test the cyber security of certain systems or the ones who get caught by the authorities.
Cybersecurity and Business Organizations
Companies, large and small, are one of the main targets for hacking because of the earning potential they present
11. 70% of organizations believe their cybersecurity risk increased in 2017.
(Source: Prey Nation)
Ponemon Institute’s research shows that 70% of companies express concern about their cybersecurity and that they believe that their security risk increased exponentially in 2017.
The research appears to be consistent with the data available on cybercrime prominence further down the list.
12. 93% of organizations use cloud services.
Cloud storage services helped companies around the world to cut costs of data storage. Despite the convenience that cloud services offer – great cost, scalability, and accessibility – they present a major security threat, as they are prime targets for attempts at information technology security breaches.
93% of all organizations in the world have decided to use cloud solutions as their main data storage points.
13. 58% of small business owners are concerned about cyber attacks.
(Source: Huffington Post)
The majority of small business owners, or 58% of them, express concerns about potential cyber attacks their business might be exposed to. However, 51% of small business owners don’t take any measures to address these fears and refuse to allocate any funds to cybersecurity that could mitigate the potential damage from cyber attacks.
14. 68% of small businesses store customers’ email addresses unsafely.
(Source: Small Business Trends)
68% of small businesses store customers’ email addresses in an unsafe way. On top of that, 64% store phone numbers and billing addresses in a manner that is easily available to hackers. SSL certificates can encrypt this data while it's in transit, but the data points are still sitting ducks when they are on the actual server. In addition, only 38% of small businesses report that they regularly upgrade their software, with just 22% of them using encrypted databases.
15. 90% of CIOs admit to wasting millions on inadequate cybersecurity.
The overall cost of cybersecurity might be inflated by executives’ needless overspending.
The vast majority of Chief Information Officers admit that their organization's cybersecurity is inadequate and that they waste millions of dollars on it while it still remains ineffective. 90% of IT executives realize that their company’s cybersecurity foundation, which is, according to most of them, keys and certificates, remain unprotected.
16. 70% of IT professionals say their company can’t respond properly to a cyber threat.
(Source: Ponemon Institute)
Even though most IT professionals are aware of the threat the lack of cybersecurity presents, 70% believe that their organizations are unfit to respond to a cyber attack due to the lack of a cybersecurity response plan.
Out of 2,600 IT professionals surveyed, 26% said that their company has an informal process of dealing with this type of event, while 27% of those who actually have a response plan said that their incident response plan isn’t followed consistently.
17. 65% of the top 100 banks in the US failed web security testing.
Here’s an interesting bit of cybersecurity statistics for all of those who use online banking in the US:
More than 1,000 websites were audited anonymously by the Online Trust Alliance; the sites of the top 100 banks in America were included. The report from the audit says that 65% of the banks failed the web security testing, scoring the lowest out of all tested websites.
In order to pass the screening, websites had to score more than 80% in 3 categories: consumer protection, security, and privacy. Failing in one of the categories brought a failing mark. As it turns out, just 27% of the top 100 banks were able to meet the criteria.
17% of the banks that failed had moderately adequate website security; 45% didn’t have the necessary email security. 34% of those who failed had poor privacy protection.
18. There will be 3.5 million unfilled cybersecurity jobs by 2021.
The cybersecurity sector employed close to 780,000 people in 2017 in the US alone. However, there is a serious lack of employees in this field, even today. Humbler estimates put this number somewhere around 350,000, but it is expected to grow to 3.5 million unfilled jobs in the cybersecurity industry by 2021.
Data Breach Statistics
Data breaches happen on larger scales because information becomes more and more valuable.
19. There were 781 data breaches in 2015.
2015 was the year when data breaches became a huge deal, as people demanded to know if and when their personal info got exposed. Many companies started disclosing such data, and it turned out that there were only 781 data breach instances throughout 2015.
20. Over 1,000 data breaches occurred in 2016.
An increase of 40% in data breaches happened in 2016, with the reported breaches reaching 1,093. This number was considered a catastrophe at the time, but it is nothing compared to the breaches we see today. 2017 was the year when they spiked, but, fortunately, the trend is slowing down.
21. 2018 saw more than 2,000 data breaches.
Cybersecurity incidents in 2018 were not aimed so much at personal data theft as they were in the years before. There were 2,216 confirmed data breaches over the year, most of them minor. Experts estimate that the unreported breaches at least double this figure.
22. There were only 1,291 publicly disclosed data breaches in 2021.
(Source: Security Magazine)
However, when you consider just these accounts for 22 billion exposed records, the numbers start looking a lot more serious.
23. Yahoo and its users were the victims of the largest data breach to date.
The biggest data breach in the 21st century occurred in 2013. Yahoo and its 3 billion users were victims of the breach that exposed all of the users’ data, including names, addresses, birth dates, passwords, and phone numbers. The company lost more than $350 million in value, and many people left the platform.
24. Nearly 2 billion personal and sensitive data records were breached between January 2017 and March 2018.
Between January 1st, 2017, and March 20, 2018, nearly 2 billion records with users’ personal and sensitive data were compromised. Yahoo was, once again, a part of these breaches, accounting for 1.5 billion exposed records.
The other major data breach is surprising and represents a sort of cybersecurity stats anomaly, as it occurred on Myspace, the platform that has been long forgotten by most of us. Apparently, the Myspace data breach disclosed 360 million personal records.
25. Data breaches are identified in 191 days on average.
According to Ponemon Institute’s 2017 research sponsored by IBM, it takes a company 191 days on average to detect a data breach.
419 companies from 13 countries, including the US, Germany, Australia, and Japan, were involved in the study.
26. It takes an average of 66 days to contain a data breach.
The IBM study revealed that once a breach was detected, it took an average of 66 days to contain it during 2017. Data breaches that were caused by hackers took up to 77 days to solve, and those caused by human error took approximately 64 days to contain. Some of the companies involved in the survey sealed their data breach in just 10 days, while others took up to 164.
27. Commonwealth Health Corporation lost 697,800 records to a data breach.
In 2017, the largest cybersecurity breach in the US was Commonwealth Health Corporation losing nearly 700,000 records. The loss is attributed to theft.
The second-largest data breach of the year was Airway Oxygen hacking that compromised 500,000 records. Numerous other data thefts saw more than 100,000 records compromised, and interestingly, most of them were in the healthcare industry.
28. The average cost of data breaches in 2017 was $3.62 million.
The organizations involved in the IBM study lost 3.62 million dollars on average in 2017 because of data breaches. The amount represents a 10% decrease compared to the year before.
29. $141 is the average cost per lost or stolen record.
On average, every lost or stolen record from the companies featured in the IBM research cost 141 dollars in 2017. During 2016, the average was 11.4 % higher.
30. 198 million US voter records were breached and exposed.
Judging by various cybersecurity facts, 2018 was a year of concern for practically everyone.
One of the biggest data breaches of our time occurred when nearly 200 million US voter records were exposed. Apparently, there was no cyber attack behind it, as the mishap was attributed to a misconfiguration in the system.
31. The US will account for 50% of breached data by 2023.
Projections and educated guesses predict that cybercriminals will steal around $33 billion in 2023. This year, an estimated amount they got away with was 12 billion dollars.
More than half of the data breaches in 2023 are expected to happen in the US, mostly due to the amount of personal data that the country’s servers hold. There are numerous corporations and small companies that hold their data in an unsafe manner, with the users’ personal info such as addresses, social security numbers, and credit card data sitting in plain sight.
Cyber Attack Statistics
Considering that is very likely a significant number of cyber attacks go unreported, the cyber attack stats below probably don’t do justice to the grim reality.
32. The number of cyber attacks increased by 600% in 2017.
In 2016, there were only 6,000 reported cyber attacks worldwide. 2017 saw an increase of no less than 600%, reaching 50,000 cyber attacks during the year. There was an increase of 54% in mobile malware during the same year.
33. There were more than 53,000 cybersecurity incidents in 2018.
Verizon’s 2018 data breach investigations report claimed that there were over 53,000 incidents related to cybersecurity during the year. Even though this data indicates serious problems, it also points toward solutions. Data analysts are able to see the weak points in security, pinpoint them, and improve on all necessary aspects needed to mitigate future incidents.
34. 24% of Canadian organizations reported a cyber attack in 2014.
Cybercrime statistics began to rise in Canada back in 2014.
In 2014, 24% of organizations based in Canada reported a cyber attack. At the end of the year, there were 111.1 companies registered per million people in Canada.
35. 28% of Canadian organizations reported a cyber attack in 2016.
While nearly a quarter of all Canadian companies reported a cyber attack in 2014, in 2016, the number increased. 28% of organizations in the country reported a cyber attack, setting a trend of a bi-yearly increase of 4% for the foreseeable future.
36. More than 4,000 ransomware attacks occur daily.
Cybercrime facts and statistics say that since 2016 over 4,000 ransomware attacks occur daily. That’s a 300% increase from 2015, when less than 1,000 attacks of this type were recorded per day. Ransomware targets home users, businesses, and government networks and often leads to the permanent loss of sensitive information.
37. The average amount requested after a ransomware attack is $1,077.
Ransom usually is requested to be paid in bitcoin, as cryptocurrencies are nigh untraceable. The average amount requested by the attackers is equivalent to $1,077. The high price is the reason why most users affected by ransomware decide to just give up on the stolen data.
38. 40% of ransomware victims decide to pay up.
Considering how many cyber attacks occur per day, some of the affected users are guaranteed to pay for the stolen data.
Even though most users give up on the stolen data, 4 % still choose to pay the ransom to get their data back or their devices unlocked. Experts suggest that the most common reason why people pay up is the shame they felt, rather than the need for data recovery.
39. Ransomware is down this year.
2017 was the year of ransomware. It seemed like everyone who wasn’t cautious enough got their files temporarily hijacked by this type of malware. According to estimations, ransomware hackers made millions in bitcoin.
By the time 2018 came around, only 10% of all online malware exposures were for ransom.
40. Bitcoin-mining software attacks are on the rise.
It appears that the reason for the drop in ransomware attacks wasn’t an ethical one but a business-driven decision by attackers. Most of the recent cyber attacks were motivated differently.
Instead of demanding internet users to pay up in bitcoin for their data, attackers figured it would be easier and more lucrative to infect PCs with bitcoin-mining software. This way, the scam can go on for much longer without anyone noticing and earn attackers a lot more money in return.
During the first half of 2018, 90% of all remote code execution attacks were crypto mining-related, with more than 3 million crypto attacks happening between January and May.
41. More than 500 million PCs are infected with mining malware.
Estimations show that over 500 million PCs are unknowingly infected with crypto-mining software. More than 200 popular websites run crypto-mining scripts that use the visitors’ CPU resources to mine, slowing down the overall performance of their PC.
Browser mining was much more common 5 or 6 years ago, but the crypto world shifted to mining through graphics cards since. Many of the websites that applied these methods were struggling to bring in revenue from advertising, and most of them were in the business of distributing pornography.
42. 92% of malware is still delivered via email.
According to the Verizon data breach report and malware statistics available online, 92% of all malware attacks occur through email.
The most commonly used method of attack is phishing, a cyber attack that exploits the receivers’ lack of knowledge and/or attention to trick them they are receiving the email from someone else, typically a bank or someone requesting a payment.
It is appalling that people still fall for this type of scam. We should wise up and realize that money doesn’t fall from the sky and that we should never pay an “African prince” $1,000 so he can get his inheritance and send us a million bucks after he does. And if you run a business, make sure to get good spam protection on your email hosting.
43. 38% of all malicious file extensions are Word, Excel, and PowerPoint files.
An important piece of data related to the cyber attacks in 2018:
MS Office file extensions for Word, Excel, and PowerPoint represent the most common file attachments with malware. The reason behind this is the fact that most people think that the files came from a co-worker or a business partner, never suspecting malware hiding behind a table or a simple text document.
38% of all malicious files attached to emails are in one of the MS Office formats.
44. 56% of IT organizations recognize phishing as the biggest threat to their cybersecurity.
A survey of more than 1,300 IT executives found that 56% consider phishing to be the biggest threat and allocate large chunks of their cybersecurity budgets to educate their employees about it.
45. 77% of cyber attacks were file-less in 2017.
The days of .exe file attachments are far behind us. Nowadays, 77% of small and large-scale cyber attacks happen to be file-less or at least that was the case in 2017.
Fileless attacks rely on the software we already have installed on our computers, and they are far less obvious than the executable files that used to infect our devices years ago. Malware can hide in browser plug-ins, and MS Office macros or might exploit the flaws in server programs that can lead to data theft from the server.
46. 21% of coordinated cyberattacks come from China.
Hackers from 4 countries work together to cause a significant increase in cyberattacks:
The largest share of coordinated cyber attacks originates from China. This country’s hackers are responsible for 21% of all attacks, 11% come from the US, while Brazil holds third place with 7%. Russian hackers are responsible for 6% of coordinated attacks.
47. The US was affected by 303 coordinated cyber attacks from 2015 to 2017.
There were 303 registered coordinated cyber attacks in the US from 2015 to 2017, making the country the biggest target in the world for that period. India had to deal with 133 attacks of this type for those two years, while Japan faced 87.
Mobile cyber attack statistics 2018
48. 60% of all online fraud is committed through mobile devices.
The preferred gateway of online fraudsters is mobile devices. 40% of fraud attempts are directed towards desktop users, while 60% of the malware infection efforts go to mobile. In addition, 80% of the malware that afflicts phones does so through apps rather than through a mobile web browser.
49. 98% of mobile malware targets Android phones.
Kaspersky Lab states that mobile malware is the next big thing in the world of cybercrime. Data shows that 98% of all mobile malware attacks target Android devices, meaning that just 2% are aimed at iOS devices.
Mac users seem also to be safe from cyber attacks, as hackers also prefer to attack machines that run Windows.
50. Just 20% of Android devices use the latest and safest OS version.
The number of cyber attacks per day that affect Android phones could be reduced by a simple system update.
As of June 2021, 36.47% of users had version 10, and 17.73% of users had version 11 installed. These are a lot better than pre-8 versions that are more vulnerable to attack. Still, roughly 15% of users are still running pre-8 OS versions. Version 12 launched at the end of 2021, but statistics are still being gathered about its adoption rate.
51. 75% of popular free apps for iOS were hacked at some point.
When it comes to Apple and its iOS, 75% of the apps in the popular Free category have been hacked at some point and had the users’ data exposed. The percentage increases for the top 100 paid iOS apps, with 87% of them having been hacked.
52. 80% of popular free apps for Android were hacked at some point.
When it comes to popular free apps, 80% of Android apps have been hacked. Things get considerably worse with the free apps, as 97% of them got hacked in the past.
53. 27% of malicious apps are lifestyle apps.
The biggest security threat comes from lifestyle apps. Data shows that 27% of all malicious apps belong to this category. Music apps are the second most common source of infection for mobile users, with 20% of all hacked apps coming from this category.
54. 63% of infected apps have a goal of leaking the phone number.
Cybersecurity statistics show that the most common goal of malicious apps is to leak the phone number of the device they infect. This way, the phone number, together with any other information that is leaked, can be sold in bundles to companies looking to buy. Up to 67% of malicious apps are aimed at stealing specifically this piece of data, while 37% leak the device location.
These statistics are worrying, to be sure, but they also show that tech firms and governments haven't given up the good fight.
Of course, the first line of defense is the way you configure your personal cybersecurity and the steps you take.
Hopefully, this round-up gave you a better idea of just how important cybersecurity is and what you can do to improve yours.
Unaware that life beyond the internet exists, Nick is poking servers and control panels, playing with WordPress add-ons, and helping people get the hosting that suits them.