Cybersecurity Statistics (How Many Cyber Attacks Are There?)
These comprehensive cybersecurity statistics will give you a better understanding of the growing concern for businesses and individuals.
Every year, more and more of our lives, even private and sensitive stuff, occur online. And even though cybersecurity technology is improving, organizations and people take it too lightly.
Why? Because hackers are getting better and better at hacking stuff. (You’ll rethink your security after checking these hacking statistics.)
That’s when these stats about cybersecurity and cybercrime come into place – informing you about the issue.
We will look at the popularity of malware, phishing, DDoS attacks and (immense) data breaches you must be familiar with.
Also, cybersecurity’s market share, how good different countries are at it, and other trends, so you’ll better understand what they mean for businesses and individuals looking to protect themselves online.
This post covers:
Cybersecurity Statistics (Our Top Picks)
- There were 5.5 billion malware attacks in 2022
- 5.2K+ organizations experience data breaches globally
- The most popular cybercrime in the US is phishing
- Cybersecurity market to grow to $266+ billion by 2027
- Microsoft invests $1 billion annually in cybersecurity
- 30,000 sites get hacked daily
- 4.1 million websites have malware worldwide
- Nr. 1 reason employees click on phishing emails is distraction
- The global average cost of a data breach is $4.35 million
How Many Cyber Attacks Are There?
1. There were 5.5 billion malware attacks in 2022
In 2022, there were 5.5 billion malware attacks globally, which is only 2% more than the previous year. However, the most malware attacks reported were in 2018, a whopping 10.5 billion.
As you can see from the table below, the number of attacks is much lower than it was a few years ago. It’s likely because technology and cybersecurity are getting more sophisticated.
When looking at mobile, there were 438,035 malware installation packages, an 8% increase from 2022. But one of the largest mobile malware installations was detected in the second quarter of 2016 – 3,626,000+.
Source: Statista #1, Statista #2
2. Global ransomware attacks are slightly increasing
Statista reported that in the last quarter of 2020, there were reported nearly 155 million ransomware attacks around the world. However, this isn’t the most significant detected number in the previous two years. The second and third quarters of 2021 had 188.9 million and 185 million ransomware attacks.
3. Most detected phishing sites in Q3 2022
The last decade had the most phishing sites detected worldwide in the third quarter of 2022, at 1,270,000+ million. This was a 15% increase in just one quarter.
Furthermore, in October 2021, 624 brands worldwide were targeted by phishing attacks, which is a significant increase from the previous years.
Source: Statista #1
4. 35% of DDoS attacks are aimed at the US
The United States is the most affected when it comes to DDoS attacks, at 35%. In second and third place were the United Kingdom and China.
5. 5.2K+ organizations experience data breaches globally
In the period between November 2020 and October 2021, 5,212 small and large organizations worldwide experienced data breaches. The most impacted industries were finance, professional, healthcare, public administration, information and manufacturing.
In addition, smaller companies are usually more affected than larger ones.
6. 23,000+ global cyber security incidents
When looking at cyber security incidents worldwide, there were 23,896 during the same timeframe as the above stat.
When comparing small and large companies, there were 2,065 smaller and 636 larger ones with detected incidents.
At 3,566 and 2,792 incidents, the professional and public administration sectors were the most bombarded.
7. The most popular cybercrime in the US is phishing
In 2021, over 300,000 Americans were part of phishing, vishing or smishing incident. The least common digital crimes are related to tech support and investments.
Source: Statista, FBI
Cybersecurity Market Statistics
8. Cybersecurity market to grow to $266+ billion by 2027
With more digital user and businesses every year come more need for cybersecurity. Because sadly, the impact of cybercrime is also on the rise.
The market share of cybersecurity is expected to jump to $266.2 billion by 2027.
With more money spent on protecting users, the technologies will improve and advance for a safer digital life. (However, hackers and attackers are also getting smarter, finding ways to trick even the most top-notch tech.)
9. The value of cybersecurity in Canada will reach $5.9 billion
The cybersecurity market revenue in Canada in 2022 was around $3.5 billion, split into 1) cyber solutions (almost $1.5 billion) and 2) security services (approx. $2 billion).
It’s expected to hit the $5.9 billion mark in 2027, with cyber solutions generating $3+ billion.
10. Global cyber insurance market to grow to $84+ billion by 2030
The cyber insurance market was valued at $13+ billion ($48 billion just in North America) in 2022 but is expected to jump to $16+ billion in 2023.
However, with the growing need for cyber insurance solutions by businesses worldwide, the market is expected to reach $84+ billion by 2030 (a 26.1% CAGR), with North America dominating the market.
Source: Fortune Business Insights
11. Cybercrime costs are estimated to reach $10.5 trillion by 2025
From $3 trillion in 2015 to $6 trillion in 2021, cybercrime costs are expected to grow continuously, predicted to jump all the way to $10.5 trillion by 2025.
Fun fact: Cybercrime costs WAY more than the cost caused by natural disasters. This shows how serious the cause is.
Source: Cybercrime Magazine, CNBC, Microsoft
12. Microsoft invests $1 billion annually in cybersecurity
According to Microsoft, the company detects 1.5 million attacks every single day. That’s more than half a billion attacks per year!
Thus, the company (continues to) invest $1 billion yearly in cybersecurity, emphasizing cloud computing.
Hey, you may also be interested in our extensive cloud computing statistics.
Source: Reuters, Microsoft
Website Security Statistics
13. 30,000 sites get hacked daily
Every day, 30,000 websites get hacked. Remember, to hackers, it doesn’t matter if it’s a new, small business or corporate website; they’re interested in hacking every size site.
So if you think that because you just launched your website, you’re not a target, unfortunately, yes, you are. Everyone is.
I’m sure you’ll also be interested in these general website statistics (find out how many sites there are!).
14. 1 in every 25 WordPress sites gets hacked
According to Sucur, one in every 25 WordPress websites gets hacked. One of the weakest points of WP is plugins (92.8%), followed by themes (6.6%) and only a fracture of hacks happens through the core (0.6%).
You should also not miss our WordPress hacking statistics to find how vulnerable (or is it really?) this CMS is.
15. 4,800+ websites are affected by formjacking monthly
Close to five thousand websites globally get attacked by formjacking every month. Attackers steal upwards of $2.2 million each month, hurting both businesses and consumers – especially the relationship between the two.
16. 4.1 million websites have malware worldwide
Shockingly, at the time of writing these cybersecurity statistics, there are a whopping 4.1 websites globally that are infected with malware. And a high percentage of website owners aren’t even aware they are being attacked.
17. Almost 50% of small business website owners think hackers aren’t interested in them
If we touch on the first web security stat again, 48% of small business owners are sure hackers won’t attack them because they’re too small. Most of these SMB website owners are certain hackers and attackers are interested in big fish only. Boy, are they wrong!
Mobile Security Statistics
18. The mobile device security market could reach $20+ billion by 2030
The mobile device security market was worth approximately $7.7 billion in 2019, but it’s predicted to grow to $20.4 billion by 2030. This shows how important mobile security is, but the reason for the increase is also the yearly growth of mobile users.
19. 81% of Iranian people attacked by mobile malware
In 2020, more than 80% of Iranian people were attacked by mobile malware, representing the country with the most mobile victims of malware infections. In second place was Yemen, with 19% malware encounters, and third, Sudi Arabia, at 13%.
20. RiskTool has the largest distribution of mobile malware worldwide
21. Trojans are most common among Android users
More than 93% of Android users experienced trojan attacks on their devices in 2019, the most popular mobile cybercrime method. The second was ransomware (2.5%) and the third was password trojans (2%).
22. Cyber attacks on mobile devices are decreasing
Since 2020, there have been fewer and fewer mobile devices affected by cyber attacks. In December 2022, there were “only” 2.2+ million, while in October 2020, there were 6.4+ million.
The technologies are getting better, but mobile device users are also becoming more educated about various methods of vulnerabilities. Smishing or SMS phishing is especially effective due to users’ accidental mistakes and naivety.
Another survey (from 2021) shows that 45% of Android (less concerned) and iOS (more concerned) users would stop using a mobile application if it didn’t meet their privacy expectations. Not just that, but they’ll also tell their friends to stop using it.
Source: Statista #1, Statista #2
Cybersecurity Statistics By Industry
23. Healthcare experienced 66% of ransomware attacks in 2022
There were nearly twice as few ransomware attacks on healthcare organizations in 2021 (34%) than in 2022 (66%). Moreover, healthcare organizations need to pay around $1.85 million on average to sort out and recover from ransomware events.
24. 78% of healthcare organizations have cyber insurance coverage
While the global average cyber insurance coverage is at 83%, only 78% of healthcare organizations have it. Out of those with cyber insurance, in 97% of cases, the organization received some, if not all, the ransomware cost paid.
25. Bankers are most concerned about employee-targeted phishing
At 57%, bankers worry about employee-targeted phishing the most; then comes customer-targeted phishing (51%) and ransomware (48%). Other issues bankers experience are social engineering (40%), data theft (24%), compromised devices and networks (21%), synthetic identity fraud (17%) and endpoint security (10%), to name a few.
26. 22% of education organizations don’t have cyber insurance coverage
Like in the healthcare organizations example, the education sector also has below-average cyber insurance coverage for ransomware. Out of the 78% lower and higher education organization with coverage, many complain about the lack of providers, higher needs for security, policy complexity and high price.
27. State and local government has a high encryption rate
Of all the ransomware attacks on state and local government organizations, 72% of them have encrypted data. Note that the global average is 65% (based on 3,700+ organizations).
Industries with the lowest encryption rates are manufacturing and production (57%) and financial services (54%).
28. Construction and property organizations pay an average of $1.95 million to correct attacks
At $1.95 million cost, construction and property organizations pay the highest to deal with ransomware attacks. Local and state government organizations pay the least ($660K), while the global average is $1.4 million.
We’ve already learned about some interesting malware stats above, but here are some more.
29. Email malware is increasing every year
In four years (from 2018 to 2022), the global email malware attacks went from 33% to a whopping 86%. Interestingly, web attacks decreased significantly, from 67% down to 14%.
30. The professional sector ranked highest in malware attacks
The most affected global industry sector by malware incidents in 2021 was professional, followed by information and manufacturing. The least incidents experienced administrative, accommodation, construction and real estate sectors.
31. 700+ million new malware applications in 2020
The number of new malware applications is increasing yearly (actually, monthly). There were 661 million in January 2020 and 677+ million in March 2020, with an estimate of reaching over 700 million in the year 2020.
32. Backdoor is the most common malware attack
Out of all the global malware attacks between October 2020 and September 2021, Backdoor is the most common type at 37%. Spam and Botnet activity are the least common.
33. The most popular global crypto-mining malware is XMRig
XMRig dominated the crypto-mining malware globally in 2022, with 76% of corporate networks affected. Meaning, three in four corporate users were victims of XMRig. LemonDuck (10%) and Wannamine (8%) were other popular malware in the space.
34. The financial industry is hit by phishing attacks the most
Over 23% of all global phishing attacks were aimed at the financial sector in the first quarter of 2022. The least interesting industry for phishing attacks is logicists/shipping (3.8%)
35. Vietnamese people are the most common victims of phishing attacks
In 2020, Vietnam was the most targeted country by phishing attacks, followed by Macau and Madagascar. The least targeted were Brazil (10.6%), Morocco (10.4%) and Portugal (10.3%).
36. 20 of Australian organizations hit by 10 (or more) phishing attacks
In addition, countries with the most successful phishing attacks (more than ten!) on organizations globally in 2021 were Australia, Germany and the United Kingdom.
Source: Statista #2
37. Delivery services saw most phishing attacks worldwide (27%+)
In 2022, hackers targeted delivery services with phishing attacks the most, more than 27% of all global attacks. The second most targeted were online stores (15%) and third, banks and payment systems (10%).
38. Nr. 1 reason employees click on phishing emails is distraction
Surprisingly, the number-one reason employees click on phishing emails is a distraction at work. But many also said they clicked because the email appeared legitimate or sent by an authority. (If everything looks legit, the email doesn’t.)
Also, when it comes to URLs, nearly half of the phishing sites don’t use brand names in links (so pay close attention to the links in your emails).
39. 71% of organizations hit by ransomware worldwide
Over 70% of businesses and organizations worldwide were abused by ransomware attacks in 2022. This is the highest reported figure to date, and the rate is increasing yearly. There were 55%+ affected in 2018 and 62% in 2020.
40. It takes 49 days longer to detect a ransomware attack than the average
Besides growing in popularity, ransomware attacks also take the longest to detect – IBM reports it takes 49 days longer than the average.
41. Averagely, 66% of organizations globally are targets of a ransomware attack
A survey found that, on average, 66% of organizations are victims of ransomware attacks worldwide. Moreover, Austria had the highest share, with over 80%+ organizations reporting encounters with a ransomware attack in 2021.
42. 26 new ransomware families detected in 2022
While the most significant number of ransomware families was detected in 2017 (since 2015), 327, the number steadily decreases almost every year.
43. The industrial goods and services sector was most affected by ransomware in Q2 2022
Industries offering critical services are usually most affected by ransomware; as it turns out, they are most likely to pay a ransom.
In the second quarter of 2022, the most affected sector was industrial goods and services, with 20.9% reported victims. Other common ransomware targets are:
- Technology (9.8%)
- Construction and materials (9%)
- Travel and leisure (7.1%)
- Healthcare (6.6%)
DDoS Attack Statistics
44. 2.5 Tbps was the largest DDoS attack
Cloudflare reports the largest DDoS attack by the Mirai botnet variant on the Minecraft server – 2.5 Tbps. They added that multi-terabit DDoS attacks aren’t as rare as they were anymore.
45. 110%+ increase in HTTP DDoS attacks
In their DDoS Threat Report, Cloudflare also shared that HTTP DDoS attacks increased by 111%. Moreover, these attacks aimed at Japan increased by 105% quarter-on-quarter.
Furthermore, Ransom DDoS attacks also increased by 67%.
46. The internet industry is the most targeted industry by DDoS attacks
In the third quarter of 2022, DDoS attacks on the internet industry increased by more than 130%. The second most impacted industry was telecommunications (93% increase) and the third was gaming and gambling (17% increase).
Speaking of which, peek at these in-depth internet statistics and find how many users there are.
47. DDoS protection and mitigation market estimated to grow to $4.1 billion in 2023
Statista shows that the DDoS protection and mitigation market will grow from $1.94 billion in 2018 to $4.1 billion in 2023 worldwide.
48. NetFlow-based analyzers as one of the best DDoS detection tools
59% of users reported that NetFlow-based analyzers were the most effective (66% effectiveness) in detecting DDoS attacks in 2020.
Second was Next-generation firewalls (including IDS/IPS); third was Inline DDoS detection/mitigation system; fourth was SIEM platforms; fifth was streaming telemetry/SNMP-based tools.
Data Breach Statistics
49. A healthcare data breach in the US in 2021 affected 3.5+ million persons
In 2021, the largest healthcare data breach in the United States was Accellion FTA Hack, stealing private information of more than 3.5 million people.
50. The global average cost of a data breach is $4.35 million
In 2021, the average cost of a data breach worldwide was $4.24 million. The cost grew to $4.35 a year later.
However, the United States spends the most on data breaches, on average, $9.44 million per breach. The Middle East is in second place with the most expensive average total data breach cost, $7+ million.
But the healthcare sector has the highest average cost at $10+ million. The financial industry is far behind in second place, with a cost of almost $6 million.
51. It took, on average, approx. 9 months to identify a data breach
It takes a very long time to identify a data breach. According to an IBM report from 2022, it takes an average of 277 days to identify and control a data breach. These long times contribute to the high costs of data breaches. But if an organization could shorten it to 200 days, it could save around $1.1 million.
Note that data breaches that take the longest to identify are stolen or compromised credentials – 327 days.
52. AI helps significantly in saving costs in identifying data breaches
Organizations with fully deployed artificial intelligence and automation can identify breaches nearly a month earlier than those without and save over $3 million. Even those with partial AI and automation are far better off than those without.
53. An incident response (IR) plan can save organizations $2.6+ million
Organizations that employ an IR team with regular testing can save a staggering $2.66 million in data breaches compared to those without an IR team. An incident response plan helps detect weaknesses early to avoid inconveniences without spending all these extra millions.
With cyberattacks becoming more sophisticated and frequent, cybersecurity cannot be overstated. The cost of attacks can be devastating in terms of the damage done and money spent to get back on track for businesses and individuals.
The stats and trends shared in this roundup demonstrate the importance and need for strong cybersecurity.
We can ensure a safer digital business and personal future by staying updated and taking proactive steps toward cybercrime.
But don’t forget to learn about password statistics because weak passwords are still too common (find if yours is on the list).
What are your approaches to keeping your data secure? Feel free to share what works for you in the comments section below.
Was this article helpful?