Cybersecurity Statistics (How Many Cyber Attacks Are There?)



These comprehensive cybersecurity statistics will give you a better understanding of the growing concern for businesses and individuals.

Every year, more and more of our lives, even private and sensitive stuff, occur online. And even though cybersecurity technology is improving, organizations and people take it too lightly.

Why? Because hackers are getting better and better at hacking stuff. (You’ll rethink your security after checking these hacking statistics.)

That’s when these stats about cybersecurity and cybercrime come into place – informing you about the issue.

We will look at the popularity of malware, phishing, DDoS attacks and (immense) data breaches you must be familiar with.

Also, cybersecurity’s market share, how good different countries are at it, and other trends, so you’ll better understand what they mean for businesses and individuals looking to protect themselves online.

This post covers:

Cybersecurity Statistics (Our Top Picks)

  • There were 5.5 billion malware attacks in 2022
  • 5.2K+ organizations experience data breaches globally
  • The most popular cybercrime in the US is phishing
  • Cybersecurity market to grow to $266+ billion by 2027
  • Microsoft invests $1 billion annually in cybersecurity
  • 30,000 sites get hacked daily
  • 4.1 million websites have malware worldwide
  • Nr. 1 reason employees click on phishing emails is distraction
  • The global average cost of a data breach is $4.35 million

How Many Cyber Attacks Are There?

1. There were 5.5 billion malware attacks in 2022

In 2022, there were 5.5 billion malware attacks globally, which is only 2% more than the previous year. However, the most malware attacks reported were in 2018, a whopping 10.5 billion.

As you can see from the table below, the number of attacks is much lower than it was a few years ago. It’s likely because technology and cybersecurity are getting more sophisticated.

YearNumber of malware attacks20225.5 billion20215.4 billion20205.6 billion20199.9 billion201810.5 billion
Number of malware attacks over the years

When looking at mobile, there were 438,035 malware installation packages, an 8% increase from 2022. But one of the largest mobile malware installations was detected in the second quarter of 2016 – 3,626,000+.

Source: Statista #1, Statista #2

2. Global ransomware attacks are slightly increasing

Statista reported that in the last quarter of 2020, there were reported nearly 155 million ransomware attacks around the world. However, this isn’t the most significant detected number in the previous two years. The second and third quarters of 2021 had 188.9 million and 185 million ransomware attacks.

Source: Statista

3. Most detected phishing sites in Q3 2022

The last decade had the most phishing sites detected worldwide in the third quarter of 2022, at 1,270,000+ million. This was a 15% increase in just one quarter.

YearNumber of phishing sites in Q320221,270,8832021730,3722020571,7642019266,3872018151,014
Number of phishing sites by year

Furthermore, in October 2021, 624 brands worldwide were targeted by phishing attacks, which is a significant increase from the previous years.

Source: Statista #1

4. 35% of DDoS attacks are aimed at the US

The United States is the most affected when it comes to DDoS attacks, at 35%. In second and third place were the United Kingdom and China.

Source: Statista

5. 5.2K+ organizations experience data breaches globally

In the period between November 2020 and October 2021, 5,212 small and large organizations worldwide experienced data breaches. The most impacted industries were finance, professional, healthcare, public administration, information and manufacturing.

In addition, smaller companies are usually more affected than larger ones.

IndustryNumber of data breachesFinance690Professional681Healthcare571Public administration537Information378
Number of data breaches by industry

Source: Statista

6. 23,000+ global cyber security incidents

When looking at cyber security incidents worldwide, there were 23,896 during the same timeframe as the above stat.

When comparing small and large companies, there were 2,065 smaller and 636 larger ones with detected incidents.

At 3,566 and 2,792 incidents, the professional and public administration sectors were the most bombarded.

Source: Statista

In 2021, over 300,000 Americans were part of phishing, vishing or smishing incident. The least common digital crimes are related to tech support and investments.

Type of cybercrimeNumber of victimsPhishing/vishing/smishing323,972Non-payment/non-delivery82,478Personal data breach51,829Identity theft51,629Extorion39,360
Number of victims by cybercrime type in the US

Source: Statista, FBI

Cybersecurity Market Statistics

8. Cybersecurity market to grow to $266+ billion by 2027

With more digital user and businesses every year come more need for cybersecurity. Because sadly, the impact of cybercrime is also on the rise.

The market share of cybersecurity is expected to jump to $266.2 billion by 2027.

With more money spent on protecting users, the technologies will improve and advance for a safer digital life. (However, hackers and attackers are also getting smarter, finding ways to trick even the most top-notch tech.)

Source: Statista

9. The value of cybersecurity in Canada will reach $5.9 billion

The cybersecurity market revenue in Canada in 2022 was around $3.5 billion, split into 1) cyber solutions (almost $1.5 billion) and 2) security services (approx. $2 billion).

It’s expected to hit the $5.9 billion mark in 2027, with cyber solutions generating $3+ billion.

Source: Statista

10. Global cyber insurance market to grow to $84+ billion by 2030

The cyber insurance market was valued at $13+ billion ($48 billion just in North America) in 2022 but is expected to jump to $16+ billion in 2023.

However, with the growing need for cyber insurance solutions by businesses worldwide, the market is expected to reach $84+ billion by 2030 (a 26.1% CAGR), with North America dominating the market.

Source: Fortune Business Insights

11. Cybercrime costs are estimated to reach $10.5 trillion by 2025

From $3 trillion in 2015 to $6 trillion in 2021, cybercrime costs are expected to grow continuously, predicted to jump all the way to $10.5 trillion by 2025.

Fun fact: Cybercrime costs WAY more than the cost caused by natural disasters. This shows how serious the cause is.

Source: Cybercrime Magazine, CNBC, Microsoft

12. Microsoft invests $1 billion annually in cybersecurity

According to Microsoft, the company detects 1.5 million attacks every single day. That’s more than half a billion attacks per year!

Thus, the company (continues to) invest $1 billion yearly in cybersecurity, emphasizing cloud computing.

Hey, you may also be interested in our extensive cloud computing statistics.

Source: Reuters, Microsoft

Website Security Statistics

13. 30,000 sites get hacked daily

Every day, 30,000 websites get hacked. Remember, to hackers, it doesn’t matter if it’s a new, small business or corporate website; they’re interested in hacking every size site.

So if you think that because you just launched your website, you’re not a target, unfortunately, yes, you are. Everyone is.

I’m sure you’ll also be interested in these general website statistics (find out how many sites there are!).

Source: Forbes

14. 1 in every 25 WordPress sites gets hacked

According to Sucur, one in every 25 WordPress websites gets hacked. One of the weakest points of WP is plugins (92.8%), followed by themes (6.6%) and only a fracture of hacks happens through the core (0.6%).

You should also not miss our WordPress hacking statistics to find how vulnerable (or is it really?) this CMS is.

Source: Sucuri

15. 4,800+ websites are affected by formjacking monthly

Close to five thousand websites globally get attacked by formjacking every month. Attackers steal upwards of $2.2 million each month, hurting both businesses and consumers – especially the relationship between the two.

Source: Acalvio

16. 4.1 million websites have malware worldwide

Shockingly, at the time of writing these cybersecurity statistics, there are a whopping 4.1 websites globally that are infected with malware. And a high percentage of website owners aren’t even aware they are being attacked.

Source: Sectigo

17. Almost 50% of small business website owners think hackers aren’t interested in them

If we touch on the first web security stat again, 48% of small business owners are sure hackers won’t attack them because they’re too small. Most of these SMB website owners are certain hackers and attackers are interested in big fish only. Boy, are they wrong!

Source: Sectigo

Mobile Security Statistics

18. The mobile device security market could reach $20+ billion by 2030

The mobile device security market was worth approximately $7.7 billion in 2019, but it’s predicted to grow to $20.4 billion by 2030. This shows how important mobile security is, but the reason for the increase is also the yearly growth of mobile users.

Source: Statista

19. 81% of Iranian people attacked by mobile malware

In 2020, more than 80% of Iranian people were attacked by mobile malware, representing the country with the most mobile victims of malware infections. In second place was Yemen, with 19% malware encounters, and third, Sudi Arabia, at 13%.

Source: Statista

20. RiskTool has the largest distribution of mobile malware worldwide

Malware typePercentage of worldwide distributionRiskTool27.39%AdWare24.05%Trojan15.56%Trojan-Banker11.82%Trojan-Dropper10.08%
Global malware type distribution

Source: Statista

21. Trojans are most common among Android users

More than 93% of Android users experienced trojan attacks on their devices in 2019, the most popular mobile cybercrime method. The second was ransomware (2.5%) and the third was password trojans (2%).

Source: Statista

22. Cyber attacks on mobile devices are decreasing

Since 2020, there have been fewer and fewer mobile devices affected by cyber attacks. In December 2022, there were “only” 2.2+ million, while in October 2020, there were 6.4+ million.

The technologies are getting better, but mobile device users are also becoming more educated about various methods of vulnerabilities. Smishing or SMS phishing is especially effective due to users’ accidental mistakes and naivety.

Another survey (from 2021) shows that 45% of Android (less concerned) and iOS (more concerned) users would stop using a mobile application if it didn’t meet their privacy expectations. Not just that, but they’ll also tell their friends to stop using it.

Source: Statista #1, Statista #2

Cybersecurity Statistics By Industry

23. Healthcare experienced 66% of ransomware attacks in 2022

There were nearly twice as few ransomware attacks on healthcare organizations in 2021 (34%) than in 2022 (66%). Moreover, healthcare organizations need to pay around $1.85 million on average to sort out and recover from ransomware events.

Source: Sophos

24. 78% of healthcare organizations have cyber insurance coverage

While the global average cyber insurance coverage is at 83%, only 78% of healthcare organizations have it. Out of those with cyber insurance, in 97% of cases, the organization received some, if not all, the ransomware cost paid.

Source: Sophos

25. Bankers are most concerned about employee-targeted phishing

At 57%, bankers worry about employee-targeted phishing the most; then comes customer-targeted phishing (51%) and ransomware (48%). Other issues bankers experience are social engineering (40%), data theft (24%), compromised devices and networks (21%), synthetic identity fraud (17%) and endpoint security (10%), to name a few.

Source: CSI

26. 22% of education organizations don’t have cyber insurance coverage

Like in the healthcare organizations example, the education sector also has below-average cyber insurance coverage for ransomware. Out of the 78% lower and higher education organization with coverage, many complain about the lack of providers, higher needs for security, policy complexity and high price.

Source: Sophos

27. State and local government has a high encryption rate

Of all the ransomware attacks on state and local government organizations, 72% of them have encrypted data. Note that the global average is 65% (based on 3,700+ organizations).

IndustryEncryption rate (ransomware attacks)Higher education74%Construction and property73%Local and state government72%Lower education72%Energy, oil, gas and utilities70%
Encryption rate by industry

Industries with the lowest encryption rates are manufacturing and production (57%) and financial services (54%).

Source: Sophos

28. Construction and property organizations pay an average of $1.95 million to correct attacks

At $1.95 million cost, construction and property organizations pay the highest to deal with ransomware attacks. Local and state government organizations pay the least ($660K), while the global average is $1.4 million.

Source: Sophos

Malware Statistics

We’ve already learned about some interesting malware stats above, but here are some more.

29. Email malware is increasing every year

In four years (from 2018 to 2022), the global email malware attacks went from 33% to a whopping 86%. Interestingly, web attacks decreased significantly, from 67% down to 14%.

Source: Statista

30. The professional sector ranked highest in malware attacks

The most affected global industry sector by malware incidents in 2021 was professional, followed by information and manufacturing. The least incidents experienced administrative, accommodation, construction and real estate sectors.

Industry sectorNumber of incidentsProfessional1,234Information775Manufacturing621Finance509Publick administration505
Number of malware incidents by industry sector

Source: Statista

31. 700+ million new malware applications in 2020

The number of new malware applications is increasing yearly (actually, monthly). There were 661 million in January 2020 and 677+ million in March 2020, with an estimate of reaching over 700 million in the year 2020.

Source: Statista

32. Backdoor is the most common malware attack

Out of all the global malware attacks between October 2020 and September 2021, Backdoor is the most common type at 37%. Spam and Botnet activity are the least common.

Malware typePercentage of encountersBackdoor37%Downloader17%Worm16%C29%Spyware/Kaylogger6%
Percentage of malware attacks by type

Source: Statista

XMRig dominated the crypto-mining malware globally in 2022, with 76% of corporate networks affected. Meaning, three in four corporate users were victims of XMRig. LemonDuck (10%) and Wannamine (8%) were other popular malware in the space.

Source: Statista

Phishing Statistics

34. The financial industry is hit by phishing attacks the most

Over 23% of all global phishing attacks were aimed at the financial sector in the first quarter of 2022. The least interesting industry for phishing attacks is logicists/shipping (3.8%)

IndustryPercentage of phishing attacksFinancial23.6%SaaS/Webmail20.5%eCommerce/retail14.6%Social media12.5%Cryptocurrency6.6%
Percentage of phishing attacks by industry

Source: Statista

35. Vietnamese people are the most common victims of phishing attacks

In 2020, Vietnam was the most targeted country by phishing attacks, followed by Macau and Madagascar. The least targeted were Brazil (10.6%), Morocco (10.4%) and Portugal (10.3%).

CountryShare of attacked usersVietnam17%Macau13.9%Madagascar12%Algeria11%Ecuador11%
Share of attacked users by country

Source: Statista

36. 20 of Australian organizations hit by 10 (or more) phishing attacks

In addition, countries with the most successful phishing attacks (more than ten!) on organizations globally in 2021 were Australia, Germany and the United Kingdom.

Country% of organization hit by 10+ phishing attacksAustralia20Germany15UK13US9France, Spain8
% of organizations hit by 10+ phishing attacks by country

Source: Statista #2

37. Delivery services saw most phishing attacks worldwide (27%+)

In 2022, hackers targeted delivery services with phishing attacks the most, more than 27% of all global attacks. The second most targeted were online stores (15%) and third, banks and payment systems (10%).

Source: Statista

38. Nr. 1 reason employees click on phishing emails is distraction

Surprisingly, the number-one reason employees click on phishing emails is a distraction at work. But many also said they clicked because the email appeared legitimate or sent by an authority. (If everything looks legit, the email doesn’t.)

Also, when it comes to URLs, nearly half of the phishing sites don’t use brand names in links (so pay close attention to the links in your emails).

Source: Statista

Ransomware Statistics

39. 71% of organizations hit by ransomware worldwide

Over 70% of businesses and organizations worldwide were abused by ransomware attacks in 2022. This is the highest reported figure to date, and the rate is increasing yearly. There were 55%+ affected in 2018 and 62% in 2020.

Source: Statista

40. It takes 49 days longer to detect a ransomware attack than the average

Besides growing in popularity, ransomware attacks also take the longest to detect – IBM reports it takes 49 days longer than the average.

Source: IBM

41. Averagely, 66% of organizations globally are targets of a ransomware attack

A survey found that, on average, 66% of organizations are victims of ransomware attacks worldwide. Moreover, Austria had the highest share, with over 80%+ organizations reporting encounters with a ransomware attack in 2021.

Source: Statista

42. 26 new ransomware families detected in 2022

While the most significant number of ransomware families was detected in 2017 (since 2015), 327, the number steadily decreases almost every year.

YearNr. of new ransomware families20222620217820201272019952018222
Nr. of new ransomware families by the year

Source: Statista

43. The industrial goods and services sector was most affected by ransomware in Q2 2022

Industries offering critical services are usually most affected by ransomware; as it turns out, they are most likely to pay a ransom.

In the second quarter of 2022, the most affected sector was industrial goods and services, with 20.9% reported victims. Other common ransomware targets are:

  • Technology (9.8%)
  • Construction and materials (9%)
  • Travel and leisure (7.1%)
  • Healthcare (6.6%)

Source: Reliaquest

DDoS Attack Statistics

44. 2.5 Tbps was the largest DDoS attack

Cloudflare reports the largest DDoS attack by the Mirai botnet variant on the Minecraft server – 2.5 Tbps. They added that multi-terabit DDoS attacks aren’t as rare as they were anymore.

Source: Cloudflare

45. 110%+ increase in HTTP DDoS attacks

In their DDoS Threat Report, Cloudflare also shared that HTTP DDoS attacks increased by 111%. Moreover, these attacks aimed at Japan increased by 105% quarter-on-quarter.

Furthermore, Ransom DDoS attacks also increased by 67%.

Source: Cloudflare

46. The internet industry is the most targeted industry by DDoS attacks

In the third quarter of 2022, DDoS attacks on the internet industry increased by more than 130%. The second most impacted industry was telecommunications (93% increase) and the third was gaming and gambling (17% increase).

Speaking of which, peek at these in-depth internet statistics and find how many users there are.

Source: Cloudflare

47. DDoS protection and mitigation market estimated to grow to $4.1 billion in 2023

Statista shows that the DDoS protection and mitigation market will grow from $1.94 billion in 2018 to $4.1 billion in 2023 worldwide.

Source: Statista

48. NetFlow-based analyzers as one of the best DDoS detection tools

59% of users reported that NetFlow-based analyzers were the most effective (66% effectiveness) in detecting DDoS attacks in 2020.

Second was Next-generation firewalls (including IDS/IPS); third was Inline DDoS detection/mitigation system; fourth was SIEM platforms; fifth was streaming telemetry/SNMP-based tools.

Source: Statista

Data Breach Statistics

49. A healthcare data breach in the US in 2021 affected 3.5+ million persons

In 2021, the largest healthcare data breach in the United States was Accellion FTA Hack, stealing private information of more than 3.5 million people.

OrganizationNr. of affected individualsAccellion FTA Hack3,510,000Florida Healthy Kids Corporation3,500,00020/20 Eye Care Network3,253,000+NEC Networks2,420,000Forefront Dermatology2,413,000+
Top healthcare data breaches in the US (2021)

Source: Statista

50. The global average cost of a data breach is $4.35 million

In 2021, the average cost of a data breach worldwide was $4.24 million. The cost grew to $4.35 a year later.

However, the United States spends the most on data breaches, on average, $9.44 million per breach. The Middle East is in second place with the most expensive average total data breach cost, $7+ million.

But the healthcare sector has the highest average cost at $10+ million. The financial industry is far behind in second place, with a cost of almost $6 million.

Source: Statista

51. It took, on average, approx. 9 months to identify a data breach

It takes a very long time to identify a data breach. According to an IBM report from 2022, it takes an average of 277 days to identify and control a data breach. These long times contribute to the high costs of data breaches. But if an organization could shorten it to 200 days, it could save around $1.1 million.

Note that data breaches that take the longest to identify are stolen or compromised credentials – 327 days.

Source: IBM

52. AI helps significantly in saving costs in identifying data breaches

Organizations with fully deployed artificial intelligence and automation can identify breaches nearly a month earlier than those without and save over $3 million. Even those with partial AI and automation are far better off than those without.

Source: IBM

53. An incident response (IR) plan can save organizations $2.6+ million

Organizations that employ an IR team with regular testing can save a staggering $2.66 million in data breaches compared to those without an IR team. An incident response plan helps detect weaknesses early to avoid inconveniences without spending all these extra millions.

Source: IBM


With cyberattacks becoming more sophisticated and frequent, cybersecurity cannot be overstated. The cost of attacks can be devastating in terms of the damage done and money spent to get back on track for businesses and individuals.

The stats and trends shared in this roundup demonstrate the importance and need for strong cybersecurity.

We can ensure a safer digital business and personal future by staying updated and taking proactive steps toward cybercrime.

But don’t forget to learn about password statistics because weak passwords are still too common (find if yours is on the list).

What are your approaches to keeping your data secure? Feel free to share what works for you in the comments section below.

Was this article helpful?



Source link

You might also like