content snare
Login
Start My Trial

Our Blog

Cybersecurity statistics: Key insights to keep you alert

cybersecurity statistics
By Drazen Vujovic. Reviewed by: James Rose. Last Updated December 17, 2024

Too many firms have spent years building customer trust, just to see it all vanish in an instant. A single cyberattack can wipe out sensitive data and lock you out of your own systems, unless you pay a hefty ransom.

It’s a harsh reality of running a company in an online-first environment, and it’s essential to understand the sheer magnitude of this threat. In this blog post, we’ll dive into the numbers that highlight just how urgent cybersecurity has become.

Let’s take a closer look!

General cybersecurity stats

We’ll start with some general cybersecurity stats to introduce you to the current state of this industry. 

1. The global cost of cybercrime topped $9 trillion in 2024 (USAID)

Here’s a good way to describe how mind-bending this figure really is — only two countries in the entire world (USA and China) have bigger national economies.

2. The global average cost of a data breach in 2024 is nearly $4.9 million (IBM)

This is a 10% increase compared to 2023 and also the highest total ever. These figures are based on the IBM and Ponemon Institute survey involving 600+ organizations and 3,500+ cybersecurity and business leaders.

3. Three-quarters of executives believe cyber threats are the biggest security risk for their companies (PwC)

In a nutshell, this reveals the growing recognition among leadership that cybersecurity is not just an IT issue but a critical business risk.

4. Organization leaders are mainly worried about business continuity (67%) and reputational damage (65%) (World Economic Forum)

Based on the World Economic Forum report, most leaders intend to strengthen controls for third parties with access to their data, and re-evaluate the countries with which they do business.

5. Pentera.io reports that 51% of enterprises reported a breach in the last 24 months (Pentera.io)

More notably, only 7% of those breaches did not result in significant damage. All other enterprises reported unexpected downtime, data exposure, and financial loss.

Country-specific cybersecurity statistics 

Now let’s see how some of the largest countries in the world cope with online security threats.

6. Cybercrime is projected to cost US companies more than $452 billion in 2024 (Statista)

To make things worse, this figure is estimated to quadruple by 2028 to a whopping $1,816 billion. 

7. The Australian Signals Directorate received more than 87,000 cybercrime reports in FY 2023-24 (Australian Signals Directorate)

The average self-reported cost of cybercrime for small businesses was $49,600. At the same time, medium and large businesses reported $62,800 and $63,600, respectively.

8. Cybercrime and other acts of sabotage have cost German companies around $298 billion in the past year, up 29% on the year before (Reuters)

The same research shows that 90% of companies expect even more cyberattacks to happen in the next 12 months.

9. 50% of small businesses in the UK report having experienced some form of cyber security breach or attack in the last 12 months (UK Government)

However, the percentages are much higher for medium enterprises (70%) and large businesses (74%).

10. About 1 in 6 (16%) Canadian businesses were impacted by a cybersecurity incident in 2023 (Statistics Canada)

It looks like Canada is the only country with the declining trend in this area as nearly 20% of companies reported cyber incidents in 2019 and 2021. 

Common types of cyber attacks

There are many types of cyber attacks and malicious actors, but some of them are hit harder and more often than others. In this section, we’ll show you the most common types of security threats. 

11. More than 6 billion computer viruses and malware attacks were detected in 2023 (Sonic Wall)

This stat is absurd even if we translate it to the number of attacks per second: 191.

cybersecurity industry stats

12. Trojan horses account for almost 60% of all malware attacks (DataProt)

These are malicious programs that appear harmless or useful while secretly compromising systems. Trojan horses are so efficient because most people trust what they see and fail to double-check downloads.

13. Phishing is one of the most common forms of cybercrime, with an estimated 3.4 billion spam emails sent every day (AAG)

These scams rely on tricking people into clicking links or sharing sensitive info.

14. The average ransomware payout has skyrocketed from $812 thousand in 2022 to $1.5 million in 2023 (Sophos)

This sharp increase shows how ransomware attacks are becoming more lucrative for cybercriminals, probably due to the growing sophistication of attacks and the high value of sensitive data.

15. An average of around 24,000 malicious mobile apps are blocked daily on the Internet (Tech Jury)

This reinforces the importance of using security tools, keeping devices updated, and avoiding apps from unverified sources.

Digital security stats by industry

Some industries are particularly vulnerable because they manage sensitive financial data and personal records. Here are some of the most significant stats by industry.

16. A ransomware attack on Change Healthcare resulted in the theft of the protected health information of 100 million individuals (The HIPAA Journal)

Though gigantic, this attack is far from being the only one in the healthcare sector. For instance, a similar incident occurred at Anthem Inc. in 2015, exposing the records of nearly 79 million people.

17. Accounting firms have seen a 300% increase in cyberattacks in the last 5 years (Accounting Today)

Accounting practices have access to sensitive client information, which makes these firms increasingly attractive targets for malicious actors. 

18. Online commerce sites face 22 cyber attacks per day on average (WiFi Talents)

At the same time, reports reveal that eCommerce fraud cost businesses $130 billion by the end of 2023.

19. Financial services recognize the importance of cybersecurity, but 31% of them don’t think they have the necessary capabilities in this field (McKinsey) 

McKinsey adds that financial service companies mainly struggle with third-party and supply chain management. That’s because banks and similar companies are dependent on third-party providers in areas such as IT and data protection.

20. The energy and utility sectors cope with 1100 cyber attacks every week (IEA)

The numbers keep growing. For instance, organizations in this same sector used to face ‘only’ some 500 cyber threats in 2020. 

SME cyber threats

Small and medium-sized enterprises are common targets among cyber criminals, mostly because they lack resources and infrastructure to protect themselves. The following stats reveal the current state of cybersecurity among SMEs. 

21. Nearly 80% of companies are at least reasonably or very preoccupied with data security (Devolutions)

In other words, data security is a priority for most companies, which reflects the increasing awareness of the risks posed by data breaches.

22. More than 40% of all cyberattacks in 2023 were directed at smaller businesses (Mastercard)

What’s worse, the cost of a security incident went well over $1 million in some cases — a hit most small firms couldn’t survive. 

23. Almost 50% of all cyber breaches impact businesses with fewer than 1,000 employees (Strong DM)

This stat highlights a growing misconception that SMEs are less likely to be targeted by cyber criminals. In reality, they are often seen as easier targets due to limited resources and weaker security measures.

24. 54% of businesses admit that their IT departments lack the experience to manage complex cyberattacks (Astra)

Many firms are facing a shortage of skilled professionals who can effectively handle attacks, making it even more important to invest in upskilling or even outsourcing expertise to make sure strong defense systems are in place.

25. Half of small businesses take at least 24 hours to recover after a cyber attack (Business Dasher)

Delays in recovery usually lead to lost revenue, damaged customer trust, and operational downtime. That’s why every company should prepare an incident response plan to reduce recovery time.

Remote work security

Work habits have changed big time in the last decade as we keep seeing more employees working remotely. However, this poses additional threats that no organization can afford to neglect. 

26. Official projections say that over 32 million Americans will be working remotely by 2025 (B2B Reviews)

The situation is similar in many developed countries all over the globe. For instance, news reports suggest that nearly 40% of Australians work from home at least once a week. 

27. Three-quarters of IT professionals say their organizations are more vulnerable to cyber threats now that they have switched to remote work (PureDome)

This figure reflects the new challenges that remote work has introduced. We are mainly referring to issues such as unsecured home networks and increased use of personal devices. 

28. More than 90% of remote employees report using their personal tablets or smartphones for business-related tasks (Lookout)

In addition, 46% of them have saved a work file onto personal devices.

29. Remote workers are reportedly 3 times more likely to encounter phishing attacks (WiFi Talents)

Employees are obviously more exposed to phishing attempts without the safeguards of a corporate network. 

30. 46% of businesses claim they had at least one cybersecurity incident within the first two months of shifting to remote work (Legal Management)

The risks of transitioning to remote work without adequate preparation are too high — many businesses rushed the shift, leaving gaps in their cybersecurity defenses. 

Cybersecurity job market

Given the circumstances, it’s easy to conclude that the cybersecurity job market must be truly dynamic. Here are just a few figures to confirm this conclusion. 

31. According to rough estimations, there are more than 5.4 million cybersecurity professionals in the world (Statista)

The industry is growing rapidly to combat evolving cyber threats. However, despite this seemingly large number, the demand for skilled experts still outpaces supply — as you’ll see below.

32. Cybercrime Magazine reports that there are over 3.5 million vacant positions in the digital security sector (Cybercrime Magazine)

Almost a quarter of these (750,000) are in the US, but the trend is truly global.

33. The Bureau of Labor Statistics says that the average information security analyst in the US makes slightly over $120,000 a year (US Bureau of Labor Statistics) 

Information security analysts who work by the hour charge some $58 on average. At the same time, the BLS expects a 33% growth rate by 2033 for this occupation. This is much higher than the average for all professions (4%).

34. Reports show that every region grows when it comes to cyber workforce size (Station X)

The Middle East, Africa and Asia-Pacific regions witnessed the biggest growth rates. In these regions, the cybersecurity workforce increased by almost 12% year-on-year.

35. Nearly 60% of organizations believe a shortage of security skills puts them at significant risk (ISC2)

The ISC2 report noted that over one-third of respondents cited AI as the biggest skills shortfall on their teams. According to IT professionals, AI and automation will have the most significant impact on their ability to secure their organizations.

Final thoughts: Caution is the name of the game

The bottom line is that cybercriminals don’t discriminate — they target vulnerabilities regardless of business size or industry. The risk is too high to stay passive, and it’s essential to invest in strong security mechanisms to keep malicious actors at bay. Remember that being proactive is the only way to protect your data and preserve your business reputation.

Explore

Drazen Vujovic

Dražen Vujović is a journalist and content writer. More importantly, he is a father of two and a long-distance runner.

lockcrossmenuchevron-uparrow-right