The world is increasingly more connected, causing many good and bad things. These interesting cybersecurity statistics & facts tell how we should all care about staying safe online.
2022 Cybersecurity Statistics & Facts
- Human error causes 95% of cybersecurity breaches. (WEF)
- Security attacks grew by 31% from 2020 to 2021. (Accenture)
- Approximately 26% of all web traffic is bad bot traffic. (Imperva)
- Over 18 million websites are infected with malware every week. (Purplesec)
- Since 2001, the online victim count has increased 17 times, from six victims every hour to 97. (Surfshark)
- Every second, 95 user logins are stolen. (Thycotic)
- 21% of all files are completely unprotected. (Varonis)
- 70% of breaches in 2021 were financially motivated. (Verizon)
- The average time it took to identify a breach in 2021 was 212 days. (IBM)
- “123456” is still the most common password around the world, along with passwords like “password” and “qwerty”. (CNN)
- Cybercrime rates tend to go in tandem with major global events; the year after the Great Recession, financial losses to cybercrime increased by 115%, and the first year of the COVID-19 pandemic saw the victim count growing by 69%. (Surfshark)
- In the first month of the COVID-19 pandemic, Google blocked an astounding 18 million daily malware and phishing emails related to the coronavirus. (Google)
- Remote workers caused a security breach in 20% of companies during the pandemic. (Malwarebytes)
- Only 5% of companies’ folders are adequately protected. (Varonis)
- 42% of companies feel ‘cyber fatigue’ against defending against constant cyberattacks. (Cisco)
- 15% of organisations have over 1 million files accessible to all employees. (Varonis)
- 31% of consumers think their experience with organisations improved after the introduction of GDPR. (Marketing Week)
- 90% of the world’s predicted population of 7.5 billion is expected to be online by 2030, with an estimated 24.1 billion to 125 billion Internet of Things devices connected. (ITU)
Cybersecurity Threats: Malware, Phishing, DDoS
- In 2021, approximately 40% of breaches featured phishing, 11% malware and 22% hacking. (Verizon)
- 43% of all data breaches are insider threats, intentional or unintentional. (Check Point)
- A quarter of ransomware attacks target the manufacturing industry, 17% professional services, and 13% government organisations. (Security Intelligence)
- During the pandemic, confirmed data breaches in the healthcare industry grew by 58%. (Verizon)
- On average, companies dealt with 22 security breaches in 2020. (Tech Jury)
- In February 2022, experts recognised 8.77 million new malware, slightly less than in January. (AV-Test)
- Identity theft increased by 42% in 2020 compared to 2019. (Insurance Information Institute)
- 94% of malware comes through email. (Verizon)
- 48% of malicious email attachments are Microsoft Office files. (Symantec)
- Small companies (one to 250 employees) have the highest targeted malicious email rate at one in 323. (Symantec)
- The global average email breach density is 16.5 leaked emails per 100 Internet users. (Surfshark)
- In 6% of all analysed countries, email breach rates are higher than 50%. (Surfshark)
- Over 80% of reported security incidents are phishing attacks. (CSO Online)
- 57% of companies see weekly or daily phishing attempts. (GreatHorn)
- 65% of cybercriminals use spear-phishing as the primary infection vector. (Symantec)
- 90% of remote code execution attacks link to crypto mining. (Purplesec)
- A company falls victim to a ransomware attack every 11 seconds. (Cybersecurity Ventures)
- In 2019, 93.6% of malware was polymorphic, which means it can constantly change code to evade detection (Webroot Threat Report)
- Three out of four organisations have been victims of a ransomware attack, up by 61% in two years. (Mimecast)
- The first reported death due to a ransomware-led IT failure occurred in Germany in 2020. (Enterprise Apps Today)
- 32% of companies experience wrong users having privileged access, and 25% have problems with unauthorised users. (Purplesec)
- DDoS attacks are 39% more relevant in 2021 than in 2020. (Enterprise Apps Today)
- The app stores block over 24,000 malicious mobile apps daily. (Symantec)
- Over 300,000 Android users have downloaded banking trojan apps from Google Play Store. (Threat Fabric)
Global Cybersecurity Statistics
- In an ITU study, 133 countries have protection and privacy laws, 15 are currently drafting legislation, and 46 have no regulation. (ITU)
- Countries without data legislation are mainly in the Asia Pacific (18 countries), The Americas (11 countries) and Africa (11 countries). (ITU)
- 30% of data breaches in the US involve internal actors, compared to 17% in the Asia Pacific region and 13% in Europe, the Middle East and Africa. (Verizon)
- North America has the highest email breach rates, with 1 in 2 users. (Surfshark)
- The likelihood that a cybercrime entity is detected and prosecuted in the US is only 0.05%. (WEF)
- 64% of Americans have never checked if they’ve been affected by a data breach. (Varonis)
- Just 1 in 5 Americans updates their passwords after data breaches are exposed. (Varonis)
- Only 10% of cybercrimes in the US are reported. (CPO Magazine)
- 58% of nation-state cyberattacks originate from Russia. (Microsoft)
- The UK topped the cybercrime density list for email breaches in 2021, with a 40% increase to 2020. (Surfshark)
- In 2022, 39% of UK businesses identified a cyber attack. (UK Government)
- 83% of UK businesses said phishing attempts were the most common threat vector. (UK Government)
- 56% of UK businesses said they have a policy not to pay ransoms. (UK Government)
- Six Chinese companies own 30% of the world’s VPNs. (VPNpro)
- Africa has the lowest breached email rates, with just four breached accounts per 100 internet users. (Surfshark)
- The Asia Pacific region experiences a 168% rise in cyberattacks from May 2020 to May 2021. (The Check Point Research)
- The most significant increases in cyberattacks in the APAC region were in Japan 40%, Singapore (30%), Indonesia (25%) and Malaysia (22%). (The Check Point Research)
- While 83% of organisations in the Asia Pacific had a ransomware breach in the past five years, only 32% publicly disclosed its occurrence. (ExtraHop)
- 39% of IT decision-makers in the Asia Pacific have confidence in their organisation’s ability to mitigate or prevent cyberattacks. (ExtraHop)
- 20% of organisations in the Asia Pacific admitted they wouldn’t share if they were breached. (ExtraHop)
- 26% of teams in the Asia Pacific say they could enact mitigations in under a day, 39% within three days, 21% within a week and 8% within a month. (ExtraHop)
- Out of 54 African countries assessed, only 29 had cybersecurity legislation in 2021. (World Economic Forum)
- 52% of African companies feel unprepared to handle large-scale cyberattacks. (WEF)
- Over 90% of African businesses operate without the necessary cybersecurity protocols. (Interpol)
- More than 61% of African companies had a ransomware incident in 2020. (Lumu)
- Africa loses $4 billion annually to cybercrime. (Techcabal)
- 58% of Middle Eastern organisations expect to increase cyber spending in 2022. (PwC)
- In 2021, cyberattacks increased by 71% in the UAE, compared to 50% globally. (MEI)
- 84% of UAE companies paid a ransom for ransomware attacks, and out of the companies that paid, 90% had a second ransomware attack, and 59% found the data corrupted. (Cybereason)
The Cost of Cybersecurity
- Information loss is the most expensive component of a cyberattack, costing an average of $5.9 million. (Accenture)
- Financial breaches account for 10% of all attacks. (Verizon)
- Phishing victims lose the least amount of money on average, with $136 per victim, while victims of investment fraud lose the most at $70,811 on average. (Surfshark)
- The US witnesses the most expensive data breaches in the world, with an average of $4.24 million per attack. (IBM)
- Security breaches in the US cost an average of $9.05 million, while in the Middle East, they are $6.93 million, the second highest. (IBM)
- Total damages from cybercrime have a bigger economic impact than the GDP of all but two countries: the US and China. (Cybersecurity Ventures)
- Companies lose an average of $188,400 annually to cybercrime. (Insurance Information Institute)
- Small businesses spend less than $500 on cybersecurity. (Juniper Research)
- The average ransomware payment was $570,000 in 2021, increasing by 518% from the previous year. (GRC World Forums)
- In 2021, GDPR fines totalled $1.2 billion in 2021. (CNBC)
- 88% spent over $1 million preparing for the GDPR. (IT Governance)
- The healthcare industry lost around $21 billion to ransomware attacks in 2020. (Comparitech)
- The cyber insurance market is predicted to be worth $20 billion by 2025. (Allianz Global Corporate & Specialty)
- A basic malware toolkit can cost as little as $1 to acquire. (Fortune)
- Hackers are sometimes paid up to $500,000 by companies to test their cybersecurity systems. (CNBC)
- The average data miner earns less than $6 daily, but hackers can make over $166,000 on a single hack. (Crowdstrike)
Cybersecurity Professionals
- Over 77% of companies don’t currently have an incident response plan. (Cybint)
- 45% of SMEs say their processes are ineffective at mitigating attacks. (Ponemon Institute)
- 92% of an organisation’s IT environment is somewhat in the cloud. (Purplesec)
- 54% of companies say their IT departments aren’t adequate to deal with advanced cyberattacks. (Sophos)
- 69% of organisations think their antivirus software is useless against current cyber threats. (Ponemon Institute)
- Six in 10 security operations professionals believe only half of their cybersecurity applicants are qualified. (Cyberbit)
- The demand for data protection officers has increased by more than 700% because of GDPR since 2016. (Cybercrime Magazine)
- 2% of cybersecurity specialists are men, and 16.8% are female. (Zippia)
- 28% of enterprises think security is the most important feature when picking a cloud vendor. (Purplesec)
- 44% of surveyed executives say their growing use of partners and suppliers exposes them to more security risks, with 30% admitting their budgets aren’t sufficient to mitigate risks. (ThoughtLab)
- Security as a Service will represent more than 50% of the security software delivery. (Gartner)
- Cybersecurity job postings have increased by 74% over the past five years. (Cybint)
- Globally, there will be an estimated 3.5 million unfilled cybersecurity positions by 2025. (Cybersecurity Ventures)