Better safe than sorry: Cyber security statistics and trends for 2020

Cyber security stastiscs

Cybersecurity is pretty much a “must have” for internet users today. Think of it as an alarm or automatic lock system for your house. Just as you wouldn’t leave your front door open for thieves, you also don’t want to leave your computer open for hackers. Especially if you’re running a business, as you definitely don’t want any of your private data ending up on the dark web.

So you’ll need to invest in firewalls, install antivirus software, or even get cyber insurance. Here are the latest cyber security statistics to help you plan your defense against hackers.

Key cyber security statistics

  • Total damage by cyberattacks will reach $6 trillion by 2021.
  • Cybercrimes caused $2 trillion in damages so far.
  • There’s a cyberattack every 39 seconds.
  • A ransomware attack happens every 14 seconds.
  • On average, small businesses spend less than $500 on cybersecurity.

Cybersecurity market statistics

1. The cybersecurity market is expected to grow to $300 billion by 2024.

(Global Market Insights)

In 2017, the global cybersecurity market was worth $120 billion, but its worth is growing quickly. It could easily double or even triple in the next five years due to an increased demand for security solutions and products.


2. Global spending on cybersecurity will exceed $1 trillion by 2021.

(Cybercrime Magazine)

With annual growth of 12%, sales of cybersecurity products and services are expected to top $124 billion by the end of the year. Cybersecurity statistics for 2018 show similar growth compared to the year before. The growth is driven by the rise of cybercrime, so this industry is likely to have steady income in years to come.


3. On average, small businesses spend less than $500 on cybersecurity.

(Juniper Research)

Cybersecurity isn’t a big concern to many small companies. They usually choose consumer-grade security solutions and currently make up 13% of the cybersecurity market. Unfortunately, that also means that these types of companies end up on the receiving end of ransomware and other hacks. Small business, cyber security statistics reveal, is a very lucrative target.


4. Microsoft invests $1 billion annually on cybersecurity.

(Reuters)

Confirming that cybercrime is the greatest challenge of the digital age, the Redmond, Washington-based company continues its fight against modern cyber security threats. Microsoft’s investments in security don’t include additional spending on acquisitions in the cybersecurity market.


5. JPMorgan Chase spends $600 million on cybersecurity every year.

(JPMorgan Chase)

On the other end of the cyber security job statistics spectrum, JPMorgan employs more than 3,000 people in its cybersecurity sector, working in different ways to protect the company from hackers. It has also increased its annual cybersecurity budget by $100 million.


6. The US government’s 2019 budget for cybersecurity is $15 billion.

(whitehouse.gov)

The president of the United States doesn’t spare any expense when it comes to cybersecurity. Compared to 2018, the US government’s cybersecurity budget has increased by $583.1 million, or 4.1%. The Department of Defense gets the biggest chunk, of course.


7. Every third US company has purchased data-breach insurance coverage or cyber liability insurance.

(Insurance Information Institute)

Even if firewalls and other cybersecurity measures somehow fail, a company can still recoup its losses with specialized insurance coverage. The latest cyber security statistics show that 68% of companies don’t have any form of cyber liability. Another 25% say they plan on purchasing coverage in the next 12 months.


8. The cyber insurance market is expected to be worth $20 billion by 2025.

(Allianz Global Corporate & Specialty)

The growing need for cyber insurance could drive this market to head-spinning values very soon. Analysts predict that the $20 billion barrier will be shattered in just five years, with most of the growth led by companies based in the US.


9. Companies pay up to $500,000 for hackers to test their systems.

(CNBC)

So called “white hat” hackers do not use their skills for nefarious purposes. Instead, they work as freelancers and help companies like Tesla strengthen their computer systems. Some companies even post public bounties that can earn a skillful hacker tens of thousands of dollars if they manage to find holes in the company’s cybersecurity.


Cybercrime statistics

10. Companies are targeted by a ransomware attack every 14 seconds.

(Cybercrime Magazine)

For hackers, the most lucrative type of malware is ransomware. Therefore, it’s no surprise that these attacks are now the most common and that they are targeted toward companies big and small. Every minute, four of these attacks are launched around the world.


11. 1 in 10 small businesses suffer a cyberattack each year.

(Insurance Information Institute)

If you’re running a small business, cybersecurity statistics suggest that you’ll need to invest in properly securing your company from cyber security attacks. Companies are now targeted by hackers as often as there are car accidents on the road. Nearly half of those companies say they suffered losses due to interrupted business.


12. A cyberattack happens every 39 seconds.

(University of Maryland)

An unsecure computer connected to the internet can become a target of more than 2,000 cyberattacks per day, cyber security stats revealed this year. Hackers targeting institutions manage to do it not by hand, but by employing scripts and automated tools that probe their targets for vulnerabilities.


13. Analysts believe the United States will become the target of more than 50% of worldwide cybercrime attacks in the next five years.

(Juniper Research)

American companies should look into reinforcing their defenses against cyber security attacks. Statistics and predictions from analysts place the US as the hottest target of cybercrime. Recent cyber security breaches and ransomware attacks show the signs of the growing threat.


14. In the US, only 10% of cybercrimes get reported.

(CPO Magazine)

Even though the United States is home to many IT giants and a large part of the internet industry, there aren’t that many reports on cybercrime. The reason is simple – often times it’s difficult or even impossible to prove that a digital crime actually happened. Reported cyber crime statistics are therefore much lower than the actual number of attacks.


15. Phishing accounts for 37% of all cyberattacks directed toward businesses.

(Statista)

More than one-third of all cyberattacks suffered by businesses involve phishing. These social engineering attacks exploit the possibility of human error, with hackers masking their malicious emails as legitimate messages from well-known companies and brands.


16. More than 90% of successful attacks against businesses originate from phishing.

(KnowBe4)

Taking a deeper look into the phishing statistics, it becomes more obvious why this method is still the most popular one. It works. It works a little too well – not because it’s sophisticated or complex, but because it exploits human nature.


17. Bitcoin is involved in $76 billion worth of illegal activities every year.

(Social Science Research Network)

The most popular cryptocurrency in the world has seen its share of abuses and malicious activities. Crypto transactions provide anonymity, which is a desirable factor when you’re doing something illegal. Experts estimate that one quarter of all Bitcoin users have at least once engaged in illegal operations.


18. Cryptojacking is becoming less common.

(Symantec)

Cryptojacking, a method of abusing infected computers to mine cryptocurrencies, is 52% less common now than during 2018. Cyber security threats statistics reveal a connection to drops in cryptocurrency value and anti-malware companies becoming more savvy in preventing these events.


19. The largest DDoS attack was 1.3 terabytes per second.

(Cloudflare)

In February 2018, a massive distributed denial of service attack struck down software depository platform GitHub. The hackers were sending 127 million packets every second, resulting in 1.3 TB of data transferred. The attack lasted for 10 minutes.


20. DDoS attacks are 39% more frequent than last year.

(Netscout)

Cyber security statistics reveal that hackers are using DDoS attacks more than ever before. In fact, there was a 776% growth of attacks that used 100-400 Gbps of data in just one year. The usual targets of these attacks are satellite and wireless communications companies.


21. Hackers need just $1 to acquire their tools.

(Fortune)

Hacking statistics are on the rise for one very simple reason – it has never been so affordable to become a hacker. A basic malware toolkit can be obtained for just $1, with many other tools costing a few hundred dollars or less. Data’s for sale too: You need just $25 to obtain a million compromised emails or passwords.


Cybercrime damage and cost statistics

22. Annual damage from cybercrime is expected to reach $6 trillion by 2021.

(Cybersecurity Ventures)

Cybersecurity threats have already caused $2 trillion of damage so far. But the future looks bleak, according to computer crime statistics. In just two years, analysts predict, damage caused by cyber crime could easily triple, causing massive losses to almost all industries that use computers and the internet for their day-to-day business.


23. On average, companies lose $188,400 annually due to cybercrime.

(Insurance Information Institute)

Year-on-year, losses keep increasing for businesses big and small. Companies that end up being targeted by hackers lose time and money fighting and recovering against cyberattacks. For 97% of small businesses, their cyber insurance was enough to cover the costs.


24. A ransomware attack targeted at FedEx caused more than $300 million in damages.

(Reuters)

When one of the largest delivery companies suffered a cybersecurity breach, its stock dropped by 79 cents per share. The severity of this cyber attack, by statistics in 2017, was so bad that it incurred 40 times more damage than Hurricane Harvey on this company.


25. American companies are the least likely to pay a hacker’s ransom.

(PhoenixNAP)

“Don’t negotiate with terrorists” is definitely a mantra among the American companies when dealing with ransomware. Only 3% of companies in the US paid ransom to hackers. On the other end of the cybersecurity statistics scale, companies in Canada have paid ransom to hackers in 77% of the time, followed by the UK at 42%.


26. The city of Atlanta ended up spending $17 million recovering from a ransomware attack.

(SC Magazine)

In early 2018, Atlanta was hit by SamSam ransomware. The hackers demanded a payout of $51,000, which the city refused. Initial damage was estimated at $3 million, but later it increased six-fold, as some of the data lost to malware included police records and one-third of the city’s programs.


27. Every other ransomware attack in 2018 targeted healthcare industry.

(PhoenixNAP)

Ransomware statistics per industry paint a sad picture for the healthcare sector. This industry has been the most frequent target of hackers and malware, with 2018 seeing an increase of ransomware infections. By 2020, analysts believe, malware attacks on healthcare will quadruple.


28. Formjacking attacks create $2.2 million worth of damage per month.

(Symantec)

Every month, 4,800 websites get infected with formjackers that allow hackers to steal user data like credit card numbers and logins. More than 3.7 million of these attacks were blocked in 2018, but the attacks aren’t slowing down.


Data breach statistics

29. More than 4 billion user accounts were exposed via data breaches in 2019.

(Risk Based Security)

Data breaches are on the rise. In the first half of 2019 there were more than 3,000 breaches, 54% more than in the same period of 2018. All told, these breaches exposed 52% more records and user accounts compared to the previous year.


30. A data breach in 2021 will typically cause $13 million worth of damage.

(Cybit Solutions)

Predictions are pretty grim when it comes to cyber attack stats. Not only will the costs of corporate cybersecurity continue to grow – including investments in cyber insurance – but data theft will continue to rise as well. Recent hacking events show that malicious internet users keep finding holes in digital defenses.


31. The biggest security breach in history affected 3 billion user accounts.

(Cybersecurity Ventures)

Internet company Yahoo! suffered a data breach of unmatched proportions in 2013. Reported in 2017, this breach was confirmed to be the biggest in the history of the internet according to cyber security breach statistics. The second biggest breach happened this year. It targeted 885 million accounts at First American Financial Corp.


32. 540 million accounts were affected in the latest Facebook breach.

(CBS News)

Facebook can’t catch a break when it comes to hacker attacks. Among recent cyber attacks in 2019, one involved this popular social network. Account names, user IDs, comments, and reactions were publicly available due to this security breach. Not only that, but it was discovered that 600 million account passwords were stored as plain text files.


33. 95 user logins get stolen every second.

(Thycotic)

Whether through data breaches or malware, more than 3 billion passwords and credentials end up in the wrong hands each year. More services, especially e-banking, now require regular password updates, while experts recommend having different passwords for every website and app.


Cybersecurity facts and known risks

34. Many companies don’t believe they’re properly secured from cyberattacks.

(Insurance Information Institute)

A vast majority of businesses are well aware of the growing cyberattack threat, and more than half of interviewed companies expressed concern about possible breaches. That being said, most companies believe they need even more protection and countermeasures against hackers.


35. A cyberattack could hurt the company’s reputation in addition to causing direct financial loss.

(Insurance Information Institute)

This is the internet age, so there’s much more than the money on the line for modern companies. One devastating hack attack could impact employees and clients due to data loss, that’s clear. But the company’s public image can suffer too. And there can be legal issues down the line. Surveys show that most businesses are, first and foremost, concerned about the financial hit.


36. Human error is still the greatest cause of data breaches and security failures.

(Helpnet Security)

Cybersecurity statistics in 2019 are led by one major factor when it comes to causes for breaches – humans. Specifically, a single human error is enough to bring down the whole system, so properly educating employees and practicing healthy cybersecurity habits reduces the potential risk.


37. 300 billion passwords will be generated by 2020.

(Thycotic)

Even though there are efforts to remove the need for traditional login (with biometrics and similar cutting-edge tech), we’ll have to type passwords for years to come. With more user logins and credentials in the wild, there’s a greater chance for hackers to obtain them.


38. The most common password is “123456.”

(CNN)

Making up new passwords for every single site and service gets tedious, but that also means lots of those passwords are incredibly easy to crack. One of the biggest cyber security facts has always been how common and obvious some passwords are. The most popular passwords are the simplest strings of numbers or “qwerty” and are used by millions of users. Among the top 10 most common passwords are also “password” and “abc123.” Obviously, this is far from the kind of secure login that’s needed in 2019.


39. Avoid “Root” and “Admin” user names for computer accounts.

(University of Maryland)

A study by University of Maryland’s School of Engineering has confirmed that hackers will always go for the lowest hanging fruit. In this case – the most common logins. They use “dictionary scripts” to quickly try all of the common logins, so the best practice is to change default user names and logins whenever you install new hardware or software.


40. 58% of companies have more than 100,000 unprotected folders.

(Varonis)

Network firewalls are only the first line of defense, and they’re not impenetrable. Once hackers get inside your company’s system, they can’t do much if you have additional file and folder protection. For nearly 60% of companies, this unfortunately isn’t the case – and that is a massive preventable vulnerability.


41. 4 out of 10 companies have over 1,000 unprotected sensitive files on their servers.

(Varonis)

Health records, Social Security numbers, even credit card numbers. These are all stored in files across many companies, but a significant number of companies haven’t properly protected these sensitive files from hackers. Among the business cyber security statistics in 2019, unprotected files are a significant security risk.


42. Every third user account is stale.

(Varonis)

Once an employee leaves a company, in one of three cases their old account remains enabled even though it’s no longer in use. This is called a “stale account” and it poses a risk for the company as a potential entry point for hackers. Deactivating stale accounts reduces the number of logins in circulation.


43. More than 60% of companies have more than 1,000 stale user accounts.

(Varonis)

It’s alarming how many companies keep hundreds, even thousands of obsolete user accounts. Removing or deactivating these accounts is a security step a lot of companies skip. Data breaches, statistics show, are enabled by these kind of accounts.


44. Just 1 in 5 Americans update their passwords after hacks are exposed in news reports.

(Varonis)

Many people won’t change their passwords until they forget them. This is actually the most common reason for updating passwords among Americans. Only 20% of American users update their passwords after reading news about security breaches.


45. IoT devices can be hacked just minutes after they’re connected.

(Netscout)

The idea of a smart home might not sound as amazing in the near future. IoT devices like smart TVs, thermostats, cars, and speakers are great, but not as safe as we might be led to believe. Current statistics on cybersecurity point toward IoT as the biggest and easiest entry point for hackers. These devices have no integrated protection from hackers, so relying on strong network firewalls is the only solution.


46. Cloud-based storage and apps need protection, too.

(Symantec)

A growing trend of moving files and software from local devices to the cloud creates new risks. Cloud computing should be treated with equal care as traditional computer security, especially since one misconfigured server could cause millions of dollars of damage.


47. Cybersecurity is a five-step process.

(Mindcore)

Installing software on a computer is just one part of the big cybersecurity equation. There are five types of cyber security today: protecting critical infrastructure, computer applications, network security, cloud security, and IoT security. For modern businesses, all five of these pillars are equally important, as a failure of any one of them could cause a hacker breach.


48. Want a malware-free smartphone? Avoid third-party app stores.

(Norton)

Human error is enough to collapse an otherwise secure system. Same goes with your smartphone, so smart browsing and using only the manufacturer’s app store can help keep your device hack-free. Even in official digital stores there might be bad players – Google’s cyber security statistics point out thousands of corrupted and malicious apps get removed every year. That is why the company introduced its own security measures and ways for users to determine whether an app is safe before downloading it.


49. There is always an open position for a cybersecurity expert.

(Cybint Solutions)

If you’re job-hunting right now, it’s a good idea to steer toward cybersecurity. For the next few years, there will be more open positions than candidates in computer security companies. For cyber security jobs, statistics show no unemployment rate but high demand, especially since more businesses are looking into protecting their data.


Frequently asked questions

How often do cyber attacks occur?

On average, cyberattacks occur every 39 seconds. Businesses are targeted by cyberattacks every day, but some types of cyber threats, like ransomware, are much more common and can occur even several times per minute.

How many cyber attacks were there in 2018?

It is estimated that a couple of thousand cyberattacks happened every day in 2018, affecting hundreds of millions of internet users and companies. Cyber attack statistics per year are, unfortunately, on the rise. Just in April, May and June, data breaches affected 765 million people and created tens of millions of dollars of damage. There were 47% more cyberattacks than during the same period in 2017. Experts believe cybercrime and hacking attacks aren’t going to slow down any time soon.

What percentage of cyber attacks are phishing?

More than one third of all cyberattacks are phishing – 37 percent, to be precise. Phishing is currently the most common type of cybercrime because it relies on human error more than any other method. This is also the most effective type of cyberattack, effectively bypassing security measures. The best way to protect against phishing, therefore, is user education and smarter browsing, since this method relies on trickery.

How many cyber crimes are committed each year?

Cybercrimes targeting businesses are committed over 16,000 times each year. Small businesses are especially prone to attacks due to their weaker cybersecurity measures. Big companies usually employ experts in the cybersecurity field and have custom-tailored software to protect them from hackers, while small companies use commercial software that’s available to regular internet users too. Hackers are well aware of this when they pick their targets.

How many cyber attacks happen a day?

Cyber security statistics gathered from the University of Maryland School of Engineering reveal that there are, on average, 2,400 cyberattacks each day. Companies are targeted by ransomware more often than individuals are. Phishing and malware are the most common and most successful attack methods against individual users.

Sources