With the threat of cyber attacks growing every year, we decided to compile this list of cyber security statistics to prepare businesses and individuals for some of the most common cyber crimes.
The internet has brought so much convenience into our daily lives. But with billions of people exposing their personal information to the world, the internet also puts our online safety at risk. Common internet crimes, such as identity theft, phishing, and others, can only be stopped by properly educating internet users. The latest SEO statistics suggest 6 out of 10 people won’t read more than a piece’s headline. We hope this stat doesn’t apply to cyber security-related content.
The Top 10 Cyber Security Statistics and Facts
- The first ever computer virus was called “The Creeper.”
- 79% of organizations were expected to be affected by cybercrime in 2019.
- A malicious hacking attack occurs every 39 seconds.
- Routers and connected cameras account for 90% of attacked devices.
- Usernames such as “Root” and “admin” must be avoided, as well as passwords that duplicate the username or are a variation of it.
- 2016’s Yahoo data breach compromised 3 billion accounts.
- The average cost per lost record is $148.
- 88% of companies that have over a million folders have at least 10% of them open to all employees.
- An average company protects just 3% of its folders.
- 58% of data breach victims are small businesses.
Cybercrime Statistics and Facts
1. The first ever computer virus was called “The Creeper.”
Security has been an issue ever since the first computers were invented. The Creeper is the first known computer virus, and it was created during the 1970s. It infected the ARPANET network and computers running the TENEX operating system, displaying the message, “I’m the creeper, catch me if you can.”
2. Recent cybersecurity breach data shows that 93% of companies have had an experience with unauthorized cloud apps usage.
Cloud storage has become the standard for almost every industry. From software development firms to car manufacturers, 93% of companies have had to deal with someone accessing their cloud-stored data and apps without permission. The situation is similar with private cloud users: cyber security stats show that 82% of them have had a similar negative experience.
3. 78% of organizations were the victim of a cyber attack in 2018.
In case you’re wondering how common cyber attacks are in the business world, the answer is pretty common. The vast majority of organizations reported being the victim of a successful cyber attack in 2018.
In 2019, the percentage was expected to increase slightly, with cybercrime negatively affecting 79% of organizations in the world.
4. 93.7% of organizations in Spain were affected by at least one successful attack in the last 12 months.
Cyber security incidents have affected almost all of Spain’s organizations. A whopping 93.7% of them report falling victim to at least one successful cyber attack in the last 12 months. The list of the top five most-affected countries also includes Saudi Arabia (91.5%), Colombia (87.9%), Turkey (87.8%), and Japan (85.7%).
5. 76% of cyber attacks are financially motivated.
The main motive behind cyber attacks is financial gain. Other common motives include gaining insight into the competition, political reasons, and revenge.
6. The government, retail, and tech sectors are victims in 95% of attacks.
Business cyber security statistics point out that, in 95% of cases, the victims of cyber attacks are companies working in the government, retail, or tech sectors. Hackers seem to think that this is where the most valuable data is located.
7. Some industries take up to 287 days to detect an attack.
It takes a staggering amount of time to detect a data breach; the average time across all industries is 197 days. The healthcare industry is the quickest to find one, while it can take the entertainment industry up to 287 days to catch a data breach.
8. A malicious hacking attack occurs every 39 seconds.
(Source: University of Maryland)
According to a study conducted at the University of Maryland that dealt with the data derived from recent cyber attacks, ill-intentioned hackers attacked the researchers’ target computers 2,244 times per day. On a global scale, an attack occurs every 39 seconds. By using scripts that try to guess usernames and passwords in order to get into a network, the number of computers attacked in a day increases constantly.
9. 90% of attacked devices are routers and connected cameras.
When looking for a point of entry, the cybersecurity statistics for 2020 point out that hackers are most likely to choose either a router or IoT devices, such as cameras. Leaving the stock security settings on either of those is a bad practice.
10. 36% of compromised data is personal info.
The most commonly targeted data is personal information. Hackers can sell your gender, name, email, and birthday to those running phishing scams—or even to advertising agencies.
11. The most commonly attempted username is “Root.”
(Source: University of Maryland)
The same study that determined the average number of cyber attacks per day also found the usernames and passwords that the scripts use most. Researchers found that the username “Root” is attempted 12 times more often than the word “admin.” The rest of the commonly guessed usernames are “test,” “guest,” “info,” and “adm.”
12. 43% of password attempts are the same as the username.
(Source: University of Maryland)
In a lot of cases, the script will automatically re-enter the username in the password-designated field. After that, the username plus “123” is attempted. Cyber security statistics from recent years list other common password hacking attempts: these include number sequences and phrases such as “123456,” “1234,” “passwd,” and “1.” Avoid all of these—be more creative in order to stay safe online.
13. Credit card skimming is responsible for 30% of retail data breaches.
(Source: Comparitech / Astra)
Almost a third of all reported retail data breaches are caused by credit card skimming. What’s credit card skimming, you may ask? Those looking to steal payment card info install a small device that clones the data stored in the card’s magnetic stripe and then use the information to either make online purchases or produce a counterfeit credit card.
And if we look at the numbers, ecommerce businesses experienced 32.4% of all successful cyber attacks in 2018.
14. 49% of companies planned on increasing their cloud security budget for 2019.
(Source: Cybersecurity Insiders)
The steep increase in cyber attacks and data breaches—more on that further down the list—has caused almost half of all businesses to re-evaluate their cybersecurity budgets for 2019. 17% of IT security experts reported that cybersecurity was their company’s largest budget increase in 2018.
15. The global number of daily blocked attacks increased by 56.1% in 2018.
The 2018 budget increases were immediately effective. On a daily basis, more than 900,000 cyber attacks were blocked globally. If the budgets remained the same as they were in 2017, the number of successful attacks and data breaches would have been much higher.
Data Breach Statistics and Interesting Facts
16. The largest internal data breach event lasted for 30 years.
From 1976 to 2006, Boeing engineer Greg Chung collected crucial information related to the space shuttle program. Chung faced a trial for selling the information to China, earning a 15-year jail sentence. More than $2 billion worth of data, on over 300,000 pages, was discovered in his home.
17. The Yahoo data breach compromised 3 billion data records.
Yahoo is responsible for the largest data breach ever, with around 3 billion user accounts and passwords compromised in an incident that was revealed in 2016. The second largest data breach incident was Facebook’s responsibility, which happened in 2018 when 2.2 million private records were compromised. Despite the incident, Facebook remains the top social media network boasting 2.49 billion monthly active users today.
We shouldn’t leave out the infamous Panama paper leak, caused by poor plugin choices, according to the WordPress statistics. This data breach included over 4.8 million emails.
18. The average cost of a corporate data breach is $3.86 million.
When a corporation experiences a data breach, it can cost them a ton of money—in addition to potentially losing their clients’ trust. The average loss per data breach is $3.86 million. Every single lost or stolen user record costs the company $148, the latest cyber security stats show.
19. 88% of companies with over a million folders leave 10% or more of them accessible to all employees.
Here’s one of the top reasons data breaches are so common: with 10% or more of all company files stored on the network available to all employees, a data breach disaster is almost imminent. All it takes is one reckless employee falling for a phishing email, and the entire company can be in shambles.
20. The loss of one million records costs $40 million on average.
The cost of cyber security—or more precisely, a lack thereof—is high for large businesses. An average company will suffer a loss of $40 million if they lose a million records from their network. Even for giants like Yahoo, this lost capital could be the final nail in the coffin. Worse, the loss of potential business after a breach is estimated at $4.2 million over the next year for US-based corporations.
21. An average company protects just 3% of its folders.
Large-scale cyber attacks on corporate entities will keep happening, especially considering the fact that just 3% of the average company’s network folders are protected.
22. Companies typically tighten up their security after a large data breach.
IBM’s research from 2018 shows that the larger the data breach a company experiences, the lower the chances of another breach within the next two years. Most companies tend to wise up and increase their online safety after an incident. One such example is Shopify, which was DDoS-ed in 2016, Shopify statistics reveal. Following the incident, the company has paid ethical hackers more than $850,000 to test their website and mobile apps for weaknesses.
23. 58% of all data breach victims are small businesses.
Large corporations aren’t the only ones at risk of a data breach. In fact, hackers are more likely to focus on smaller victims. Small business cyber attack statistics show that 58% of these businesses become data breach victims.
24. 38% of the global malware-based data breaches are caused by ransomware.
Ransomware has become one of the main tools in a cyber criminal’s arsenal. With 38% of all malware data breaches being caused by ransomware, more attention should be dedicated to it.
What is ransomware? After getting into a computer—usually through a malicious email— ransomware software hijacks the data and demands money for its return.
25. Recent cyber attack statistics show that 93% of malware comes from emails.
Emails that contain suspicious links and/or attachments should be ignored and reported. This especially applies to emails claiming you’ve won an award or are about to obtain an insane amount of money by just clicking on a link. That guy claiming to be a Nigerian prince definitely won’t make you rich.
On the other hand, many legit emails end up in the spam folder for the reasons you’d never guess. One of the reasons is very low inbox usage, and there are 76 more of them. To be on the safe side, go through the list of reasons for why your emails might be marked as spam emails.
26. In 2017, WannaCry accounted for 53.92% of ransomware attempts.
WannaCry was officially the most-used ransomware in 2017. As for cyber attacks in 2019, the number of instances involving WannaCry exceeded one million.
As with most ransomware, WannaCry infects victims’ computers and demands a payment in Bitcoin. The main distinguishing feature is that this specific ransomware targets computers running Windows OS, especially older versions that have weaknesses implemented by the NSA.
27. The average amount of money demanded in ransomware attacks is $1,077.
(Source: Safeatlast / TechCrunch)
Data hijackers typically ask for around $1,000 to return access to the data they took from their victims. Cyber attack statistics by year show that in 2015 the average amount demanded was just $294.
28. Ransomware is expected to quadruple in 2020.
Speaking of yearly statistics, the predictions for 2020 aren’t bright—a significant increase in the number of ransomware attacks is expected. With an increase of 400%, we’ll need to be more cautious online than ever before.
29. There was an increase of 78% in supply chain attacks last year.
Supply chain attacks are the type of cyber attack that looks for an opening into a network through the supply network, which is notorious for its lack of security. Malware statistics show that these are on the rise in all industries, including finance, oil, and the government sector, so making sure your suppliers keep their online databases safe is a must.
30. 27% of data breaches can be attributed to human error.
Employee education on internet safety might be the key to preventing cyber attacks. With more than a quarter of all data breaches being caused by human error, we seem to be a key factor in maintaining online safety.
The cyber security statistics listed above are intended to be a wakeup call for professionals whose businesses rely on storing sensitive information online. After seeing how common, and how devastating, cyber attacks and data breaches can be, we hope that everyone starts paying more attention to their online security.
List of sources:
- University of Maryland
- University of Maryland
- University of Maryland
- Astra / Comparitech
- Cybersecurity Insiders
- Safeatlast / TechCrunch