Cybersecurity awareness is an everyday job, and it’s easy to fall into a false sense of security once you have a solid plan in place. Every year, statistics are a reminder that hackers and scammers never sleep. New trends and attack types pop up daily, making it difficult to keep track.
This list is a rundown of the most important statistics of the year, providing a good overview of threats to keep in mind. Moreover, it incorporates some industry-specific statistics for a more detailed perspective.
Cyber Attacks and Cybersecurity Statistics for 2024
The overall cybersecurity trend is clear: Attacks are on the rise, and most companies feel they don’t have the proper resources to face the threats. Most users are still not properly educated and practice behaviors that put the company at risk.
Cybersecurity awareness is crucial, especially when many users still reuse passwords or choose easily guessed phrases. Human error remains the leading cause of data breaches, often due to a lack of knowledge about essential safety measures. With proper education, this challenge can be effectively addressed.
- Over 75% of targeted cyberattacks start with an email in 2024, making phishing a primary vector for cybercrime (source: Norton Antivirus)
- 17% of cyber attacks target vulnerabilities in web applications (source: PT Security)
- 98% of web applications are vulnerable to attacks that can result in malware, redirection to malicious websites, and more. (source: PT Security)
- 72% of vulnerabilities were due to flaws in web application coding (source: PT Security)
- In Q2 2024, organizations experienced an average of 1,636 cyber attacks per week, representing a 30% year-over-year increase (source: Check Point Research)
- Cybersecurity budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80% (source: ThoughtLab)
- 30% of executives said their budgets aren’t sufficient to ensure proper cybersecurity (source: ThoughtLab)
- 31% of executives said their main cybersecurity challenge was improper identification of key risks (source: ThoughtLab)
- 50% of companies outsource their cybersecurity operations center (source: ThoughtLab)
- The most used cybersecurity framework was ISO 27001/27002 at 48% of companies. (source: ThoughtLab)
- 55% of companies run internal cybersecurity assessments (source: ThoughtLab)
- Only 38% of companies say they have made notable improvements after a breach (source: ThoughtLab)
- Only 23% of companies say their cybersecurity metrics are well understood by the board and senior executives. (source: ThoughtLab)
- The top cybersecurity investment is upskilling cybersecurity and IT staff, with 46% of companies reporting this. (source: ThoughtLab)
- 41% of cybersecurity executives report using Zero Trust architecture principles (source: ThoughtLab)
- 63% of companies have some form of email security measure (source: ThoughtLab)
- The average time to detect a data breach is 118 days (source: ThoughtLab)
- Only 29% of companies reported using multi-factor authentication (source: ThoughtLab)
- 26% of companies reported using AI and machine learning solutions to predict and handle breaches (source: ThoughtLab)
- 66% of organizations expect their cybersecurity budget to grow in the coming year. (source: PWC)
- 46% of organizations test cyber incident response time and planning every quarter. (source: Deloitte)
- 41% of organizations identified hybrid IT situations as their biggest cybersecurity challenge (source: Deloitte)
- 46% of companies have identified increased CEO support as a major driver of cybersecurity-aware work culture. (source: PWC)
- 53% of users haven’t changed their passwords in the last 12 months (source: LastPass)
- 57% of users reported having a password written down on a sticky note (source: Keeper Security)
- 37% of employees use their employer’s name as a portion of their password (source: Keeper Security)
- 44% of users reported recycling passwords across personal and business-related accounts. (source: Keeper Security)
- 62% of users have shared a password over email or text messages. (source: Keeper Security)
- 73% of companies in North America use browsers that are out of date (source: Statista)
- The cybersecurity market is expected to grow to $300 billion by 2024. (source: DataProt)
- In Q1 2024, the education sector experienced an average of 2,507 cyber attacks per week, indicating a significant rise in targeted attacks on educational institutions (source: Parachute)
- The average security budget of small businesses is 500$ (source: DataProt)
- 1 in 3 US companies has purchased data-breach insurance coverage or cyber liability insurance. (source: DataProt)
- The cyber insurance market is expected to be worth $20 billion by 2025. (source: DataProt)
- 1 in 10 small businesses suffer a cyberattack each year. (source: DataProt)
- The largest DDoS attack was 1.3 terabytes per second. (source: DataProt)
- 540 million accounts were affected in the latest Facebook breach. (source: DataProt)
- 60% of small businesses go out of business after being victims of a cyber attack. (source: NetDNA)
- 95% of data breaches are due to human error. (source: Mastercard)
- 93% of data breaches are motivated by financial gain. (source: Mastercard)
- 46% of all cyber breaches are done on companies with fewer than 1,000 employees. (source: Mastercard)
- 70% of cybersecurity professionals claim that their organization is impacted by the cybersecurity skills shortage. (source: CSO)
- 56% of Americans do not know the steps to take after being a data breach victim. (source: Varonis)
- A study has revealed that just 23% of security leaders monitor their partners and vendors in real time for cybersecurity risks. (source: AAG)
- By 2025, it is estimated that 60% of organizations will use cybersecurity risk as a key factor when determining transactions and business engagements with third parties. (source: AAG)
- On average, identifying and containing a data breach takes about 277 days, highlighting the prolonged impact of cyber incidents on organizations (source: Parachute)
- 62% of incidents in the System Intrusion pattern involved threat actors compromising partners. (source: Verizon)
- 30% of small businesses consider phishing attacks to be the biggest cyber threat. (source: Verizon)
- 43% of SMBs do not have a cybersecurity plan in place. (source: Forbes)
- Ransomware attacks on the education sector have resulted in $53 billion in downtime costs globally (source: Parachute)
Malware Statistics: Unmasking the Digital Villains
Malicious software is still a common threat with thousands of attacks recorded every day. Certain industries, like retail, are more often targeted, but malware is usually coupled with other tactics, such as phishing. In most situations, adware is the target, but traditional data breaches are still something to look out for.
- The AV-TEST Institute registers over 450,000 new malicious programs and potentially unwanted applications (PUAs) every day (source: AV-TEST)
- The US sees the most malware attacks per year, 9x more than #2 the UK (source: SonicWall)
- In a recent survey, 53% said they were victims of adware (source: Datto)
- 71% of malware attacks have a specific target (source: PT Security)
- 17% of malware attacks target individuals (source: PT Security)
- 40% of malware attacks result in confidential data leakage (source: PT Security)
- Most common malware type used for individuals is spyware. (source: PT Security)
- Malware attacks are on the rise again, with an estimated 560,000 new pieces of malware detected daily (source: Next7 IT)
- 70% of attacks on the retail sector led to customer data theft (source: PT Security)
- 94% of malware is delivered via email, making it the most common method for distributing malicious software (source: Panda)
- 5,520,908 mobile malware, adware, and riskware attacks were blocked. (source: SecureList)
- Adware accounted for 25.28% of all mobile threats detected. (source: SecureList)
- Ransomware continues to be the most prevalent form of malware, involved in nearly 70% of malware-related breaches (source: CyberArrow)
- In the first half of 2024, malware-based threats surged by 30% compared to the same period in 2023, with a particular spike of 92% in May alone (source: CIS)
- 70% of organizations have users being served malware ads on their browser (source: Cisco)
- 48% of organizations experienced information theft via malware. (source: Cisco)
- Between January 2023 and February 2024, approximately 5,600 reported ransomware incidents were reported, highlighting the persistent threat posed by this type of malware (source: Rapid7)
Phishing Statistics: Hooked by the Numbers
Phishing is perhaps the most well-known cybersecurity threat, and statistics prove it is top of mind for cybersecurity professionals. The goal of this attack is still mainly to steal credentials, and younger users seem to be less prepared for this type of attack.
- 96% of phishing attacks are delivered via email (source: Verizon)
- 90% of data breaches are the result of phishing attacks (source: Cyber Talk)
- Phishing and business email compromise results in over 500 million dollars in losses per year, according to the FBI (source: Federal Bureau of Investigation)
- In a recent survey, 77% of respondents said their main cybersecurity fear was a targeted phishing attack (source: SonicWall)
- The total number of phishing attacks increased by nearly 50,000 from the previous year, reaching just under 1.9 million incidents worldwide (source: Interisle Consulting Group)
- Phishing emails are the leading delivery method for ransomware attacks (source: Datto)
- There was a 51% increase in phishing attacks hosted at subdomain providers, totaling over 450,000 reported names (source: Interisle Consulting Group)
- The use of the InterPlanetary File System (IPFS) to host phishing attacks rose by 1,300%, with 19,000 reported phishing sites (source: Interisle Consulting Group)
- 50% of people who fell for a phishing email said it was because they were tired or distracted (source: Tessian)
- 85% of mobile phishing attacks happen outside of email whether through messaging apps, social networks or games. (source: CyberNews)
- Phishing continues to be a common threat, with 71% of working adults admitting to taking actions that pose a risk to their cybersecurity, such as reusing or sharing passwords (source: ITPro)
- 42% of domains reported for phishing were registered in new generic top-level domains (gTLDs), up from 25% last year (source: Interisle Consulting Group)
- 43% of spoofing attacks impersonated Microsoft (source: Check Point)
Ransomware Statistics: The Cost of Locking Up
Ransomware attacks have increased in recent years since it is one of the most lucrative hacks. Industries where technology access is mission critical, such as healthcare and government, remain the top targets.
Industries targeted by this attack should be wary since it is increasingly linked to the abandonment of services.
- Ransomware breaches have seen a 13% increase in the last 5 years (source: Verizon)
- The median ransom payment increased by 13% to $10,700, with the highest payment reported at $535,000 (source: JetPatch)
- The average recovery cost (excluding ransom payments) increased to $2.73 million, a 50% rise from 2023 (source: Sophos News)
- The number of ransomware attacks decreased in Q1 2024 to 1,048 cases but rose again in Q2 2024 to 1,277 cases, a 21.5% increase (source: Cyberint)
- 56% of organizations that had data encrypted paid the ransom, but only 46% of those fully recovered their data (source: Sophos News)
- The average cost of a ransomware attack is 4.54 million, excluding the cost of the ransom itself. (source: IBM Security)
- The average downtime experienced after a malware attack is 21 days (source: Statista)
- Ransomware is the #1 malware threat (source: Datto)
- CryptoLocker is the leading ransomware variant affecting 52% of respondents to a survey (source: Datto)
- 63% of cyber attacks against government agencies use ransomware (source: PT Security)
- 79% of attacks on the retail sector involve ransomware (source: PT Security)
- 45% of security and IT execs expect a further rise in ransomware attacks (source: PWC)
- 59% of consumers said they would avoid doing business with a company that has suffered a data breach in the last year. (source: NetDNA)
- 70% of consumers believe companies aren’t doing enough to secure their personal data. (source: NetDNA)
- 25% of consumers will stop using a product or abandon it if it has been the target of a ransomware attack. (source: NetDNA)
Finance Statistics: Guarding the Treasure Trove
The finance sector has always been an attractive target for cybercriminals. With money becoming increasingly digital, hackers have increased their efforts targeting banks and other financial institutions.
Ransomware remains a leading trend due to the critical nature of the software used in the financial sector. Companies in this industry also hold a lot of sensitive data, making data breaches a popular cyber attack.
- Financial services (FS) institutions are experiencing a rise in cyber incidents due to outdated or incomplete asset data, causing delays in mitigating cyber threats effectively (source: KPMG)
- The finance sector is the second most targeted industry for basic web application attacks (source: IBM)
- Finance sector data breaches are amongst the most expensive to fix (source: IBM)
- On average, a financial services employee has access to 13% of the company’s total files. (source: Varonis)
- The two main cyber threats in the education sector are software vulnerability exploitation and phishing, accounting for 29% and 30% of overall attacks, respectively. (source: Infosecurity Magazine)
- The leak of confidential information and disruption of core activity are the top 2 results of a cyber attack at 64% and 40%, respectively. (source: PT Security)
- Ransomware accounts for 64% of successful cyber attacks against the financial sector. (source: PT Security)
- 63% of financial institutions reported an increase in destructive cyber attacks. (source: Blaze Infosec)
- A data breach in the finance sector costs $5.85 million on average (source: Banking Exchange)
- 57% of banking executives identified cybersecurity as a top priority this year. (source: CSI Web)
Healthcare Statistics: Safeguarding Our Health Data
The healthcare industry faces a dangerous problem when it comes to cybersecurity. Their systems being down can easily lead to loss of life, which means hospitals often pay ransomware demands.
This habit has, in turn, made the industry a prime target for cyber attacks. The healthcare industry faces a difficult battle against cyber threats with shrinking budgets and staffing issues, but cybersecurity awareness training shines even under the most challenging conditions.
- Healthcare ransomware attacks have increased by 264% over the past five years, making hospitals and healthcare providers prime targets for cybercriminals (source: BDO)
- The average cost of a healthcare data breach reached $10.10 million, marking a 9.4% increase from previous years. This is significantly higher than in other industries (source: SafetyDetectives)
- There has been a 239% increase in the number of large breaches involving hacking in the healthcare sector over the last four years (source: Chief Healthcare Executive)
- Almost two-thirds of healthcare organizations faced a supply chain attack in the past two years, with a 70% increase in disruptions to patient care from these attacks (source: FierceHealthcare)
- Over 93% of healthcare organizations have experienced a data breach in recent years, and 57% have had more than five data breaches. (source: Black Book Research)
- Data breaches in the healthcare sector are responsible for a 64% increase in advertising expenses to reassure consumers. (source AJMC)
- A healthcare breach costs about $408 per patient record without including the cost of the loss of business, productivity, and reputation. (source: Healthcare Finance News)
- Healthcare institutions spend, on average, 4 to 7% of their budget on cybersecurity, compared to an average of 15% for other industries. (source: Healthcare Finance News)
- Medical devices have an average of 6.2 cybersecurity vulnerabilities each. (source: Cybersecurity Ventures)
- 62% of hospital administrators feel unequipped or undertrained to deal with a cybersecurity breach. (source: Becker Hospital Review)
Education Statistics: Lessons in Cybersecurity
Education is a relatively recent cyber attack target but has been very popular with the advent of online schooling in recent years. From K-12 to higher education, these institutions hold a tremendous amount of personal information that can have devastating results if leaked.
With a recent surge in attacks on K-12 schools, it’s no surprise to discover cybersecurity is a priority for school administrators across the globe.
- 61% of education respondents feel somewhat or very prepared to respond to a cybersecurity incident and minimize downtime (source: EdTech Magazine)
- 66% of education organizations reported being hit by a ransomware attack (source: Sophos)
- 50% of education organizations reported having to use multiple restoration methods to restore data after a ransomware attack. (source: Sophos)
- Only 4% of institutions reported recovering 100% of their data after paying the ransom. (source: Sophos)
- 62% of education administrators have reported difficulties in hiring cybersecurity staff. (source: Chronicle)
- 65% of higher education institutions have designated data security as a top priority this year. (source: Higher Ed Dive)
- The average cost to remediate a ransomware attack in higher education is $1.42 million. (source: Educause)
- 47% of education respondents reported that their cyber insurance policy significantly influences their cybersecurity strategy, although 21% do not have a policy (source: EdTech Magazine)
- 79% of higher education providers reported being hit by ransomware over the past 12 months, with exploited vulnerabilities and compromised credentials being the leading causes (source: Blog - Cadre Information Security)
- According to the US Government Accountability Office, ransomware attacks result in 3 days to up to 3 weeks in lost learning time. (source: US Government Accountability Office)
Business Email Compromise (BEC) Statistics: Outsmarting the Email Impostors
One of the most potentially damaging hacks, BEC continues to cause billions of damage every year. Thankfully, it is one of the attacks that cybersecurity awareness solves the easiest.
- Gift card requests are the most common way to retrieve funds from an attack, constituting 68% of such attacks. (source: APWG)
- 19% of data breaches are the result of BEC (source: IBM)
- 14% of businesses that fell victim to BEC attacks in the United States recovered any of their financial losses, underscoring the effectiveness and financial severity of these attacks (source: Mailmodo)
- 52% of people who clicked on a phishing link did so because they thought it came from a senior executive in the company. (source: Tessian)
- Advances in artificial intelligence are predicted to make BEC attacks even more sophisticated in 2024, enabling attackers to mimic communication styles and transactional nuances more effectively (source: Armor Resources)
Strengthen Your Cybersecurity Awareness
Hackers are continually evolving their tactics, and staying ahead requires a strong foundation in awareness and education. The common thread in these statistics is clear: a lack of user knowledge and preparedness is a significant vulnerability. By adopting the right behaviors, social engineering attacks can be prevented or significantly reduced.
Ready to enhance your team's security awareness?
Preview Our Training Videos
See how engaging training could be. Plus, get a free Cyber Challenge inside!
Access the Security Awareness Training Kit
Check out this kit for curated content on implementing an effective training program