The risk of cyberattacks has increased substantially in recent years.
But just how prevalent are cyberattacks in 2024?
In this report we'll cover the latest data on cybersecurity threats, the average cost of a data breach, and the ways cybercriminals look to steal organizations’ sensitive data.
Contents
Cyberattacks have become increasingly common in recent years.
The exact numbers vary massively depending on how you choose to define an attack. For instance, one report claims there are 5.5 billion malware attacks per year, and 6.3 trillion intrusion attempts.
But the Identity Theft Resource Center (ITRC) Annual Data Breach Report recorded 2,365 cyberattacks leading to data compromises in 2023. This marks an increase from 1,584 the previous year, and 754 in 2018.
That’s approximately 6.5 attacks per day. However, the number of victims is substantially higher: over 343 million per year. That’s more than 940,000 per day, or nearly 11 per second.
Source: ITRC Annual Data Breach Report, Sonic Wall
How Many Businesses Get Hacked Each Year?According to a Sophos study, 59% of businesses have been hit by ransomware this year. That’s a drop from a high of 66% in each of the previous two years.
In the UK, half of all businesses and 32% of charities report being targeted by some form of cyberattack within the past 12 months.
Source: Sophos, UK Government
Phishing Attack StatisticsPhishing and pretexting are the most commonly used kinds of cyberattack.
(Pretexting is effectively a kind of phishing where attackers seek to build up a prior relationship of trust before trying to exploit it.)
50% of all phishing and pretexting attacks target user credentials. This is especially troubling as almost 8 in 10 web users reuse passwords for multiple accounts.
Meanwhile, 95% of attacks have an ultimately financial motive. The remainder are motivated by espionage.
When phishing or pretexting leads to a transaction, the median amount is approximately $50,000. In almost one in five cases, none of that money is recovered.
As of Q1 2024, cybercriminals create nearly 1 million phishing sites per month – that's almost 7x as many as in Q2 2020.
Sources: Verizon 2024 Data Breach Investigations Report, Forbes, APWG
Malware StatisticsIn 2023, there were over 6 billion malware attacks worldwide. That figure has remained fairly steady, ranging from 5.4 billion to 6.06 billion between 2020 and 2023.
The single worst year for malware attacks over the last decade was 2018 (10.5 billion attacks).
Here's a breakdown of the number of malware attacks worldwide since 2015:
Year Number of Malware Attacks 2015 8.2 billion 2016 7.9 billion 2017 8.6 billion 2018 10.5 billion 2019 9.9 billion 2020 5.6 billion 2021 5.4 billion 2022 5.5 billion 2023 6.06 billionFrom March to May of 2024, instances of malware increased by 30%. Encrypted threats increased by 92%, indicating that malware attacks are growing more sophisticated.
Ransomware StatisticsRansomware has become one of the most pervasive and fast-growing threats to individuals and organizations worldwide.
By the highest estimates, attacks occurred every 39 seconds throughout 2023. Cybersecurity professionals estimate that more than 300 million ransomware attacks were attempted throughout the year.
Here's a look at the number of ransomware attacks per year since 2017:
Year Number of Ransomware Attacks 2017 186.3 million 2018 206.4 million 2019 187.91 million 2020 304.64 million 2021 623.25 million 2022 493.33 million 2023 317.59 millionNorth America currently receives the largest proportion of industrial ransomware attacks (43%).
Here's a breakdown of industrial ransomware attacks by region:
Region Distribution of Ransomware Attacks North America 43% Europe 32% Asia 14.4% South America 4.4% Middle East 2.5% Africa 1.5% Australia 1.5%North America is also one of the regions that saw an increase in ransomware in the first half of 2024. Attacks are up 15% compared to 2023, although in Europe they are down by 49%.
Sources: SonicWall, WatchGuard, Dragos, SonicWall (2)
Cryptojacking StatisticsCryptojacking is a form of cybercrime in which hackers use an individual or organization's computer system to mine cryptocurrencies like Bitcoin. While relatively new, the latest data indicates an uptick in unauthorized mining activities.
Criminals may initiate a cryptojacking attack in several ways, such as installing malicious software through an email attachment or infecting a webpage with JavaScript that launches the mining process when opened in a browser.
Cryptojacking volume in Q1 2023 reached 332.3 million. And across the year attacks rose by 659%.
Sources: SonicWall
IoT, DDoS, and Other AttacksInternet of Things (IoT) attacks target connected devices to find vulnerabilities within networks.
In 2023, there was a reported 400% rise in IoT malware.
And the average cost of a successful IoT device attack is more than $330,000.
IoT devices can also be turned into “zombies” for carrying out distributed denial of service (DDOS) attacks, flooding a target server with traffic in order to crash it.
In Europe, there is an average of almost 70 IoT attacks per organization per week. The figure in North America is close to 40.
IoT attacks per organization per week across different regions.
Sources: TechRadar, PSA Certified, World Economic Forum
Most Common Causes of Data Breaches in CybersecurityOf the 2,365 cyberattacks recorded in 2023 by the Annual Data Breach Report, 438 were phishing or related “social engineering” attacks. This made it the most common form of attack.
Ransomware accounted for 246 of the cyberattacks, or a little over 10%. It was the second most common kind of attack in three out of four quarters last year.
Malware was the next most common cyberattack leading to a data breach. There were 118 recorded malware attacks last year.
“Zero-day attacks” and “credential stuffing” made up the majority of remaining classified cyberattacks.
A further 729 breaches were caused by system or human error without any malicious intent, while 53 came from physical attacks. But cyberattacks accounted for the vast majority of data breach victims.
Source: ITRC Annual Data Breach Report
Cost of CybersecurityCyberattackers have begun launching more advanced – and expensive – attacks in recent years.
Data breaches caused by malicious insiders come at the highest average cost to organizations, calculated at $4.99 million.
That’s closely followed by phishing and other business email compromise (BEC). Data breaches that come about in this manner cost an average of $4.88 million.
Data breaches from stolen or compromised credentials cost businesses an average of $4.81 million.
As of 2024, the average cybersecurity spending per employee is an estimated $52.16.
Cybersecurity Growth RateA US Bureau of Labor forecast indicates that information security analyst roles will increase by 33% between 2023 and 2033. That’s much faster than average.
This will result in more than 17,000 openings each year.
The cybersecurity market is worth $185.7 billion. That’s projected to reach $271.9 billion by 2029 at a CAGR of nearly 8%.
Sources: US Bureau of Labor Statistics, Statista
Data Breach StatisticsThere was a 20% increase in data breaches in 2023. The number of victims doubled.
In the entirety of 2023, there were 3,205 breaches impacting over 350 million people.
The healthcare industry was the most affected, with more than 800 companies suffering breaches. Financial services were also impacted badly, experiencing more than twice as many breaches as the next-most affected sector.
Sources: Harvard Business Review, ITRC Annual Data Breach Report
Cybersecurity Risks15.7 million encrypted attacks were recorded last year. There was a 30% increase in North America, but triple-digit percentage jumps were recorded in Europe, Asia and Latin America.
Legacy firewalls are often unable to detect these threats.
In total, 74% of CEOs are concerned about their organization’s ability to avert or minimize damage from cyberattacks.
Businesses of all sizes can be targeted by cyberattacks. However, given the typically financial motivations, large organizations are the most common targets.
47% of businesses with annual revenue of less than $10 million have been targeted by ransomware, compared to 59% of businesses with annual revenue between $250 million and $500 million. Among businesses making $5 billion or more, 67% have been targeted.
In the UK, across all kinds of cyberattack, 58% of small businesses have been targeted in the last 12 months. In the same time frame, 74% of large businesses have identified breaches or attacks.
Sources: SonicWall, Accenture, Sophos, UK Government
Largest Data Breaches and Hacking Statistics2024 has seen a number of significant (and well-publicized) cyberattacks. Some of the biggest attacks have occurred in the telecom and healthcare industries.
Change Healthcare HackIn February, the cybercrime group known as BlackCat/AlphV staged a ransomware attack against Change Healthcare (part of United Healthcare, a large organization with annual revenues of $370 billion).
Handling 15 billion healthcare transactions annually, Change Healthcare counts the US military among its service users. The hack caused difficulties in filling prescriptions and collecting payments from insurers.
Change Healthcare filed an 8-K report to the SEC, attributing the attack to a “nation-state associated cyber security threat actor.” It ultimately paid a $22 million ransom.
AT&T BreachIn March, telecoms giant AT&T confirmed that customer data had been released on the dark web. Personal records including social security numbers were compromised.
The actual breach appeared to be from 2019 or earlier. Around 7.6 million current customers and more than 65 million former customers were impacted.
Ascension AttackIn another instance of a healthcare provider being targeted, Ascension suffered an attack in May after an employee inadvertently downloaded malware. It forced the organization to divert emergency care from some of its hospitals.
Ascension confirmed that there is evidence of data being stolen.
Historic Data BreachesAccording to ArcticWolf, the “modern history of cybercrime” began in 1962, when Allen Scherr stole passwords from an MIT database via punch card.
Since then, cybercriminals have moved with the times, ramping up their efforts and impacting major corporations, government organizations and social media platforms.
For example, the Wannacry virus affected thousands of groups worldwide, resulting in $4 billion or more in costs. The biggest data breach in history occurred at Yahoo in 2013, with in excess of 3 billion user accounts exposed.
Notable Breaches:
Sources: Arctic Wolf, New York Times, The Hacker News, Uber, CBS
Cybersecurity Job StatisticsThe cybersecurity space continues to grow. 75% of organizations within the industry expect to recruit more permanent staff this year.
Meanwhile, more than 7 in 10 businesses have vacant cybersecurity positions.
In the public sector, 52% of organizations cite resources or skills gaps as the “biggest challenge” when designing for cyber resilience.
In 2022, 94.7% of low-revenue organizations believed that they had the skills to respond to and recover from a cyberattack. That has dropped significantly to just 49.2%.
The median wage for an information security analyst is $120,360.
Sources: Barclay Simpson, World Economic Forum, US Bureau of Labor Statistics, Cybint, Cybercrime Magazine
ConclusionThere's no doubt about it: cyberattacks have become an increasing concern for major organizations, small businesses, and individuals.
With data showing that the cybersecurity industry will be worth more than $270 billion within the next five years, it pays to invest in training, tools, and professionals to protect sensitive information from cybercriminals.
For more related content, check out Huge Cybersecurity Trends, Top Cybersecurity Startups to Watch, and The Ultimate List of Cybersecurity Statistics.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.3