Modern developments cause modern problems. Ten years ago, our biggest cybercrime concern was not to use an infected USBs we borrowed from friends and colleagues. Fast-forward a few years and cyber criminals are raking in trillions and are capable of shutting down core industries.
According to cybercrime statistics, advancements in technology and our increased reliance on the internet have made cybercrime much more tempting for criminals. Financial, medical, military – all kinds of sensitive and important information is now stored in online and cyber environments. Many infrastructure services are now controlled by software – from sewer systems to power plants. All of this means cybercrime can cause serious damage.
We’re now facing a new threat as well – cyberterrorism. Not only are cybercriminals able to steal valuable data or disable certain services – they now have the ability to cause massive losses to whole cities, states, or nations, not just corporations or individuals.
Cybercrime Statistics Key Findings
- The global cybersecurity market hit $116.5 billion in 2018 and is expected to reach $241 billion by 2025.
- In 2018, revenues generated by cybercriminals reached $1.5 trillion.
- Cybercrime will cost $6 trillion annually by 2021.
- Around 6.4 billion fake emails are sent out every day.
- Cybercrime was the second most reported economic crime in 2016.
- In 2018, 24.000 mobile malware was blocked daily. During 2017, there were 54% new mobile variants compared to the previous year.
As we move forward, our dependence on online services is sure to increase – and so will our vulnerability to cyber attacks. Therefore, it’s important that we’re aware of the threat that cybercrime now poses to the world. We need to improve our defences, both individually and collectively. Continue reading to see the cyber crime statistics we’ve compiled in order to see what kind of threats we face.
Global cybercrime statistics
1. The global cybersecurity market was worth $116.5 billion in 2018 and is expected to reach $241 billion by 2025
(Grand View Research)
The worth of the global cybersecurity market was estimated at $116.5 billion back in 2018. This market is experiencing rapid growth as the intensity and gravity of cyber attacks rises. The major cybercrime concerns right now are data breaches (Marriott Hotel, Yahoo and Equifax data leaks) and cyberterrorism (WannaCry and NotPetya incidents). Grand View Research’s statistics on cyber crime show that the cybersecurity market will more than double by 2025, reaching $241 billion market worth.
2. The US cybersecurity budget for 2019 is $15 billion.
In the wake of increasingly dangerous threats of cybercrime attacks, especially those originating in China and North Korea, the US is funneling large amounts of money into cybersecurity budgets. For 2019, the US cybersecurity budget is 2019 million. The White House is seeking a further 4.7% increase for 2020 across all federal agencies, which would bring the cybersecurity budget to $17.4 billion next year.
us companies are spending $3.82 million and $3.40 million per incident to resolve rising cybercrime rates, especially malware and web-based attacks respectively.
3. Cybercrime was the second most reported economic crime in 2016.
PWC’s Global Economic demonstrates just how serious a threat cybercrime has become in recent years. According to their cyber crime statistics by year, in 2016 cybercrime became the second most reported economic crime. Furthermore, 32% of surveyed organizations were affected by cyber attacks and 34% more thought they would be affected in the next two years.
4. In 2018, revenues generated by cybercriminals reached $1.5 trillion.
Yes, you read that right. Cyber crime increase statistics show that the annual revenue accrued by cybercriminals went up to $1.5 trillion in 2018 – equal to Russia’s GDP. When we break up the figure of $1.5 trillion, the main sources of revenue that go into it are illicit/illegal online markets ($860 billion) and trade secrets theft ($500 billion). These mind-blowing figures should help us realize just how prevalent and profitable cyber crime is. And they say crime doesn’t pay.
5. Around 6.4 billion fake emails are sent out every day.
(EY – Global Information Security Survey 2018-2019)
Do you know how many Nigerian astronauts get stranded in space every day? Well, a lot. According to cyber crime facts and statistics provided by EY in their Global Information Security Survey, around 6.4 billion fake emails are sent each day. Email scams are one of the most common cyber crime methods which probably everyone has encountered so far.
6. The average total cost of a data breach for businesses is $3.92 million.
The increased frequency of data breaches also negatively impacts the reputation of targeted companies, which in turn affects their business. The Cost of a Data Breach report from IBM tells us that the average total cost of a successful data breach is $3.92 million.
7. On average, organizations take 279 days to identify and contain a data breach.
The data breach lifecycle, the amount of time an organization takes to identify and contain the breach, has increased from the previous year. In 2018, cybersecurity statistics tell us that the breach lifecycle average was 266 days. This year it increased by 4.9%, amounting to 279 days – 206 days to identify a breach and 73 to contain it. The fact that organization takes a little less than a year to identify breach is extremely worrying and points out the need to increase both risk awareness and cybersecurity.
8. In 2019, $6.45 million is the average cost of a data breach in the healthcare industry.
Cyber crime statistics and trends indicate that the healthcare industry seems to be taking the brunt of cyber attacks. The reason for this of course is the sensitivity (and therefore value) of the stored patient information. IBM’s Cost of a Data Breach Report from 2019 tells us that the average cost of a data breach targeting the healthcare industry was $6.45 million. Cyber crime in hospitals statistics indicate that this is 65% higher than the average cost of a breach across all industries. One of the latest attacks on the healthcare industry was the Kalispell Regional Health Center attack from August 2019, exposing the data of 130.000 patients.
9. The healthcare sector is targeted by cyber attacks twice as much as other industries.
Healthcare, the second largest sector in the US economy in 2017, seems to be the primary target for cyber criminals. Research on the rise of cyber crime statistics conducted by Fortiguard Labs shows that in 2017, healthcare experienced twice the number of cyber attacks when compared to other industries. While other industries experienced 14.300 intrusion attacks per day per organization, healthcare had 32.000. The main reasons why the healthcare sector is such an appealing target is because it handles valuable information, it takes a long time for the breaches to be detected and cybersecurity is lackluster.
10. Ransomware activity has dropped for the first time since 2013.
As we saw so far, cybercrime is becoming much more frequent, profitable and aggressive but, there is a light at the end of the tunnel. Symantec Internet Security Threat report for 2019 indicates that last year we witnessed a drop in ransomware infections for the first time since 2013. During 2018, computer crime stats indicate that the number of ransomware infections dropped by 20%. However, the amount of ransomware targeting enterprises has risen by 12% and the number of mobile ransomware has jumped by 33%.
11. Attacks on enterprises now make up 81% of all ransomware intrusions.
Research conducted by Symantec tells us that the general amount of ransomware attacks has been reduced, as enterprises became the dominant target for cyber attacks. World cyber crime statistics show that the amount of ransomware attacks on enterprises has increased by 12% and enterprise attacks now amount for 81% of all ransomware intrusions.
12. Only 65% of URLs are considered safe.
The internet is host to over a billion websites, with thousands appearing and disappearing every day. It’s no wonder then that many of them are used for cybercrime. The Webroot Threat Report from 2018 showcases just how unsafe browsing the internet can be. Over a third of all URLs (35%) are considered unsafe. Out of this 35%, 14% of URLs are high risk, 9% are moderate risk, 10% are low risk and 2% are labeled as suspicious.
13. Cybercrime will cost $6 trillion annually by 2021.
If you were unsure just how big cybercrime is, just take a look at this stat. Research conducted by Cybersecurity Ventures predicts that cybercrime will cost the world $6 trillion annually by 2021. This is a 100% increase in costs from 2015, when the annual cost was estimated at $3 trillion. All the Pablo Escobars and El Chapos of the world combined will earn less than cybercriminals, as cybercrime will become more profitable than the total illicit drug trade. The $6 trillion bill the world will pay to cybercriminals will also be the greatest transfer of economic wealth in history.
14. by 2020, ransomware attacks on healthcare industries are expected to quadruple.
Yet another statistic demonstrating the intensity of cybercrime attacks on the healthcare sector. Cybercrime Ventures cyber crime victim statistics indicates that healthcare, which is already the biggest target for cyberattacks, will experience four times more ransomware attacks in 2020. A clear sign that this sector needs to invest significantly more into cybersecurity in order to protect the very sensitive information they handle.
15. In 2017, viruses were the most common form of cybercrime, affecting 53% of all consumers that experienced cyber attacks.
People at Norton, one of the most popular antivirus providers in the world, conducted research during 2017 to examine which methods of cyber attack were most common. Their cyber crime data shows that during that year, 978 million people were affected by these attacks. Out of that figure, 53% were attacked by viruses or other similar security threats. Some of the other most common forms of attack were credit/debit card fraud (38%), account password compromisation (34%) and losing access to a social media/email account (34%).
16. In 2018, 77% of successful cyber intrusions relied on fileless attack techniques.
(ENISA Threat Landscape Report 2018)
In the past, the most common way of infecting a computer was by placing malicious executable files on the system. However, as this is recognized as the most common method of attack, most people are vary of suspicious executable files and antivirus software targets them the most. Cybercriminals have adapted however and switched over to fileless attack techniques. These fileless attacks rely instead on malicious documents, scripts or codes. Cyber security stats show that in 2018, 77% of all successful attacks relied on these methods, demonstrating the effectiveness of these new tactics.
17. In 2018, more than 400.000 DDOS attacks were reported monthly.
DDOS (Denial-of-service attack) is one of the most common cyber attack methods. These types of cyber attacks rely on flooding the target machine or network service with fake requests in order to overload the system and temporarily disable the service. These attacks can cause significant costs as they can disable services for longer periods of time. During 2018, more than 400.000 DDOS attacks were reported per month.
18. The global yearly number of DDOS attacks will reach 14.5 million in 2022.
The effectiveness and potential damage that can be caused by DDOS attacks led to the increasing popularity of this attack technique. Cisco increase in cyber crime statistics predict that the yearly number of DDOS attacks across the world will reach 14.5 million in 2022. Besides the increase in frequency, DDOS attacks will also increase in size. The largest DDOS attack to date had 1.7 terabytes per second. These immense attacks can represent up to 25% of a country’s internet traffic when they’re occuring.
19. During 2017, the average amount of yearly breaches per country was 24.089.
The folks over at AcceleratingBiz gathered up the statistics of cyber crime concerning the amount of data breaches that occur per country. Data breaches refer to the loss or theft of any records containing personal, medical or financial information. Data from 2017 shows that the average amount of data breaches that year per country was 24.089. The US had more than the global average, 28.512, while the country with most data breaches was India – 33.167.
20. In 2017, 76% of organizations around the world experienced a phishing attack.
Unlike DDOS, or other cyber attacks which require coordination or resources, phishing attacks are almost constant and go for a wide array of targets. ProofPoint’s State of the Phish report states that 76% of organizations experienced a phishing attack.
21. Phishing is the third most common cybercrime incident and the third most common cause of data breaches.
Due to the relative ease in which phishing campaigns can be ran, they are one of the most frequently used attack methods. Verizon 2018 Data Breach Investigation report shows that phishing is the third most common cybercrime. Additionally, it’s the third most common cause of successful data breaches.
22. 91% of cyber attacks start off with a spear phishing email.
Spear phishing attacks refer to a phishing attack variant which relies on personalized, prolonged communication with the victim in order to obtain credentials. This is different than standard phishing attacks, which are usually sent en masse to a large number of users. While spear phishing attacks. According to crime statistics on cyber crime from 2018 provided by Cofense, 91% of cyber attacks start off with a spear phishing email, used predominantly to target larger enterprises.
23. The average number of successful security breaches in 2018 was 145, up from 130 in 2017.
Security breaches refer to successful infiltration of a company’s core networks or enterprise system, and does not include attacks repelled by their cybersecurity (total attacks number in tens of thousands). Statistics about cyber crime provided by Accenture tells us that the number of security breaches is on the rise. The average number of successful breaches in 2017 was 130 and it climbed to 145 in 2018.
24. 57.24% of all computers in China are infected by malware.
Panda Security conducted a research to determine the levels of malware infections by country. The cyber crime statistics by country they’ve gathered are very telling. China is the usual suspect when it comes to cybercrime, but looking at the data from this research it seems they’re also one of the biggest victims. This research shows that China is the most infected country in the world, with 57.24% of all computers in China being infected with malware. In Europe, Turkey wears this unwanted crown with 42.52% of all PCs in Turkey having malware on them.
Cybercrime cost statistics
25. During 2015, businesses experienced an average of 16.856 attacks.
While cyber criminals still target individuals, the most lucrative victims are businesses. According to these statistics for cyber crime, the intensity of cyber attacks which target businesses is huge. Statistics provided by IBM for 2015 show that each business had to fend off 16.856 attacks throughout the year. That’s 46 attacks per day or 2 attacks per hour.
26. Cyber risk is the biggest concern for organizations.
The Global Cyber Risk Perception survey conducted by Marsh and Microsoft paint a pretty good picture of how big a threat cybercrime is for businesses. When asked to rank the top 5 biggest concerns for their organization, 79% of survey respondents selected cyber attacks as part of the top 5. Out of those 79%, 22% respondents placed cyber attacks as the number one risk, while the other 57% placed it in the top 5, but not as the biggest concern. After cyber security, the two biggest concerns for businesses were Economic Uncertainty (59%) and Brand/Reputation Damage (57%).
27. The average cost of cybercrime has increased by 72% in the 2013-2018 period.
Cyber crime statistics for 2019 clearly tell us that the increase in intensity and costs of cyber attacks go hand in hand. The 2019 Cost of Cybercrime study by Accenture examines the damage caused by cybercrime to various sectors over the years. The average cost of cybercrime per company in 2017 was $11.7 million. One year later, that figure jumped to $13 million. The average cost has increased by 72% in the 2013-2018 period and shows no signs of slowing down. Out of all industries, Banking and Utilities seem to have the largest costs, with 11% and 16% cost increases between 2017 and 2018.
28. During 2018, 2.8 billion consumer data records were exposed in the US, leading to an estimated $654 billion in damages.
As we previously pointed out, consumer data is one of the main targets for cyber criminals. Unfortunately, our data seems to lack proper protection and it will become even harder to safekeep as cyber attacks intensify in the future. Statistics of cyber crime in America provided by Forgerock tell us that in 2018 alone, 2.8 billion consumer data records were exposed in the US. The estimated cost of these attacks was $654 billion.
29. By the end of 2019, businesses will fall victim to a ransomware attack every 14 seconds. In 2021, this will occur every 11 seconds.
Cyber Security Ventures report on damage caused by ransomware brings dark tidings for the future. According to their international cyber crime statistics , businesses will suffer a ransomware attack every 14 seconds by the end of this year. In two years time, these attacks will happen every 11 seconds. This statistic is regarding businesses only, as individuals suffer attacks even more frequently.
30. American companies lose the most funds from cyber attacks annually – $27.37 million on average.
Having the strongest economy in the world, US also presents the juiciest target for cyber attacks. According to US cyber crime statistics provided by Accenture in their Cost of Cybercrime study, US companies face the highest cybercrime costs. In 2018, the average amount of funds that US companies lost as a result of cyber attacks was $27.37 million. This is a 30% increase in costs compared to 2017, when the average amount of money lost was $21.22 million. Trailing behind in second place behind the US is Japan, with an average annual cost of $13.57 million in 2018.
31. The FBI estimated that the total amount of annual ransom payments was approaching $1 billion in 2017
(US Department of Justice)
According to the US Department of Justice, a cybercrime spectre is haunting America. As you could’ve seen from our previous statistics, US businesses are targeted the most by the majority of cyber attacks and ransomware attacks are no different. During 2017, the FBI cyber crime statistics have shown that the total amount of annual ransom payments was approaching $1 billion. Furthermore, ransomware infected around 100.000 computers a day globally, showcasing just how prevalent this method of attack is.
32. The global costs of ransomware damage are predicted to cost $11.5 billion in 2019 and $20 billion in 2021.
Ransomware costs do not amount to the ransom you might end up paying to cybercriminals. Most cybersecurity advisors actually tell their clients not to pay the ransoms asthere are a lot of cases when even if you pay, you still end up losing your files. Apart from ransoms, the loss of files and downtime all add up the damage done by ransomware. Statistics and market data on cyber crime show that he global costs of ransomware alone is estimated to $11.5 billion in 2019. This figure is expected to almost double by 2021, reaching $20 billion.
33. Australia had the lowest average cost of cybercrime – $5.41 million.
While companies in the US have the highest average costs in dealing with cybercrime, Australia has the lowest. Accenture reports that the average cost for Australian companies is $5.41 million.
34. $1.077 is the average amount of cash ransomware attackers demand in the US.
With cyber crime statistics in the United states showing that the US is the most targeted country by ransomware attacks and having in mind that Americans are the most willing to pay ransom it’s no wonder that the requested ransom amounts are on the rise. Symantec statistics of cyber crime in the USA points to a 266% increase in ransom amounts between 2015 and 2016, reaching an average of $1.077.
35. Americans are most likely to pay ransom.
We might not negotiate with terrorists but it seems we’re willing to parlay with cyber criminals. Drawing from the cyber crime statistics for the US provided by Symantec, Americans seem to be the population that’s most likely to pay ransomware demands. According to this data, 64% of Americans are willing to pay ransom, compared to the global average of 34%.
36. In the second quarter of 2019, ransom payments increased by 184%.
When we look at the actual ransom payments made during 2019 we can see a massive spike in the amount of money being paid. Cybercrime statistics show that in Q1 of 2019 the average ransom payment was $12.762. This figure increased by 184% in Q2, reaching $36.295 in average payments. The reason for this massive jump is the prevalence of two new ransomware variants – Ryuk and Sodinokibi. This ransomware is very effective and is predominantly used to target larger enterprises, leading to an increase in ransom demands.
37. Ransomware victims have paid $25 million in the 2015-2017 period.
A Google study from 2017 looked at how much money ransomware victims have paid to cyber criminals. They found out that in a two year period, from 2015 to 2017, the victims have paid out a total of $25 million.
38. Cyber criminals used Bitcoin to launder $2.5 billion.
(The Next Web)
The research group CipherTrace examined 45 million cryptocurrency transactions in order to determine the scope in which Bitcoin is used in criminal purposes. The data they’ve analyzed covers a nine-year span (2009-2018). They’ve found out that, during this time, cyber criminals have laundered $2.5 billion through Bitcoin. Furthermore, 97% of those funds ended up in countries with lenient anti-laundering laws.
39. In the first half of 2019, cyber criminals stole more than $4.26 billion from cryptocurrency exchanges, users and investors.
CipherTrace research group reports that scammers and thieves have stolen over $4.26 billion from various cryptocurrency exchanges, investors and users in the first half of 2019. Cyber crime insider threat statistics show that Insider thefts were responsible for the bulk of these stolen funds, as they inflicted massive losses on both investors and exchange users.
40. Cyber criminals launder up to $200 billion annually.
If the information about how much money cyber criminals laundered through cryptocurrencies caught you by surprise, this statistic will blow you away. According to research conducted by Bromium, cyber criminals launder up to $200 billion per year.
Cybercrime mobile statistics
41. In 2018, 5.321.142 malicious mobile installation packages were detected.
Internet crime statistics tell us that a new front is opening up in the cyber war and that front is mobile devices. As we switch an increasing amount of services to mobile, including banking, it became a profitable target for cyber crime. When we look at the data gathered by Secure List it becomes evident that mobile cyber security will have to be improved. In 2018, 5.321.142 malicious mobile installation packages were detected. This is a 409.774 drop from previous year but the general number of attacks on mobile have doubled. In 2017, there were 66.4 million attacks that were recorded – in 2018, this number was 116.5 million.
42. The number of mobile ransomware distributed without droppers or downloaders has dropped by a factor of nine in 2018
In 2018, the number of detected mobile ransomware Trojans that was distributed without droppers/downloaders was 60.176 – nine times lower than in 2017. The reason for this is that with the improvement of mobile cyber security programs, it became harder to distribute ransomware. Droppers and downloaders serve this purpose, as they implant ransomware to a user’s mobile device without his knowledge.
43. In 2018, 24.000 mobile malware was blocked daily. During 2017, there were 54% new mobile variants compared to the previous year.
Symantec report on cyber threats indicates further how big mobile cyber crime is becoming. According to their cyber crime rates, 24.000 mobile malware is blocked on a daily basis. Furthermore, 2017 saw 54% more mobile malware variants than 2016.
44. More than 60% of fraud now goes through mobile devices.
With cyber crime on the rise, statistics show that not only are mobile platforms under intense cyber assaults, they’re becoming the main vehicle for frauds in general as well. RSA’s Current State of Cybercrime report from 2018 states that over 60% of fraud goes through mobile devices. The main source of mobile fraud used to be browsers, but now mobile apps are the source of 80% of mobile fraud.
45. Almost 12,000 new Android malware instances every day
A massive amount of new malware pops up every day. According to cyber security facts and figures, by the end of Q3 of 2018, 3.2 million malicious apps appeared. This means that during 2018, 11.700 new malware samples appeared daily. This is a 40% increase from 2017.
Cybercrime Risk Awareness Statistics
46. Attackers collect 70% of credentials in the first hour of a phishing attack.
IBM conducted a study concerning the effectiveness and methodology of phishing attacks. What they have found out is that attackers obtain 70% of all targeted credentials in the first hour of the attack. As we can draw from statistics of cyber related crime, the deciding factor when talking about phishing attacks is human error, as these attacks rely on tricking users to leave their information on fraudulent websites or forms. Therefore, the key to improving your defences against phishing is in raising awareness and cyber-education.
47. In a simulated phishing campaign, only 9% of the participants “took the bait”
Wombat Security conducted a simulated phishing campaign in 2017/2018 by sending fake phishing emails through their Security Education platform. They wanted to test how cautious users were when faced with these simulated attacks (that the users were not aware of, of course). During this simulation, only 9% of users fell victim to phishing emails. This indicates that risk awareness is not as bad as we thought.
48. The most commonly used password in 2017 was 123456.
As we well know, the best possible cybersecurity means squat if the human users themselves don’t take the necessary steps of precaution. Well, as you will see from this stat, a huge number of people are not only unwary – they practically shoot themselves in the foot. Data on most commonly used passwords provided by Keeper Security indicates that the most frequent password was “123456”. That sure aint no Enigma code.
49. 300 billion passwords will be in use by 2020.
Thycotic reports that, by 2020, there will be 300 billion passwords that the world will need to protect. This is worrying when we look at previous cyber security statistics saying that the most common password in use is “123456”. We certainly need massive improvements in cyber education on all levels.
50. People aged 55+ are more likely to know what phishing is than those aged 18-29.
Ah, old people, they know nothing about cyber security, they only care about posting cat photos and motivational messages on Facebook, right? Wrong. Statistics on cyber crime victims provided by GetSafe tell us that people older than 55 are more likely to know what “phishing” is when compared to those aged 18-29. Additionally, older people are less likely to fall victim to phishing. While one in 20 people aged 55+ fall for phishing, over one in 10 of those aged 18-29 will too.
51. People click on 30% of these fake emails.
While we saw that employees in various organizations had only a 9% failure rate when faced with simulated phishing attacks, the stats for gen pop are much worse. Verizon Data Breach Investigation report states that people click on 30% of fake emails.
Which country has the highest cyber crime rate?
If you’re wondering which country is targeted the most by cyber attacks, the answer is surely the United States, while China has the largest number of infected computers. On the other hand, if you’re wondering which country has the most cyber criminals, the answer cybercrime statistics provide remains the same – US and China.
How many people are affected by cyber crimes?
There are no exact statistics on how many people are affected by cyber crimes. New trends in cyber attacks show that businesses are becoming the primary target instead of individuals. By 2021, businesses are expected to fall victim to ransomware every 11 seconds.
How much has cybercrime increased?
Cyber theft statistics clearly show that cyber crime is becoming a gigantic criminal endeavour, becoming the second most reported economic crime in 2016.
How big is cyber crime?
Cyber crime is expected to cost the world $6 trillion annually by 2021. This will be more than whole illicit drug trade combined.
Which country has most hackers?
Most hacking statistics estimates state that China is the country with most hackers, accounting for around 41% of all cyber attacks. This is partially due to China being the most populous country in the world.
Which country has the best cyber security?
The United States has the most comprehensive and well funded cyber security programs, with a $15 billion budget for 2019. This is a result of the US being the most targeted country by cybercrime so it does not necessarily mean their cybersecurity is the best. On the other hand, cybercrime statistics show that the countries with the lowest infection rate are Nordic countries, and Australia boasts the lowest cybercrime costs.