24 Startling Cybersecurity Statistics

Cybersecurity statistics indicate that cybercrime is on the rise, becoming more sophisticated in tandem with the developments of the digital world. 

The best way to protect online information is to stay updated about the latest scams, tricks, and data breaches and know the common ways cybercriminals use to assault their victims. Here are 24 statistics to give you the full picture of cybersecurity and ways to protect yourself online. 

Cybersecurity Statistics: Editor’s Pick

  • Bearly 1,300 data breaches took place in the United States in 2021.
  • There’s a hacking attack every 39 seconds.
  • Healthcare data breaches affected around 45 million individuals in 2021.
  • One in every 323 emails small businesses receive is malicious.
  • Demand for cloud security will be 115% higher in the next five years.
  • Global cybersecurity spending will reach $174.7 billion in 2024.
  • Cyber attacks on educational institutions increased by 75% compared to 2020.
  • 44 US states have passed or considered over 250 bills on cybersecurity.

Cybercrime Statistics: Prevalence and Impact

1. In 2021, nearly 1,300 data breaches took place in the United States. 


The number of data breaches in the United States has risen dramatically in the last ten years. In 2011, there were only 419 data breach incidents in the United States. They have since steadily increased, with over 1,600 cases in 2017.

Looking at cybersecurity breach statistics, the number of these cases has gone down since 2017, but the number of compromised records has remained relatively unchanged. In 2020, around 155 million private records in the US leaked.

2. Cybercriminals successfully breached government and military organizations 83 times in 2019.


We tend to view the government and military as the most secure institutions out there. Military cybersecurity statistics report, however, that this sector has issues with maintaining the integrity of its systems. In 2018, over 100 cyber attacks were successful on governmental and military institutions. 

3. A hacking attack happens every 39 seconds.


Cyberattacks are becoming increasingly commonplace, but awareness of the importance of cybersecurity is failing to keep up. The extent of the threat has reached the point where not a minute goes by without a hacking attempt. Hacking statistics indicate that one in every three US citizens has been affected by a cyber attack.

4. Healthcare data breaches affected around 45 million individuals in 2021.

(Fierce Healthcare)

The coronavirus pandemic made healthcare resources tight, and experts had to create many online alternatives on short notice. With few resources to dedicate towards cybersecurity, cybercriminals took advantage. 

Healthcare cybersecurity statistics state that in 2021, data breaches affected around 45 million individuals, compared to the 34 million from 2020.

5. 43% of small and medium business owners don’t have cybersecurity defense plans.


Nine times out of then, when we hear about a cyberattack, the victim is a major corporation. Big cases make the news and get the clicks, after all, which leads to a common misconception that small businesses are not at risk of cybercriminals’ victimization. 

As small business cybersecurity statistics point out, not enough small and medium businesses are prepared for a data breach. Despite the dire cost and consequences of a data breach, one-third of companies with 50 employees or less use free, consumer-grade cybersecurity, or none at all.

While free software gives basic protection, it doesn’t always stay updated or provide full coverage, leaving servers unprotected and customer and financial data exposed. 

How many accounts are hacked daily?

Finding out precisely how many accounts cybercriminals manage to hack daily is difficult. According to available statistics, however, an average of 30,000 websites are hacked every single day.

Further research indicates that 20% of all accounts fall victim to some sort of cyberattack at some point, and around a sixth of all account holders report hackers tampering with their accounts.

Types of Cyberattacks

6. Phishing attacks in Q3 0f 2021 nearly doubled since early 2020.


Phishing is a common yet effective way for cybercriminals to get access to the personal, workplace, or financial information. It’s a scam wherein the perpetrator tricks the victim into giving their personal information, usually by impersonating a trusted source like a bank or a family member. 

According to the latest statistics, the majority of phishing attacks (29.1%) attack SaaS/webmail services, while telecom-related niches report the fewest attacks (3.5%). 

7. DDoS attacks increased by 24% in Q3 of 2021, compared to the same period of 2020.


A DDoS (Distributed Denial of Service) attack involves crippling a website by creating enormous amounts of traffic. Unlike DoS attacks, DDoS makes use of a large number of infected computers to facilitate this traffic.

These attacks were already common before 2020, but since the coronavirus pandemic quickly shifted most workplaces to the online environment, the number of cyberattacks per year has risen exponentially. The number of DDoS attacks in 2020 was unprecedented, crossing the 10-million benchmark for the first time, but it got even worse in 2021. 

8. One out of 323 emails that small businesses receive is malicious.


Small businesses are extremely attractive to hackers. Their lack of good security measures and connection to larger corporations make them ideal targets for cyber attackers, becoming footholds into more lucrative databases. 

Small business cybersecurity statistics confirm how often small businesses are targeted. The average office worker receives 121 emails a day, meaning that there is a cyberattack attempt almost every three days.

9. In 2020, Kaspersky recognized 173,335,902 unique URLs as malicious.


Kaspersky is a world-famous cybersecurity and anti-virus provider. It provides annual statistics on its users and how they fare against cyber threats.

The Kaspersky cybersecurity statistics bulletin reported that 10.18% of all computers connected to the internet were under attack by some sort of malware in 2020 and that Kaspersky alone blocked 666,809,967 attacks across the world. 

10. The WannaCry ransomware infected an excess of 230,000 machines.


Ransomware is a particularly aggressive type of cybercrime that locks users out of their computers, and cybercriminals hold their data for ransom. 

Cybersecurity threats statistics show that this type of virus caused damages upwards of $4 billion.

Back in 2017, the infamous WannaCry virus spread throughout Europe, leaving behind it a trail of locked-down computers. This nasty piece of ransomware was responsible for some of the most harmful cyberattacks ever recorded. Some of the affected organizations include FedEx Corp. in the US, Spain’s Telefonica, Russia’s Interior Ministry, and Renault.

What percentage of cyberattacks are phishing attacks?

Phishing attacks are widespread compared to other cyberattack methods. An astounding 90% of cyberattacks implement phishing. Moreover, around 70% of multifaceted attacks use phishing in combination with other methods.

Spear phishing is a little less common, mostly due to the fact that it takes more effort. All the same, around 65% of all businesses in the US have been targets of spear phishing.

Global Cybersecurity Stats for 2021 

The digital age is changing the way we work, learn, shop, and do business on an international scale. As more business transactions happen online and fintech innovations gain popularity, cybersecurity is rapidly becoming a growing industry trying to keep up with the ever-changing landscape of the global digital world. 

11. North America holds 34.6% of the global cybersecurity share.


North American countries are among those with the highest amount of internet users. With many choosing to opt for online banking and ecommerce, safeguarding private financial and personal information is more important than ever. 

North America currently holds the largest cybersecurity industry market share in the world. A few factors impact the rapid growth of this industry, such as a higher rate of data theft, new data privacy legislation, and growing expectations for cybersecurity methods from the general public. 

12. The global market for cybersecurity will likely grow from $160 billion to over $400 billion between 2019 and 2026.

(Global Market Insights)

Worldwide cybersecurity statistics show us that the cybersecurity market will drastically expand at a CAGR of over 15% in the timeframe between 2020 and 2026.

A number of factors will fuel this growth, such as:

  • An increasing number of cyber-attack incidents
  • The growing need to reduce security risks among organizations
  • Rising number of IoT devices in need of network security solutions
  • Smartphone penetration
  • Increasing demand for enterprise mobility

13. The employment of information security analysts will likely grow by 31% between 2019 and 2029.

(Bureau of Labor Statistics)

The job market for cybersecurity professionals is growing exponentially. According to the Bureau of Labor Statistics, the amount of information security specialists will rise by over a third from 2019 to 2029.

This growth rate is far above the average of other professions. Due to the increase of cybercrime in both frequency and cost, almost every business on the planet demands professionals from this industry. 

14. The demand for cloud security will increase by 115% in the next five years.

(Study International)

The cybersecurity profession is rapidly growing, and new specializations are becoming more prominent as the digital stratosphere evolves. Cybersecurity job statistics indicate that the two major specializations growing in demand are cloud security and application development. 

Notably, it is predicted that the demand for application development specialists will grow by 164% over the next five years, almost 50% higher than the demand for cloud security professionals. Because of the high need, both professions come with salary premiums of around $15,000. 

Cybersecurity Statistics: The Cost of a Breach

The cost of a data breach for businesses and individuals can be devastating. With the introduction of ransomware cyberattacks, it’s more clear than ever just how valuable personal data is, and what affected individuals are willing to pay to get it back.

15. 58% of businesses worry about cloud security.


While cloud storage is the leading innovation in storing, sharing, and backing up data, it comes with many security concerns. Cybersecurity statistics indicate that businesses are still struggling to keep their cloud solutions safe. Management also proves to be a troublesome task, with 47% of companies reporting difficulty finding skilled workers to handle their cloud tech.

16. Hackers can crack 70% of all passwords in the world in under a second.

(Mission Critical)

Passwords are a vital line of defense against cybercrime. They’re easy to understand, use, and implement, which is why they’re the norm for data security around the world.

Despite that, most passwords used at the moment are easy enough to crack in the blink of an eye. Looking at cybersecurity statistics from 2021, we see that people are still attracted to simple, easy-to-guess passwords, making the job for hackers a walk in the park.

17. The average cost of a data breach is almost $3.9 million.


Data breaches can cause severe damage to a company. Even huge corporations can be brought to their knees if the breach is severe enough, due to a damaged reputation. 

Cybersecurity industry stats show that the US healthcare industry is the most vulnerable of all sectors. The typical data breach will cost the average healthcare company around $7.13 million, with every piece of personal information costing around $150. 

18. Worldwide spending on cybersecurity will reach $174.7 billion in 2024.


As the cyber menace mounts, cybersecurity has to up its game in response.

It makes sense, then, that cybersecurity awareness statistics predict a sharp increase in the rise of awareness-spreading tools and training programs. After all, training has proven effective: the odds of a successful phishing attack plummeted from 15-20% to just 1% after only one year of training.

19. A ransomware attack in May 2019 cost the City of Baltimore over $18 million.


In 2019, a virus called RobbinHood struck hospitals, ATMs, airports, and vaccine production facilities. As one of the most costly recent cyberattacks, it demanded a ransom of 13 bitcoins for every machine it infected.

According to the available data, the virus-infected around 10,000 machines. The cost encompassed not only the price of the ransom but also an additional $8 million the city lost in revenue during the period when they could not process payments or transactions.

Targets of Cybercrime Statistics

20. Cybercriminals are 300 times more likely to target financial services companies than companies from other niches.

(Federal Reserve Bank of New York)

Financial institutions are attractive to cybercriminals for obvious reasons. The industry is aware of this, which is why it implements a lot of cyberattack detection and prevention measures.

However, all of these bulwarks do little to deter cybercrime’s persistence. As we can see from the financial industry cybersecurity statistics, despite all the extra measures and precautions, hackers still overwhelmingly prefer financial institutions.

21. In 2021, the average number of weekly attacks on educational institutions was 75% higher compared to 2020.

(CSO Online)

It’s important to realize that cybercriminals will seek any opportunity to steal valuable data. As such, they can and will strike a vast array of institutions or industries, even those you wouldn’t expect. Higher education is certainly no exception, as university cybersecurity statistics reveal. 

Universities’ research may prove valuable to certain individuals or organizations that resort to nefarious methods of attaining it. Notably, attacks on the education system have been on the rise over the last couple of years.

22. In May 2021, 13,124,962 records leaked from Amazon.


Amazon experienced a data breach in May 2021, resulting in 7GB of data being exposed. The leak involved approximately 75,000 Amazon accounts.

These Amazon cybersecurity statistics are interesting enough, but this data breach revealed something way more intriguing. The leak exposed a massive operation managed by Amazon where the company paid reviewers to give 5-star ratings to certain products.

23. 50% of energy and utility companies experienced more cyberattacks in 2020 than in previous years.


The energy and utility sector is a vital part of the functioning of society, and cybersecurity statistics reveal that the cyber menace is alive and well in this industry, with a dramatic increase in cyberattacks since 2020. 

Of the various kinds, the number of malware attacks grew more than average, with a 67% increase in that year alone. Meanwhile, the average increase across industries was 62%.

24. 44 states in the US have considered or passed over 250 bills on cybersecurity.

(National Conference of State Legislators)

As cases become more high-profile and citizens do more of their financial activities online, the need for legislation on cybercrime is becoming prevalent. As cybersecurity legislation statistics show, almost all states (as well as Washington DC and Puerto Rico) have either considered or passed legislation to counter cybercrime.

These legislations propose a comprehensive set of actions meant to increase the application of cybersecurity measures in government institutions, businesses, and individuals. Most instigate the development of advisory committees to discuss and respond to pertinent issues, build awareness and training programs, increase legal penalties for cybercrime, and develop and regulate cybersecurity insurance. 

What is the most dangerous cyberattack?

It’s difficult to say which cyber attack is the most dangerous of all. The reason is that all of them can be dangerous if applied the right way. Whenever we hear about a devastating data breach, a select few cyberattack types tend to be involved. These are DDoS attacks, malware, and phishing. 

It’s often the case that combining these cyberattack methods is the most dangerous. For instance, a phishing email can give hackers the info needed to insert malware into a system. As they attack the system, a DDoS could be used as a distraction.

Cybersecurity Stats 2022: Conclusion

Cybersecurity is a serious concern that affects the lives of millions every day. As our daily interactions and business transactions get moved almost entirely online, cybersecurity is more important than ever. The threat it poses to personal, corporate, and governmental security is still highly underrated, and the cost is even more so. 

This sentiment will hopefully change for the better as awareness becomes a central concern of governments and cybersecurity professionals. Awareness may be the most crucial step in pushing back against the cyberthreat, as cybercriminals count on the naivety and ignorance of people and businesses entering into the digital world. 

People Also Ask

The term “cyber attack” describes a broad range of attack types. However, the most well-known ones are: 

  • Denial-of-service (DoS) 
  • Distributed denial-of-service (DDoS)
  • Phishing
  • Ransomware
  • Spear-phishing 
  • Malware 
  • SQL injection 
  • Man-in-the-middle (MitM) 
  • Password attacks 
  • Drive-by attacks 
  • Cross-site scripting (XSS) 
  • Birthday attacks 
  • Eavesdropping attacks.

Cybercriminals will use any of the methods depending on their goal or weak points in the target system.

The likelihood of a cyber attack happening to a business is alarmingly high. Any type of business could face a hacking attempt. It may sound dramatic, but cyber attacks have become a serious problem.

Small businesses are a particularly popular target for cybercriminals. This is the case because many small organizations lack the cybersecurity measures good enough to prevent the attacks. However, with the proper safety precautions, your business can brush off almost any incursion.

The exact number of attacks is difficult to calculate. This is due to the fact that a vast majority of them go unreported or simply fail, which rarely gets recorded in the relevant data.

That said, we have some estimates as to how often cyberattacks take place. Some data suggested that, on average, a cyber attack happens every 39 seconds. That translates into 2,200 attacks every day.

As the data on the matter indicates, cyberattacks on US citizens and corporations happen all the time. Namely, a cyber attack takes place every 39 seconds on average. This means that over 2,000 cases happen every single day.

This is a rampant issue, one that’s been on a constant rise for years. The problem has gotten so severe that cybercrime affects every third American in one way or another.

The biggest cyberattack depends on the metric you use to measure its effects. However, many would say that the biggest incidents refer to major attacks that cause large monetary damage and harm to people or organizations. 

By that metric, the Yahoo attack of 2013 is likely the biggest ever. This tremendous data leak affected as many as 3 billion users.

Cyberattacks often take a very long time to detect. The time may vary, but some data suggests detecting a cyberattack takes around 197 days on average.

Furthermore, containing the threat usually takes somewhere around 69 days.

This large amount of time to discover and stop an attack is a significant part of the reason why cyberattacks cost companies so much money.

Cybersecurity statistics warn that the average data breach costs businesses around $8 million.