Hackers pose a significant risk to the internet. Sadly, it doesn’t look like they’re stopping anytime soon. Over the next five years, global cybercrime spending is predicted to grow by 23% annually.
Every day, news about cyberattacks makes the headlines. Cybersecurity has become a worldwide priority with increased data breaches, ransomware, and malware attacks. You don’t need to be a cybersecurity expert to understand data theft. However, knowing who’s at risk, how pervasive cyberattacks are, and when you may fall prey is vital.
Note that hackers exploit vulnerabilities in a network. For example, while you may see a redirect link as a way to shop online, a hacker sees it as a gateway to steal your information. Hence, you mustn’t leave any data unprotected.
To help protect your privacy, we performed extensive research and compiled a list of 41 hacking statistics for 2023.
Top hacking statistics – The quick list
We’ll delve into more comprehensive facts about cyberattacks below, but before that, here are the top 10 hacking statistics to know.
- Cyberattacks occur once every 39 seconds.
- Only about five percent of a company’s sensitive information is adequately protected.
- Russian hackers are the fastest in the world.
- Ransomware attacks increase yearly by 93 percent.
- 43 percent of hackers target small businesses.
- Hackers create 300,000 new malware daily.
- 75 percent of cyberattacks begin with an email.
- The US has a cybersecurity budget of $14.98 billion.
- The two significant obstacles hackers face are encryption and multi-factor authentication.
- In 2022, the average total cost of data breaches was about 150 million. Breaches in the healthcare industry were the most expensive.
General cybersecurity statistics
So far, you use data; cybersecurity is a concern for you. To understand the adverse effects cyberattacks can have on individuals and organizations, you must know how much data we’re talking about.
By 2025, human data will reach 175 zettabytes. (That is the number “175” alongside 21 zeros.) Remember that this data includes information from social media apps, dating apps, healthcare databases, IT libraries, videos, and more.
- The global artificial intelligence (AI) cybersecurity market was valued at $17.4 billion in 2022 and may grow to $102.78 billion by 2023. (Source: Precedence Research)
- In 2023, entry-level professionals will have about 3.5 million cybersecurity roles. (Source: Cybersecurity Ventures)
- 65 percent of Managed Service Providers claim that their customers struggle with compliance (Source: Kaseya)
- About 70 percent of companies experience a labor shortage in their security department. (Source: ISSA)
- In an employee survey, 44 percent of respondents reported that their organizations don’t provide remote training despite work-from-home cyber threats. (Source: Hornet Security)
- Microsoft and Google pledged to invest $30 billion in five years to enhance cybersecurity systems. (Source: CNBC)
- 65 percent of directors believe their company is susceptible to cyber-attacks. (Source: Proofpoint)
- Cybersecurity expenses may surpass $188 billion in 2023. (Source: Seeking Alpha)
- In a survey, 80 percent of companies have adopted or are either in the process of adopting Zero Trust. This requires users on an organization’s network to be authorized and authenticated for security configuration. (Source: Statista)
- ISC2 survey reports that 55 percent of cybersecurity professionals switched from the IT department to security. (Source: ISC2)
- 93 percent of development teams and 94 percent of security teams report that talent shortage can affect cybersecurity. (Source: Cobalt Labs)
- The Internet of Things (IoT) industry grew 18 percent to 14.4 billion global connections. (Source: IoT for all)
- In an ISC2 survey, 77 percent of security professionals mentioned that they were “satisfied” or “extremely satisfied” with their role. (Source: ISC2)
Cost of data breaches based on cyberattack statistics
The cost of data breaches continues to rise yearly. Once a cyberattack happens, it can affect an organization for an extended period.
Cyberattack expenses include criminal investigations, lawsuits, and insurance rates. All these costs can undoubtedly put a company out of business.
- In the US, a single cyberattack, whether a DDoS attack, ransomware, malware, or data breach, costs a company an average of $18,000. Besides, 47 percent of US organizations continuously suffer attacks daily. (Source: Hiscox Cyber Readiness Report 2022)
- After a cyber attack, government corporations lose about 8.6 percent of their net value. (Source: Harvard Business Review)
- By 2027, global spending on cybersecurity may reach $10 billion. As internet users increase, so will cyber threats. (Source: Cybersecurity Ventures)
- Global cyberattack costs will likely grow 23 percent over the next five years, reaching $23.84 trillion annually at the end of 2027. (Source: Statista)
- The end game of about 86 percent of cyberattacks is financial gain. Another motivation for this act is state espionage. (Source: Verizon)
- The US has a budget of $10.83 billion for cybersecurity spending in 2023. (Source: Statista)
- The average ransom small businesses pay to hackers is $170,404. (Source: Sophos)
- Victims of compromised business and personal email accounts experienced a loss of $1.86 billion in 2021. (Source: FBI)
- By 2024, the e-commerce industry will lose nearly $24 billion annually due to online payment fraud (Source: Legal Jobs)
- In a recent survey, 45 percent of employees mentioned that their companies have experienced between one to five successful cyberattacks in the past year. (Source: Statista)
- Experts estimate that organizations will likely suffer losses of approximately $10.5 trillion by 2025, reaching $19,977,168 per minute due to hackers. (Source: Cybersecurity Ventures)
- Cybercrime victims over the age of 60 suffered losses of $966 million, while those under 20 lost nearly $71 million (Source: FBI)
- Reports suggest that phishing attacks cause a loss of $17,700 every minute. (Source: RiskIQ)
Top 41 hacking statistics, trends, and data you must know
Every day, hackers devise new and sophisticated ways to steal data. Of course, this is just plain greed, but there’s so much you can do not to become a victim. An extensive list of hacking statistics will help you know how much data you leave unprotected for hackers.
Here are 41 eye-opening hacking statistics to help you develop a better security plan and protect your data.
General hacking facts
Below are shocking and stunning hacking statistics that’ll drive home how big of an issue cyberattacks are:
1. White hackers make over $19 million from bounties
About 37 percent of automotive API attacks are carried out by white hat hackers. What’s outrageous is that nearly 80 percent of them learned hacking through YouTube videos, online materials, and blogs. Only 6 percent took formal classes. (Source: HackerOne)
2. 73 percent of black hat actors mentioned that the common antivirus security and firewall are obsolete
In a recent survey from Thycotic, 73 percent of hackers mentioned that security breaches weren’t due to weak firewalls or antivirus but human error. In fact, 85 percent of data breaches involve the human element. (Source: Black Hat Ethical Hacking)
3. Hackers steal data every second
Statistics show that hackers steal an average of 44 records per second. These records include valuable personal data of internet users, especially those with disabled two-factor authentication and weak passwords. (Source: Breach Level Index)
4. Cyberattack occurs once every 39 seconds
Nearly 2,300 hacker attacks happen daily, which boils down to one cyberattack every 39 seconds. (Source: The University of Maryland)
5. 66 percent of organizations that were victims of cyberattacks found it costly to recover
Most businesses aren’t doing enough to secure their sensitive information. Many aren’t prepared for a cyberattack, as they don’t have a response plan. (Source: IBM)
6. The US allocated $10.89 billion to cybersecurity spending in 2023
Annually, the US increases its cybersecurity budget to tackle hackers. The country will allocate nearly 42.6 billion to the Department of Homeland Security in 2023. Besides, their most affected sectors include retail, insurance, and finance. (Source: Statista)
7. Cybercrime is more profitable than drug trafficking
8. There are over 755,000 unfilled cybersecurity roles in the US
As of July 2023, the US alone has a total cybersecurity workforce of over 1.1 million people. Besides, there are over 660,000 vacant positions. (Source: Cyberseek)
9. The internet gets approximately 1 million new users daily
In 2022, the internet had roughly six billion users. This figure may increase by five billion in 2030. This is because 90 percent of the human population will have access to mobile devices. (Source: Statista)
10. Cybercriminals make a revenue of 1.1 million annually
The internet is ripe with information cybercriminals can use to make money. They vary from identity theft to selling personal and private information on the black market.
Trend Micro mentioned that the cybercrime group Conti has about $150 to $180 million in revenue. (Source: Trend Micro)
Data breach statistics
A data breach occurs when a hacker accesses sensitive information without authorization through social engineering or phishing.
So, what are the impacts of a data breach? How do they happen? What’s the significant cause of data breaches?
The following data breach statistics will answer your questions and give an insight into how to mitigate them:
11. Equifax lost nearly 147 million payment card numbers and expiration dates during its 2017 data breach
Equifax, a high-ranking credit reporting agency, failed to secure its customers’ personal information in 2017. This was one of the most infamous global data breaches.
As part of a proposed settlement, the company was required to pay over $700 million to compensate affected customers and cover damages. (Source: Reuters)
12. Financial losses in the healthcare industry rose by nearly $1 million to reach $10 million
As a result of the data breach, the healthcare industry comprising clinics and hospitals experienced a rise of $1 million in losses, making up to $10 million. Keep in mind that healthcare is an essential infrastructure in any government. (Source: IBM)
13. Marriott International lost 500 million users’ data
In 2018, hackers infiltrated Marriott International’s security and stole the card number and expiration dates of over 100 million customers. Meanwhile, 400 million users lost parts of their private information, such as passwords, passport numbers, and names. (Source: The Guardian)
14. Nearly 15 million data records were stolen in 2022
According to the Breach Level Index, a global database that tracks data breaches, over 15 million data records were stolen worldwide during the third quarter of 2022. Hackers got a large part of the stolen data from social media. (Source: Statista)
15. On average, it takes 277 days to identify a data breach
It takes 277 days for a security department to identify a data breach. By the time they identified the theft, the hacker would have sold the data.
Not to mention, data breaches involving stolen credentials or personal information don’t only take longer to detect but cost $150 million more than an average data breach. (Source: IBM)
16. In the US, over 1,802 cases of data records were loss
Hackers leaked over 1,802 user records in 2022. Oklahoma government and MongoDB had significant data breaches due to this incident.
The Oklahoma government lost more than seven years of FBI records, while MongoDB lost 854 GB of CVs containing sensitive information about 422 million individuals. (Source: Statista)
17. Cosmos Bank in India lost $13.4 million to hackers
Hackers attacked Cosmos bank servers in 2018 and stole the details of nearly 12,000 Visa cards. It gets worse. The cybercriminals further siphoned several million by making 15,000 transactions. (Source: Reuters)
18. The average cost of a data breach is $4.38 million
On average, a data breach costs $4.35 million in 2022. This included lost businesses, post-breach responses, notification, detection, and escalation.
IBM got this figure by calculating the average cost over 550 organizations have spent to recover from data breaches across 17 states, including Canada, the US, Australia, and Japan. (Source: IBM)
19. Nearly 40 percent of data breaches involved internal actors
Now, this isn’t surprising. Many employees and board members have weak passwords. Plus, a large number of organizations have no recovery plan in place.
Statistics show that 43 percent of data breaches involve internal actors like employees, third-party suppliers, and contractors. It’s estimated that half of the data breaches are intentional, while the other is accidental.
During cyberattacks, internal actors prefer to steal employee data, such as their health data or personal identification number (PIN), rather than customers’ information. (Source: Mcafee’s Grand Theft Data report)
Small and corporate business hacking facts
Small businesses and corporate organizations are usually the targets of cyberattacks. UpCity reports that about 50 percent of small businesses have no cybersecurity plan. Those at the corporate level have the most damaging effect of all the data hackers steal.
Here are small business hacking facts to know in 2023.
20. 43 percent of hackers primarily target small businesses
According to Accenture’s Cybercrime Study 2019, small businesses account for 43 percent of cyberattacks, of which 60 percent of victims go bankrupt within six months. Yet, only 14 percent of small businesses have plans to defend themselves against hackers. (Source: Small Business Trends)
Despite these businesses being hackers’ main targets, about 65 percent of their decision-makers believe they’re not at risk. They have the conceived notion that they’re immune to cyberattacks, and it’s on this idea that hackers bank on to steal information. (Source: Keeper’s 2019 SMB Cyberthreat Study)
21. Over half of US companies have experienced phishing attacks
Agari reports that roughly 60 percent of corporations are victims of social engineering and phishing. (Source: IT Security Guru)
In cybersecurity, social engineering is a tactic hackers use to manipulate victims to give away sensitive information. Phishing is sending fraudulent messages that appear to be from a reputable source.
22. 75 percent of attacks on businesses were through fraudulent emails
Cybercriminals are just curious as you and me. Despite using sophisticated methods to steal data, outsmarting them is possible.
Many hackers perform phishing attacks through email because it’s the simplest way to gain sensitive information like your credit card number and password. So, if you come across a shady email in your inbox, it’s a phishing attack nine out of ten times. (Source: Cyber Security Breaches Survey 2018)
23. On average, companies only protect five percent of their files and folders
Most of the time, hackers don’t need to break a sweat before stealing data. Lousy protection only makes their job easier. Indeed, five percent is minimal compared to a company’s numerous sensitive and private files.
Besides, data suggests that about 53 percent of businesses with over 1 million folders have over 1,000 sensitive folders accessible to employees. (Source: Varonis)
24. 46 percent of hacking victims were from companies with less than 1,000 employees
Remember, hackers focus on monetary gain. So, why would they prefer to go after small businesses rather than their established counterparts?
Well, big organizations have more robust security in place. Undoubtedly, this requires more resources and time for a hacker to infiltrate. Besides, these companies understand the importance of cybersecurity systems and have adequately trained employees. (Source: Strong DM)
25. Most companies take about seven months to identify a data breach
Hackers can attack big companies like Facebook, Twitter, Equifax, and Capital One for weeks or months without notice. Recent IBM statistics reveal that it takes organizations 212 days to identify a cyberattack and 75 days to contain it. On average, a breach cycle takes 287 days. (Source: IBM)
Dark web market statistics
It’s no longer news that hackers trade information on the dark web market, such as the password, financial record, or name of their victims. Remember that this market isn’t visible to search engines, and every activity on it is anonymous.
Below are statistics about the dark web:
26. Hackers sell social security numbers for as low as $1
On the dark web market, social security numbers sell for $1 each, while a credit card may cost about $110. (Source: Experian)
27. 92 percent of ATMs are vulnerable to cyberattacks
Hackers use multiple methods to hack an ATM. Obviously, if they can easily steal your credit card information, hacking an ATM is a piece of cake. (Source: PTSecurity)
28. Personal health information is much more valuable than financial information
The FBI requires that healthcare professionals safeguard their customers’ information because hackers value them 40 times more on the dark web. Besides, fraudsters buy this health information to create fake IDs and buy drugs or medical equipment. (Source: Reuters)
A question arises regarding hackers and the dark web: How many cybercriminals are there? This, however, remains a mystery.
29. For about $1, you can purchase a Netflix account
Netflix is a popular streaming site that requires users to pay $8.99 for its basic subscription plan. For it to sell at approx. $1 to $4, many Netflix users must have lost their credentials. (Source: Bitdefender)
30. You can purchase a US passport for $6,000
You can buy a driving license, an ID card, and a fake passport on the dark web. With $6,000, you can get counterfeit credentials to become an American citizen. (Source: The Guardian)
Intriguing hacking statistics
There’s a bright side to hacking. It’s not just about cybersecurity and criminal masterminds. Here’s a list of fun hacking facts:
31. Dutch hacker guessed Trump’s password
In 2020, a Dutch hacker, Victor Gevers, logged into Trump’s Twitter by accurately guessing his password. The hacker then tweeted, “Please switch on 2FA on all your accounts.” (Source: The Washington Post)
32. Operation Cupcake
In 2011, Al-Qeada followers who wanted to download bomb-making instructions from a website saw cake recipes from the Ellen Degeneres Show’s Best Cupcakes in America. (Source: The Washington Post)
33. Bitcoin Twitter scam
In 2020, a hacker compromised the Twitter accounts of multiple high-profiles like Apple, Joe Biden, and Elon Musk. They posted a Bitcoin scam through these accounts, stating that followers would receive double the amount if they sent Bitcoin to a particular address. (Source: BBC News)
Cybersecurity threats and issues statistics
There are several types of cybersecurity threats. Hackers don’t need to steal data before it becomes a cyberattack. Information can be compromised when it’s threatened.
Significant security threats include malware, social engineering, distributed denial-of-service (DDoS) attacks, phishing, and ransomware.
Here are cybersecurity threats and issues statistics.
34. 54 percent of phishing emails contain malware or redirect to infected links
Recent studies show that phishing tactics, such as ransomware attacks, are crucial to most cybersecurity incidents. The number will increase if people click malicious links in shady emails. (Source: Statista)
35. Cloudflare reported the largest DDoS attack in 2022
In 2022, the most significant DDoS attack was a 2.5 Tbps attack. Cloudflare also reported a rising trend in DDoS attacks, which accounted for 67 percent of cyberattacks. During a ransom DDoS attack, the hacker promises to stop once the victim pays a ransom. (Source: Cloudflare)
36. Ransomware attacks are a constant threat
Ransomware attacks remain a constant threat that’s affecting all sectors. Kaspersky Lab reported that the percentage of users affected by targeted ransomware increased in the first ten months of 2022. (Source: Kaspersky Lab)
37. Apple App Store blocked over 24,000 malicious apps
Apple has been at the forefront of fighting cyberattacks. Although it has total control over its app store, it has nonetheless had to prevent developers from uploading malicious apps.
However, the Android community grants more freedom to developers. This has led to several cyberattacks, forcing them to improve security measures. Many mobile apps require a user’s permission before installing unverified third-party apps to limit cyber threats. (Source: Apple)
38. Cybersecurity is a high-salary field
Especially in North America, cybersecurity is a high-salary field. According to the ISC2 study, the average salary for a cybersecurity professional in North America is $134,800. Meanwhile, in Europe, it’s $93,535. The figure drops even lower in the Middle East, Africa, and Latin America to $22,185. (Source: ISC2)
39. 60 percent of fraud originates from mobile phones
The world has gone digital, and so have cybercriminals. Hackers initiate 60 percent of cyberattacks around the world through mobile phones.
Many of them use apps to gain access to your device inconspicuously. This way, they can easily compromise your mobile banking app and initiate multiple frauds. (Source: Credit Union Times)
40. Russian hackers are the most dangerous
A Crowdstrike study reveals that Russian hackers don’t waste any second regarding hacking. In under 18 minutes, they can infiltrate any computer network. It may take about two and a half hours for North Korean hackers. Their Chinese counterparts take more extended hours. (Source: Statista)
41. Companies will often fall victim to ransomware attacks in 2031
Cyber Security Ventures predicts that there’ll be a ransomware attack on businesses every two seconds in 2031.
Unlike other crimes, hackers only need to sit at a computer system and work around the clock. If you’ve been wondering how many cyber attacks per second, note that cybercriminals can attack numerous targets quickly in just a second or two. (Source: Cyber Security Ventures)
The need for improved cybersecurity systems is vital.
Not only will it save organizations billions of dollars, but it’ll also prevent unsuspecting users from falling victim. Although cybersecurity spending keeps increasing, hackers show no intention of slowing down.
Following the statistics above, you’ll realize that cyberattacks significantly threaten a business’s success, financial stability, and economic growth. America spends nearly $3.5 million on cybercrime annually.
Nevertheless, protecting your business and defending yourself from cybercriminals is possible. Keep in mind that hackers exploit vulnerabilities. Once there are no loopholes in your computer network, they’ll find stealing your information difficult. Use strong passwords, enable two-factor authentication, and install good antivirus software.
In all honesty, most hackers never get caught. In fact, 80 percent of cyberattacks are unreported, making it difficult for the authorities to track them. The government only punishes about 5 percent of perpetrators of all reported cyberattack incidents.
There are more than 90,000 cyberattacks per year.
Hacking statistics reveal that phishing attacks account for about 16% of malware infections.
Phishing accounts for 80 percent of all cyberattack scams. They happen through email, text messages, or social media.
Firewalls stop hackers to an extent, but they don’t give complete protection.
Definitely! One such savior is the Norton antivirus software, which protects your device from numerous cyberattacks.
There’s no concise data on how many people fall victim to cyberattacks, but roughly 11.7 million Americans lose their data to hackers yearly.
Hackers fall into three categories: grey, black, and white hat hackers. Black hat hackers create malware that attack computerized network and systems. White hat hackers are security specialists that look for vulnerabilities. Finally, grey hat hackers break into a system for other reasons besides enriching their pockets.
More than half a million US accounts are hacked yearly. Since 2015, hackers have leaked an average of 199.17 million digital records yearly.
Sadly, every year there’s a new cyberattack record.
There are nearly 3.8 million data losses due to cyberattacks daily.
Over 30,000 WordPress websites lose sensitive information daily.
By 2025, the US cybercrime cost will reach $10.5 trillion.