Cyber Attack Statistics

Data leak meaning: When sensitive data is exposed online or physically.

Cybersecurity statistics at a glance:

• The number of cyberattacks per year is more than 800,000
• 422 million US citizens’ data was compromised in 2022 (Identity Theft Research Center (ITRC)’s Annual Data Breach Report)
• 800,944 people filed cybercrime complaints with the FBI in 2022 with potential losses totaling $10.2 billion (FBI’s Internet Crime Annual Report)
• The Federal Trade Commission’s (FTC) Consumer Sentinel Network recorded more than 5.1 million reports in 2022. Of those reports, 46% were related to fraud, while 21% were related to identity theft.
• The top five types of identity theft in 2022 were credit card fraud for new accounts, miscellaneous, bank fraud relating to new accounts, tax fraud, and business and personal loans
• According to the Identity Theft Resource Center’s 2022 Data Breach Report, there were 1,802 data breaches and exposures reported, which affected 422.1 million people.

Global cybercrime statistics

So, what do the global cybercrime stats look like? Let’s have a look at cybersecurity attack statistics from incidents in the recent past.

Recent cyberattacks

• December 2, 2022: Rackspace Technology suffered a ransomware attack in which hackers exploited a ProxyNotShell vulnerability. 27 customers’ personal information was accessed and Rackspace subsequently shut down the affected hosted email service, Exchange
• March 28, 2023: Crypto company SafeMoon’s liquidity pool was compromised and $8.9 million was stolen in cryptocurrency
• March 2023: The National Basketball Association (NBA) notified fans via email that a third-party service provider handling some of their personal information was breached and some of their data was stolen. Fans were also advised to be on the lookout for phishing attacks as a result of the breach.

Cybercrime statistics by attack type

There are multiple types of cybercrime, each of which can compromise the privacy of the victims affected.

Below is a list of must-know statistics for the most common cyberattacks:

• 1.7 million ransomware attacks happen daily, and the average attack costs $4.54 million on average
• Almost 57,116 DDoS attacks were reported between 2022 and 2023
• The average cost of a data breach in 2022 was $4.35 million
• 139.3 million cryptojacking attacks were reported in 2022
• Nearly 60% of cyberstalking victims reported that cyberstalking incidents lasted at least a year
• Phishing is the top internet crime type in the US with 300,487 incidents reported to the FBI’s Internet Crime Complaints Center
• 81% of organizations globally have fallen victim to phishing attacks beginning March 2020
• Illegal streaming services account for 80% of global online piracy
• Every year, 10% of all US adults are at a high risk of falling  victims to fraud.

Largest data breaches and hacking statistics

Some breaches have gone down in history as the largest hacking incidents and are so significant they’ll be remembered for years to come.

Here are the statistics for the largest hacks and data breaches you should know about:

• Yahoo

Date: August 2013

Impact: 3 billion Yahoo users’ accounts

Details: In December 2016, Yahoo reported that it had been breached three years prior in 2013. It was one of the major breaches in history and the biggest breach in 2018.

• Alibaba

Date: November 2019

Impact: 1.1 billion units of user data

Details: A developer working for an affiliate marketing company stole customer data like usernames and mobile phone numbers from Alibaba company Taobao over eight months.

• Aadhaar

Date: January 2018

Impact: The identity or biometric data of 1.1 billion Indian citizens was compromised

Details: Between late 2017 and early 2018, India’s government ID database, Aadhaar, suffered multiple breaches in which registered citizens’ sensitive information was stolen. The data included:

• Phone numbers
• Names
• Email addresses
• Photos
• Fingerprints
• Iris scans.

By January 2018, criminals were selling access to this data on WhatsApp. The hackers were able to breach the database through Indane, a state-owned utility company, as its API had no access controls in place.

Advanced persistent threat statistics

Advanced persistent threats (APTSs) are cyberattacks in which hackers steal data over a long period of time undetected. As a result, the damage can be devastating to a business. Here are the statistics:

• 68% of businesses lost data due to a targeted attack on their networks
• 21% of organizations have had an APT incident affecting suppliers that have access to their data
• 22% of organizations’ customer-facing services are blocked due to a targeted attack
• 34% of companies’ reputations have suffered from an APT attack
• 78% of companies experience downtime as a result of an APT attack
• 90% of APT groups access a company’s internal network through spear phishing attacks
• 48% of APT groups use legitimate administration and commercial penetration testing tools in their attacks
• The APT market is projected to be worth $12.5 billion annually by 2025 and $20 billion by 2027
• The tools needed to carry out a banking attack cost a minimum of $55,000, while a cyberespionage campaign costs at least $500,000.

Industry-specific cyber stats

Have you ever wondered how cybercrime affects specific industries? The World Economic Forum lists the top two cyber threats for each industry as follows:

• Healthcare: Insider error and insider misuse
• Finance and Insurance: Web app attacks and insider error
• Public administration: Insider misuse and web app attacks
• Manufacturing: Insider misuse and web app attacks
• Accommodation and food services: System intrusion and web app attacks
• Finance industry and Insurance: Web app attack and insider error
• Information: Social engineering and web app attacks
• Educational services: Web app attacks and insider error
• Retail: Insider error and web app attacks
• Professional services: Insider misuse and system intrusion.

Here’s how various industries are affected by cybercrime:

• The healthcare industry has the leading number of ransomware attacks
• The top cyberattacks affecting small businesses include web-based attacks (49%), phishing or social engineering (43%), and general malware (35%)
• 25% of all malware attacks were carried out against banks and other financial industries
• 70% of financial institutions are most concerned about financially motivated attackers
• Almost 60 million Americans have been affected by identity theft
• Blackberry lists the US as the leading target for cyberattacks
• Ransomware incidents rose to 62% in K-12 schools in 2022, making them the most reported cyberattack type (Emsisoft 2022 report)
• The average breach costs educational institutions a whopping $3.86 million.

Cybersecurity market statistics

As cybercrime continues to impact the world, cybersecurity becomes increasingly important. The International Data Corporation (IDC) notes that AI in the cybersecurity market is growing at a CAGR of 23.6% and its market value will rise to $46.3 billion in 2027.

Cybersecurity compliance and governance statistics

Cybersecurity compliance ensures that companies adhere to cyber laws and requirements.

Below is a list of cybersecurity compliance and governance statistics to be aware of:

• 66% of companies believe that compliance mandates drive spending (CSO Online)
• More than half of companies found over 1,000 files that were accessible by all employees (Varonis)
• Compliance costs can reach up to $10,000 per employee for large businesses (Competitive Enterprise Institute)
• 78% of companies expect yearly increases in regulatory compliance requirements (Thomson Reuters)
• Each employee has access to an average of 11 million files (Varonis)
• 17% of files containing sensitive information are accessible to all workers (Varonis)
• An estimated 60% of companies have more than 500 accounts with passwords that aren’t set to expire (Varonis).

Cybercrime damage and cost statistics

Cybercrime affects people and industries in multiple ways. From the emotional impact to the financial burden, the consequences are many and far-reaching.

Have a look at the statistics around the effects and costs of cybercrime below:

• On average, a cyberattack happens every 39 seconds
• Cybersecurity Ventures predicts that the cost of cybercrime will hit $8 trillion in 2023 and $10.5 trillion by 2025
• Identity fraud losses totaled $52 billion and affected 42 million U.S. adults, according to the 2022 Identity Fraud Study: The Virtual Battleground by Javelin Strategy & Research
• Of the 76% of organizations that were targets of ransomware attacks, 64% were infected. However, only half were able to successfully retrieve their data after the ransom was paid. What’s more, more than 66% had multiple, separate infections
• Companies can lose an average of $1.59 million as a result of a data breach (IBM)
• Malware attacks, on the other hand, can cost a company $2.6 million on average (Accenture)
• The economic impact of cybercrime is larger than the GDP of all countries, except for China and the US (Cybersecurity Ventures).

Cybercrime trends

So, what are the latest cyberattack trends you should be aware of in 2023? Find out below.

Supply chain attacks

These occur when criminals attack or access your system through a third-party service provider that has access to your sensitive information. The March 2023 NBA breach earlier in the article is one such example.

The growing cost of cybercrime

Cybercriminals are targeting wealthy individuals or high cash-flow organizations like banks and other financial institutions. The Netflix miniseries Inventing Anna depicts the story of con artist Anna Sorokin, who successfully scammed high-end hotels, celebrities, and the elite by posing as a German heiress.

Internet of Things (IoT) devices

IoT devices contain software that can be easily hacked. There are billions of these out there, which makes them an easy target. Smart home management brand, Orvibo, was breached because it had left a database of two billion records unsecured on the internet.

The records lacked password protection and contained sensitive data like user passwords and account reset codes. A conversation recorded on a smart camera was also among the data exposed. The breach was found and exposed by a team of security researchers that is well-versed in testing for and identifying breaches.

The human element

Cyberattacks that involve human interaction, like email phishing, continue to work because of their sophistication and victims’ naïveness. For example, a scammer sends you a phishing email asking for your banking details and you send them to him, so he scams you. But if you ignore or delete the email, nothing will happen.

Cybercrime on social media

Millions of people spend hours on social media, so it makes sense that bad actors would target them there. Phishing and identity theft are examples of cybercrime committed using social media. Bad actors can create a social media account impersonating you to solicit funds from followers. This can unknowingly land you in trouble.

Cost of cybercrime

Cybercrime is here to stay, so businesses will continue to pour money into information security. For one, cyber professionals are in short supply around the world, which naturally means they could cost a company more money to hire due to their scarcity.

The 2022 IBM Cost of a Data Breach report notes that it takes the average organization about 277 days to fully identify and stop a breach. The average cost of a breach can go up to $4.35 million. That’s why it’s more important to invest in measures to identify and halt a breach before it causes much damage than it is to manage one after the damage is done.

How to reduce the risk of cyberattacks

Cyberattacks can leave a dent in your finances and affect other aspects of your life. Here are a few of these solutions to help reduce the risk of cyberattacks…

Encrypt your outgoing traffic

This is one of the simplest ways to protect yourself from cyberattacks. You can do this by using a VPN, a Tor browser, and encrypted messaging apps.

Clario’s VPN tool is a safe, reliable solution to hide your IP address and thereby reduce the probability of falling victim to cybercrime. Here’s how to use it:

1. Download the Clario app and set up an account
2. Go to the Quick VPN actions section and enable Browsing protection
3. Select Turn on > Allow > Done. This will connect you to the best server, and you’re done. However, you have the option of choosing a diffeent one if you prefer. To do this, simply tap the location and find your preferred server on the list.

Check your data for breaches

Set up continuous monitoring by using Clario’s reliable data breach monitor to ensure your email address hasn’t been compromised, which could also compromise your personal data.

Scan your device for malware

Some malware types can go undetected, but using a scanner can help you detect and remove them.

Set up browsing protection

A VPN will prevent hackers from attacking your system as it hides your device’s true IP address, thereby making it difficult to track you online.

Download carefully

Be careful about what you download and from where. Only download what is necessary from trusted sources, and ensure your antivirus program is running to scan new downloads.

Improve password security

A weak password makes it easy to hack your device easy. Improve your password security by using strong, unique passwords. Avoid using your birthdate and anything that would be easy for anyone to crack.

Update device software

Device manufacturers play their part in protecting you from breaches by keeping your software updated around the clock. Play your part by updating to newer software often to patch up any vulnerabilities that may be present.

Protect yourself against cyberattacks

While there’s no running away from cyberattacks completely, you can reduce the chances of becoming a victim by using the tips above. Be aware of the stats and stay informed to stay safe. Use Clario’s data breach monitor to stay on top of data leaks containing your email.