Cyber Security Statistics
Last Updated on: January 6th, 2024
Here is a collection of some of the most interesting cyber security statistics and fun facts I have stumbled across in my internet travels. These posts cover both the cyber security industry and individual companies.
There are few issues facing business leaders today that pose a bigger risk than cybercrimes. Where cybersecurity was once seen as unnecessary or reactionary measures you take after an incident has occurred, businesses have woken up over the past few years and are getting much more proactive about locking down their networks and securing their data.
Cyber security is on the cusp of becoming a booming industry. I recently sat down to see what I could dig up for cyber security statistics. What I found amazed (and scared) me…
Cyber Security Statistics
Reported number of Yahoo accounts that were hacked in the largest data breach in history:
Estimated amount that was paid out in ransomware attacks in 2016:
Year over year increase in mobile cyberattacks:
Last updated 9/11/17
Project amount that will be spent on Information Security globally in 2017:
Reported percentage of the top 100 US banks that fail web security testing:
Last updated 7/3/17
Percentage of ransomware victims that pay to get their devices unlocked:
Last updated 4/26/17
Increase in hacked websites from 2015-2016:
Percentage of US adults that suffered some kind of security incident between Dec 1, 2015 and Dec 1, 2016:
Global spending on information security products and services in 2016:
Number of reported data breaches in 2016:
Number of reported data breaches in 2015:
Estimated global cost of cyber attacks annually:
Last updated 1/17/16
Projected global cost of cyber attacks in 2019:
Last updated 1/17/16
Average total cost of a data breach (global):
Last updated 2/4/16
Average total cost of a data breach (US):
Last updated 2/4/16
Percentage that the cost of data breaches increased from 2013-2015:
Last updated 5/27/15
Estimated average cost incurred per stolen record in a data breach:
Last updated 5/27/15
Average annual amount of cybersecurity incidents:
Last updated 9/9/15
Increase in cyber security incidents from 2014-2015:
Last updated 10/30/15
Top means of cyber attack in 2016:
Top means of cyber attack in 2015:
Number of years in a row that phishing and malware have been the top means of cyber attack:
Percentage of phishing messages that were opened by the receiver in 2015:
Percentage of people that opened a phishing message in 2015 that also clicked on the malicious attachment or link:
Number of cyber security job openings in 2016:
Last updated 2/12/16
Percentage of IT departments that store privileged and/or admin passwords in a Word document or spreadsheet on a company PC or laptop:
Last updated 9/25/16
Percentage of US adults that use the same password for most of their online accounts:
Last updated 10/18/17
US adults, age 18-34 years old are the most careless age group with their online passwords.
Estimated number of PCs that are unknowingly mining cryptocurrency:
Last updated 10/13/17
Worst online password of 2017:
Second- worst password of 2017:
Percentage of healthcare organizations that don’t have a cybersecurity leader:
Last updated 12/18/17
Percentage of healthcare organizations that do not conduct regular cyber risk assessments:
Last updated 12/18/17
Amount that cybersecurity startups received from venture capitalists in 2017:
Amount that cybersecurity startups received from venture capitalists in 2016:
Percentage of small to mid-sized businesses that have been cyber crime targets:
Last updated 2/23/16
Percentage of companies that do not offer cyber security training for new hires:
Last updated 2/23/16
Percentage of malware that require human interaction before infection:
Last updated 2/23/16
Amount businesses have lost from email scams from Oct 2013-Feb 2016:
Percentage of web attacks in 2015 that were done for financial gain:
Average number of daily cyberattacks Microsoft sees on its digital infrastructure:
Last updated 5/6/16
Most cyber-attacked industry in 2015:
Second-most cyber-attacked industry in 2015:
Percentage of large healthcare providers that plan to spend more than $1 million on cyber security in 2016:
Percentage of consumers that have been victims of Credit or Debit Card fraud:
more than 40%
Last updated 3/3/16
Average salary for a Chief Information Security Officer (CISO) in the U.S.:
Last updated 3/15/16
US city with the highest average salary for Chief Information Security Officers (CISO):
Last updated 3/15/16
Percentage of employees that would react negatively if their personal info was breached by their company:
Last updated 3/20/16
Percentage of employees that admit to uploading sensitive info to cloud apps with the intent to share data outside the company:
Last updated 3/20/16
Percentage of employees that admit to using the same password across business applications:
Last updated 3/20/16
Percentage of employees that share passwords with their co-workers:
Last updated 3/20/16
Percentage of employees that would sell their passwords to an outsider:
Last updated 3/20/16
Number of reported cyber incidents within companies that operate critical infrastructure sites in 2015:
Number of reported data breaches in the medical/healthcare sector in 2015:
Average amount of lead time a cyber criminal has before an attack is discovered:
Last updated 10/30/15
Percentage of companies that think they can keep attackers off their networks:
Last updated 10/30/15
Amount the U.S. government has budgeted for cybersecurity in 2016:
Amount the U.S. government is budgeting for cybersecurity in 2017:
Size of the cyber insurance market:
Last updated 10/16/15
Amount spent annually on cyber security awareness training:
Last updated 10/16/15
Percentage of cyber attacks that go undetected:
Last updated 9/9/15
Projected amount of annual cyber insurance premiums in 2020:
Last updated 2/4/16
Percentage of business decision makers that believe they will suffer a data breach in the future:
Last updated 2/10/16
Percentage of businesses that have some sort of insurance to cover data loss and a security breach:
Last updated 2/10/16
Percentage of companies that have a formal information security policy in place:
Last updated 2/10/16
Percentage of companies that believe their data is completely secure:
Last updated 2/10/16
Market size of the global cybersecurity market in 2015:
Projected market size of the global cybersecurity market in 2020:
Last updated 2/12/16
Projected market size off the Internet of Things security market in 2020:
Last updated 2/12/16
Top age group to report identity theft in the US in 2014:
Top reason for identity theft complaints in the US in 2014:
Government documents/benefits fraud
Second most common identity theft complaint in the US in 2014:
Percentage of IT professionals that feel pressured to unveil IT projects that aren’t 100% secured:
Last updated 2/10/16
Amount invested in cybersecurity startups in 2015:
Number of cybersecurity startups that received funding in 2015:
Estimated number of people impacted by the U.S. federal Office of Personnel Management hack in 2015:
Worst password of 2015:
Second-Worst password of 2015:
Percentage of US adults that use the same password for more than one website:
Last updated 12/1/16
Percentage of US adults that use 2-factor authentication:
Last updated 12/1/16
Percentage of router owners that keep the weak factory-default passwords:
Last updated 10/23/16
Percentage of organizations that experienced a DDoS attack and then an additional compromise shortly after:
Last updated 10/5/16
Today’s top cyber crime trend:
Last updated 9/28/16
Percentage of the Forbes top 1000 companies that have lost sensitive credentials:
Last updated 9/25/16
Percentage of IT departments that store privileged and/or admin passwords in a Word document or spreadsheet on a company PC or laptop:
Last updated 9/25/16
Percentage of IT departments that store privileged and/or admin passwords on a shared server or USB stick:
Last updated 9/25/16
In the UK, a financial fraud case occurs once every 15 seconds.
The most widespread virus to date based on number of infections:
Conficker Virus (8.9 million infections)
Last updated 9/3/16
Average amount a hacker makes per successful attack:
Last updated 2/4/16
Average number of attacks each hacker conducts annually:
Last updated 2/4/16
60% of hackers call off attacks if no response in 40 hours.
Last updated 2/4/16
Amount bots are expected to cost the Ad Industry from fake traffic ad fraud in 2016:
Amount bots cost the Ad Industry from fake traffic ad fraud in 2015:
Average amount paid in a cyber ransom case in 2016:
Average amount paid in a cyber ransom case in 2015:
Percentage of people that never back up their data:
Last updated 8/8/16
Average number of people that pay cyber ransoms monthly:
Last updated 7/29/16
Percentage of malware installed in phishing email that result in ransomware:
Last updated 6/1/16
Average number of monthly cyber attacks on the aviation industry:
Last updated 7/27/16
Number of jobs in the cyber-security field that went unfilled in 2015:
Last updated 7/27/16
Number of malware attacks AT&T blocks daily:
Last updated 6/13/16
Percentage of Visa-branded credit cards that have EMV chips:
Last updated June 2016
Percentage of Visa-branded debit cards that have EMV chips:
Last updated June 2016
Number of personal records that were exposed in data breaches in 2015:
Number of records that were exposed in data breaches in 2016:
Estimated percentage of exploited cyber vulnerabilities that were already known:
Last updated 12/27/16
Amount of traffic volume DDOS attacks hit in 2016:
Most common password of 2016:
Second-most common password of 2016:
Industry sector that had the most data breach incidents in 2016:
Industry sector that had the second-most data breach incidents in 2016:
Estimated amount of new code that will need to be secured in 2017:
Number of passwords exposed in 2016:
Percentage of breached records in 2016 that belonged to US citizens:
Countries with the most exposed records in 2016 data breaches:
Amount that Microsoft is planning to invest annually in cyber security from 2017-on:
Last updated 1/26/17
Percentage of internet users in Asia-Pacific that feel their personal information is not sufficiently protected online:
Last updated 7/26/17
