Category: Cyber Security Statistics

Here is a collection of some of the most interesting cyber security statistics and fun facts I have stumbled across in my internet travels. These posts cover both the cyber security industry and individual companies.

There are few issues facing business leaders today that pose a bigger risk than cybercrimes. Where cybersecurity was once seen as unnecessary or reactionary measures you take after an incident has occurred, businesses have woken up over the past few years and are getting much more proactive about locking down their networks and securing their data.

Cyber security is on the cusp of becoming a booming industry. I recently sat down to see what I could dig up for cyber security statistics. What I found amazed (and scared) me…


Get the full report here


Cyber Security Statistics and Facts

Reported number of Yahoo accounts that were hacked in the largest data breach in history:

3 billion


Estimated amount that was paid out in ransomware attacks in 2016:

$1 billion


Year over year increase in mobile cyberattacks:

40%

Last updated 9/11/17


Project amount that will be spent on Information Security globally in 2017:

$86.4 billion


Reported percentage of the top 100 US banks that fail web security testing:

65%

Last updated 7/3/17


Percentage of ransomware victims that pay to get their devices unlocked:

40%

Last updated 4/26/17


Increase in hacked websites from 2015-2016:

32%


Percentage of US adults that suffered some kind of security incident between Dec 1, 2015 and Dec 1, 2016:

51%


Global spending on information security products and services in 2016:

$81.6 billion


Number of reported data breaches in 2016:

1,093


Number of reported data breaches in 2015:

781


Estimated global cost of cyber attacks annually:

$400 billion

Last updated 1/17/16


Projected global cost of cyber attacks in 2019:

$2.1 trillion

Last updated 1/17/16


Average total cost of a data breach (global):

$3.8 million

Last updated 2/4/16


Average total cost of a data breach (US):

$6.5 million

Last updated 2/4/16


Percentage that the cost of data breaches increased from 2013-2015:

23%

Last updated 5/27/15


Estimated average cost incurred per stolen record in a data breach:

$154 per record

Last updated 5/27/15


Average annual amount of cybersecurity incidents:

80-90 million

Last updated 9/9/15


Increase in cyber security incidents from 2014-2015:

38%

Last updated 10/30/15


Top means of cyber attack in 2016:

Phishing and malware


Top means of cyber attack in 2015:

Phishing and malware


Number of years in a row that phishing and malware have been the top means of cyber attack:

8 consecutive years


Percentage of phishing messages that were opened by the receiver in 2015:

30%


Percentage of people that opened a phishing message in 2015 that also clicked on the malicious attachment or link:

12%


Number of cyber security job openings in 2016:

1 million

Last updated 2/12/16


Percentage of IT departments that store privileged and/or admin passwords in a Word document or spreadsheet on a company PC or laptop:

40%

Last updated 9/25/16


Percentage of US adults that use the same password for most of their online accounts:

28%

Last updated 10/18/17


US adults, age 18-34 years old are the most careless age group with their online passwords.


Estimated number of PCs that are unknowingly mining cryptocurrency:

over 500 million

Last updated 10/13/17


Worst online password of 2017:

123456


Second- worst password of 2017:

password


Percentage of healthcare organizations that don’t have a cybersecurity leader:

84%

Last updated 12/18/17


Percentage of healthcare organizations that do not conduct regular cyber risk assessments:

54%

Last updated 12/18/17


Amount that cybersecurity startups received from venture capitalists in 2017:

$7.6 billion


Amount that cybersecurity startups received from venture capitalists in 2016:

$3.8 billion


Percentage of small to mid-sized businesses that have been cyber crime targets:

20%

Last updated 2/23/16


Percentage of companies that do not offer cyber security training for new hires:

54%

Last updated 2/23/16


Percentage of malware that require human interaction before infection:

90%

Last updated 2/23/16


Amount businesses have lost from email scams from Oct 2013-Feb 2016:

$2.3 billion


Percentage of web attacks in 2015 that were done for financial gain:

95%


Average number of daily cyberattacks Microsoft sees on its digital infrastructure:

over 10 million

Last updated 5/6/16


Most cyber-attacked industry in 2015:

Healthcare


Second-most cyber-attacked industry in 2015:

Manufacturing


Percentage of large healthcare providers that plan to spend more than $1 million on cyber security in 2016:

63%


Percentage of consumers that have been victims of Credit or Debit Card fraud:

more than 40%

Last updated 3/3/16


Average salary for a Chief Information Security Officer (CISO) in the U.S.:

$223,000

Last updated 3/15/16


US city with the highest average salary for Chief Information Security Officers (CISO):

San Francisco ($421,000)

Last updated 3/15/16


Percentage of employees that would react negatively if their personal info was breached by their company:

85%

Last updated 3/20/16


Percentage of employees that admit to uploading sensitive info to cloud apps with the intent to share data outside the company:

26%

Last updated 3/20/16


Percentage of employees that admit to using the same password across business applications:

65%

Last updated 3/20/16


Percentage of employees that share passwords with their co-workers:

33%

Last updated 3/20/16


Percentage of employees that would sell their passwords to an outsider:

20%

Last updated 3/20/16


Number of reported cyber incidents within companies that operate critical infrastructure sites in 2015:

295 incidents


Number of reported data breaches in the medical/healthcare sector in 2015:

277


Average amount of lead time a cyber criminal has before an attack is discovered:

200 days

Last updated 10/30/15


Percentage of companies that think they can keep attackers off their networks:

44%

Last updated 10/30/15


Amount the U.S. government has budgeted for cybersecurity in 2016:

$14 billion


Amount the U.S. government is budgeting for cybersecurity in 2017:

$19 billion


Size of the cyber insurance market:

$2.5 billion

Last updated 10/16/15


Amount spent annually on cyber security awareness training:

$1 billion

Last updated 10/16/15


Percentage of cyber attacks that go undetected:

70%

Last updated 9/9/15


Projected amount of annual cyber insurance premiums in 2020:

$8 billion 

Last updated 2/4/16


Percentage of business decision makers that believe they will suffer a data breach in the future:

65%

Last updated 2/10/16


Percentage of businesses that have some sort of insurance to cover data loss and a security breach:

41%

Last updated 2/10/16


Percentage of companies that have a formal information security policy in place:

52%

Last updated 2/10/16


Percentage of companies that believe their data is completely secure:

22%

Last updated 2/10/16


Market size of the global cybersecurity market in 2015:

$75 billion


Projected market size of the global cybersecurity market in 2020:

$170 billion

Last updated 2/12/16


Projected market size off the Internet of Things security market in 2020:

$29 billion

Last updated 2/12/16


Top age group to report identity theft in the US in 2014:

40-59


Top reason for identity theft complaints in the US in 2014:

Government documents/benefits fraud 


Second most common identity theft complaint in the US in 2014:

credit card fraud


Percentage of IT professionals that feel pressured to unveil IT projects that aren’t 100% secured:

77%

Last updated 2/10/16


Amount invested in cybersecurity startups in 2015:

$3.8 billion


Number of cybersecurity startups that received funding in 2015:

332


Estimated number of people impacted by the U.S. federal Office of Personnel Management hack in 2015:

22 million


Worst password of 2015:

123456


Second-Worst password of 2015:

Welcome


Percentage of US adults that use the same password for more than one website:

71%

Last updated 12/1/16


Percentage of US adults that use 2-factor authentication:

46%

Last updated 12/1/16


Percentage of router owners that keep the weak factory-default passwords:

15%

Last updated 10/23/16


Percentage of organizations that experienced a DDoS attack and then an additional compromise shortly after:

53%

Last updated 10/5/16


Today’s top cyber crime trend:

Crime as a Service

Last updated 9/28/16


Percentage of the Forbes top 1000 companies that have lost sensitive credentials:

97%

Last updated 9/25/16


Percentage of IT departments that store privileged and/or admin passwords in a Word document or spreadsheet on a company PC or laptop:

40%

Last updated 9/25/16


Percentage of IT departments that store privileged and/or admin passwords on a shared server or USB stick:

28%

Last updated 9/25/16


In the UK, a financial fraud case occurs once every 15 seconds.


The most widespread virus to date based on number of infections:

Conficker Virus (8.9 million infections)

Last updated 9/3/16


Average amount a hacker makes per successful attack:

$15,000

Last updated 2/4/16


Average number of attacks each hacker conducts annually:

8

Last updated 2/4/16


60% of hackers call off attacks if no response in 40 hours.

Last updated 2/4/16


Amount bots are expected to cost the Ad Industry from fake traffic ad fraud in 2016:

$7.2 billion


Amount bots cost the Ad Industry from fake traffic ad fraud in 2015:

$6.3 billion


Average amount paid in a cyber ransom case in 2016:

$679


Average amount paid in a cyber ransom case in 2015:

$300


Percentage of people that never back up their data:

30%

Last updated 8/8/16


Average number of people that pay cyber ransoms monthly:

9,515 per month

Last updated 7/29/16


Percentage of malware installed in phishing email that result in ransomware:

50%

Last updated 6/1/16


Average number of monthly cyber attacks on the aviation industry:

1,000 per month

Last updated 7/27/16


Number of jobs in the cyber-security field that went unfilled in 2015:

209,000

Last updated 7/27/16


Number of malware attacks AT&T blocks daily:

200,000

Last updated 6/13/16


Percentage of Visa-branded credit cards that have EMV chips:

58%

Last updated June 2016


Percentage of Visa-branded debit cards that have EMV chips:

37%

Last updated June 2016


Number of personal records that were exposed in data breaches in 2015:

nearly 178 million


Number of records that were exposed in data breaches in 2016:

4.2 billion


Estimated percentage of exploited cyber vulnerabilities that were already known:

99%

Last updated 12/27/16


Amount of traffic volume DDOS attacks hit in 2016:

1 Tbps


Most common password of 2016:

123456


Second-most common password of 2016:

123456789


Industry sector that had the most data breach incidents in 2016:

Business Sector


Industry sector that had the second-most data breach incidents in 2016:

Healthcare/Medical Sector


Estimated amount of new code that will need to be secured in 2017:

111 billion lines of code


Number of passwords exposed in 2016:

3.2 billion passwords


Percentage of breached records in 2016 that belonged to US citizens:

68.2%


Countries with the most exposed records in 2016 data breaches:

US (3 billion)

Russia (260 million)

Mexico (93 million)


Amount that Microsoft is planning to invest annually in cyber security from 2017-on:

$1 billion

Last updated 1/26/17


Percentage of internet users in Asia-Pacific that feel their personal information is not sufficiently protected online:

70%

Last updated 7/26/17