Home / Articles / Security / 24 Alarming Cybersecurity Statistics You Need to Know

24 Alarming Cybersecurity Statistics You Need to Know

Cybercrime is one of the biggest modern challenges that humanity faces. The cost of impact can range widely with the upper end of the scale, quite terrifying. Some examples include data damage and destruction, drops in morale and productivity, theft of intellectual property, personal, or financial data, and stolen monies.  

On top of these more immediate results, there are also high chances of post-attack disruptions. Add to that other factors such as forensic investigation, restoration and deletion of hacked data and systems – things may take some time to get back to normal. 

In the past, common perception was that these situations mainly only concerned large conglomerates like banks, financial institutions, technology companies and government institutions. The reality today is somewhat different – everyone is equally at risk.

What Has Happened, and When?

1) 145 Million New Malware Was Found in 2019 Alone

Total malware detected has been rising for the past 10 years.
Total malware detected has been rising for the past 10 years.

As if that wasn’t bad enough, between January to April 2020, 38.5 million additional ones were detected. Over the past 10 years, the trend has been escalating drastically. The main thing keeping us safe are the products that cybersecurity companies push out.

2) 93.6% of Malware is Polymorphic –  Constantly Changing its Code to Evade Detection

Malware authors and attackers have been highly adaptable and extremely focused. This means they’ve been building and using attack tools designed to become extremely resilient – for example, polymorphic. These malware change their code constantly to evade detection.

The high 93.6% figure alone clearly depicts the rapid increase in malicious files found on only a single machine. This further confirms how evolved the malware authors have become in evading traditional cyber defenses via polymorphism. 

3) Consumer Devices are Twice as Likely to be Infected

A threat study was conducted which confirmed that 62% of devices infected by malware were consumer (home user) devices, while 38% were business systems. This could be explained by the fact that businesses do employ more layers of security plus more training on security awareness provided to their employees. 

4) Malware Targeting Windows 7 increased by 125%

Generally speaking, Windows 10 is a safer operating system (OS) than previous iterations. Systems running Windows 7 are nearly 3x more likely to be infected by malware as compared to Windows 10 devices. 

Part of this is due to Microsoft ending support for Windows 7. This shows you the importance of keeping your applications up to date – to avoid security incidents. When necessary, update to newer versions.

5) Computers and Networks are Attacked Every 39 Seconds

A study conducted by the University of Maryland confirmed that the near-constant rate of hacker attacks of computers with Internet access is every 39s on average. Non-secure usernames and passwords give attackers higher chances of success.

Hackers typically affected a non-stop brute force attack via simple software-aided techniques to randomly attack computers. This alarming figure should be more than enough to spur you to implement more safety measures.

6) DDoS Attacks Increased by Almost 50% in 2019 

Q4 2019 saw an increase in the number of DDoS attacks. On top of this, the attacks’ average duration increased as well. 

Read more:

7) 4.83 Million Cyberattacks in 1H 2020

4.83 Million Cyberattacks in 1H 2020

COVID-19 pandemic is an unfortunate situation that has plagued the lives of many. Sadly, cybercriminals have taken advantage of this ‘outstanding’ business opportunity and launched almost five million attacks in the first half of 2020 alone.. 

They target mostly COVID-19 era lifelines such as eCommerce, healthcare and educational services. Most attacks are short but complex, designed to quickly overwhelm targeted entities.

8) 69% of IT Security Professionals Believe a Successful Attack is Imminent in 2020

This figure has been increasing from 62% in 2018 to 65% in 2019. And now in 2020, the percentage has increased to 69%. This concludes a rising pessimism among IT personnel –  not a good outlook at all.

9) Mexico Was Hardest-hit Country in 2019

Although all countries in the world experience cyberattacks, those in Mexico showed the highest degree of compromise. Over 93.9% were affected by at least one incident over the past 12 months. Next was Spain, followed closely by Italy, Colombia and China.

10) 20% of Americans have Dealt With Ransomware Attacks

Ransomware has been a great nuisance in the US. Cybercriminals have successfully collected more than a million dollars from the Florida cities of Riviera Beach and Lake City alone. In addition to this, ransomware drove Louisiana into a state of emergency. 

Such was the impact of ransomware attacks on Americans that many are driving both government and businesses alike to do more against these and other cyberattacks. Over 2019, such attacks also impacted at least 966 government agencies, educational establishments and healthcare providers at an estimated cost of over $7.5 billion. 

11) US, Brazil, India Most Hit by Ransomware Attacks

The United States accounted for 11.06% of all known ransomware attacks during the first three months of 2019. A report by Trend Micro saw Brazil accounting for 10.64%, coming in second. India, Vietnam, and Turkey wounded up the top five hardest-hit countries.

12) 38% Malicious Email Attachments Were in Microsoft Office Formats

38% Malicious Email Attachments Were in Microsoft Office Formats

Malicious documents are a well-known infection vector that many hackers still use to perform cyber attacks. The 2018 Cisco Annual Cybersecurity Report documented commonly used types of malicious file extensions in email documents. It was found that Microsoft Office formats such as Word, PowerPoint, and Excel topped the list.

13) Ransomware Attacks on Healthcare to Increase 5X by 2021

The most compelling reason to steal medical data, perhaps would be that medical identity theft is likely to go undetected due to the somewhat lax security measures undertaken by some hospitals. 

14) 35% of Attacks Have Been SSL or TLS-based

This 35% represents a nearly 50% increase from 2015. Many security professionals are not confident in their existing infrastructure to ward off such attacks. SSL flood attacks are a type of Distributed Denial of Service (DDoS) attack. 

15) 4 out of 5 Organizations Experienced at Least One Successful Cyber Attack 

80.7% of organizations experience at least one successful cyberattacks

The current security posture in our IT landscape confirms that 80% of organizations experience at least one successful cyberattack at a record level and more than a third suffered six or more such attacks.

16) 65% of Fraud Transactions Start on Mobile Devices

Mobile fraud is gaining steam and overtaking web fraud. Cybercriminals are now targeting mobile devices as mobile Apps’ popularity has risen significantly. In the past, mobile browsers were the targeted victims of such attacks but now 80% of mobile fraud resides in mobile Apps. 

17) Facebook Lost Over 309 Million Data Records in 2019

Under various circumstances, Facebook lost a whopping number of user data records. In once incident, more than 267 million Facebook user IDs, phone numbers and names were left exposed on the web for all to access without a password or any other authentication. 

In March 2020, a second server was attacked again by the same criminal group. This time, there were an additional 42 million records leaked, bringing the total to 309 million compromised. The hackers launched large-scale SMS spam and phishing campaigns to end users.

18) 93% of Healthcare Organizations Had a Data Breach Over the Past 3 Years

For hospitals, the insider threat is still the number one security challenge. More than half of insider fraud incidents within the healthcare industry involve the theft of customer data.

Also according to the Herjavec Group, 57% encountered more than five data breaches during the same timeframe.

19) Almost 74% of Phishing Attacks Involve Credentials

Here's an example of credential phishing.
Here's an example of credential phishing. (Source: Cofense)

The 1H of 2019 was filled with a large percentage of phishing attacks. Three out of four phishes in customers’ environments involved credential phishing. Stolen credentials, namely username and passwords were the biggest threat as they allowed hackers to gain access to a network, posing as legitimate users. 

20) Human Error Causes over 95% of Cybersecurity Breaches

Cybercriminals will always try to infiltrate your company’s weakest links. Most breaches stem more from human error than intentional misconduct. The most common would be downloading a malicious file that would infect the network with malware. 

Therefore, without regular and proper best safe practices training and having the employees stay informed on cyber literacy, any threat mitigation measures are rendered useless.

21) Financial Organizations Take Over 6 Months to Detect a Data Breach

Research suggests that financial organizations take an average of 98 days to detect a data breach while retailers can take up to 197 days. Unfortunately, sensitive data such as passwords, credit card details and social security numbers may already be compromised by that time.

22) Global Cybercrime Costs Will Reach $6 Trillion by 2021

Cybercrime has always been costly but costs are beginning to escalate to unimaginable amounts. Research indicates that by 2021 it will cost the entire globe over $6 trillion a year. This makes it more profitable than even the biggest drug cartel in the world.

23) Share Prices Fall 7.27% on Average After a Security Breach

An analysis of the shares belonging to 27 companies which suffered data breaches shows a trend we can expect. To put it into numbers, shareholders can expect their holding to devalue by an approximate of 7.27% on average. If you hold 1,000 shares in Apple at $120 per share, you will suffer a loss of almost $9,000.

24) 77% of Organizations Don’t Have a Cybersecurity Incident Response Plan

It was found that around 54% of companies have experienced one or more attacks in the last 12 months and sadly, most are ill-prepared against such cyber attacks. A study by tech giant IBM found that more than three-quarters of all companies are not prepared for the aftermath of an attack.

IoT Devices Will Number 75 Billion by 202

According to Cisco, the IoT market is expected to reach 31 billion connected devices in 2020 and 75 billion by 2025. This is to be expected as such is driven by rapidly expanding Internet users, Apps and IoT devices.

Every connected device is a potential security risk. As the numbers explode, the exposure surface for cybersecurity risk rises with it.


Cybercrime is one of the greatest threats to companies and individuals around the world. An incident lasting a few seconds can have a great impact on impersonal lives. As technology spreads even further, we all need to do our part to combat these threats.

From using security applications to learning and carrying out best practises, each thing we do can help lower our risk. By understanding the potential risk and how to defend against them, we each help make the web a safer place.


Photo of author

Article by Jerry Low

Keep Reading