The cybersecurity industry has quickly evolved over the past few years. As remote work becomes commonplace, organizations continue to move to the cloud and cybersecurity attacks become increasingly complex. Cybersecurity attacks are expected to continue to grow and evolve. This, combined with the ongoing cybersecurity talent shortage, provides a unique opportunity for cybersecurity professionals.
We’ve pulled together a variety of cybersecurity statistics and facts to illustrate the current landscape of the industry.
Cybersecurity Landscape: Top Cybersecurity Concerns
While there are a variety of concerns in the cybersecurity landscape, many center around the growing complexity of modern cyberattacks. Cyberattacks can occur in any location, on any device that has access to the internet. Emails, private and public clouds, devices connected through the internet of things (IoT) and unsecured networks all present vulnerabilities for cybercriminals to exploit. As technology advances, so do virtual attacks.
While not a direct security concern, there is a major gap in cyber talent. Although the United States added over 250,000 people to the cybersecurity workforce between 2022 and 2021, the need is increasing. According to Clar Rosso, CEO of (ISC)2, the need for cybersecurity professionals increased in 2021 by 30%. The cybersecurity industry is desperately seeking talent, and many companies are willing to provide training and educational support for potential employees.
Given the current situation, there is a great opportunity for those interested in cybersecurity to enter the field and help prevent cyberattacks. There are a variety of educational training and certificates available, including bachelor’s and master’s degree programs.
The Cost of Cybercrimes
The cost of cybercrimes has been increasing and is predicted to continue to grow. Here are a few stats that highlight the cost of cybercrime.
- “By the end of this year, the expected cost of cybercrime globally is 6 trillion dollars, and this figure is expected to go as high as 10.5 trillion dollars in 2025.” [CEOWORLD Magazine]
- “The information security industry globally is predicted to increase to 170.4 billion dollars in 2022 so it can cope with the increasing cyber threats.” [CEOWORLD Magazine]
- In 2021, “Data breach costs rose from USD 3.86 million to USD 4.24 million.” [IBM]
- The most common initial attack vector, compromised credentials, was responsible for 20% of breaches, at an average breach cost of USD 4.37 million. [IBM]
Cyberattack Statistics by Type
In a phishing attack, a cybercriminal will pose as a trusted institution or individual to trick their target into sharing personal information. Most phishing attacks occur via email, but can also take place over text, telephone or social media.
- “With an unprecedented number of people working remotely, phishing and ransomware attacks increased by 11 percent and 6 percent respectively, with instances of Misrepresentation increasing by 15 times compared to last year.” [Verizon]
- “In our one-year measurement period, our customers’ end users reported more than 350,000 credential phishing attacks, nearly 40,000 emails with malware payloads (like Trojans, downloaders and stealers), and more than 20,000 malicious spam messages.” [Proofpoint]
In a ransomware attack, a person or company’s data is stolen until a ransom is paid to get it back. If not paid, a cybercriminal may erase the data, share it or sell it on the web.
- The eSentire Ransomware Report states that, in 2021 alone, six ransomware groups compromised 292 organizations between Jan. 1 and April 30.
- The report estimates that the groups managed to bring in at least $45 million from these attacks and details multiple incidents that were never reported.
- The Identity Theft Resource Center reported a record-breaking number of data breaches for 2021, with ransomware data breaches doubling per year in the past two years. It’s predicted that in 2022, ransomware attacks will surpass phishing as the top cause of data compromises.
“Ransomware is not going anywhere in 2022, but we will see attackers evolve their strategies in light of heavy crackdowns and supply chain insecurities,” said Kevin Breen, director of cyber threat research in a statement to SHRM. “The attackers will always have the first-move advantage.”
A malware attack occurs when a malicious code or file is shared to a computer, network or server and gains unauthorized access to information. Malware is often used to steal or delete sensitive data, access credentials and administrative passwords and more.
- “There are now more than 450,000 malware programs out there.” [AV-TEST]
- “According to Kaspersky Security Network, in Q1 2022: 6,463,414 mobile malware, adware and riskware attacks were blocked.” [Kapersky]
- “46% of hackers disseminating malware deliver it almost exclusively through email.” [Verizon]
When a data breach occurs, sensitive or protected data is compromised and often released or sold.
- A 2021 report found that “data breach costs rose from USD 3.86 million to USD 4.24 million, the highest average total cost in the 17-year history of this report.” [IBM]
- A 2019 report estimates that the cost of data breaches will increase $3 trillion every year to over $5 trillion in 2024. This would represent a growth of 11%. [Juniper Research]
Stalkerware is any monitoring or spying software used for cyberstalking.
- “In 2021, Kaspersky’s data shows that 32,694 unique users were affected by stalkerware globally.” [Kaspersky]
- A Malwarebytes report states that “in 2021, Malwarebytes recorded a total of 54,677 detections of Android monitor apps and 1,106 detections of Android spyware apps. This represents a 4.2 percent increase in monitor detections and a 7.2 percent increase in spyware detections year-on-year, making 2021 even worse than 2020, and the worst year for stalker ware so far.”
- “In the second half of 2021, average monthly detections for monitor apps fell by 39 percent, to just 3,459 detections per month, compared to an average of 5,654 detections per month in the first half of 2021. The same trend happened with spyware too: Average monthly detections fell by 20 percent in the second half of the year compared to the first half.” [Malwarebytes]
DDoS, or distributed denial-of-service, is a malicious attack to disrupt the normal operations of a network or server by flooding it with a large amount of internet traffic.
- “The cost of a DDoS attack according to recent security surveys averages between $20,000 – $40,000 per hour.” [Cox BLUE]
- “80% of banking and e-commerce mobile apps are vulnerable to DDoS attacks.”[Appknox]
- “Out of many attacks in [cloud] environments 14% are DoS attacks.” [ResearchGate]
Cyberattack Statistics by Industry
Cybercriminals are not selective about who they target. No industry is safe from cyberattacks. Companies throughout industries must have cyber professionals on their staff to help prevent and navigate cyberattacks.
- Over 50 million healthcare records were breached in 2021. [Protenus]
- “Upon review of the 2021 major healthcare data breaches due to IT/hacking, in about two-thirds of the attacks, the breached data was located in one or more network servers.” [Infoblox]
“The need for proactive patient privacy monitoring has never been greater. The threats we’re seeing today are much more intrusive than in years past and can come from multiple sources — a random employee snooping or a sophisticated cybersecurity hacker that gains access through an employee channel,” said Nick Culbertson, CEO of Protenus, in a statement to HIPAA Journal. “Once a breach erodes patient trust in your organization, that’s extremely difficult to recover from.”
A report from VMware states the following:
- “63% of financial institutions experienced an increase in destructive attacks, a 17 percent increase from last year.”
- “71 percent of financial institutions noted an increase of wire transfer fraud this year.”
- “74 percent of financial sector security leaders experienced one or more ransomware attacks in the past year, and 63 percent of those victims paid the ransom.”
- According to Microsoft, “nearly 80% of nation-state attackers targeted government agencies, think tanks and other non-government organizations.”
- Microsoft also stated that the United States remains the most highly targeted country, with 46% of global cyberattacks being directed toward Americans.
Small and Medium-sized Businesses
- “54% [of small and medium businesses] have no plan in place to deal with a cyber-attack…83% have no funds set aside to deal with the fall-out from one.” [InsuranceBee]
- “Cyber attacks on SMBs have been increasing with 43% of cyber attacks targeting small businesses.” [Untangle]
Higher Ed / School Districts
A 2021 Comparitech blog post found that there have been:
- “1,851 data breaches in educational institutions since 2005”
- “At least 28,569,864 individual records were affected as a result of these breaches”
- “65 percent of breaches occurred in post-secondary institutions”
- “87 percent of records affected were from post-secondary institutions”
COVID-19 Cybersecurity Statistics
- In the first quarter of 2020, the Arkose Labs network recorded the highest attack rate [of online fraud] ever seen. 26.5% of all transactions were fraud and abuse attempts, which is a 20% increase over the previous quarter. [GlobeNewswire]
- “The increase in remote and hybrid work arrangements, expanded use of telehealth services, and further growth of e-commerce—trends that were accelerated by the COVID-19 pandemic and are expected to continue post pandemic—will increase the need for enhanced cybersecurity measures and generate additional demand for computer occupations.” [U.S. Bureau of Labor Statistics]
Cryptocurrency Cybersecurity Statistics
- “In the year 2021, hackers stole a total of $14 billion altogether. Some of the most common types of attacks include breaches of exchanges and blockchain info wallet.” [PolicyAdvice]
- “As of 2021, the cryptocurrency market has an impressive value of $1 trillion that is set to grow even higher in 2022.” [PolicyAdvice]
- “Throughout 2021, the CrowdStrike Falcon OverWatch™ team has observed the volume of cryptojacking intrusions more than quadruple compared to 2020.” [CrowdStrike]
Cyberattack Statistics by Devices & Platforms
Since technology has evolved exponentially, so has cybercriminals’ access to online devices.
Mobile Devices and Apps
According to Secure-D:
- “1 in 6 users conducting a transaction had malware infected devices.”
- “95% of all mobile ad transactions processed were fraudulent.”
- “More than 45,000 malicious apps were identified.”
- “29% of malicious apps went through the Google Play Store, but there was a shift away from Google’s official storefront to less secure third-party stores.”
- “Almost half of U.S. gamers (46%) say they don’t think twice about sharing personal information when signing up for gaming accounts. In fact, two-thirds of American gamers (65%) say they trust gaming companies will protect their personal information and data.” [Norton LifeLock]
- In 2021, video games were the #1 targeted category by fraudsters. [Secure]
- In 2020, there were around 1.5 million cyberattacks on IoT devices. [AI Multiple]
- “Over 50% of connected devices in a typical hospital have critical risks present.” [Cynerio]
- “In 2021, 74% of companies faced at least one situation where there was a lack of appropriate security solutions, and 53% abandoned implementing new IT solutions, updating corporate policy, or even launching a new business project because they were unable to address cybersecurity risks.” [Kaspersky]
- “Social media messages are another area of concern when it comes to phishing, and LinkedIn phishing messages dominate as the top social media email subject to watch out for, holding the number one spot at 47%.” [KnowBe4]
- In 2019, 96% of Baby Boomers were distrustful of social media when it came to protecting their data, followed by 94% of Gen Xers, 93% of Gen Z, and 92% of Millennials. [Malwarebytes]
Recent Cyberattacks & Breaches
Cash App hacked by a former employee, April 2022
- “The San Francisco-based company declined to say how many Cash App customers were impacted by the breach but said it’s contacting approximately 8.2 million current and former customers about the incident.” [TechCrunch]
Colonial Pipeline breach in May 2021
- Colonial Pipeline fell victim to a major cyber breach that leaked passwords, data, and other sensitive information… [and] was forced to shut down for the first time in 57 years and ended up paying $4.4 million in ransom to the attackers in response to the threats.” [Cobalt]
Zoom hack in April 2020
- Over 500,000 Zoom accounts were sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free. [BleepingComputer]
Blackbaud attack in September 2020
- “The May ransomware attack on cloud-based fundraising database management vendor Blackbaud continues to rack up victims in the healthcare sector.” [Data Breach Today]
Cybersecurity Outlook for 2022
- “87% of executives are planning to improve cyber resilience at their organization by strengthening resilience policies, processes and standards for how to engage and manage third parties.” [World Economic Forum Global Cybersecurity Outlook 2022]
- “There is no reason to believe the level of data compromises will suddenly decline in 2022. As organizations of all sizes struggle to defend the data they hold, it is essential that everyone practice good cyber-hygiene to protect themselves and their loved ones from these crimes.” – Eva Velasquez, President and CEO of Identity Theft Resource Center [Identity Theft Resource Center]
The career outlook is in a “seller’s market” — there is almost a zero percent unemployment rate and companies and government agencies are competing for top talent in the field. For those looking to get into the field, experience is key. This can be obtained by pursuing internships in the field, getting a certificate or higher education degree and entering a career in an entry-level cybersecurity position.
How to Protect Yourself from Cyberattacks in 2022
- Educate your staff: Require employees to take periodic training on common cyberattack types.
- Hire the right talent: Make sure there is a cybersecurity professional on your IT team who is qualified and has the knowledge to protect your company.
- Have the right security measures: One of the easiest ways to protect yourself from an attack is to prevent them. This means making sure there are no vulnerabilities in your network or server, enabling multi-factor authentication, working on a closed network and more.
- Control admin access: Limit admin access only to those who need it.