Global cybercrime damages are predicted to cost up to $10.5 trillion annually by 2025 (Cybersecurity Ventures). Not getting caught in the landslide is a matter of taking in the right information and acting on it quickly.
We collected and organized over 300 up-to-date cybercrime statistics that highlight:
- The magnitude of cybercrime operations and impact
- The attack tactics bad actors used most frequently in the past year
- How user behavior is changing… and how it isn’t
- What cybersecurity professionals are doing to counteract these threats
- How different countries fare in terms of fighting off attackers, including other nation-states
- What can be done to keep data and assets safe from scams and attacks.
Dig into these surprising (and sometimes mind-boggling) cybercrime statistics to understand what’s going on globally and discover how several countries fare in protecting themselves.
The article includes plenty of visual representations of the most important facts and figures in information security today.
Headline cybercrime statistics for 2019-2024
With the threat landscape always changing, it’s important to understand how cyber attacks are evolving and which security controls and types of training work.
- There were 30 million new malware samples detected in 2023 (AV-Test). This actually represents a two-third reduction since the year prior.
- In 2019, 93.6% of malware observed was polymorphic, meaning it has the ability to constantly change its code to evade detection (2020 Webroot Threat Report). However, we’re beginning to see the adoption of machine-learning powered tools that can detect commonalities between any given app and known malware families (Webroot’s Nastiest Malware 2023 Report).
- 45% of business PCs and 53% of consumer PCs that got infected once were re-infected within the same year (2022 Webroot Threat Report)
- A 2007 study from the University of Maryland found that malicious hackers were previously attacking computers and networks at a rate of one attack every 39 seconds. The Internet Crime Complaint Center’s 2022 report found that there were 800,944 reports that year. This works out at one successful attack every 0.65 seconds. Notably, this doesn’t account for attempted attacks or those that went unreported.
- 84.7% of surveyed organizations were affected by a successful cyberattack. That’s down from 85.3 percent in 2022 and 86.2 percent in 2021. (CyberEdge Group 2023 Cyberthreat Defense Report)
Almost three-quarters of IT security professionals believe their organization is “more likely… than not” to be compromised by a cyberattack in the next year.
- Mexican businesses were the most likely to fall victim to multiple attacks in 2023, followed by Australia, Germany, and the USA. (CyberEdge 2023 Cyberthreat Defense Report)
Naturally, these facts and figures are just the tip of the iceberg. The deeper we dive into the wealth of information cybersecurity reports now offer, the clearer and more unnerving the picture becomes.
Ransomware statistics 2024
Ransomware infection rates have skyrocketed in recent years, largely due to the increased importance of online learning and teleworking platforms.
- US ransomware attacks cost an estimated $449 million in the first half of 2023 alone. (Emsisoft)
- 493.3 million ransomware attacks occurred in 2022, down slightly from the previous year. (SonicWall)
- The Cybersecurity and Infrastructure Security Agency reported in February 2022 that ransomware incidents happened in 14 out of 16 critical US infrastructure sectors. (CISA)
- Emsisoft reports that 141 hospitals, 108 school districts, and 95 government entities were impacted by ransomware in 2023.
- According to a 2023 report, 93% of ransomware attacks specifically targeted backup repositories and 75% of those attempts were successful. (Veeam)
- Over 37,700 ransomware attacks happen every hour globally. That is about 578 ransomware attacks each minute. (Matthew Woodward)
- The State of Maine suffered a data breach in 2023 that led to the loss of over a million citizens’ data.
- In 2022, American educational establishments lost approximately $9.45 billion to downtime following ransomware attacks.
- In 2023, 66 individual ransomware attacks cost US healthcare organizations an estimated $14.7 billion. (Comparitech)
- One out of five Americans has dealt with a ransomware attack. (The Harris Poll)
- Ransomware is involved in around 24% of malware security incidents, up from 17 percent in 2022 but still down from 27% in 2021. (Verizon 2023 Data Breach Investigations Report)
- Ransomware payments have hit a new high. The average payout in Q2 2023 was $1.54 million, up almost 100 percent year-on-year. (Coveware)
- The average downtime due to a ransomware attack was 22 days in Q3 of 2021 compared to 19 days in Q3 2020. (Coveware’s Q3 2021 Ransomware Marketplace report)
Downtime is still the most dangerous aspect of a ransomware attack, and one of the reasons data exfiltration should not present as much of a challenge to victims as business interruption.
Coveware’s Q3 2020 Ransomware Marketplace report
- Ransomware attacks can be extremely costly. For example, an attack involving the NotPetya ransomware cost shipping firm Maersk more than $200 million.
- In 2023, the average global cost to remediate a ransomware attack rose to $1.82 million, more than double 2021’s average ($761,106). (Sophos The State of Ransomware 2023)
- Organizations in Singapore, South Africa, Spain, and Switzerland are most likely to be hit by ransomware attacks. In India, the prevalence is especially high with 84% of organizations dealing with ransomware. South Africa has the next highest incidence, at 78%. (Sophos The State of Ransomware 2023)
- Kaspersky detected over 1,800 new mobile ransomware Trojans in Q3 2023. (Kaspersky Labs)
- In 2023, Yemen, Bangladesh, and South Korea top the list of countries attacked by ransomware in terms of share of users. (Kaspersky Labs)
What makes the ransomware problem worse is that nation-states are involved. Investigations proved that the WannaCry and NotPetya ransomware attack campaigns were orchestrated by nation-state actors. They may have started in 2017, but their effect continued into 2020. The objective was to destroy information or cause distractions rather than to derive financial benefits.
Datto’s Global State of the Channel Ransomware Report 2020 shows that ransomware is still a huge cause for concern for any type of organization, particularly SMBs. Datto surveyed more than 200 Managed Service Providers (MSPs), partners, and clients across the globe. Here are some of the key findings:
- 89% of MSPs state that ransomware is the most common threat to SMBs.
- 64% reported attacks against clients in the first half of 2019, representing an 8% increase year-on-year. However, only 5% report multiple attacks in one day, down from 15% in 2018.
- Two out of five SMBs have fallen victim to a ransomware attack.
One somewhat alarming disconnect was revealed in the report:
90% of MSPs are “very concerned” about the ransomware threat and 24% report their SMB clients feel the same.
Datto’s Global State of the Channel Ransomware Report 2020
Phishing emails, lack of training, and weak passwords are some of the top causes of ransomware attacks.
Downtime costs increased by 75% year-over-year.
The average cost of downtime is 24 times higher than the average ransom amount.
On the bright side, having Business Continuity and Disaster Recovery (BCDR) solutions in place is a huge plus. Three out of four MSPs said that clients with BCDR solutions recovered from an attack within 24 hours.
The vast majority of MSPs (75%) admitted that they too are increasingly targeted in cyberattacks involving ransomware.
According to Kaspersky, 694 million ransomware attacks were blocked in Q3 2023. This was a 30% reduction from the number blocked in Q3 2022.
While ransomware infection rates are declining, companies are continuously choosing to pay the ransom. The 2023 CyberEdge Cyberthreat Defense Report revealed that 59.7% of organizations hit by ransomware pay to get their data unlocked, further fueling cyber criminal activities.
“The more confident organizations are that they will recover their data upon paying ransoms, the more likely they’ll be to actually pay the ransoms”
CyberEdge 2021 Cyberthreat Defense Report
In terms of geographical distribution, ransomware hit businesses in Germany, Saudio Arabia, and China the hardest in 2023.
Because cybersecurity is a discipline with widespread implications and interdependencies, we’re going to dive into the most prominent attack tactics next. Recent reports overflow with data that both concerns companies across industries and addresses particular issues.
Other common cyber attack tactics
Ransomware is not the only concern. Over the next sections, we’ll take a look at other common attack vectors.
Favored cyber attack tactics include cryptojacking and encrypted communication
Cryptojacking attacks made a comeback in 2023 after seeing huge declines in the latter half of 2019. All in all, there was an rise of around 40 million year on year. (2023 SonicWall Cyber Threat Report)
Cybercriminals now spread malware that infects victims’ computers and unlawfully uses their processing power to mine cryptocurrency, such as Bitcoin or Monero.
The dropping value of cryptocurrencies may have weakened interest in ransomware but mining for virtual currencies is still hugely relevant. That said, the landscape is shifting:
“Due to its high availability and ease of use, XMRig was once again the cryptominer of choice. In 2022, 89.4% of all cryptojacking attempts recorded by SonicWall were based on XMRig, up from 67.4% in 2021.”
2023 SonicWall Cyber Threat Report
In the ENISA Threat Landscape 2021 report, ENISA Notes that in Q1 2021, the volume of infections reached a record high compared to the last few years. Indeed, cryptomining malware increased 117%.
But cryptojacking is not the only attack giving CISOs, CIOs, and IT managers more trouble than they can handle. Statistics show that several threat vectors are cause for concern.
Cybercriminals are quick to find ways to get around strengthened security including searching for the presence of a virtual machine before trying to run malware. (2023 State of the Software Supply Chain)
Malicious documents are also a well-known infection vector that hasn’t lost its popularity: in its 2018 Annual Cybersecurity Report, Cisco found that, globally, 38% of malicious email attachments were Microsoft Office formats such as Word, PowerPoint, and Excel. (Cisco)
Archive files, the likes of .zip and .jar, represent around 37% of all malicious file extensions Cisco observed, with malicious PDF files accounting for 14% of the total. (Cisco)
The dangerous RedLine Stealer trojan is being sold on hacking forums and the Dark Web for as little as $150. In 2022, cybersecurity experts discovered the trojan being spread in fake Windows 11 upgrades. It allows hackers to steal passwords, credit card information, and other sensitive personal data.
Besides the already classic attack vectors, cybercriminals are also looking to piggyback on the boom in ecommerce and online shopping:
“While attacks on household names make headlines, Symantec’s telemetry shows that it is often small and medium sized retailers, selling goods ranging from clothing to gardening equipment to medical supplies, that have had formjacking code injected onto their websites. This is a global problem with the potential to affect any business that accepts payments from customers online.”
2019 Internet Security Threat Report by Symantec
The increasing adoption of cloud-based platforms is still leaving cybersecurity professionals playing catch-up:
- 93% of companies deal with rogue cloud apps usage (Imperva 2019 Cyberthreat Defense Report)
- 82% of cloud users have experienced security events caused by confusion over who is responsible to secure the implementations (Oracle and KPMG Cloud Threat Report 2019)
Imperva 2019 Cyberthreat Defense Report
Here are some key statistics that highlight the diversity in malicious tactics and strategies:
Malware may be present on your device before you ever even interact with it. Research indicates the Android phones in China may be shipping with apps that collect your location, contact details, and profile information. (ENISA Threat Landscape 2023 – Malware)
Financial trojans may have steadily declined in volume but they’re still one of the biggest threats against consumers; the most prevalent financial trojan of 2020 was Trickbot which took over the market share of Emotet after it was taken down (ENISA Threat Landscape 2021)
In 2019, polymorphic malware accounted for almost 94% of all malicious executables (2020 Webroot Threat Report)
In 2022 supply chain attacks became much more common because of how a single such attack can impact multiple victims. For example, the Kaseya breach impacted over 1,500 companies.
2020 Webroot Threat Report
Physical attacks are also on the rise, as cybercrime statistics show:
27% of cybersecurity incidents in 2020 started or finished with a physical action (ENISA Threat Landscape 2020 – Physical Threats)
Physical attacks are falling out of vogue, with just 46 incidents in 2023. However, ENISA noted an increase in QR codes being posted in real-world locations. (ENISA Threat Landscape 2023)
None of this is helped by the fact that 65% of employees have admitted to behaving in ways that may risk physical security (ENISA Threat Landscape 2020 – Physical Threats)
In Europe, Black box ATM attacks increased by 269% in the first half of 2020 compared to H1. Related losses increased from €1,000 to over €1 million compared to the previous year. However, losses fell 37% to €0.63 million in the six months of 2021 (European Association for Secure Transactions (EAST) European Payment Terminal Crime Report)
Although most organizations recognize the threat that insiders can pose, it’s difficult to accurately determine how widespread the problem is. That’s because most businesses are hesitant to admit that they’ve been breached, let alone from the inside. (ENISA Threat Landscape 2023)
ENISA Threat Landscape 2020 – Insider Threat
Motivations are also changing, moving from making money through nefarious tactics to collecting data that can be used to cash out on multiple subsequent attacks:
“The most likely reason for an organization to experience a targeted attack was intelligence gathering, which is the motive for 96 percent of groups.”