LOGIN

Costly Oversights

Board Responsibility & Liability

  • Law

Given new governmental regulations, many Boards of Directors now take a very active interest in cybersecurity. They want to know about current and evolving risks, as well as the organization’s security preparedness and response plans. The financial impact of a cyberattack can be significant and can include costly class-action lawsuits, which may reflect on Boards’ fiduciary responsibility to preserve corporate financial value.

Noteworthy hacking statistics

  1. The average cost of a data breach was $4.88 million in 2024, the highest average on record. (IBM)
  2. 88% of cybersecurity breaches are caused by human error. (Stanford)
  3. The average time to identify a breach is 194 days. (IBM)
  4. The average lifecycle of a breach is 292 days from identification to containment. (IBM)
  5. The likelihood that a cybercrime entity is detected and prosecuted in the U.S. is estimated at around 0.05%. (World Economic Forum)
  6. 68% of breaches involved a human element in 2024. (Verizon)
  7. In 2022, the Federal Trade Commission received more than 1.1 million reports of identity theft (US News)
  8. In 2023, security breaches saw a 72% increase from 2021, which held the previous all-time record. (Forbes)
  9. Cyber fatigue, or apathy to proactively defending against cyberattacks, affects as much as 42% of companies. (Cisco)
  10. 64% of Americans have never checked to see if they were affected by a data breach. (Varonis)
  11. The U.S. was the target of 46% of cyberattacks in 2020, more than double any other country. (Microsoft)
  12. 56% of Americans don’t know what steps to take in the event of a data breach. (Varonis)
  13. 97% of organizations have seen an increase in cyber threats since the start of the Russia-Ukraine war in 2022. (Accenture)

Historic data breaches

  1. Over 560 million Ticketmaster customers had their information stolen in a 2024 breach. (BBC
  2. A 2021 LinkedIn data breach exposed the personal information of 700 million users or about 93% of all LinkedIn members. (RestorePrivacy)
  3. An attack on Microsoft in March 2021 affected more than 30,000 organizations in the U.S., including businesses and government agencies. (Microsoft)
  4. In April 2021, a two-year-old vulnerability was discovered that exposed the personal information of more than 533 million users. (Auth0)
  5. Using a single password, hackers infiltrated the Colonial Pipeline Company in 2021 with a ransomware attack that caused fuel shortages across the U.S. (Bloomberg)
  6. Meat processing company JBS was the victim of a ransomware attack that shut down beef and poultry processing plants on four different continents. (Wall Street Journal)
  7. In 2023 T-Mobile disclosed its second data breach of the year involving the theft of 836 customers' personal data, the first data breach affected approximately 37 million customers. (itgovernanace)
  8. In September 2021, Neiman Marcus found an 18-month-old data breach that exposed payment data and other information for 4.6 million shoppers. (Neiman Marcus)
  9. Personal data belonging to more than 100 million Android users was exposed in a 2021 data leak due to misconfigured cloud services. (Check Point)
  10. Trading app Robinhood fell victim to a social engineering attack that compromised the personal data of 5 million users. (Robinhood)
  11. A 2020 Twitter breach targeted 130 accounts including those of past U.S. presidents and Tesla CEO Elon Musk, resulting in attackers swindling $121,000 in Bitcoin through nearly 300 transactions. (CNBC)
  12. In 2023, X (formerly Twitter) was targeted by a criminal hacker that leaked more than 220 million users email addresses. (IT Governance)
  13. 500 million consumers, dating back to 2014, had their information compromised in the Marriott-Starwood data breach made public in 2018. (CSO Online
  14. The 2019 MGM data breach resulted in hackers leaking records of 142 million hotel guests. (CPO Magazine)
  15. In 2018, Under Armour reported that its “My Fitness Pal” app was hacked, affecting 150 million users. (Under Armour)
  16. 100,000 groups and more than 400,000 servers in at least 150 countries were infected by the Wannacry virus in 2017, at a total cost of around $4 billion. (Technology Inquirer
  17. Uber tried to pay off hackers to delete the stolen data of 57 million users and keep the breach quiet. (Bloomberg)
  18. In one of the biggest breaches of all time, three billion Yahoo accounts were hacked in 2013. (New York Times
  19. In 2020, cybercriminals cloned the voice of a U.A.E. company director to initiate a $35 million bank transfer. (Forbes)
  20. In 2023 AT&T a breach exposed approximately 9 million customers' personal details. (IT Governance)

Employees may be a company’s biggest cybersecurity risk

  • Cyber Threats

People are part of the problem when it comes to information security, so they need to be part of the solution. According to Deloitte, over 70% of companies surveyed in a recent study rated lack of employee security awareness as a vulnerability.

Ransomware and malware attack statistics

  1. The average ransomware payout has increased dramatically from $812,380 in 2022 to $1,542,333 in 2023. (SC Magazine)
  2. The number of ransomware victims in March 2023 was nearly double the number from the previous year. (Forbes)
  3. More than 300,000 Android users have downloaded banking trojan apps via the Google Play Store. (Threat Fabric)
  4. An average of around 24,000 malicious mobile apps are blocked daily on the internet. (Tech Jury)
  5. Nearly half (47.4%) of all internet traffic came from bots in 2022, which is a 5.1% increase over 2021 (Imperva)
  6. From November 2021 to October 2022, Microsoft Office applications were the most commonly exploited applications worldwide at 70% (Statista).
  7.  94% of malware is delivered by email. (Verizon)
  8. The average cost of a ransomware recovery in 2024 is $2.73 million. (Sophos)
  9. Only 8% of businesses that pay ransom to hackers receive all of their data in return. (Sophos
  10. From November 2021 to October 2022, Microsoft Office applications were the most commonly exploited applications worldwide at 70% (Statista).
  11. In the first half of 2022, researchers flagged almost 79 million domains as malicious, based on a newly observed domain dataset. (Akamai
  12. 75% of orgs suffered at least one ransomware attack last year. (Infosecurity Mag)
  13. Approximately 20% of all newly observed domains (NODs) that were successfully resolved were flagged as malicious in the first half of 2022. (Akamai)

Phishing attack statistics

  1. 57% of organizations see weekly or daily phishing attempts. (GreatHorn)
  2. Phishing was the leading infection vector, identified in 41% of incidents, making it the most common initial attack vector. (IBM
  3. 26% of phishing attacks exploited public-facing applications. (IBM)
  4. Phishing attacks account for more than 80% of reported security incidents. (CSO Online)
  5. $17,700 is lost every minute due to a phishing attack. (CSO Online)

Stats on IoT, DDoS, and other attacks

  1. Use of stolen cards is the most common type of threat, followed by ransomware and phishing. (Verizon)
  2. DDoS attacks have dominated incidents, with 6,248 DDoS Attacks in 2022. (Verizon)
  3. Application-layer DDoS attacks increased by 15% in the second quarter of 2023. (Cloudflare)
  4. Incidents aimed at cryptocurrency firms surged by a staggering 600% in the first quarter of 2023, coinciding with a notable 15% upswing in HTTP DDoS attacks. (Cloudflare)
  5. 19% of data breaches involve internal actors. (Verizon)
  6. The number of IoT attacks in the world reached over 10.54 million in December 2022. (Statista
  7. Nearly 58% of IoT attacks occurred with the intent of mining cryptocurrency. (Purplesec)
  8. The average smart home could be at risk of more than 12,000 hacker attacks in one week. (Purplesec)
  9. 30% of known zero-day vulnerabilities targeted mobile devices in 2021. (Purplesec)
  10. 43% of all breaches are insider threats, either intentional or unintentional. (Check Point)
  11. Over 24 billion passwords were exposed by hackers in 2022, and 64% of passwords only contain eight to 11 characters. (Norton)

    12. The risks of not securing files are more prevalent and dangerous than ever, especially for companies with a remote workforce. More severe consequences are being enforced as stricter legislation passes in regions across the world defending data privacy. Some stand-outs from recent years include the European Union’s 2018.

  12. 66% of companies say that compliance mandates are driving spending. (CSO Online)
  13. 78% of companies expect annual increases in regulatory compliance requirements. (Thomson Reuters)
  14. For large firms, the cost of compliance can approach $10,000 per employee. (Forbes)
  15. The total amount of HIPAA violation fines and settlements in 2023 was $4,176,500. (Compliancy Group)
  16. So far, data breaches exposed 7 billion records in the first half of 2024. (IT Governance)
  17. On average, every employee has access to 11 million files. (Varonis)
  18. 15% of companies found 1,000,000+ files open to every employee. (Varonis)
  19. 17% of all sensitive files are accessible to all employees. (Varonis)
  20. About 60% of companies have more than 500 accounts with non-expiring passwords. (Varonis)
  21. More than 77% of organizations do not have an incident response plan. (Cybint)

GDPR cybersecurity statistics

  1. Spain issued 212 GDPR fines in 2021 and has issued 3x more fines than any other country. (Lexology)
  2. GDPR fines totaled 2.1 billion euros in 2023. (Statista)
  3. Adtech giant Criteo was fined over $42 million in fines for GDPR related violations. (Tech Crunch
  4. 88% of companies spent more than $1 million preparing for the GDPR. (IT Governance)
  5. In the GDPR’s first year, there were 144,000 complaints filed with various GDPR enforcement agencies and 89,000 data breaches recorded. (EDPB
  6. After many US news sites have suffered long term losses after blocking EU users as a response to GDPR. (Oxford University
  7. GDPR fines totalled $63 million in the first year. (GDPR.eu
  8. Meta was fined $1.3 billion for GDPR violations in 2023. (NYTimes)
  9. In 2023 TikTok was fined for breaching a number of GDPR rules, including failure to keep children's data safe. (Tech Crunch
  10. Spotify were fined over $5 million for breaching GDPR regulations in 2023. (Medium)
  11. 94% of US companies are not prepared to comply with GDPR Requirements. (Spice Works)

21 security spending and cost stats

Average expenditures on cybercrime are increasing dramatically, and costs associated with these crimes can be crippling to companies who have not made cybersecurity a significant part of their budget. Cybersecurity budgeting has been increasing steadily as more executives and decision-makers realize the value and importance of cybersecurity investments.

Take a look at these spending statistics and projections for an idea of where cybersecurity costs stand in 2024.

  1. The global average cost of a data breach in 2024 is $4.88 million, a 10% increase over last year. (IBM)
  2. The average per-capita cost of a data breach is $165, one dollar higher than 2022. (IBM)
  3. The average total cost of a ransomware breach is $5.13 million, 13% higher than in 2022. (IBM)
  4. US cyber insurance premiums surged 50% in 2022, reaching $7.2 billion in premiums collected from policies written by insurers. (Insurance Journal)
  5. When remote work is a factor in causing a data breach, the average cost per breach is $173,074 higher. (IBM)
  6. The global security market value is forecast to reach $424.97 billion in 2030. (Fortune Business Insights)
  7. Companies with extensive use of AI and automation security tools cost 2.2% less in breach costs. (IBM)
  8. Organizations with a zero-trust approach saw average breach costs $1.76 million less than organizations without. (IBM)
  9. A data breach can cost a company an average of $1.3 million in lost business. (IBM)
  10. Since 2020, healthcare data breach costs have increased 53.3%. (IBM)
  11. Annually, hospitals spend 64% more on advertising in the two years following a breach (American Journal of Managed Care).
  12. Phishing is the most expensive initial attack vector, costing $4.9 million in 2023 (IBM).
  13. Large enterprises spend approximately $2,700 per full-time employee per year on cybersecurity. (SecureAge Technology)
  14. The most expensive component of a cyberattack is information loss, which represents 43% of total costs (IBM)
  15. The average total cost of a data breach in smaller companies (500 employees or less) increased from $2.92 million in 2022 to $3.31 million in 2022. (IBM)
  16. The average total cost of a breach in very large companies (more than 25,000 employees) decreased from $5.69 million in 2022 to $5.42 million in 2022. (IBM)
  17. Data breaches led to an increase in the pricing of business offerings for 57% of companies. (IBM)
  18. The average total cost of a data breach in Canada decreased by 9% from $5.64 million to $5.13 million (IBM)
  19. In 2024, the United States is the country with the highest average total cost of a data breach at $9.36 million. The Middle East is a close second with $8.75 million (IBM).
  20. In 2024, spending in the cybersecurity industry is expected to be around $87 billion USD, an 8% increase from 2023. (Statista)
  21. In 2023 a data breach investigation report stated that 97% of threat actors were financially motivated. (Verizon)

Cybersecurity cost predictions

  1. Worldwide cybercrime costs are estimated to hit $10.5 trillion annually by 2025. (Cybersecurity Ventures)
  2. Global spending on cybersecurity products and services is predicted to reach $1.75 trillion cumulatively for the five-year period from 2021 to 2025. (Cybersecurity Ventures)

18 Cybersecurity statistics by industry

When it comes to cybersecurity, not all industries are created equal. Industries that store valuable information such as healthcare and finance are usually bigger targets for hackers who want to steal social security numbers, medical records, and other personal data. 

This doesn’t mean lower-risk industries aren’t victims, too. They’re often targeted due to the likelihood that they’ll have fewer security measures in place and their information will be more easily accessible.

:: Healthcare cybersecurity stats ::
  1. There were over 630 ransomware incidents impacting healthcare worldwide in 2023. (HHS)
  2. The WannaCry ransomware attack cost the U.K.’s National Health Service (NHS) more than $100 million. (Datto)
  3. The cost of downtime to medical organizations due to attacks is estimated to bbe $15.5 million in 2023. (Comparitech)
  4. 32% of all recorded data breaches between 2015 and 2022 were in the healthcare industry. (HIPAA Journal)
:: Finance and crypto cybersecurity stats ::
  1. Cryptocurrency payments to ransomware attackers hit $449.1 million in the first half of 2023. (Reuters)
  2. Financial services have 449,855 exposed sensitive files, 36,004 of which are open to everyone in the organization. This is the highest when comparing industries. (Varonis)
  3. On average, 70% of sensitive files in the financial services industry are stale. (Varonis)
  4. On average, a financial services employee has access to nearly 11 million files the day they walk in the door. For large organizations, employees have access to 20 million files. (Varonis)
  5. Financial services businesses take an average of 233 days to detect and contain a data breach. (Varonis)
  6. The average cost of a financial services data breach is $4.45 million. (IBM)
  7. Financial breaches account for 10% of all attacks. (Verizon)
  8. 74% of financial and insurance attacks comporimised personal details (Verizon)
  9. In April 2022, decentralised finance platform Beanstalk Farms lost $180 million in a cryptocurrency heist (CEIP)
:: Government cybersecurity stats ::
  1. Manufacturing accounted for 65% of industrial ransomware incidents in 2022. (NAM)
  2. 58% of nation-state cyberattacks originate from Russia. (Microsoft)
  3. 79% of nation-state attackers target government agencies, non-government organizations (NGOs), and think tanks. (Microsoft)
:: Enterprise cybersecurity stats ::
  1. Smaller organizations (one to 250 employees) have the highest targeted malicious email rate at one in 323. (Comparitech)
  2. In Europe, U.K. companies are the most likely to be targeted by phishing attacks, followed by Spain (Slash Next)

The Importance of Cybersecurity Training

  • Employee Vulnerabilities

People are part of the problem when it comes to information security, so they need to be part of the solution. According to Deloitte, over 70% of companies surveyed in a recent study rated lack of employee security awareness as a vulnerability.

  1. A 2021 LinkedIn data breach exposed the personal information of 700 million users or about 93% of all LinkedIn members. (RestorePrivacy)
  2. An attack on Microsoft in March 2021 affected more than 30,000 organizations in the U.S., including businesses and government agencies. (Microsoft)
  3. In April 2021, a two-year-old vulnerability was discovered that exposed the personal information of more than 533 million users. (Auth0)
  4. Using a single password, hackers infiltrated the Colonial Pipeline Company in 2021 with a ransomware attack that caused fuel shortages across the U.S. (Bloomberg)
  5. Meat processing company JBS was the victim of a ransomware attack that shut down beef and poultry processing plants on four different continents. (Wall Street Journal)
  6. Nearly 48 million people had their personal information stolen in a 2021 T-Mobile data breach. (T-Mobile)
  7. In September 2021, Neiman Marcus found an 18-month-old data breach that exposed payment data and other information for 4.6 million shoppers. (Neiman Marcus)
  8. Personal data belonging to more than 100 million Android users was exposed in a 2021 data leak due to misconfigured cloud services. (Check Point)
  9. In November 2021, Panasonic announced that business partner data, job candidate information, and information about interns were accessed in a breach. (Tech Crunch)
  10. Trading app Robinhood was victim to a social engineering attack that compromised the personal data of 5 million users. (Robinhood)
  11. A 2020 Twitter breach targeted 130 accounts including those of past U.S. presidents and Tesla CEO Elon Musk, resulting in attackers swindling $121,000 in Bitcoin through nearly 300 transactions. (CNBC)
  12. In 2020, Marriott disclosed a security breach that impacted the data of more than 5.2 million hotel guests. (Marriott)
  13. 500 million consumers, dating back to 2014, had their information compromised in the Marriott-Starwood data breach made public in 2018. (CSO Online
  14. The 2019 MGM data breach resulted in hackers leaking records of 142 million hotel guests. (CPO Magazine)
  15. In 2018, Under Armour reported that its “My Fitness Pal” app was hacked, affecting 150 million users. (Under Armour)
  16. In 2017, 147.9 million consumers were affected by the Equifax Breach. (Equifax)
  17. The Equifax breach cost the company more than $4 billion in total. (Time Magazine)
  18. In 2017, 412 million user accounts were stolen from Friendfinder’s sites. (Wall Street Journal)  
  19. 100,000 groups and more than 400,000 servers in at least 150 countries were infected by the Wannacry virus in 2017, at a total cost of around $4 billion. (Technology Inquirer
  20. In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers. (Uber)
  21. Uber tried to pay off hackers to delete the stolen data of 57 million users and keep the breach quiet. (Bloomberg)
  22. In one of the biggest breaches of all time, three billion Yahoo accounts were hacked in 2013. (New York Times
  23. In 2020, cybercriminals cloned the voice of a U.A.E. company director to initiate a $35 million bank transfer. (Forbes)

Consumer Awareness

  • Social Engineering

There are a number of ways cybercriminals can infiltrate an enterprise, but new research suggests that the biggest weakness to most companies may be the employees themselves. Malicious actors are increasingly utilizing a technique known as social engineering. In an interview with SecurityWeek, vice president and principal analyst for Forrester Research noted that educating workers about the risks associated with online communication can reduce the likelihood of experiencing a breach.

  1. The average ransomware payment skyrocketed 518% in 2021 to $570,000. (GRC World Forums)
  2. Malware increased by 358% in 2020. (Help Net Security)
  3. Ransomware attacks rose by 435% in 2020 compared to 2019. (Help Net Security)
  4. More than 300,000 Android users have downloaded banking trojan apps via the Google Play Store. (Threat Fabric)
  5. In 2018, an average of 10,573 malicious mobile apps were blocked per day. (Symantec)
  6. Around 26% of all web traffic is bad bot traffic. (Imperva)
  7. Microsoft Office documents are the most manipulated target, with attacks rising by 112%. (Help Net Security)
  8.  94% of malware is delivered by email. (Verizon)
  9. The average cost of a ransomware recovery is nearly $2 million. (Sophos)
  10. Only eight% of businesses that pay ransom to hackers receive all of their data in return. (Sophos)
  11. 48% of malicious email attachments are Microsoft Office files. (Symantec)
  12. About 60% of malicious domains are associated with spam campaigns. (Cisco
  13. On average, a company falls victim to a ransomware attack every 11 seconds. (Cybersecurity Ventures)
  14. About 20% of malicious domains are new and used around one week after they are registered. (Cisco)

Employees: Your best defense, or your greatest vulnerability

  • Employee Training

It's one of the many unpleasant realities of the constant battle to protect the enterprise. The more you invest in the physical and technology perimeters, the more vulnerable the human perimeter becomes. The more effective you are at keeping intruders out of your networks, the more likely they are to focus on your employees instead. And... by the end of this decade, untrained employees will continue to be the sleeping sentries that turn corporate security into Swiss cheese. If you don't back up your investment in security technology with an equal (and relentless) commitment to training, your employees will do more harm to your reputation than a horde of hackers. As famed hacker Kevin Mitnik observed recently, "You can have the best technology, firewalls, intrusion-detection systems, biometric devices. All it takes is a call to an unsuspecting employee, and that's all she wrote, baby. They got everything." Turning employees into sentries requires a fresh approach to training that does not rely on endless lists of security rules, or sporadic warnings from IT. Employees must be shown how their behavior can contribute to the vulnerability of their workplace, and that for security to be effective, it must become as second nature as being polite to customers.

Cybercrime just got personal – and it's time employees were educated

  • Training

The threat that employees bring to a company’s information security is a scary prospect to an IT director or CIO, whether it be deliberate or inadvertent. By and large, this threat is one of the hardest to mitigate with few solutions beyond cyber education for employees and monitoring online behaviour for signals of malicious activity.

  1. 57% of organizations see weekly or daily phishing attempts. (GreatHorn)
  2. After declining in 2019, phishing increased in 2020 to account for one in every 4,200 emails. (Symantec
  3. 65% of cybercriminal groups used spear-phishing as the primary infection vector. (Symantec)
  4. Phishing attacks account for more than 80% of reported security incidents. (CSO Online)
  5. $17,700 is lost every minute due to a phishing attack. (CSO Online)

Software Piracy Convictions on the Rise

  • Software Piracy

Most software piracy cases are brought to the courts by the BSA, a leading advocate for the global software industry. Statutory damages can be as much as $150,000 for each program copied. In addition, the government can criminally prosecute you for copyright infringement. If convicted, you can be fined up to $250,000, sentenced to jail for up to five years, or both..

  1. By 2023, the total number of DDoS attacks worldwide will be 15.4 million. (Cisco)
  2. Attacks on IoT devices tripled in the first half of 2019. (CSO Online)
  3. Malicious PowerShell scripts blocked in 2018 on the endpoint increased 1,000%. (Symantec
  4. The Mirai-distributed DDoS worm was the third most common IoT threat in 2018. (Symantec
  5. 30% of data breaches involve internal actors. (Verizon
  6. IoT devices experience an average of 5,200 attacks per month. (Symantec
  7. 90% of remote code execution attacks are associated with cryptomining. (Purplesec)
  8. 69% of organizations believe their antivirus software is useless against current cyber threats. (Ponemon Institute)
  9. One in 36 mobile devices has high-risk apps installed. (Symantec

An estimated 16.6 million people, representing 7% of all persons age 16 or older in the United States, experienced at least one incident of identity theft.

Department’s Bureau of Justice Statistics

Vulnerability of Private Personal Information

  • Identity Theft
  1. 66% of companies say that compliance mandates are driving spending. (CSO Online)
  2. 78% of companies expect annual increases in regulatory compliance requirements. (Thomson Reuters)
  3. For large firms, the cost of compliance can approach $10,000 per employee. (Competitive Enterprise Institute)
  4. In 2018, businesses spent an average of $1.3 million to meet compliance requirements and were expected to spend an additional $1.8 million. (IAAP)
  5. On average, every employee has access to 11 million files. (Varonis)
  6. 15% of companies found 1,000,000+ files open to every employee. (Varonis)
  7. 17% of all sensitive files are accessible to all employees. (Varonis)
  8. About 60% of companies have more than 500 accounts with non-expiring passwords. (Varonis)
  9. More than 77% of organizations do not have an incident response plan. (Cybint)

Medical Issues Arising from Computer Usages

Computer related injury (CRI) is a cluster of work-related symptoms in computer users such as Repetitive Strain Injury (RSI), Work Related Upper Limb Disorder (WRULD), Musculoskeletal Disorder (MSD), fatigue, migraine headaches and eye strain. These ailments have increased significantly and special precautions need to be taken.

  1. Spain issued 212 GDPR fines in 2021 and has issued 3x more fines than any other country. (Lexology)
  2. GDPR fines totaled $1.2 billion in 2021. (CNBC)
  3. Companies reportedly spent $9 billion on preparing for the GDPR and, in 2018, legal advice and teams cost UK FTSE 350 companies about 40% of their GDPR budget, or $2.4 million. (Forbes)
  4. 88% of companies spent more than $1 million preparing for the GDPR. (IT Governance)
  5. In the GDPR’s first year, there were 144,000 complaints filed with various GDPR enforcement agencies and 89,000 data breaches recorded. (EDPB
  6. 1,000 news sources blocked EU readers to avoid the GDPR compliance rules. (Nieman Lab
  7. GDPR fines totaled $63 million in the first year. (GDPR.eu
  8. Google was fined $57 billion for GDPR violations by CNIL, a French data protection agency. (TechCrunch)
  9. Since the GDPR was enacted, 31% of consumers feel their overall experience with companies has improved. (Marketing Week
  10. By 2019, only 59% of companies believed they were GDPR compliant. (ZDNet)
  11. 70% of companies agree that the systems they put in place will not scale as new GDPR regulations emerge. (DataGrail)
  12. Cybercrime’s total damages make its economic impact larger than the GDP of all but two countries: the U.S. and China. (Cybersecurity Ventures)
  13. Cyber insurance prices rose 96% in Q3 2021, marking a 204% year-over-year increase. (Marsh)
  14. When remote work is a factor in causing a data breach, the average cost per breach is $1.07 million higher. (IBM)
  15. Artificial intelligence provides the most concrete cost mitigation in data breaches, saving organizations up to $3.81 million per breach. (IBM)
  16. Organizations with a zero-trust approach saw average breach costs $1.76 million less than organizations without.
  17. Security services accounted for an estimated 50% of cybersecurity budgets in 2020. (Gartner)
  18. The average cost of a malware attack on a company is $2.6 million. (Accenture)
  19. A data breach can cost a company an average of $1.59 million in lost business. (IBM)
  20. The healthcare industry incurs the highest average data breach costs at $7.13 million. (IBM)
  21. The total cost of cybercrime for each company increased by 12% from $11.7 million in 2017 to $13.0 million in 2018. (Accenture)
  22. The average annual security spending per employee increased from $2,337 in 2019 to $2,691 in 2020. (Deloitte)
  23. The most expensive component of a cyberattack is information loss, averaging $5.9 million. (Accenture)
  24. The average cost per lost or stolen record for an individual is $146. (IBM)
  25. The average total cost of a data breach in smaller companies (500 employees or less) decreased from $2.74 million in 2019 to $2.35 million in 2020. (IBM)
  26. The average total cost of a breach in very large companies (more than 25,000 employees) decreased from $5.11 million in 2019 to $4.25 million in 2020. (IBM)
  27. Half of large enterprises (with over 10,000 employees) are spending $1 million or more annually on security, with 43% spending $250,000 to $999,999 and just 7% spending under $250,000. (Cisco)
  28. From 2019 to 2020, Scandinavia saw the largest increase in total cost of data breaches at 12%, while South Africa saw the largest decrease at 7.4%. (IBM)
  29. The United States has the highest data breach costs in the world, at $8.64 million on average, followed by the Middle East at $6.52 million. (IBM)
  30. In 2019, spending in the cybersecurity industry reached around $40.8 billion USD. (Statista)
  31. Worldwide cybercrime costs will hit $10.5 trillion annually by 2025. (Cybersecurity Ventures)
  32. More than 70% of security executives believe that their fiscal budgets will decrease in the aftermath of COVID-19. (Mckinsey
  33. There are 1,053,468 employees working in cybersecurity in the U.S. as of February 2022. (Cyber Seek)
  34. Also as of February 2022, there are nearly 600,000 job openings in the cybersecurity industry, meaning only 68% of open jobs are filled. (Cyber Seek)
  35. Washington, D.C. has the highest concentration of cybersecurity professionals at more than 8x the national average. (Cyber Seek)
  36. More open roles exist for systems security analysts than any other cybersecurity profession. (Cyber Seek)
  37. 59% of cybersecurity professionals feel the demands of their job limit them from keeping up with cybersecurity skills. (ISSA & ESG)
  38. More than half of cybersecurity professionals believe that a minimum of three years in the industry is required for proficiency. (ISSA & ESG)
  39. More than two-thirds of cybersecurity professionals struggle to define their career paths. (ISSA & ESG)
  40. 76% of cybersecurity professionals consider recruiting and hiring new employees difficult. (ISSA & ESG)
  41. 70% of cybersecurity professionals claim their organization is impacted by the cybersecurity skills shortage. (ISSA & ESG)
  42. Six in 10 security operations center professionals think only half their cybersecurity applicants are qualified. (Cyberbit
  43. Since 2016, the demand for data protection officers has skyrocketed more than 700% because of the GDPR. (Reuters)
  44. There was a 350% growth in open cybersecurity positions from 2013 to 2021. (Cybercrime Magazine)
  45. 40% of IT leaders say cybersecurity jobs are the most difficult to fill. (CSO Online)
  46. Cybersecurity engineers are some of the highest-paid positions in the industry, starting at $140K annually on average. (Cybint)
  47. The cybersecurity unemployment rate is near 0% and is projected to remain there for the foreseeable future. (Cybersecurity Ventures)
  48. By 2025, there will be 3.5 million unfilled cybersecurity jobs globally — approximately the same as in 2021. (Cybersecurity Ventures)
  49. Information security analyst job positions in the U.S. are expected to grow 31% between 2019 and 2029. (Bureau of Labor Statistics)
  50. Computer network architect job positions in the U.S. are expected to grow 5% between 2019 and 2029. (Bureau of Labor Statistics)
  51. Computer programmer job positions in the U.S. are expected to decline 9% between 2019 and 2029. (Bureau of Labor Statistics)
  52. The WannaCry ransomware attack cost the U.K.’s National Health Service (NHS) more than $100 million. (Datto)
  53. The healthcare industry lost an estimated $21 billion to ransomware attacks in 2020. (Comparitech)
  54. More than 93% of healthcare organizations experienced a data breach from 2017 to 2020. (Herjavec Group)
  55. There were 712 healthcare data breaches in 2021, exceeding 2020 by 11%. (HIPAA Journal)
  56. The total value of cryptocurrency ransoms increased almost 80,000% from 2013 to 2020. (World Economic Forum)
  57. Financial services have 449,855 exposed sensitive files, 36,004 of which are open to everyone in the organization. This is the highest when comparing industries. (Varonis)
  58. On average, 70% of sensitive files in the financial services industry are stale. (Varonis)
  59. On average, a financial services employee has access to nearly 11 million files the day they walk in the door. For large organizations, employees have access to 20 million files. (Varonis)
  60. Financial services businesses take an average of 233 days to detect and contain a data breach. (Varonis)
  61. The average cost of a financial services data breach is $5.85 million. (IBM)
  62. Financial breaches account for 10% of all attacks. (Verizon)
  63. The financial services industry incurred the most cybercrime costs in 2018 at $18.3 million. (Accenture)
  64. Trojan horse virus Ramnit largely affected the financial sector in 2017, accounting for 53% of attacks. (Cisco)
  65. Manufacturing companies account for nearly a quarter of all ransomware attacks, followed by professional services with 17% of attacks and government organizations with 13% of attacks. (Security Intelligence)
  66. 58% of nation-state cyberattacks originate from Russia. (Microsoft)
  67. 79% of nation-state attackers target government agencies, non-government organizations (NGOs), and think tanks. (Microsoft)
  68. Smaller organizations (one to 250 employees) have the highest targeted malicious email rate at one in 323. (Symantec)
  69. Lifestyle (15%) and entertainment (7%) are the most frequently-seen categories of malicious apps. (Symantec
  70. Supply chain attacks were up more than 100% year-over-year in 2021. (Symantec)
  71. Remote work and lockdowns are driving a 50% increase in worldwide internet traffic, leading to new cybercrime opportunities. (World Bank)
  72. There were nearly 800,000 complaints of cybercrime in 2020, up 300,000 from 2019. (FBI)
  73. 27% of COVID-19 cyberattacks target banks or healthcare organizations and COVID-19 is credited for a 238% rise in cyberattacks on banks in 2020. (Carbon Black)
  74. Confirmed data breaches in the healthcare industry increased by 58% during the pandemic. (Verizon)
  75. 33,000 unemployment applicants were exposed to a data security breach from the Pandemic Unemployment Assistance program in May. (NBC)
  76. Americans lost more than $97.39 million to COVID-19 and stimulus check scams. (Atlas VPN)
  77. In the first month of the pandemic, Google blocked 18 million daily malware and phishing emails related to the coronavirus. (Google)
  78. 52% of legal and compliance leaders are concerned about third-party cyber risks due to remote work since COVID-19. (Gartner)
  79. 47% of employees cited distraction as the reason for falling for a phishing scam while working from home. (Tessian)
  80. 81% of cybersecurity professionals report that their job function changed during the pandemic. (ISC)
  81. Half a million Zoom user accounts were compromised and sold on a dark web forum during the first month of the pandemic. (CPO Magazine)
  82. Remote workers have caused a security breach in 20% of organizations during the pandemic. (Malwarebytes)

List compiled by Rob Sorbers who is a software engineer specializing in web security and is the co-author of the book Learn Ruby the Hard Way. Inside Out Security.