cybersecurity statistics and facts

According to a recent cybersecurity report published by Symantec, cyber crime -- directed towards large organizations, companies, as well as individuals -- is on the rise. We took a look at some of the key facts and figures associated with the current state of cyber crime and cyber security.

Cyber Crime: Statistics and Facts

  • Overall, there was a whopping 600% increase in cyber attacks in 2017. From 6000 attacks in 2016 up to 50,000.
  • In addition, targeted attack activity increased by 10% in 2017 from the preceding year. 
  • China is responsible for the highest share of coordinated attacks, accounting for 21%, followed by the United States (11%), Brazil (7%), and the Russian Federation (6%) 
  • The U.S. has been by far the nation most affected by coordinated cyber attacks, experiencing 303 attacks from 2015 to 2017, followed by India, which faced 133, and Japan hit by 87. 
  • A recent report by Microsoft estimates that the total potential cost of cybercrime to the global community may add up to $500 billion dollars. 
  • Other organizations believe the total toll to be far greater, with a report by Cybersecurity Ventures predicting that total global cyber crime-related costs will reach 6 trillion by 2021. 
  • In 2017, the United State’s largest credit bureau, Equifax, was victim to a data breach that compromised the personal data of 145 million people, becoming one of the worst breaches, yet.
  • 198 million US voter records were accessed and exposed on account of a “misconfiguration.” 
  • According to a cybersecurity report conducted by the Ponemon Institute, 83% of financial companies are hit by upwards of 50 attacks a month, along with 44% of retail firms. 
  • An attacker spends an average of 146 days within a network before being detected. 

What are the motives behind cyber attacks and how are they executed?

  • The greatest motivation for 140 major attack groups targeted by Symantec in their all-encompassing study was intelligence gathering, accounting for 90% of attacks. 
  • Analyzing 20 of the most active attack groups and their attacks over the past few years, Symantec concluded that an average of 42 organizations were compromised, as well 65 individuals. The groups used an average of 4 tools to launch their attacks, with one using a whopping 18 in one attack. 
  • In 2017, spear phishing was the method used by 71% of organized attack groups, while the exploitation of zero-day capabilities has declined, being used by only 27% of the 140 attack groups tracked by Symantec. 

How are small and medium-sized businesses affected by cyber attacks?

Large scale cyber attacks on government agencies and large financial firms get most of the press attention, but smaller firms and enterprises are heavily affected by cybercrime, as well.

  • Small businesses are the targets of 43% of cyber attacks. 
  • Acts of malicious intent are the most common cause of data security breach, accounting for 48% of attacks, with the rest being caused by system failure or human error. 
  • 20% of medium and small businesses become the targets of cybercrime attacks. 
  • Cyber attacks can be devastating for a small business: 60% of those affected by a cyber attack go out of business in the following six months. 
  • Cleaning up in the aftermath of a data breach costs a company an average of $3.8 million. 

How are individuals vulnerable to cyber crime?

In addition to the threat posed to governments and industries, billions of internet users around the world are also the target of cyber crime through unknowing malware downloads, email scams, mobile phone breaches and other forms of online identity fraud.

  • Humans are shifting into the top target of attacks from cyber criminals, rather than machines. It is predicted that their will be 6 billion internet users worldwide by 2022, up from 3.8 billion in 2017. (
  • California led U.S. states in number of cybercrime victims in 2016 with 39,547
  • Risk of account takeover fraud of social media platform accounts grew by 46% in 2016 as the amount of personal information shared by people over such platforms has grown. 
  • The U.S. accounted for over half the world’s mobile malware blocked in 2017, at 57%
  • The most common information leaked by malicious mobile apps is your phone number (63%), followed by device lock information (37%). 
  • New variants of mobile malware up 54%, from 17K in 2016 to 27K in 2017. 
  • The percentage of email qualifying as spam went up to 55% in 2017, 2 percentage points higher than in 2016. 
  • Ransomware (a form of malicious software that threatens you with harm once installed, typically in the form of publishing your data, if you do not pay the amount of money demanded) variants increased by 46% in 2017.

What is the current outlook on the efficacy of cybersecurity systems and other defense measures?

With cyber attacks ramping up on all levels, let’s look at how firms and organizations are defending themselves, as well as how confident employees at such firms feel about their employer’s ability to mitigate risks associated with cyber crime. Overall, the current feeling is that firms’ measures to defend themselves are inadequate, and many are not confident that security will improve in the near future.

  • Despite the great risk of attack, over half of small businesses (51%) do not spend any of their budget on mitigating cyber risks. 
  • Just 14% of small businesses consider their ability to successfully fend off cyber attacks and other risks as highly effective. 
  • 58% of surveyed finance industry workers, and 71% of retail industry workers state they are not optimistic about their company’s chances of improving its ability to detect intrusions by malicious attack groups within the next year. 
  • 90% of CIO’s believe they are wasting millions of dollars on insufficient cybersecurity, while 87% believe their security measures are not adequately protecting their business.
  • 780,000 people were employed in cybersecurity positions in 2017, with an estimated 350,000 openings looking to be filled. 
  • At the rate that new positions in cybersecurity are opening, it is expected that at least a half million positions will be unfilled by 2021. 
  • The US federal government is taking the threat of cyber crime and data breaching much more seriously than in the past: Unclassified federal cyber spending went from $7.5 billion in 2007 to $28 billion in 2016