67 Cyber Security Statistics, Facts & Trends: Data on Attacks, Breaches & Threats for 2025

Online data security is a serious concern — there were 7.6 trillion intrusion attempts in 2023, a 20% increase from 2022.¹ This cyber security statistics roundup shares some cyber security figures that can help you better understand the cyber security threats, and how industries are grappling with security breaches and the increasing risk of outside actors gaining access to sensitive information.

Cyber Security Statistics: General  

First, let’s take a look at some general trends within the cyber security industry.

• From March 2023 to May 2023, threat actors deployed 11.5 successful attacks per minute,⁵ and one-third of them were ransomware.¹³
• State-sponsored entities like Russian APT28 and the North Korean Lazarus Group were particularly active in 2023.⁵
• The number of hacking intrusions has risen 613% from 2013 to 2023.¹

Hacking Statistics

Hacking, or intrusion, is the unauthorized access or exploitation of networks or computer systems. Hackers have different motives and can disrupt operations, steal confidential data or manipulate systems. Today, hacking is among the major cyber security concerns, with cyber criminals mostly exploiting vulnerabilities in a system or codebase.

• There were 7.6 trillion hacking intrusion attempts in 2023, a 20% increase from 2022.¹
• There were 11.3 billion successful malicious intrusions in 2023.¹
• The prime target of hackers in 2023 was the finance industry, and there was a 47% increase in intrusions in 2023.¹

Statistics About Malware Attacks

Malware is malicious software designed to damage or gain unauthorized access to a network or computer system. Malware can take the form of adware, viruses, trojans and so much more. Attackers can send malware through email attachments, exploit software vulnerabilities or post malicious ads.

Protect Your Privacy. Get Our Free VPN Guide Now!

• Comprehend the essential role a VPN plays in safeguarding your digital life
• Gain a deep understanding of how VPNs function under the hood
• Develop the ability to distinguish fact from fiction in VPN promotions

Please enable JavaScript in your browser to complete this form.

Email Name

Name *

Email *

Subscribe

Malware is malicious software designed to damage or gain unauthorized access to a network or computer system. Malware can take the form of adware, viruses, trojans and so much more. Attackers can send malware through email attachments, exploit software vulnerabilities or post malicious ads.

• 71% of malware attackers have specific targets.⁶
• 17% of malware attacks target individuals.¹³
• There were 5.4 billion malware hits globally in 2021⁷; in 2023, there were 6.06 billion malware attacks recorded — the highest global attack volume since 2019.¹
• North America recorded the largest numbers of malware attacks in 2023, with over 3.17 billion attacks, followed by Europe, with over 1.4 billion malware attacks.¹

Phishing Attacks Statistics 

A phishing attack is a cyberattack where hackers deceive users into providing sensitive data such as usernames, passwords and bank details. Hackers may execute phishing attempts using copycat websites, emails and social media platforms. Users are led to believe they are browsing legitimate websites or receiving official emails, and they end up giving data to malicious individuals.

Social engineering tactics remain the foundation of successful phishing campaigns, with attackers exploiting human psychology rather than technical vulnerabilities to gain access to sensitive information. The rise of deepfakes has introduced a new dimension to phishing attacks, with AI-generated voice and video content being used to impersonate executives and authorize fraudulent transactions.

• More than half of phishing attacks in 2021 were executed for identity theft.⁹
• Americans lost $25.4 billion in phone phishing scams in 2023.¹¹
• Hackers execute 85% of mobile phishing attacks through games, social messaging platforms or social networks.¹⁰

Statistics on Ransomware Attacks

Ransomware is a type of malware attack that encrypts files and systems. The hackers usually ask for a ransom in the form of payment to decrypt such files. Hackers execute ransomware attacks using approaches like social media platforms, fake promotions and false job adverts, but there are even Ransomware as a Service options on the dark web. 

• Ransomware is the top action type for breaches. This means that most attackers mainly use ransomware to achieve their goals.⁸
• In a SonicWall survey, two-thirds of respondents indicated that business email compromise (BEC) attacks are an area of concern.⁷
• BEC attacks led to $2.9 billion in losses in 2023.¹²
• There are almost 20 ransomware attempts every second.⁷
• Global ransomware attacks peaked in 2021, with over 623 million ransomware attacks. In 2023, there were over 317 million ransomware attacks.¹
• Of the organizations that had their data encrypted by ransomware attackers in 2021, 46% of them paid the ransom.¹⁴ 

If you want to learn more ransomware stats, check out our full ransomware statistics article.

DDoS Attacks Statistics

Distributed denial of service (DDoS) attacks involve malicious individuals sending lots of traffic to a target system or website. The attack is meant to overuse the available resources and make the site unavailable to legitimate users. DDoS attacks can slow down a system, shut it down or cause downtime.

The expansion of 5G networks is creating new attack vectors for DDoS attacks, with higher bandwidth capabilities enabling more powerful and disruptive attacks against critical infrastructure.

• Microsoft intercepted 1,955 DDoS attacks per day between mid-2021 and mid-2022.¹⁵
• Malware-based DDoS attacks are the most common threat to Linux-based systems.⁵
• The U.S. and China accounted for over a quarter of all the DDoS attack traffic globally in 2023.¹⁶
• There was a 117% year-over-year increase in DDoS attacks in Q4 2023.¹⁶
• There was a 61,839% surge in DDoS attack traffic directed to environmental services websites in Q4 of 2023, coinciding with COP 28, the UN Climate Change Conference.¹⁶ 

Statistics on Personal Data Breaches

A personal data breach is the unauthorized access or disclosure of personal data. Such breaches can lead to the alteration, destruction or loss of personal data. Cybercriminals seek confidential data like their victims’ bank account information, social security numbers and health records. You can read more data in our data privacy statistics article.

• Data breaches in the U.S. increased by 20% from 2022 to 2023.¹⁷ 
• Increased exploitation of vendor systems, cloud misconfiguration and new types of ransomware attacks are the major causes of the increase in personal data theft cases.¹⁷ 
• Over 1.5 billion records were breached in 2022.¹⁷ 
• Over 360 million people experienced institutional and corporate data breaches in the first eight months of 2023.¹⁷
• Globally, over 80% of data breaches involve data stored in the cloud.¹⁷

Attacks on Government Agencies

Cybercrimes targeting government agencies are common, especially on bodies governing elections, healthcare and international trade. The motives behind such attacks vary, ranging from differences in personal ideologies and money demands to getting government secrets.

• About 4.5% of ransomware attacks target government agencies.¹⁸
• In May 2022, a ransomware attack forced the Costa Rican government into an emergency after it crippled various government operations and caused about $200 million in losses.¹⁵

Cyber Security Statistics by Industry

Hackers target different industries aiming to harvest different forms of valuable data or manipulate systems. Certain sectors, such as government agencies, finance, banking and healthcare institutions, are the biggest targets of cyberattacks. Let’s check the stats and trends for various industries.

1. Healthcare Industry 

Healthcare is one of the most important industries in an economy — and it’s also one of the most targeted. Attackers understand that the simple manipulation of healthcare systems can lead to loss of life. Thus, hospitals and those in the medical field will likely pay ransoms when such attacks occur.

• The U.S. healthcare industry had the highest cyber security breach costs at $10.93 million in 2023.¹⁹
• Data breach costs in healthcare increased by 53.3% from 2020 to 2023.¹⁹
• Hacking contributed to over 75% of the healthcare industry’s data breaches in 2023.²¹
• 62% of data breaches in the healthcare industry target healthcare providers.²¹
• 25% of the breaches target business associates in the healthcare industry, while 13% target business associates.²¹

2. Education

Cyberattacks in the education industry have become common recently due to an increase in online education programs. Ransomware is one of the most common attacks, where attackers ask for ransoms and threaten to delete databases. Educational platforms also carry lots of data that hackers can use for identity theft and other malicious activities.

• Cyberattacks targeting U.S. schools lead to learning losses lasting from three days to three weeks. It also takes two to nine months to recover from such attacks.²²
• About 647,000 students in U.S. K-12 schools and school districts were reportedly affected by ransomware attacks in 2021.²²
• Almost half of the higher education schools in the U.K. experience an attack or breach at least weekly.²³
• After a cyber security incident, 61% of higher education centers experience negative outcomes, such as data or money losses.²³
• Social engineering attacks accounts for 69% of the attacks that target educational institutions in the U.K.²⁴ 
• In a study by the London Grid for Learning (LGfL) and the National Cyber Security Centre (NCSC), 83% of the schools they interviewed had experienced at least one cyber security incident.²⁴

3. Financial Sector

Most cybercriminals are after money, which explains why the financial sector is their best target. Banks and financial institutions store a lot of personal data that hackers can use to commit fraud. Users also hold deposits in some institutions, and hackers will target such funds.

• Data breaches cost the financial sector $5.90 million in the U.S. in 2023.¹⁹
• Data breaches in the financial sector are among the most expensive to fix.¹⁹
• In the first quarter of 2022, 23.6% of all phishing attacks targeted financial institutions.¹⁸
• Blackberry Cybersecurity Solutions stopped 17,000 attacks targeting financial institutions from March 2023 to May 2023.⁵

4. Retail Industry 

Countless transactions are happening in the retail industry. This industry processes a lot of data when customers register, order, pay and add their shipping details. Cyberattackers can target customer data, disrupt business operations and demand ransoms. 

• 52% of retail businesses worldwide have a cyber strategy in place.²⁹
• Malware is the leading cyber security threat in retail.³⁰
• Ransomware is the second leading cyberattack in retail.³⁰
• A data breach in the retail sector costs $2.9 million on average.²⁸
• The online retail market was worth over $1.09 trillion in 2022.²⁸

5. Banking

Banks process a large amount of data as they enable deposits and let customers transact on their platforms. Cyberattackers can target customer deposits or personal details to perform financial fraud. Banks are also legally obligated to ensure their users don’t engage in money laundering schemes.

• The global cyber security market size in banking was $74.3 billion in 2022 and is expected to reach $282 billion by 2032.³³
• An employee of a financial institution has access to 13% of the company’s files.²⁵
• A typical employee of a large financial services organization can access over 11 million files.²⁵

6. Small Businesses

Small businesses store and process lots of data that cybercriminals can use to their benefit. Unfortunately, most small businesses don’t invest in the best cyber security, making them an easy target for criminals. Social engineering, phishing, insider threats and ransomware are some of the cyberattacks that cybercriminals use to target small businesses.

• 43% percent of all cyberattacks target small businesses.³²

Cyber Security Statistics by Country

Cyberattackers target different countries based on the resources that they own. 

• The following are the countries and regions that had the highest average data breach costs in 2023.¹⁹
  • 🇺🇸 The United States at $9.48 million 
  • 🇦🇪 The Middle East at $8.07 million
  • 🇨🇦 Canada at $5.13 million
  • 🇩🇪 Germany at $4.67 million
  • 🇯🇵 Japan at $4.52 million
• The U.S. has incurred the most costs related to containing data breaches for 13 years in a row.¹⁹
• The U.K. saw a drop of 16.6% in its average data security breach costs in 2023, taking it out of the top five.¹⁹ 
• Japan also saw a decrease in the average data breach costs, but it wasn’t as drastic, leading it to take the U.K.’s spot in the top five.¹⁹

Cyber Security Job Statistics 

Cyber security has become one of the most sought-after professions in the 21st century. Small and large businesses seek professionals to protect their business and customer data. Individuals are also being educated on how to keep their data safe by enabling two-factor authentication (2FA) or multi-factor authentication, creating strong passwords and browsing safe websites.

• According to CyberSeek, findings by the National Institute of Standards and Technology (NIST) showed there were 457,433 cyber security job openings in the U.S. by August 2024.⁴
• By June 2023, about 1,495,825 people in the U.S. were employed in the cyber security space.⁴
• There is a shortage of about 4 million professionals in the cyber security industry globally.⁴
• Information security analysts in the U.S. were earning a median annual wage of $120,360 in 2023.³¹

Human Error Statistics

Some human error incidents can enable hacking. For instance, using a combination of your names as a password makes it easy for hackers to access your accounts.

• 88% of data breaches are caused by human error.²⁷
• 45% of phishing scam victims cite distraction as the top reason for such attacks.²⁷

How Much Does Cybercrime Cost Victims?

A cybercrime attack can cost individuals and organizations in two ways: the cost of countering the attack and the loss of revenue during the attack. Businesses hire security experts to deal with attacks and inform users of their effects. The time it takes to contain a cyberattack depends on the severity of the breach and the expertise of the professionals you contract.

• The average cost of a data breach was $4.45 million in 2023.¹⁹
• For organizations that have suffered more than one data breach, 57% will likely pass the incident costs to consumers.²⁶

Final Thoughts 

Cyber threats can target individuals or organizations. Cyberattacks come in different forms, like phishing, malware, ransomware and DDoS. As organizations continue to adapt to evolving threats, implementing zero trust architecture has become a critical strategy for preventing lateral movement within networks and minimizing the impact of potential breaches. Organizations should also begin preparing for quantum computing threats, which could potentially render current encryption methods obsolete.

How individuals and organizations react will depend on the type of breach and the systems in place. Invest in cyber security if you want to stay safe online. You can also familiarize yourself with cyber insurance and take the proper precautions.

Are there some cyber security statistics or trends we may have missed? Which stats did you find compelling? What should internet users do to remain vigilant against cyber threats? Share your views in the comments sections. Thanks for reading.

FAQ: Cybercrime Statistics

• How Much Will Cyber Crime Grow in Statistics?

  Statista estimates that the global cost of cybercrime will hit $13.82 trillion by 2028.

• What Is the Number One Cyber Security Threat?

  Malware is the biggest cyber security threat today. Malware can come in different forms, such as spyware, ransomware, trojans, worms, keyloggers and more.

• What Percentage of Cybercrimes Go Unreported?

  Data from memoori.com indicates that only 15% of all cybercrimes are reported. Most companies fail to report as they fear damaging their reputation, while others don’t know the exact steps to follow in such cybersecurity incidents.

• In the Cybersecurity Industry, How Many Cyber Security Attacks Are There Per Day?

  It is estimated that there are 2,200 cyber attacks per day.

Sources:

1. SonicWall — 2024 Cyber Threat Report
2. Cyber Edge — Report Defense Cyberthreat 
3. Verizon — 2023 Data Breach Investigations Report
4. ISC2 — Cybersecurity Workforce Demand/ CyberSeek
5. BlackBerry — Quarterly Global Threat Report — August
6. Positive Technologies — Cybersecurity threatscape: Q2 2022 / Sophos — AI Cybersecurity
7. SonicWall — 2022 Cyber Threat Report
8. Verizon — 2023 Data Breach Investigations Report (DBIR)
9. APWG — Phishing Activity Trends Report 4th Quarter 2021
10. CyberNews — Mobile phishing attacks are scary and on the rise
11. Truecaller Insights — The True Cost of Spam and Scam Calls in America
12. FBI — IC3 Internet Crime Report 2023 
13. Positive Technologies — Cybersecurity threatscape: Q2 2022
14. Sophos — Ransomware Hit 66% of Organizations Surveyed
15. Microsoft — Digital Defense Report 2022
16. Cloudflare Blog — DDoS threat report for 2023 Q4
17. Apple — The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase 
18. Phishing Activity Trends Report, 1st Quarter 2022
19. APWG — Phishing Activity Trends Report 1st Quarter 2022
20. U.S. Department of Health and Human Services Office for Civil Rights — Breach Portal 
21. HMP Global Learning Network — Report: Cybersecurity Threats Increasing for Healthcare Organizations 
22. U.S. GAO — Critical Infrastructure Protection: Additional Federal Coordination Is Needed to Enhance K-12 Cybersecurity
23. UK Department for Science, Innovation & Technology — Cyber security breaches survey 2023: education institutions annex
24. GDPR Blog — The worrying state of cyber security in schools 
25. Varonis — 82 Must-Know Data Breach Statistics [Updated 2024]
26. IBM Report — Half of Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs
27. CISOMAG — “Psychology of Human Error” Could Help Businesses Prevent Security Breaches
28. Trustwave Spiderwebs Blog — The 2023 Retail Services Sector Threat Landscape
29. Grant Thornton — Cyber security concerns in the retail sector
30. BRC — How Retailers Can Address the Rising Cybersecurity Threat
31. US Bureau of Labor Statistics — Information Security Analysts
32. University of North Carolina — Cybersecurity: A Global Priority and Career Opportunity
33. Allied Market Research — Cybersecurity in Banking Market Size, Share, Competitive Landscape and Trend Analysis Report