Security Statistics

Don’t become one of them. Know the risks, and avoid the consequences.  

Knowledge is Power - Be Informed - Know the Risks

Headline News: 

Company suffered irrecoverable damage as a result of a major security breach. Sensitive client data including financial records have been compromised, company facing a major lawsuit as a result of the breach. 

The headline above is fictitious, but it is a common occurrence that effects more and more companies each day. Cybercrime is on the rise, hackers are getting more devious and companies are unprepared. Despite these facts, many companies believe these incidents only happen to other companies. This is a grave mistake. We accumulated security statistics from some reputable online sources for your convenience, and they are shocking.        

Top Facts


95% of cybersecurity breaches are caused by human error. (Cybint)

The worldwide information security market is forecast to reach $170.4 billion in 2022. (Gartner)

88% of organizations worldwide experienced spear phishing attempts in 2019. (Proofpoint)

68% of business leaders feel their cybersecurity risks are increasing. (Accenture)

On average, only 5% of companies’ folders are properly protected. (Varonis)

Data breaches exposed 36 billion records in the first half of 2020. (RiskBased)

86% of breaches were financially motivated and 10% were motivated by espionage. (Verizon)

45% of breaches featured hacking, 17% involved malware and 22% involved phishing. (Verizon)

Between January 1, 2005, and May 31, 2020, there have been 11,762 recorded breaches. (ID Theft Resource Center)

The top malicious email attachment types are .doc and .dot which make up 37%, the next highest is .exe at 19.5%. (Symantec)

An estimated 300 billion passwords are used by humans and machines worldwide. (Cybersecurity Media)

Cyber Crime Statistics by Attack Type


Ransomware & Malware

The average ransomware payment rose 33% in 2020 over 2019, to $111,605. (Fintech News)

In 2018, an average of 10,573 malicious mobile apps were blocked per day. (Symantec)

94% of malware is delivered by email. (CSO Online)

The average cost of a ransomware attack on businesses is $133,000. (SafeAtLast)

48% of malicious email attachments are office files. (Symantec)

Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations, and the U.S. ranks highest with 18.2% of all ransomware attacks. (Symantec)

Most malicious domains, about 60%, are associated with spam campaigns. (Cisco)

About 20% of malicious domains are very new and used around one week after they are registered. (Cisco)

IoT, DDos, and Other Attacks

By 2023, the total number of DDoS attacks worldwide will be 15.4 million. (Cisco)

Attacks on IoT devices tripled in the first half of 2019. (CSO Online)

Malicious PowerShell scripts blocked in 2018 on the endpoint increased 1,000%. (Symantec)

The Mirai-distributed DDoS worm was the third most common IoT threat in 2018.  (Symantec)

30% of data breaches involve internal actors. (Verizon)

IoT devices experience an average of 5,200 attacks per month. (Symantec)

90% of remote code execution attacks are associated with cryptomining. (Purplesec)

69% of organizations don’t believe the threats they’re seeing can be blocked by their anti-virus software.(Ponemon Institute’s Cost of Data Breach Study)

1 in 36 mobile devices have high- risk apps installed. (Symantec)


After declining in 2019, phishing increased in 2020 to account for 1 in every 4,200 emails. (Symantec)

65% of groups used spear-phishing as the primary infection vector. (Symantec)

1 in 13 web requests lead to malware. (Symantec)

Phishing attacks account for more than 80% of reported security incidents. (CSO Online)

$17,700 is lost every minute due to a phishing attack. (CSO Online)

Security Spending & Cost Stats


Security services accounted for an estimated 50% of cybersecurity budgets in 2020. (Gartner)

The average cost of a malware attack on a company is $2.6 million. (Accenture)

The healthcare industry incurs the highest average data breach costs at $7.13 million. (IBM)

The total cost of cybercrime for each company increased by 12% from $11.7 million in 2017 to $13.0 million in 2018. (Accenture)

The average annual security spending per employee increased from $2,337 in 2019 to $2,691 in 2020. (Deloitte)

The cost of lost business averaged $1.52 million. (IBM)

The average cost in time of a malware attack is 50 days. ( Accenture)

The most expensive component of a cyber attack is information loss at $5.9 million. (Accenture)

The average cost per lost or stolen record per individual is $146. (IBM)

Data breaches cost enterprises an average of $3.92 million. (CSO Online)

The average total cost of a data breach in smaller companies (500 employees or less) decreased in 2020, from $2.74 million in 2019 to $2.35 million in 2020. The average total cost in very large companies (more than 25,000 employees) decreased, as well, from $5.11 million in 2019 to $4.25 million. (IBM)

In 2019 over 2020, Scandinavia saw the largest increase in total cost of data breaches at 12%, while South Africa saw the largest decrease at 7.4%. (IBM)

The United States experiences the highest data breach costs in the world, at $8.64 million on average, followed by the Middle East at $6.52 million. (IBM)

50% of large enterprises (with over 10,000 employees) are spending $1 million or more annually on security, with 43% spending $250,000 to $999,999, and just 7% spending under $250,000. (Cisco)

In 2018, spending in the cybersecurity industry reached around $40.8 billion USD. (Statista

Cybersecurity Cost Predictions

Worldwide cybercrime costs will hit $6 trillion annually by 2021. (Cybersecurity Ventures)

Ransomware damage costs will rise to $20 billion by 2021 and a business will fall victim to a ransomware attack every 11 seconds at that time. (Cybersecurity Ventures)

Damage related to cybercrime is projected to hit $10.5 trillion annually by 2025. (Cybersecurity Ventures)

More than 70 percent of security executives believe that their budgets for fiscal year 2021 will shrink. (Mckinsey)

Industry Specific Cyber Stats



WannaCry ransomware attack cost the National Health Service (NHS) over $100 million. (Datto)

The healthcare industry lost an estimated $25 billion to ransomware attacks in 2019. (SafeAtLast)

More than 93% of healthcare organizations experienced a data breach in the past three years. (Herjavec Group)


Financial services have 352,771 exposed sensitive files on average while healthcare, pharma and biotech have 113,491 files on average — the highest when comparing industries. (Varonis)

15% of breaches involved healthcare organizations, 10% in the financial industry and 16% in the public Sector. (Verizon)

The banking industry incurred the most cybercrime costs in 2018 at $18.3 million  (Accenture)

Trojan horse virus Ramnit largely affected the financial sector in 2017, accounting for 53% of attacks. (Cisco)

The financial services industry takes in the highest cost from cybercrime at an average of $18.3 million per company surveyed. (Accenture)

Nearly two-thirds of financial services companies have over 1,000 sensitive files open to every employee. (Varonis)

Financial and manufacturing services have the highest percent of exposed sensitive files at 21%. (Varonis)

On average, a financial services employee has access to nearly 11 million files the day they walk in the door. For large organizations, employees have access to 20 million files. (Varonis)

The average cost of a financial services data breach is $5.85 million USD. (Varonis)

Financial services businesses take an average of 233 days to detect and contain a data breach. (Varonis)


The U.S. government saw 1.2 billion records breached in 2018. (Purplesec)

Manufacturing companies account for nearly a quarter of all ransomware attacks, followed by the professional services with 17% of attacks, and then government organizations with 13% of attacks. (Security Intelligence)

The U.S. government allocated an estimated $18.78 billion for cybersecurity spending in 2021. (Atlas VPN)


Smaller organizations (1–250 employees) have the highest targeted malicious email rate at 1 in 323. (Symantec)

Lifestyle (15%) and entertainment (7%) were the most frequently seen categories of malicious apps. (Symantec)

Supply chain attacks were up 78% in 2019. (Symantec)