Hacking used to be about having fun. Now it’s about profits.
Penetrating information systems has become an illegal industry worth billions. Criminals flock to hacking to take advantage of all the money there is to be made.
Most people and small businesses don’t think they can be victims of hacking. Most hackers indeed target large companies or government institutions.
But the cold truth is cybercriminals are ruthless and can target anyone.
We’ve prepared a list of jaw-dropping facts to prove it.
If you own a business, you probably won’t like these facts and numbers. Let’s dive right into the computer crime statistics!
Let’s look at the latest statistics and find out what the numbers have to say about our behavior in the cyberspace.
In a 2020 report that analyzed nearly 4,000 confirmed breaches, it was found that:
The report also found that 70% of the breaches were financially motivated and, rather worryingly, 43% of the breaches involved exploiting vulnerabilities in web applications. This is more than double the numbers from 2019.
(Source: SC Magazine)
It is estimated that there are more than 300 billion passwords in use today or nearly an average of 38.4 passwords per individual. Among the Fortune 500 companies, the average employee is expected to manage double the world’s average at 90 business and personal accounts – that’s certainly a lot of passwords to remember!
(Source: Google Transparency Report)
Since 2017, the cyberworld has witnessed a worryingly rapid rise in phishing websites. As per cybercrime statistics from Google, the number of phishing websites grew from approximately 584,000 in that year to more than 1.35 million this year, representing an increase of over 130.5%.
At the same time, the number of malware sites has taken a nosedive. In 2017, the estimated figure was 516,000. Today, the number is less than 53,300 websites.
(Source: Windows Central)
In January of this year, roughly 1.2 million Microsoft accounts were compromised. According to the company, 99.9% of them had one big thing in common when it came to vulnerability – they all did not make use of multi-factor authentication.
According to hacking statistics, the most commonly used method for hacking accounts is password spraying. This involves taking easy-to-guess passwords and going through a list of usernames until the right combination gives access to an account.
The $6 Trillion Cybercrime Problem
How much would you say the damage done by hackers is worth? $2 billion? $10 billion? Fifteen maybe?
You’re not even close.
(Source: Cybersecurity Ventures)
It sounds ludicrous. $6 trillion? That’s more than the GDP of Japan!
The number is frightening indeed. It takes into account not only direct losses from cybercrime – stolen money, paid ransoms, amortization, etc. – but also all other costs.
Those include productivity loss, intellectual property theft, personal data leaks, fraud, forensic investigation, and so on.
In 2019 alone, spending on protection against a cybersecurity breach will reach $124 billion, showing an 8.7% annual growth rate. Unfortunately, no cybersecurity product offers 100% protection. No matter how much organizations spend on security, cybercrime will continue to expand. Attacks will happen faster than one can imagine.
I’ll put it this way. You’ve probably heard about Usain Bolt, the current world record holder in 200 meters racing. In two years, a business will fall victim to ransomware faster than Bolt can finish the 200 meters race. Cybercrime statistics will add one ransomware attack every 11 seconds.
(Source: Juniper Research)
Companies face gigantic expenses due to data breaches. A single breach can cost a company millions, loss of clients, and a massive hit on reputation.
Stealing data about patents or new products means getting all the valuable information for free – while someone else is paying for the actual research and putting in the work. Some new technologies are worth (as much as hundreds of) millions.
It gets even worse when hacking statistics go into the practice of stealing user data. With GDPR now in action, companies doing business in Europe may end up paying huge fines for a data breach.
In 2019, Google suffered a $50 million fine for failing to comply with GDPR. Regulators can impose fines worth up to 4% of a business’s annual turnover. Which can be billions of dollars for very large internet companies.
It is not surprising, then, that some estimates put the total cost of data breaches at an astounding $2.1 trillion.
Billions of Devices Need Protection
We’re just getting started with the bothersome cybersecurity facts.
Now, a password is the first (and many times the only) line of defense against hackers.
(Source: Cybersecurity Ventures)
What does all this have to do with hacking statistics, you ask? A lot.
Passwords are the front door to all your money, personal data, and secrets. More passwords mean more vulnerabilities. Unless you choose strong passwords, you are more vulnerable to cybercrime than most people.
Do you know what the biggest vulnerability in information security is? Human naivety.
People tend to choose weak passwords (such as 123456), leaving their front doors wide open for hackers. Are you one of those people?
You would be surprised how many cyber attacks happen per day because of the vulnerable software.
New software products tend to have bugs and vulnerabilities. Those usually get discovered when it’s too late because hackers have already exploited them.
111 billion lines of code mean 111 billion possible weaknesses.
And what about the billions of smart sensors that are yet to cover the face of the Earth? A lot of those can easily be hacked, exposing sensitive data. In case you haven’t heard, data is the new oil. There are illegal markets where people pay good money for valuable stolen data. Thus, this also becomes part of the stats on cyber attacks.
(Source: Norton Security)
Identity theft is the act of stealing someone’s data and impersonating them for financial gain. It constitutes a substantial part of the number of cyberattacks per year.
About 60 million Americans fall victim to identity theft every year. This costs them around $15 billion annually.
Criminals steal billions of personal data records and then either resell them or use them to commit fraud.
By 2023, hacking statistics will register another 33 billion stolen records. While the number sounds frightening, it is easily achievable.
In 2019, third-party Facebook app developers exposed over 540 million user records on an Amazon cloud server. All it takes for a record leak to happen is either a platform vulnerability or just plain ignorance.
Most companies need months to figure out they have been on the receiving end of a data breach. The average time to identify a data breach is almost 200 days.
If a company has left sensitive data on an unprotected server, it can take years before it registers the problem and makes it part of the statistics on cybercrime. And by then, someone could have gotten unauthorized access to the data.
Hacking an IoT device is child’s play. This is very true for internet-connected cameras. Most of them are installed with their default credentials so anyone can hack them.
Here’s one of the best-known security facts: an IP camera can give intruders access to your home.
It gives hackers a way to spy on you and know when you are out of your house. It streams live everything happening in your life and family.
But cameras aren’t the only security risk. An average US household has 17 IoT devices, and most of them have some kind of vulnerability. Hackers can penetrate your fridge, your smart light bulbs, or the air conditioner.
That’s how your home appliances become part of cybercrime statistics!
Most hackers create mass spam campaigns. But others focus on particular targets.
One of the more interesting facts about cybersecurity has to do with targeted attacks – the ones with a specific target (person or corporation) in mind.
A targeted attack will usually start with a spear-phishing campaign.
Let’s say hackers want to penetrate Company A’s information systems. They choose to attack John, an employee at company A. They find out who John’s manager is, and they send John a spoofed email on behalf of his boss.
The idea is for John to visit a malicious website or download malware, which eventually leads to credentials theft and gives hackers access to the firm’s systems.
Over two years, 255 targeted attacks against American organizations got added to the cybercrime statistics. The US number is bigger than anywhere else in the world.
The main reason for these attacks is intelligence gathering. Hackers want to get their hands on valuable information like secret documents, databases, bank accounts, and whatever they can exploit for money.
Many times these hackers are sponsored by governments. After all, why sending spies abroad, when you can get the same information from the safety of your desk?
We spend so much time playing with our phones. Guess what, they are a hacker’s favorite target!
The world is going mobile. People spend more time on their phones than ever before.
No wonder there is a global plague of mobile malware.
As malware statistics for 2018 show, the number of mobile infections has increased by a third in a year, which is alarming. Cybersecurity company Symantec blocked an average of over 10,000 malicious apps daily. The number is not for the whole year, it’s for every single day!
One in 36 phones had high-risk apps in 2018. The main source of mobile malware is unofficial app stores. They are not regulated and sneaking malicious code there is very easy. Then all you have to do is make users download it.
However, your phone can also get infected by clicking on a malicious link or opening an attachment in a suspicious email. So be careful when you view content from unknown sources.
No one knows exactly how many cyber attacks happen per day. But there is hard data on losses from cybercrime (what we covered so far was mostly estimates and forecasts).
That data has been reported from the victims themselves, so it’s as reliable as it can get.
(Source: Internet Crime Complaint Center)
Cybersecurity data shows online crimes deprived victims of $2.7 billion in 2018. Keep in mind that’s only based on the reported incidents. There’s a lot of other crimes that go unreported or even unnoticed.
People over 60 are the biggest victims of cybercrimes, data shows. This is because they are most likely to get scammed online.
While online frauds are not hacking in a technical sense, they do represent a large portion of internet crimes.
Personal data breaches, however, are a classic example of hacking. Threat actors penetrate information systems (those can be anything from government registers to social media accounts) and steal personal data.
Social networks keep valuable information. So a personal data breach is many times included in social media hacking statistics.
More than 50,000 people became victims of a personal data breach last year, which still sounds ridiculously small. Again, this is because most data breaches are never reported.
(Source: Internet Crime Complaint Center)
Payout is arguably the most interesting part of cybercrime statistics.
Do you want to know what the most profitable cybercrime on Earth is? It’s called business email compromise (BEC). This is when hackers take over a corporate email account and use it to dry up the company’s bank accounts.
This type of scam accumulates earnings of $1.3 billion a year. This is probably just a tiny fraction of the actual losses though.
Business email compromise is very easy to execute, and it brings up the number of cyberattacks per day. All a hacker needs to do is break into a corporate email account (or spoof one). Kid’s stuff.
Corporate data can be worth a lot of money. Once they steal it, hackers may choose to sell it on the dark web. Or blackmail the company they stole it from. So it’s not surprising that corporate data breaches bring in $117 million into hackers’ pockets.
Another $100 million is attributed to identity theft.
Once your identity is stolen, hackers can suck all the money from your bank account. Or they can take out a loan registered in your name.
In their assessment covering 30+ industries, the cybersecurity firm, Varonis, discovered that only 5% of an average company’s folders are adequately protected against unauthorized access. Of the 765 organizations that they researched, more than half (53%) had over 1,000 sensitive files open to every employee. 115 of them had over 1 million files accessible to every employee.
Despite the dangers of rising cybersecurity threats, the understaffing of cybersecurity teams remains a persistent issue in many organizations. In a survey, it was found that 62% of cybersecurity professionals stated that their organization’s cybersecurity departments were understaffed. 15% of them believed that they were ‘significantly’ understaffed.
With a deluge of IoT connected devices in recent years, an equally massive rise in IoT-related attacks was to be expected. Cyberattacks stats show that, in just one year, between 2016 and 2017, such attacks grew by a staggering 600%. Half of these attacks originated from just five countries, namely, China (21%), the United States (11%), Brazil (7%), Russia (6%), and India (5%).
In the year that followed, a 217.5% rise in attacks was reported; this time, the overwhelming majority (46%) originated from US-based IP addresses. The second biggest source was China, with 13% of all attacks originating from that country.
We don’t want to paint a gloomy outlook, but these hacking statistics are concerning.
As the cliche goes, there’s good news, and there’s bad news.
The good news is the cybersecurity industry is evolving. It is flooding the market with new security tools and services.
The bad news is no cybersecurity solution is 100% effective. What’s even worse, most people are still unaware of the threats out there.
Review42’s list of hacking facts and numbers should come as a wake-up call. Knowing the scale of the problem is the first step toward dealing with it.
Last but not least, let’s get some juicy answers.
According to a report published by the ICAEW, the top 5 cyber threats facing the world today were:
A type of malware that attempts to encrypt your data and then extorts money to release an unlock code.
This refers to any attempt at gaining sensitive information by pretending to be a trustworthy or authoritative source.
Valuable data getting accessed through accessing third-party storage, e.g. USBs, smartphones.
This implies any activity that is aimed at getting access to confidential data remotely.
An organization’s own employees can potentially leak sensitive data mistakenly or maliciously.
While there is no reliable data on this for the current year, data breach statistics from 2018 show that over 2.5 billion accounts were hacked in that year. That amounts to roughly 6.85 million accounts getting hacked each day or 158 every second. Since cybercrime numbers have risen since then, it is safe to assume that the number of accounts getting hacked daily has likewise increased.
1 in 4 – that is how high one’s odds are of becoming a victim of a cyberattack. With a new cyberattack happening every 39 seconds now, many security experts see cybercrime among the top three threats to global security in the next five years, the two others being natural disasters and extreme weather.