Last Updated: March 7, 2022
Hacking used to be about having fun. Now it’s about profits.
Penetrating information systems has become an illegal industry worth billions. Criminals flock to hacking to take advantage of all the money there is to be made.
Most people and small businesses don’t think they can be victims of hacking. Most hackers indeed target large companies or government institutions.
But the cold truth is cybercriminals are ruthless and can target anyone.
We’ve prepared a list of jaw-dropping facts to prove it.
Daunting Hacking Statistics
- According to Cybersecurity Ventures, cybercrime will cost the world $6 trillion by 2021.
- By 2021, a business will fall victim to ransomware every 11 seconds.
- The cost of a data breach will reach $150 million by 2020.
- In 2023 alone, cybercriminals will steal 33 billion records.
- Americans lose $15 billion annually due to identity theft.
- 1 in 36 mobile phones had high-risk apps in 2018.
- It takes 196 days on average to identify a data breach.
If you own a business, you probably won’t like these facts and numbers. Let’s dive right into the computer crime statistics!
Hacking Statistics 2020
Let’s look at the latest statistics and find out what the numbers have to say about our behavior in the cyberspace.
1. Hacking accounts for over half of all recent data breaches.
In a 2020 report that analyzed nearly 4,000 confirmed breaches, it was found that:
- over half of them (52%) were a result of hacking.
- hacking statistics gathered in the report show that the second biggest risk was phishing, which accounted for nearly 33% of all data breaches.
- Malware is also a major culprit, responsible for 28% of the data breaches.
The report also found that 70% of the breaches were financially motivated and, rather worryingly, 43% of the breaches involved exploiting vulnerabilities in web applications. This is more than double the numbers from 2019.
2. There is an average of 38.4 passwords in use for every human worldwide.
(Source: SC Magazine)
It is estimated that there are more than 300 billion passwords in use today or nearly an average of 38.4 passwords per individual. Among the Fortune 500 companies, the average employee is expected to manage double the world’s average at 90 business and personal accounts – that’s certainly a lot of passwords to remember!
3. In the last three years, the number of phishing websites has increased by over 130.5%.
(Source: Google Transparency Report)
Since 2017, the cyberworld has witnessed a worryingly rapid rise in phishing websites. As per cybercrime statistics from Google, the number of phishing websites grew from approximately 584,000 in that year to more than 1.35 million this year, representing an increase of over 130.5%.
At the same time, the number of malware sites has taken a nosedive. In 2017, the estimated figure was 516,000. Today, the number is less than 53,300 websites.
4. 99.9% of accounts get hacked because of this one single reason.
(Source: Windows Central)
In January of this year, roughly 1.2 million Microsoft accounts were compromised. According to the company, 99.9% of them had one big thing in common discovered while performing a vulnerability assessment – they all did not make use of multi-factor authentication.
According to hacking statistics, the most commonly used method for hacking accounts is password spraying. This involves taking easy-to-guess passwords and going through a list of usernames until the right combination gives access to an account. And even if your password is a bit more complicated, with people search sites that make it easy to find someone’s personal information, you’re still not all that safe.
Cost of Cyber Attacks in 2020
The $6 Trillion Cybercrime Problem
How much would you say the damage done by hackers is worth? $2 billion? $10 billion? Fifteen maybe?
You’re not even close.
5. Cybercrime will have cost the world $6 trillion by 2021.
(Source: Cybersecurity Ventures)
- Spending on cybersecurity is set to reach $124 billion in 2019.
- Global spending on cybersecurity will exceed $1 trillion for the period between 2017 and 2021.
- By 2021, a business will fall victim to ransomware every 11 seconds.
- Ransomware statistics point out damages will cost the world $20 billion by 2021.
It sounds ludicrous. $6 trillion? That’s more than the GDP of Japan!
The number is frightening indeed. It takes into account not only direct losses from cybercrime – stolen money, paid ransoms, amortization, etc. – but also all other costs.
Those include productivity loss, intellectual property theft, personal data leaks, fraud, forensic investigation, and so on.
In 2019 alone, spending on protection against a cybersecurity breach will reach $124 billion, showing an 8.7% annual growth rate. Unfortunately, no cybersecurity product offers 100% protection. No matter how much organizations spend on security, cybercrime will continue to expand. Attacks will happen faster than one can imagine.
I’ll put it this way. You’ve probably heard about Usain Bolt, the current world record holder in 200 meters racing. In two years, a business will fall victim to ransomware faster than Bolt can finish the 200 meters race. Cybercrime statistics will add one ransomware attack every 11 seconds.
6. The cost of a data breach will reach $150 million in 2020.
(Source: Juniper Research)
- The total cost will balloon to 2.1 trillion, according to data breach statistics.
- In 2015, 60% of all breaches happened in North America.
Companies face gigantic expenses due to data breaches. A single breach can cost a company millions, loss of clients, and a massive hit on reputation.
Stealing data about patents or new products means getting all the valuable information for free – while someone else is paying for the actual research and putting in the work. Some new technologies are worth (as much as hundreds of) millions.
It gets even worse when hacking statistics go into the practice of stealing user data. With GDPR now in action, companies doing business in Europe may end up paying huge fines for a data breach.
In 2019, Google suffered a $50 million fine for failing to comply with GDPR. Regulators can impose fines worth up to 4% of a business’s annual turnover. Which can be billions of dollars for very large internet companies.
It is not surprising, then, that some estimates put the total cost of data breaches at an astounding $2.1 trillion
Billions of Devices Need Protection
We’re just getting started with the bothersome cybersecurity facts.
Now, a password is the first (and many times the only) line of defense against hackers.
7. 300 billion passwords will need protection by 2020.
(Source: Cybersecurity Ventures)
- Digital content will grow to 96 zettabytes by 2020.
- There will be 45 trillion networked sensors in 20 years.
- 111 billion lines of code get produced every year.
- There will be a shortage of 3.5 million cybersecurity specialists on the market by 2021.
What does all this have to do with hacking statistics, you ask? A lot.
Passwords are the front door to all your money, personal data, and secrets. More passwords mean more vulnerabilities. Unless you choose strong passwords, you are more vulnerable to cybercrime than most people.
Do you know what the biggest vulnerability in information security is? Human naivety.
People tend to choose weak passwords (such as 123456), leaving their front doors wide open for hackers. Are you one of those people?
You would be surprised how many cyber attacks happen per day because of the vulnerable software.
New software products tend to have bugs and vulnerabilities. Those usually get discovered when it’s too late because hackers have already exploited them.
111 billion lines of code mean 111 billion possible weaknesses.
And what about the billions of smart sensors that are yet to cover the face of the Earth? A lot of those can easily be hacked, exposing sensitive data. In case you haven’t heard, data is the new oil. There are illegal markets where people pay good money for valuable stolen data. Thus, this also becomes part of the stats on cyber attacks.
8. In 2023, cybercriminals will steal 33 billion records.
(Source: Norton Security)
- Identity theft impacts 60 million Americans. Luckily, there are professional organizations preventing people from falling victims to this sort of cybercrime.
- Americans lost $15 billion in 2017 due to identity theft.
- The average time to identify a data breach is 196 days.
Identity theft is the act of stealing someone’s data and impersonating them for financial gain. It constitutes a substantial part of the number of cyberattacks per year.
About 60 million Americans fall victim to identity theft every year. This costs them around $15 billion annually.
Criminals steal billions of personal data records and then either resell them or use them to commit fraud.
By 2023, hacking statistics will register another 33 billion stolen records. While the number sounds frightening, it is easily achievable.
In 2019, third-party Facebook app developers exposed over 540 million user records on an Amazon cloud server. All it takes for a record leak to happen is either a platform vulnerability or just plain ignorance.
Most companies need months to figure out they have been on the receiving end of a data breach. The average time to identify a data breach is almost 200 days.
If a company has left sensitive data on an unprotected server, it can take years before it registers the problem and makes it part of the statistics on cybercrime. And by then, someone could have gotten unauthorized access to the data.
9. 47% of all vulnerable devices on home networks are cameras.
- A US household has 17 IoT devices on average.
- In Europe, the number of IoT devices on home networks is 14.
- In 2020, the world spent over $1 trillion this year on IoT.
Hacking an IoT device is child’s play. This is very true for internet-connected cameras. Most of them are installed with their default credentials so anyone can hack them.
Here’s one of the best-known security facts: an IP camera can give intruders access to your home.
It gives hackers a way to spy on you and know when you are out of your house. It streams live everything happening in your life and family.
But cameras aren’t the only security risk. An average US household has 17 IoT devices, and most of them have some kind of vulnerability. Hackers can penetrate your fridge, your smart light bulbs, or the air conditioner.
That’s how your home appliances become part of cybercrime statistics!
Recent Hack Statistics
Most hackers create mass spam campaigns. But others focus on particular targets.
10. Spear phishing is the most popular method used in targeted attacks.
- 65% of all targeted attacks happen with spear phishing.
- With 255 targeted attacks over two years, the USA is the most attacked country in the world.
- Intelligence gathering is the main reason for 96% of targeted attacks.
One of the more interesting facts about cybersecurity has to do with targeted attacks – the ones with a specific target (person or corporation) in mind.
A targeted attack will usually start with a spear-phishing campaign.
Let’s say hackers want to penetrate Company A’s information systems. They choose to attack John, an employee at company A. They find out who John’s manager is, and they send John a spoofed email on behalf of his boss.
The idea is for John to visit a malicious website or download malware, which eventually leads to credentials theft and gives hackers access to the firm’s systems.
Over two years, 255 targeted attacks against American organizations got added to the cybercrime statistics. And if you know over 140.000 are sent every minute, you can’t help it but feel uneasy. After all, the US number is bigger than any other in the world.
The main reason for these attacks is intelligence gathering. Hackers want to get their hands on valuable information like secret documents, databases, bank accounts, and whatever they can exploit for money.
Many times these hackers are sponsored by governments. After all, why sending spies abroad, when you can get the same information from the safety of your desk?
Mobile Hacking Stats
We spend so much time playing with our phones. Guess what, they are a hacker’s favorite target!
11. Statistics on hacking show 1 in 36 mobile phones had high-risk apps in 2018.
- The number of mobile ransomware infections increased by 33% in 2018.
- Symantec blocked an average of 10,573 malicious apps every day in 2018.
- 63% of all mobile ransomware infections are in the US.
The world is going mobile. Smartphone statistics show that people spend more time on their phones than ever before.
No wonder there is a global plague of mobile malware.
As malware statistics for 2018 show, the number of mobile infections has increased by a third in a year, which is alarming. Cybersecurity company Symantec blocked an average of over 10,000 malicious apps daily. The number is not for the whole year, it’s for every single day!
One in 36 phones had high-risk apps in 2018. The main source of mobile malware is unofficial app stores. They are not regulated and sneaking malicious code there is very easy. Then all you have to do is make users download it.
However, your phone can also get infected by clicking on a malicious link or opening an attachment in a suspicious email. So be careful when you view content from unknown sources.
Hacking Statistics: Real-World Data
No one knows exactly how many cyber attacks happen per day. But there is hard data on losses from cybercrime (what we covered so far was mostly estimates and forecasts).
That data has been reported from the victims themselves, so it’s as reliable as it can get.
12. Victims of cybercrime lost $2.7 billion in 2018.
(Source: Internet Crime Complaint Center)
- People over 60 lost $649 million due to cybercrime, more than any other age group.
- India reported 4,556 cybercrimes in just a year, the highest in the world.
- Over 50 000 people became victims of personal data breaches in 2018.
Cybersecurity data shows online crimes deprived victims of $2.7 billion in 2018. Keep in mind that’s only based on the reported incidents. There’s a lot of other crimes that go unreported or even unnoticed.
People over 60 are the biggest victims of cybercrimes, data shows. This is because they are most likely to get scammed online.
While online frauds are not hacking in a technical sense, they do represent a large portion of internet crimes.
Personal data breaches, however, are a classic example of hacking. Threat actors penetrate information systems (those can be anything from government registers to social media accounts) and steal personal data.
Social networks keep valuable information. So a personal data breach is many times included in social media hacking statistics.
More than 50,000 people became victims of a personal data breach last year, which still sounds ridiculously small. Again, this is because most data breaches are never reported.
13. Business email compromise earned hackers $1.3 billion in a year.
(Source: Internet Crime Complaint Center)
- Corporate data breaches are worth $117 million a year.
- Identity theft costs victims $100 million a year.
Payout is arguably the most interesting part of cybercrime statistics.
Do you want to know what the most profitable cybercrime on Earth is? It’s called business email compromise (BEC). This is when hackers take over a corporate email account and use it to dry up the company’s bank accounts.
This type of scam accumulates earnings of $1.3 billion a year. This is probably just a tiny fraction of the actual losses though.
Business email compromise is very easy to execute, and it brings up the number of cyberattacks per day. All a hacker needs to do is break into a corporate email account (or spoof one). Kid’s stuff.
Corporate data can be worth a lot of money. Once they steal it, hackers may choose to sell it on the dark web. Or blackmail the company they stole it from. So it’s not surprising that corporate data breaches bring in $117 million into hackers’ pockets.
Another $100 million is attributed to identity theft.
Once your identity is stolen, hackers can suck all the money from your bank account. Or they can take out a loan registered in your name.
14. On average, only 5% of a company’s folders are properly protected.
In their assessment covering 30+ industries, the cybersecurity firm, Varonis, discovered that only 5% of an average company’s folders are adequately protected against unauthorized access. Of the 765 organizations that they researched, more than half (53%) had over 1,000 sensitive files open to every employee. 115 of them had over 1 million files accessible to every employee.
15. 62% of cybersecurity professionals say that their teams are understaffed.
Despite the dangers of rising cybersecurity threats, the understaffing of cybersecurity teams remains a persistent issue in many organizations. In a survey, it was found that 62% of cybersecurity professionals stated that their organization’s cybersecurity departments were understaffed. 15% of them believed that they were ‘significantly’ understaffed.
16. There was a 600% increase in attacks against IoT devices between 2016 and 2017
With a deluge of IoT connected devices in recent years, an equally massive rise in IoT-related attacks was to be expected. Cyberattacks stats show that, in just one year, between 2016 and 2017, such attacks grew by a staggering 600%. Half of these attacks originated from just five countries, namely, China (21%), the United States (11%), Brazil (7%), Russia (6%), and India (5%).
In the year that followed, a 217.5% rise in attacks was reported; this time, the overwhelming majority (46%) originated from US-based IP addresses. The second biggest source was China, with 13% of all attacks originating from that country.
We don’t want to paint a gloomy outlook, but these hacking statistics are concerning.
As the cliche goes, there’s good news, and there’s bad news.
The good news is the cybersecurity industry is evolving. It is flooding the market with new security tools and services.
The bad news is no cybersecurity solution is 100% effective. What’s even worse, most people are still unaware of the threats out there.
Review42’s list of hacking facts and numbers should come as a wake-up call. Knowing the scale of the problem is the first step toward dealing with it.
Last but not least, let’s get some juicy answers.
According to a report published by the ICAEW, the top 5 cyber threats facing the world today were:
A type of malware that attempts to encrypt your data and then extorts money to release an unlock code.
This refers to any attempt at gaining sensitive information by pretending to be a trustworthy or authoritative source.
- Data leakage
Valuable data getting accessed through accessing third-party storage, e.g. USBs, smartphones.
- Cyber Hacking
This implies any activity that is aimed at getting access to confidential data remotely.
- Insider Threat
An organization’s own employees can potentially leak sensitive data mistakenly or maliciously.
While there is no reliable data on this for the current year, data breach statistics from 2018 show that over 2.5 billion accounts were hacked in that year. That amounts to roughly 6.85 million accounts getting hacked each day or 158 every second. Since cybercrime numbers have risen since then, it is safe to assume that the number of accounts getting hacked daily has likewise increased.
1 in 4 – that is how high one’s odds are of becoming a victim of a cyberattack. With a new cyberattack happening every 39 seconds now, many security experts see cybercrime among the top three threats to global security in the next five years, the two others being natural disasters and extreme weather.