Increased integration of digitalization, and adoption of flexible work, is putting more and more businesses and consumers at risk. Studies from the IMF report that cybercrime will cost the world $23 trillion in 2027, an increase of 175% from 2022. As our reliance on digital platforms increases, we become more exposed to cyberattacks, ranging from malware to phishing attacks, denial of service, and man-in-the-middle attacks.
This high-vulnerable digital environment demands governments and consumers to become more aware of cybersecurity measures and sensitive to data privacy. It is in such circumstances, that we write this article to analyze key cyber security statistics, and extract common themes and narratives, to help you understand the evolving cyber threats. The statistics and insights mentioned below will enable you to monitor existing and emerging threats and vulnerabilities and create a holistic plan to detect and prevent cyberattacks proactively.
Cybersecurity Overview for 2025
According to Gartner, Generative AI (GenAI), unsecured employee behavior, third-party risks, continuous threat exposure, and identity-first approaches to security are the top trends shaping the cybersecurity landscape in 2024. Around 50% of the executives believe GenAI will advance adversarial capabilities such as phishing, malware and deep fakes. Even as GenAI creates new risks, it also allows organizations to leverage its capabilities to augment security at the operational level.
Secondly, the persisting cybersecurity skills gap continues to challenge businesses, with demand outstripping the supply of qualified candidates. This is despite the global cybersecurity workforce growing by 12.6% in 2023. There is a shortage of four million cybersecurity professionals in 2024, which could reach eighty-five million by 2030 if not addressed with the latest technology and innovative solutions.
The divide between resilient organizations and those struggling has become stark in 2024, with the number of organizations that maintain minimum viable cyber resilience declining by 30%. A lack of resources and skills is the biggest challenge for 52% of these organizations in designing cyber resilience, even as transforming legacy technology and processes is another significant barrier.
Forecasts for Cybersecurity in 2024
Among the many use cases of GenAI in cybersecurity, the two promising opportunities are addressing issues of skill shortage and unsecured human behavior. The adoption of GenAI will enable organizations to bridge the skills gap and remove the need for specialized knowledge from 50% of entry-level roles by 2028.
Organizations are shifting their focus from creating awareness to inducing behavior change to reduce insider-driven cybersecurity incidents. GenAI can help organizations generate hyper-personalized training materials, taking into account employees’ roles in the organization and their unique attributes. It will help organizations reduce employee-driven cybersecurity incidents by 40% by 2026.
With 45% of organizations experiencing third-party-related business disruptions in the last two years, they must focus on strengthening contingency plans and enhancing risk management of third-party engagements that pose the highest security risks. As more organizations adopt an identity-first approach to security, Identity and Access Management (IAM) will become critical to cybersecurity and improve resilience.
Top Cybersecurity Threats (Figures)
The cybersecurity threat landscape constantly evolves, with new vulnerabilities emerging even as existing ones are mitigated. This section highlights the most prevalent cybersecurity threats to provide organizations with a clear view of cyber risks and enable them to create a mitigation plan.
1. Ransomware
- 35% of all attacks were ransomware, which increased 84% over the previous year.
- Ransomware increased by 15% in North America while it declined by 49% in EMEA(Europe, Middle East and Africa)
- 70% of the ransomware targeted SMBs
2. Phishing
- Phishing attacks increased by 1,265% driven by growth of Gen AI
- Many targeted cyberattacks start with emails, and 40% of all email threats are phishing attacks
- Business email compromise accounted for 6% of incidents, with spear phishing links used in 50% of the cases
3. Cloud Security
- Cloud intrusions increased by 75% in 2023
- 23% of cloud security incidents can be attributed to cloud misconfiguration, and 27% of businesses encounter security breaches in their public cloud infrastructure
- Over half of the organizations reported phishing as the most prevalent attack for stealing cloud security credentials
4. Device attacks
- In 2023, attackers commonly used edge gateway devices to break into the network without getting noticed
- Only 4% of organizations consider their internet-connected devices and associated technologies secure
5. Distributed Denial of Service (DDOS) attacks
- DDOS attacks increased by 31%, with cybercriminals launching an average of 44,000 attacks daily in 2023
- The Federal Bureau of Investigation (FBI) shut down 13 DDoS-for-hire marketplaces in the first half of 2023. Similarly, in July 2024, United Kingdom(U.K.) authorities disrupted DigitalStress, an illegal service for launching DDOS attacks
There are additional threats, such as AI-powered attacks, 5G risks, and more, against which an organization needs to be aware and for which they must have mitigation plans.
Vulnerabilities and Breach Statistics
As enterprises increasingly adopt digital technologies and platforms, the explosion in data touch points has increased vulnerabilities. The National Vulnerability Database (NVD) recorded over 30,000 new Common Vulnerabilities and Exposures (CVEs), half of which were classified as high or critical severity.
Cyber incidents, such as the 2023 MoveIt vulnerability and Log4j in the open-source world, have caused many challenges for organizations worldwide. Besides, data breaches have seen an upward trend in the last decade, increasing by 200%.
- A new vulnerability is identified and published every 17 minutes. Half of all the vulnerabilities have been published in the last five years
- The number of data breaches increased by 200% between 2013 and 2022. According to research, more than 2.6 billion personal records were compromised between 2021 and 2023
- In 2024, the global average cost of a data breach was $4.88 million, a 10% increase over the previous year
- Security teams take an average of 277 days to identify and contain a data breach, while breaches involving lost or stolen credentials take 328 days to identify and contain
- According to Verizon’s “Data Breach Investigations Report”, the human element is the common root cause of 68% of data breaches
Cost and Frequency of Cyber Attacks
The frequency of cyberattacks has doubled since the COVID-19 pandemic, as per IMF(International Monetary Fund). The reported costs of cyber attacks vary, with Cybersecurity Ventures estimating the value at $10.5 trillion by 2025, while another forecast mentions the cost of cybercrime at $23 trillion by 2027. Some relevant cyber security statistics in the context of the cost and frequency of cyberattacks are as follows.
- The average cost of cyberattacks on firms with more than 1,000 employees in Europe and the United States is estimated to be more than $53,000
- MKS Instruments, a semiconductor industry vendor, reported a negative impact of $200 million in its revenue from a ransomware attack
- The global average cost of a data breach in 2024 is $4.88 million, an increase of 10% from the previous year
- Organizations that extensively use security A.I. and automation to prevent data breaches realize an annual average cost savings of $2.22 million compared to those that don’t use it
- The average number of cyberattacks per organization per year increased by 25% from three to four
75% of large organizations with revenues greater than $5.5 billion have cyber insurance, while only 25% of organizations with revenues less than $250 million have the policy.
Notable Cyber Security Statistics from 2025
Even as cybercriminals have become sophisticated, business organizations and consumers have become risk-aware by keeping themselves updated on the latest threats, such as AI-driven attacks. However, it is equally important to analyze cyber security data to understand the costs and consequences of the attack, the technology to prevent attacks, and mitigation plans to contain the fallout once the attack has occurred. We highlight some notable facts about cyber security to keep you updated on the latest trends and developments.
- In 2024, 1,83,000 customers were affected by supply chain cyber attacks, an increase of 33% from the previous year
- According to Gartner, 60% of supply chain organizations will use cybersecurity risks as critical evaluation criteria for third-party business engagements and transactions
- Encrypted threats increased by 92% in 2024, highlighting the growing sophistication of cybercriminals
- Malware increased by 30% in the first half of 2024. 15% of all malware leverage software packing as the primary MITRE TTP
- Globally, Cryptojacking decreased 60% except in India where it increased by 409%
Top 5 Worst States for Cybercrime by Victim Loss
A large number of businesses and consumers have reported becoming victims of cybercrime. According to the FBI’s Internet Crime Complaint Center, 3.26 million complaints were reported in the last five years, with losses aggregating to $27.6 billion. In addition to compromising sensitive information and data and undermining the safety of users and customers, cybercrime has severe financial and psychological implications.
Along with direct costs, there are indirect costs associated with cyberattacks, such as legal fees, regulatory fines, reputational loss, intellectual property theft and operational disruption. The cost varies across locations and industries. The highest cost of data breach, averaging $9.36 million, is reported in the United States.
The following table highlights cybersecurity data for the top five worst-performing states in the United States.
Rank | State | Victim Loss in Millions |
1 | California | 2,159 |
2 | Texas | 1021.5 |
3 | Florida | 874.72 |
4 | New York | 749.9 |
5 | New Jersey | 441.1 |
Cyber Security Jobs and Career Outlook
Globally, the demand for cybersecurity professionals outstrips the supply. In 2024, the supply-demand ratio in the United States is 85%. The total number of cybersecurity-related job openings in the last year is estimated to be 4,70,000. The organization typically uses a top-down approach to hiring cybersecurity talent, filling most senior roles before hiring for the roles down the organization chart. However, because of talent shortage and the changing nature of cyber risks, the traditional hiring approach is less effective. Organizations need to adapt their hiring approach to focus on specific capabilities they need rather than roles.
- The U.S. Bureau of Labor Statistics (BLS) predicts 32 percent job growth in cybersecurity between 2022 and 2032, much higher than the average across all occupations
- According to the 2023 ISC2 Global Workforce Study, the number of global cybersecurity professionals has reached 5.5 million
- The median annual starting pay for information security analysts in the United States is $112,000
- The pay range of cybersecurity professionals varies, with an average annual pay of $138,180 for an Application Security Engineer and $244,096 for a Chief Information Security Officer(CISO)
- The number of unfilled cybersecurity jobs in 2023 is 3.5 million, with more than one-fifth of these positions in the U.S
Industry-Specific Cyber Security Statistics
Industries, such as manufacturing, face enhanced risks as cyber attacks on their operation technology systems can have more severe consequences, such as shutdowns, outages or explosions, than those in I.T. The following cyber attack statistics on different industry verticals highlight organizations’ need to prepare a comprehensive security plan to prevent disruption.
1. Manufacturing cyber security facts
- The highest number of cyber incidents, comprising 32.43% of the total reported incidents in 2023, are in manufacturing
- The most common action in incidents within the manufacturing industry was the deployment of backdoors, occurring in 28% of the cases
2. Healthcare cyber security facts
- Reconnaissance activities accounted for 50% of all observed cases, with attackers scouting for vulnerabilities and valuable data
- Ransomware attacks have increased by 264% over the last five years
- The average healthcare data breach cost has increased by 10% to $10.10 million
- An estimated two-thirds of healthcare organizations have faced supply chain attacks in the past two years
3. Finance & Insurance cyber security facts
- Approximately three-fourths (74%) of the attacks in finance and insurance comprised customer personal details
- The average cost of a data breach in finance is $5.9 million
- The financial sector is the most targeted industry for web application attacks
Other industries also face cyber threats, and these cyber security facts highlight the need for organizations across sectors to enhance their cyber defenses to adapt to the evolving threat landscape in 2024.
Conclusion
The high-risk digital environment demands a proactive government and vigilant consumers and businesses to guard against cybercrime. Cyber security statistics are critical indicators of the evolving cyber threats landscape and can help organizations secure digital assets.
Organizations must periodically review cyber attack statistics and cyber security facts to benchmark their cyber defenses and mitigation plans. Since most attacks are due to human errors, organizations must leverage Gen AI to automate and eliminate the human element to prevent attacks. There is no scope for complacency, and organizations must always be in a state of readiness to thwart any attack attempt by threat actors.
FAQs
1. What is the prediction for cybersecurity in 2024?
Gen AI will be the top driver of cybersecurity in 2024. Although Gen AI will contribute to increased malicious attacks, it will also help organizations reduce cyber security skill gaps and employee-driven cyber incidents. Organizations will leverage A.I. algorithms for real-time threat analysis and to identify and neutralize them.
2. How many cyberattacks per day?
According to a study by the University of Maryland, a cyber attack occurs every 39 seconds, translating into an average of 2,244 attacks per day.
According to CheckPoint research, global cyber attacks increased by 30% in Q2 2024,
reaching 1,636 weekly attacks per organization. The organization should periodically monitor cyber attack statistics, specifically for its industry vertical, to stay one step ahead of threat actors.
3. What is 90% of cyber incidents?
90% of all cyber incidents are the result of human error or behavior, such as using weak passwords or falling prey to phishing attacks. These errors serve as entry points for cybercriminals to exploit vulnerabilities, leading to data breaches and other attacks.
4. What percentage of cyberattacks include a social engineering aspect versus a technical problem?
Almost all (98%) cyberattacks use social engineering, which involves cybercriminals using social skills to compromise an individual or organization’s credentials for malicious purposes. Techniques include phishing or baiting to manipulate individuals into divulging sensitive information.
5. Which year had the worst cyberattacks in history?
Multiple cyberattacks, with varying degrees of severity, have occurred over the years, significantly impacting the various stakeholders. Some of the worst cyberattacks in recent history are as follows.
- In 2018, Marriott Group revealed a data breach of its Starwood Hotel that compromised the data of 500 million guests.
- In 2021, a ransomware attack on a colonial pipeline shut down one of the largest oil pipelines in the United States.
- In 2023, the Clop ransomware exploited a vulnerability in the MOVEit Transfer software, leading to a system infiltration that disrupted operations and compromised critical data across sectors.
6. How are statistics used in cybersecurity?
Statistics provide insights into risks, vulnerabilities, and the effectiveness of security measures. They help organizations with risk assessment and management, anomaly detection, security performance measurement, training, and creating awareness.