Blog

The Top 2024 Statistics for 2024

Cybersecurity is a day-to-day operation for many businesses, but it’s not a small task to stay on top of what’s been going on over the past year or so.

We’ve compiled this list of the most important stats and trends, split into bite-sized categories.

2024 Data Breach Statistics

Large-scale, well-publicized breaches are on the rise, suggesting that not only are the number of security breaches going up — they’re increasing in severity, as well.

Data breaches expose sensitive information that often leaves compromised users at risk for identity theft, ruins company reputations, and makes the company liable for compliance violations:

  • Since 2022, the Federal Trade Commission received more than 1.1 million reports of identity theft annually (US News)

  • Beginning in 2023, security breaches saw a 72% increase from 2021 (Forbes)

  • Cyber fatigue impacts as much as 42% of organizations globally (Cisco)

  • 64% of Americans report never having checked to see if they were directly affected by a data breach (Varonis)

  • 97% percent of organizations have seen an increase in cyber threats since the start of the Russia-Ukraine war (Accenture)

  • The average cost of a data breach was $4.88 million in 2024, the highest average on record (IBM)

  • 88% of cybersecurity breaches have an element of human error (Stanford)

  • The average time to identify a breach is 194 days (IBM)

  • The average lifecycle of a breach is 292 days from identification to containment (IBM)

  • The likelihood that a cybercrime entity is detected and prosecuted in the U.S. is estimated at around 0.05% (World Economic Forum)

Historic Data Breach Statistics

  • Over 560 million Ticketmaster customers had their information stolen in a 2024 breach. (BBC)

  • A 2021 LinkedIn data breach exposed the personal information of 700 million users or about 93 percent of all LinkedIn members. (RestorePrivacy)

  • An attack on Microsoft in March 2021 affected more than 30,000 organizations in the U.S., including businesses and government agencies. (Microsoft)

  • In April 2021, a two-year-old vulnerability was discovered that exposed the personal information of more than 533 million users. (Auth0)

  • Using a single password, hackers infiltrated the Colonial Pipeline Company in 2021 with a ransomware attack that caused fuel shortages across the U.S. (Bloomberg)

  • Meat processing company JBS was the victim of a ransomware attack that shut down beef and poultry processing plants on four different continents. (Wall Street Journal)

  • In 2023 T-Mobile disclosed its second data breach of the year involving the theft of 836 customers' personal data, the first data breach affected approximately 37 million customers. (itgovernanace)

  • In September 2021, Neiman Marcus found an 18-month-old data breach that exposed payment data and other information for 4.6 million shoppers. (Neiman Marcus)

  • Personal data belonging to more than 100 million Android users was exposed in a 2021 data leak due to misconfigured cloud services. (Check Point)

  • Trading app Robinhood fell victim to a social engineering attack that compromised the personal data of 5 million users. (Robinhood)

  • A 2020 Twitter breach targeted 130 accounts including those of past U.S. presidents and Tesla CEO Elon Musk, resulting in attackers swindling $121,000 in Bitcoin through nearly 300 transactions. (

    CNBC)

  • In 2023, X (formerly Twitter) was targeted by a criminal hacker that leaked more than 220 million users email addresses. (IT Governance)

  • 500 million consumers, dating back to 2014, had their information compromised in the Marriott-Starwood data breach made public in 2018. (CSO Online)

  • The 2019 MGM data breach resulted in hackers leaking records of 142 million hotel guests. (CPO Magazine)

  • In 2018, Under Armour reported that its “My Fitness Pal” app was hacked, affecting 150 million users. (Under Armour)

  • 100,000 groups and more than 400,000 servers in at least 150 countries were infected by the Wannacry virus in 2017, at a total cost of around $4 billion. (Technology Inquirer)

  • Uber tried to pay off hackers to delete the stolen data of 57 million users and keep the breach quiet. (Bloomberg)

  • In one of the biggest breaches of all time, three billion Yahoo accounts were hacked in 2013. (New York Times)

  • In 2020, cybercriminals cloned the voice of a U.A.E. company director to initiate a $35 million bank transfer. (Forbes)

  • In 2023 AT&T a breach exposed approximately 9 million customers' personal details. (IT Governance)

2024 Cybercrime Statistics By Type

Cybersecurity issues are diverse and always evolving and new malware and viruses are discovered every day. It’s crucial to have a grasp of the most common types of attacks and where they come from in order to guard against future infiltrations.

Some of the most common attacks include phishing, whaling, malware, social engineering, ransomware, and distributed denial of service (DDoS) attacks. Read more below to get a sense of the most common cyberattacks.

2024 Ransomare and Malware Statistics

  • The number of ransomware victims in March 2023 was nearly double the number from the previous year. (Forbes)

  • More than 300,000 Android users have downloaded banking trojan apps via the Google Play Store. (Threat Fabric)

  • An average of around 24,000 malicious mobile apps are blocked daily on the internet. (Tech Jury)

  • Nearly half (47.4 percent) of all internet traffic came from bots in 2022, which is a 5.1% increase over 2021 (Imperva)

  • From November 2021 to October 2022, Microsoft Office applications were the most commonly exploited applications worldwide at 70 percent (Statista)

  • 94 percent of malware is delivered by email. (Verizon)

  • The average cost of a ransomware recovery in 2024 is $2.73 million. (Sophos)

  • Only eight percent of businesses that pay ransom to hackers receive all of their data in return. (Sophos)

  • From November 2021 to October 2022, Microsoft Office applications were the most commonly exploited applications worldwide at 70 percent (Statista).

  • In the first half of 2022, researchers flagged almost 79 million domains as malicious, based on a newly observed domain dataset. (Akamai)

  • 75 percent of orgs suffered at least one ransomware attack last year. (Infosecurity Ma)

  • Approximately 20% of all newly observed domains (NODs) that were successfully resolved were flagged as malicious in the first half of 2022. (Akamai)

  • Despite new technology, ransomware motivated over 72% of cybersecurity attacks in 2023.

  • 83% of respondents paid the ransom in the wake of an attack.

  • Over half of respondents paid more than $100,000 in ransom.

  • 52% experienced a ransomware attack that significantly impacted business systems and operations.

  • 82% of data breaches included cloud-based data, with ransomware at the forefront.

  • The average ransom in 2023 was $1.54 million, almost double the 2022 figure.

  • Over 72% of businesses worldwide were affected by ransomware attacks as of 2023.

  • According to IBM, it takes an average of 49 days to identify a ransomware attack.

  • Ransomware-as-a-service (RaaS) is growing, with 67 active RaaS found in the first half of 2022.

  • In just the first 6 months of 2023, ransomware extortion totaled $176 million more than in all of 2022.

2024 Phishing Statistics

  • 57 percent of organizations see weekly or daily phishing attempts. (GreatHorn)

  • Phishing was the leading infection vector, identified in 41% of incidents, making it the most common initial attack vector. (IBM)

  • 26 percent of phishing attacks exploited public-facing applications. (IBM)

  • Phishing attacks account for more than 80 percent of reported security incidents. (CSO Online)

  • $17,700 is lost every minute due to a phishing attack. (CSO Online)

  • Use of stolen cards is the most common type of threat, followed by ransomware and phishing. (Verizon)

  • DDoS attacks have dominated incidents, with 6,248 DDoS Attacks in 2022. (Verizon)

  • Application-layer DDoS attacks increased by 15 percent in the second quarter of 2023. (Cloudflare)

  • Incidents aimed at cryptocurrency firms surged by a staggering 600% in the first quarter of 2023, coinciding with a notable 15% upswing in HTTP DDoS attacks. (Cloudflare)

  • 19 percent of data breaches involve internal actors. (Verizon)

  • The number of IoT attacks in the world reached over 10.54 million in December 2022. (Statista)

  • Nearly 58% of IoT attacks occurred with the intent of mining cryptocurrency. (Purplesec)

  • The average smart home could be at risk of more than 12,000 hacker attacks in one week. (Purplesec)

  • 30 percent of known zero-day vulnerabilities targeted mobile devices in 2021. (Purplesec)

  • 43 percent of all breaches are insider threats, either intentional or unintentional. (Check Point)

  • Over 24 billion passwords were exposed by hackers in 2022, and 64 percent of passwords only contain eight to 11 characters. (Norton)

2024 Cyber Compliance Statistics

The risks of not securing files are more prevalent and dangerous than ever, especially for companies with a remote workforce. More severe consequences are being enforced as stricter legislation passes in regions across the world defending data privacy. Some stand-outs from recent years include the European Union’s 2018 General Data Protection Regulation (GDPR) and California’s 2020 California Consumer Privacy Act (CCPA). Companies should take note of takeaways from the GDPR as more regions around the world are expected to emulate the legislation. It’s crucial to properly set file permissions and remove stale data in order to stay secure. Keeping data classification and governance up to par is instrumental to maintaining compliance with data privacy legislation like HIPAA, SOX, ISO 27001, and more. If you’re curious about data security, try a free risk assessment to see where your vulnerabilities lie.

  • 66 percent of companies say that compliance mandates are driving spending. (CSO Online)

  • 78 percent of companies expect annual increases in regulatory compliance requirements. (Thomson Reuters)

  • For large firms, the cost of compliance can approach $10,000 per employee. (Forbes)

  • The total amount of HIPAA violation fines and settlements in 2023 was $4,176,500 (Compliancy Group)

  • So far, data breaches exposed 7 billion records in the first half of 2024. (IT Governance)

  • On average, every employee has access to 11 million files. (Varonis)

  • 15 percent of companies found 1,000,000+ files open to every employee. (Varonis)

  • 17 percent of all sensitive files are accessible to all employees. (Varonis)

  • About 60 percent of companies have more than 500 accounts with non-expiring passwords. (Varonis)

  • More than 77 percent of organizations do not have an incident response plan. (Cybint)

GDPR cybersecurity statistics

  • Spain issued 212 GDPR fines in 2021 and has issued 3x more fines than any other country. (Lexology)

  • GDPR fines totaled 2.1 billion euros in 2023. (Statista)

  • Adtech giant Criteo was fined over $42 million in fines for GDPR related violations. (Tech Crunch)

  • 88 percent of companies spent more than $1 million preparing for the GDPR.(IT Governance)

  • In the GDPR’s first year, there were 144,000 complaints filed with various GDPR enforcement agencies and 89,000 data breaches recorded. (EDPB)

  • After many US news sites have suffered long term losses after blocking EU users as a response to GDPR. (Oxford University)

  • GDPR fines totalled $63 million in the first year. (GDPR.eu)

  • Meta was fined $1.3 billion for GDPR violations in 2023. (NYTimes)

  • In 2023 TikTok was fined for breaching a number of GDPR rules, including failure to keep children's data safe. (Tech Crunch)

  • Spotify were fined over $5 million for breaching GDPR regulations in 2023. (Medium)

  • 94% of US companies are not prepared to comply with GDPR Requirements. (Spice Works)

2024 Cybersecurity Budget Statistics

Average expenditures on cybercrime are increasing dramatically, and costs associated with these crimes can be crippling to companies who have not made cybersecurity a significant part of their budget. Cybersecurity budgeting has been increasing steadily as more executives and decision-makers realize the value and importance of cybersecurity investments.

Take a look at these spending statistics and projections for an idea of where cybersecurity costs stand in 2024.

  • The global average cost of a data breach in 2024 is $4.88 million, a 10 percent increase over last year. (IBM)

  • The average per-capita cost of a data breach is $165, one dollar higher than 2022. (IBM)

  • The average total cost of a ransomware breach is $5.13 million, 13 percent higher than in 2022. (IBM)

  • US cyber insurance premiums surged 50 percent in 2022, reaching $7.2 billion in premiums collected from policies written by insurers. (Insurance Journal)

  • When remote work is a factor in causing a data breach, the average cost per breach is $173,074 higher. (IBM)

  • The global security market value is forecast to reach $424.97 billion in 2030. (Fortune Business Insights)

  • Companies with extensive use of AI and automation security tools cost 2.2 percent less in breach costs. (IBM)

  • Organizations with a zero-trust approach saw average breach costs $1.76 million less than organizations without. (IBM)

  • A data breach can cost a company an average of $1.3 million in lost business. (IBM)

  • Since 2020, healthcare data breach costs have increased 53.3%. (IBM)

  • Annually, hospitals spend 64 percent more on advertising in the two years following a breach (

    American Journal of Managed Care)

  • Phishing is the most expensive initial attack vector, costing $4.9 million in 2023 (IBM)

  • Large enterprises spend approximately $2,700 per full-time employee per year on cybersecurity. (SecureAge Technology)

  • The most expensive component of a cyberattack is information loss, which represents 43% of total costs (IBM)

  • The average total cost of a data breach in smaller companies (500 employees or less) increased from $2.92 million in 2022 to $3.31 million in 2022. (IBM)

  • The average total cost of a breach in very large companies (more than 25,000 employees) decreased from $5.69 million in 2022 to $5.42 million in 2022. (IBM)

  • Data breaches led to an increase in the pricing of business offerings for 57% of companies. (IBM)

  • The average total cost of a data breach in Canada decreased by 9 percent from $5.64 million to $5.13 million (IBM)

  • In 2024, the United States is the country with the highest average total cost of a data breach at $9.36 million. The Middle East is a close second with $8.75 million (IBM)

  • In 2024, spending in the cybersecurity industry is expected to be around $87 billion USD, an 8 percent increase from 2023. (Statista)

  • In 2023 a data breach investigation report stated that 97 percent of threat actors were financially motivated. (Verizon)

2025 Cybersecurity Cost Predictions

  • Worldwide cybercrime costs are estimated to hit $10.5 trillion annually by 2025. (Cybersecurity Ventures)

  • Global spending on cybersecurity products and services is predicted to reach $1.75 trillion cumulatively for the five-year period from 2021 to 2025. (Cybersecurity Ventures)

2024 Cybersecurity Statistics By Industry

When it comes to cybersecurity, not all industries are created equal. Industries that store valuable information such as healthcare and finance are usually bigger targets for hackers who want to steal social security numbers, medical records, and other personal data.

This doesn’t mean lower-risk industries aren’t victims, too. They’re often targeted due to the likelihood that they’ll have fewer security measures in place and their information will be more easily accessible.

Try a free 30-minute demo to see how Varonis can help keep your organization’s name out of data breach headlines.

2024 Healthcare Cybersecurity Statistics

  • There were over 630 ransomware incidents impacting healthcare worldwide in 2023. (HHS)

  • The WannaCry ransomware attack cost the U.K.’s National Health Service (NHS) more than $100 million. (Datto)

  • The cost of downtime to medical organizations due to attacks is estimated to bbe $15.5 million in 2023. (Comparitech)

  • 32 percent of all recorded data breaches between 2015 and 2022 were in the healthcare industry. (HIPAA Journal)

2024 Finance Cybersecurity Statistics

  • Cryptocurrency payments to ransomware attackers hit $449.1 million in the first half of 2023. (Reuters)

  • Financial services have 449,855 exposed sensitive files, 36,004 of which are open to everyone in the organization. This is the highest when comparing industries. (Varonis)

  • On average, 70 percent of sensitive files in the financial services industry are stale. (Varonis)

  • On average, a financial services employee has access to nearly 11 million files the day they walk in the door. For large organizations, employees have access to 20 million files. (Varonis)

  • Financial services businesses take an average of 233 days to detect and contain a data breach. (Varonis)

  • The average cost of a financial services data breach is $4.45 million. (IBM)

  • Financial breaches account for 10 percent of all attacks. (Verizon)

  • 74 percent of financial and insurance attacks comporimised personal details (Verizon)

  • In April 2022, decentralised finance platform Beanstalk Farms lost $180 million in a cryptocurrency heist (CEIP)

2024 Government Cybersecurity Statistics

  • Manufacturing accounted for 65% of industrial ransomware incidents in 2022. (NAM)

  • 58 percent of nation-state cyberattacks originate from Russia. (Microsoft)

  • 79 percent of nation-state attackers target government agencies, non-government organizations (NGOs), and think tanks. (Microsoft)

2024 Enterprise Cybersecurity Statistics

  • Smaller organizations (one to 250 employees) have the highest targeted malicious email rate at one in 323. (Comparitech)

  • In Europe, U.K. companies are the most likely to be targeted by phishing attacks, followed by Spain (Slash Next)

  • A new study found that only 4 in 5 executives believe their C-suite and board understand the existing cybersecurity threat levels, but more than 2/3 agree that budget constraints limit their ability to respond to these risks (Neustar)

  • 96% of organizations grant external parties access to critical systems, providing a potentially unprotected access route to their data to be exploited. (CyberArk)

  • In 268 trials, 80% of external penetration tests encountered an exploitable misconfiguration (Rapid7)

2024 SMB Cybersecurity Statistics

  • On average, 43% of cyberattacks target small businesses (Packetlabs)

  • Cybercrime increased by 600% due to COVID-19 pandemic

  • 60% of small businesses shut down within six months of a cyberattack

  • Nearly 40% of small businesses reported data loss due to a cyberattack

  • 82% of ransomware attacks are aimed at small businesses

  • 1 in 323 emails received by SMBs is malicious

  • A data breach costs an average of $3.31 million for small businesses with fewer than 500 employees

  • 95% of cybersecurity breaches are attributed to human error.

  • The cost of 95% of cybersecurity incidents at SMBs ranges from $826 to $653,587.

  • 5% to 20% of overall IT budgets are dedicated to security by small and medium-sized businesses.

  • 43% of small to medium-sized businesses lack a recovery plan for a cybersecurity incident.

  • 50% of small businesses take 24 hours or more to recover from a cyberattack.

  • 85% of all ransomware targets are small businesses

  • The average cost of a ransomware attack is $26,000.

  • Over the last year, US small businesses have paid more than $16,000 in ransoms.

  • The number of businesses subjected to ransomware attacks increased by more than 27% in the last year.

  • 37% of companies hit by ransomware had under 100 employees.

  • 5% of SMBs fell victim to ransomware between 2016 and 2017.

  • Manufacturing was the top industry targeted by ransomware attacks.

Avoid Becoming a Part of the Percentage With Packetlabs

Here at Packetlabs, our penetration testing services are 100% tester-driven: this is a testament to our commitment to both quality and security. We strive to ensure that the best test results are delivered to our clients. Our in-depth testing ensures that no stone is left unturned, and even the most minute of weaknesses can be found and eliminated.

Our team comprises highly experienced professionals with some of the industry’s most sought-after certifications, such as CREST, OSCP, CEH, and CISSP.

Contact us today or join our newsletter for cybersecurity education and implementation that goes beyond the checkbox.

Ready to get started?

There's simply no room for a compromise. We're here to help. Our team works with yours to ensure you reach your full security potential.

Featured Posts

See All

October 24 - Blog

Packetlabs at SecTor 2024

Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.

September 27 - Blog

What is InfoStealer Malware and How Does It Work?

InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.

September 26 - Blog

Blackwood APT Uses AiTM Attacks to Target Software Updates

Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.