Data Protection Tool

16 Cybercrime Statistics To Inform Your Security Strategy

Picture of Dale Shulmistra

Dale Shulmistra

Data Protection Specialist @ Invenio IT


Cybercrime Statistics

Across the board, cybercrime statistics paint a clear picture: hackers are finding new and more effective ways to infiltrate businesses. As these bad actors modify and strengthen their methods, business leaders are left scrambling to thwart a wide range of attacks, including data theft and ransomware.

In some cases, hackers use sophisticated tools to find zero-day vulnerabilities in operating systems and software. More often than not, however, they’re relying on tried-and-true methods, like spam email and phishing attacks, to deceive users and bypass cybersecurity defenses.

Changing trends often provide insights into emerging threats and tactics, so staying on top of the latest numbers in cybercrime helps industry leaders understand the landscape and learn how to defend their businesses.

Cybercrime Statistics You Should Know

The Internet is overflowing with data related to cyberattacks, which can make it difficult to discern what information is accurate and useful. To help you sort through it, we’ve put together the most noteworthy cybercrime statistics of 2024.

1) 66% of consumers would lose trust in a company that falls victim to a data breach

This statistic might not show the extent or severity of cybercrime, but it underscores an equally important point — a single cyberattack can inflict damage that goes far beyond your IT infrastructure.

According to a 2023 study, customer loyalty may not survive a cybersecurity failure or data breach. The vast majority of customers would view your business more negatively if you experienced a cyberattack. Even worse, 75% of customers would consider ending their relationship with a brand that experienced a cybersecurity issue.

That’s a worrying fact for businesses, but it’s easy to understand when you look at things from the customer’s perspective. A data breach could compromise their personal information and put them at risk. That’s why breaches that your business fails to detect are especially damaging to your reputation. It’s bad enough for clients to learn that there was a data breach a month ago, but to hear that there was an infiltration six months ago or longer puts your organization’s practices into serious question.

2) 33% of consumers have completely cut ties with companies that experienced a data breach

Among customers who were affected by a company breach, one in three decided to stop using the company altogether. That doesn’t include the customers who lost trust, pulled back, or considered looking for alternatives.

Over time, your business might find a way to restore these customers’ trust, but it’s likely to cost you. Once your company experiences a major hacking incident, your brand reputation and revenue will take as much of a hit as your IT systems, even if customer data wasn’t at risk.

3) The Internet Crime Complaint Center received more than 880,000 complaints in 2023

The most recent report from the Federal Bureau of Investigation (FBI) shows that 2023 was another bad year for cybercrime, continuing the trend of the past several years. The number of complaints rose from 800,944 in 2022 to a record-breaking 880,418 in 2023.

Reported losses totaled more than $12.5 billion among businesses and individuals. The FBI said the most common crimes in 2023 were:

  • Phishing scams
  • Personal data breaches
  • Non-payment or non-delivery
  • Extortion

Over the last 5 years, the losses from these and other cybercrimes exceeded $37.4 billion. The FBI also emphasized that while ransomware experienced a temporary downswing in 2022, the number of incidents in 2023 increased by 8%.

4) 41% of organizations experienced more email attacks in 2023

Remote and hybrid work have become fairly standard practice since the beginning of the COVID-19 pandemic, and employers, IT teams, and remote employees have faced many difficulties as a result. Email is one of the primary forms of communication for off-site work, and hackers take full advantage of this fact. It’s no surprise then that email attacks rose significantly over the past year. Of the companies that saw this uptick, 80% have experienced ransomware.

5) 94% of organizations experienced phishing attacks

Hackers also exploited business vulnerabilities with phishing attempts, sending malicious links and attachments and hoping to trick employees into opening them. As a result, 94% of businesses fell victim to phishing attacks in the past 12 months, up from 92% at the beginning of 2023.

6)The total number of malware programs on Windows in 2023 was around 80 million

Malware detections on Windows systems are significantly lower than their peak in 2021, but that’s not necessarily a reason to celebrate. While the rates have dropped, they remain far higher than on Macs, which had under 100,000 malware programs in 2023.

7) There was an 89% increase in Android spyware detections during the second half of 2023

Rather than causing destruction, spyware runs quietly in the background and tries to stay under the radar as it gathers information about a user or organization. It’s often the first step toward deploying additional cyberattacks.

Android devices have seen an astronomical increase in the amount of spyware over the past year. Much of this is due to SpinOk Spyware, which causes legitimate Android apps to behave like spyware.

8) 95% of data breaches were financially motivated

To understand hackers’ motives, just follow the money. An analysis of nearly 5,200 data breaches found that financial payoffs are almost always the driving force. Hackers use a variety of tactics to get paid, including cyber-extortion, ransomware, and selling stolen data.

9) Data compromises affected more than 353 million individuals in the United States in 2023

With all the widely reported cyberattacks in the United States, Americans are coming to understand their own risk as consumers, healthcare patients, and bank customers. The reality is hard to avoid considering that the country experienced at least 3,205 separate data compromise cases in 2023.

The United States is also one of the most prominent targets for high-profile cyberattacks. These are the types of events you hear about on the news, affecting large American companies and their millions of customers. People feel especially vulnerable because their data is out of their hands. When organizations don’t use the best defenses against cybercrime, there’s little that customers can do about it.

It’s important to keep in mind that most cyberattacks on businesses go unreported. As a result, while high-profile attacks may make for sensational headlines and studies show that American companies have experienced thousands of breaches, even more are happening than the public realizes.

10) The average cost of a data breach in 2023 was $4.45 million

No matter how you slice it, data breaches are expensive, costing businesses more than $4 million on average. According to a joint report from IBM and the Ponemon Institute, that’s a 15% increase over 3 years.

The costs include direct and indirect effects of dealing with the breach, such as:

  • Recovery efforts
  • Regulatory fines
  • Downtime
  • Lost opportunities from customer churn
  • Lower revenue

Companies that deploy a multilayered cybersecurity strategy combining both anti-malware and robust data backup can more quickly recover from an attack and minimize the financial impact.

11) Only 48% of companies globally have cyber insurance

Cyber insurance has become an increasingly crucial over the past decade, stepping in to cover businesses against digital risks and liabilities. Unfortunately, less than half of organizations had invested in cyber insurance to protect against cybercrime as of 2021.

Companies can often choose between two levels of cyber insurance coverage: first-party and third-party. First-party coverage includes direct losses to the insured party, such as data loss. Third-party coverage goes one step further to cover claims and legal actions partners or customers take against the insured party. Given the rampant cybercrimes and frequent broadcasting of those crimes, it’s difficult to understand why more businesses aren’t exploring this protective measure.

12) The U.S. is facing a cybersecurity workforce gap totaling 482,985

While the size of the cybersecurity workforce continues to grow, so does the gap in the number of professionals needed to keep up with the demand. The 2022 cybersecurity workforce gap in the U.S. was up 17% in 2023 compared to the prior year.

A lack of professional support is one of many challenges that businesses face in trying to protect their systems, and experts say this shortage leaves networks especially vulnerable. This issue is present in countries around the world, and the global workforce will need nearly 4 million more cybersecurity professionals to fully defend businesses and consumers in the coming years.

13) Experts estimate that the annual cost of cybercrime will reach $13.82 trillion in 2028

The global cost of cybercrime hit an astounding $8.15 in 2023, but that number seems small in comparison to what lies ahead. If the current trend continues, costs will near $14 trillion by the end of 2028. Compare that to the $0.86 trillion cost in 2018, and it’s enough to give even the bravest business owners nightmares.

14) There were more than 10.54 million cyberattacks on Internet of Things (IoT) devices in December 2022

Aside from accessing your primary networks and servers, hackers also use IoT devices to disrupt your business and compromise your entire system. After dropping to around 6 million in 2021, the number of attacks on these devices went up again in 2022. That’s particularly bad news considering that there were 15.14 million connected IoT devices in 2023.

Hackers target IoT in businesses across nearly every industry, including retail, finance, healthcare, and government. Yet businesses often leave their IoT devices unprotected, not realizing that they serve as an entry point. These additional IoT statistics help illuminate the severity of the problem:

To ensure that hackers can’t exploit IoT devices, businesses should consider how to incorporate them into their overall cybersecurity strategy.

15) Ransomware attacks increased by 68% in 2023

Ransomware has become one of the most destructive forms of malware, encrypting businesses’ data on PCs and servers. Once encrypted, the data becomes unusable, which is potentially disastrous when it comes to critical application data and O/S files.

In a matter of moments, a ransomware gang could stop your systems from working and cause widespread operational disruptions. They’ll demand a ransom payment to recover your data, but there’s no guarantee they’ll restore it even if you pay. Not only that, but the cost of the disruption typically far outweighs the expense of the ransom. In worst-case scenarios, ransomware attacks force smaller businesses to close for good.

There were some positive signs in 2022 as the frequency of ransomware dropped, but they didn’t last long. In 2023, the numbers skyrocketed up again, particularly in the United States, which accounted for nearly half of the year’s ransomware attacks. The average ransom demand also went up, with the largest known demand hitting $80 million.

The prevalence of ransomware is another reason why businesses must deploy a dependable disaster recovery solution so that they can restore encrypted data from backups.

16) Half of small and medium-sized businesses (SMBs) have no cybersecurity plan

The chances of a successful cyberattack are much higher when a business operates without a cybersecurity plan. Cybercriminals specifically target these organizations, looking for system vulnerabilities and unsuspecting users. Distressingly, statistics show that half of all SMBs don’t have such a plan in place. Even more concerning is the fact that 20% of SMBs with no plan said they don’t intend to create one.

Keep in mind that even businesses with cybersecurity plans may not be doing everything necessary to protect their systems. It’s common for organizations to deploy cybersecurity solutions across some areas, but not all. In healthcare, for example, facilities use a wide range of devices, software, and systems that change frequently. For the sake of time, new deployments often don’t receive the proper IT evaluation, leading to security gaps and vulnerabilities.

A cybersecurity incident response plan is vital for assessing risks and knowing how to properly respond to attacks when they occur. It helps businesses determine how to minimize the duration, downtime, and damage associated with a cybersecurity incident.

The incident response report should also provide guidance for identifying stakeholders after an attack, streamlining digital forensics to understand what happened, improve recovery and business continuity, and reduce negative publicity and loss of customer confidence.

Taking Action in the Face of Cybercrime

Looking at the reality of cyberattacks could leave you feeling overwhelmed and defeated. Instead, let these cybercrime statistics serve as a springboard that propels you toward a smarter, more comprehensive approach to cybersecurity. Take time to honestly evaluate your organization’s risk levels and whether you’re keeping up with the latest cybersecurity technologies.

To defend against attacks such as ransomware, organizations need to implement a multilayered strategy consisting of network defenses, anti-malware solutions, cybersecurity training for employees, and data backups. All these elements are critical to preventing cybercrime and achieving speedy recoveries from successful attacks.

You don’t have to go through this process alone. The experts at Invenio IT offer guidance on how to protect your business from all kinds of cybersecurity threats. Reach out to talk to a data protection specialist about the best data backup and cybersecurity solutions available on the market.

Get the Ultimate Cybersecurity Handbook for Employees
Invenio it logo

Join 23,000+ readers in the Data Protection Forum

Related Articles