17 Noteworthy Cybercrime Statistics for 2021

June 28, 2021

9 min read

Tracy Rock

Director of Marketing @ Invenio IT
cybercrime statistics

17 Noteworthy Cybercrime Statistics for 2021

by Jun 28, 2021Security

Cybercrime statistics over the past two decades have continued to show that hackers are finding ways to infiltrate businesses. As their methods have evolved, business leaders have worked to thwart a wide range of attacks, ranging from data theft to ransomware.

In some cases, hackers are using sophisticated tools to find zero-day vulnerabilities in operating systems and software. But more often than not, they’re relying on tried-and-true methods, like spam email and phishing attacks, to deceive users and bypass cybersecurity defenses altogether.

One crucial way that industry leaders can continue to learn how to defend against these attacks is by staying on top of the latest cybercrime statistics. Changing trends often provide insight into the tactics that hacker groups are using, as well as the emergence of new threats.

With that in mind, here are some of the most telling cybercrime stats of 2021.

Cybercrime statistics you should know

1) 65% of customers claim to lose trust in a company after a cybercrime like a data breach

We put this statistic first because it’s important to keep in mind that a cyberattack can inflict damage beyond just your IT infrastructure.

Thinking of it from a customer’s perspective, it’s understandable that a data breach might shake one’s faith in a business. And, the breaches that go completely undetected are often the ones that are most damaging for an organization’s reputation. It’s bad enough for clients to learn that there was a data breach one month ago, but to hear that there was an infiltration six months, or more than a year, ago will give any vested parties pause, wondering what went wrong.

Regardless of what cybercrime occurred, clients and customers will question whether it’s safe to do business with the company again, fearing that their personal information could be compromised. (Source: Yahoo Finance)

2) 27% of customers stopped doing business with the compromised company altogether

Among customers who were affected by a company breach, a staggering 27% decided to stop using the company altogether. That’s separate from the 65% of customers who merely lost trust.

Over time, businesses might find ways to restore customers’ trust, but typically at great expense. The truth is that, once a company has experienced a major hacking incident (even one that never puts customer data at risk), it will find that revenue, brand reputation and customer trust have taken just as big of a hit as their IT systems. (Source: Yahoo Finance)

3) Cybercrime reports increased by 69%

2020 was an especially bad year for cybercrime – precisely because of the global pandemic, not in spite of it.

In March 2021, the FBI stated in its 2020 Internet Crime Report that it received a record number of cybercrime-related complaints in 2020: 791,790 – an increase of 69% over 2019 and an average rate of more than 2,000 reports per day.

Reported losses totaled more than $4.2 billion among businesses and individuals. The FBI said the most common crimes in 2020 were:

  • Phishing scams
  • Non-payment/non-delivery scams
  • Cyber extortion

Notably, the FBI wrote, “2020 saw the emergence of scams exploiting the COVID-19 pandemic. The IC3 received over 28,500 complaints related to COVID-19, with fraudsters targeting both businesses and individuals.”

Over the last 5 years, reported losses have totaled more than $13.3 billion. (Source: FBI)

4) 64% increase in email threats in 2020

Employers, IT teams, and remote employees faced no shortage of difficulties in 2020, and cybercriminals were well aware of that fact. With the threat of a coronavirus spanning the globe, hackers quickly figured out that IT systems (and their users) were under tremendous stress and pressure. As usual, bad actors exploited that to their advantage. Employers and employees worked hard to adjust to the newly introduced large-scale remote work paradigm, while IT leadership helped get their home tech up and running smoothly.

Still, there were a lot of distractions and hiccups along the way, leading to security vulnerabilities in every industry. So it’s no surprise that organizations saw a 65% increase in email threats in 2020.

5) 1,185 phishing attacks per business a month (on average)

Hackers exploited a bad situation, sending malicious links and attachments that employees would open more than they ordinarily might have, given the stress of the pandemic. According to Security Magazine, organizations have needed to remediate about 1,185 email phishing attacks per month since the beginning of the COVID-19 pandemic. (Source: Security Magazine)

6) 94% of malware is delivered via email

Generally and even in the best of times, 94% of malware is spread through email. For hackers, nothing beats a classic, and email is a dependable method for distributing malware on a large scale. Often, all it takes is a simple click on the malicious link, and the malware infiltrates systems to steal user information or disrupt business operations.

This is why it’s so important for IT teams to prioritize emergency email training (or a refresher session) to ensure everyone understands email attacks and how to avoid them. Even better, it’s in businesses’ best interests to provide relevant cybersecurity training at least once a year to ensure that users always remain in the loop and work in tandem with your IT team to keep systems secure at all times. (Source: The National News)

7) 24% decrease in malware detections on Windows business PCs

This statistic is a bit deceptive because it sounds like good news, but it comes with a caveat. According to Malwarebytes, the rate of malware detections on Windows business computers dropped by 24%. However, hackers appear to be using other insidious tools instead.

While malware detections decreased, the use of certain hacking tools (sometimes referred to as riskware or HackTools) increased by 147%. These tools are not always overtly malicious at first, but they can pose risks for the user in another way, such as creating a backdoor for other malware to be delivered undetected. (Source: Malwarebytes)

8) 24% increase in spyware

This is another insidious form of malware that is not intended to cause destruction but instead spy on the user. In fact, the most successful forms of spyware are those that go completely undetected, running quietly in the background.

Malwarebytes said its software detected an overall 24% increase in spyware in 2020. Typically, the objective of spyware is to gather information about a user or organization, often as a means to deploying additional cyberattacks in the future. (Source: Malwarebytes)

9) 86% of breaches were financially motivated

To understand hackers’ motives, you merely need to follow the money. An analysis of 157,525 cybersecurity incidents, conducted by Verizon, found that the vast majority of data breaches (86%) are financially motivated.

Hackers use a variety of tactics to get paid: cyber-extortion, ransomware and the sale of stolen data, to name a few. (Source: Verizon)

10) The U.S. has suffered 156 separate high-profile cyberattacks between May 2006 and June 2020

The United States has suffered the highest number of high-profile cyberattacks worldwide. These are the types of attacks you hear about in the news, affecting large American companies (and their millions of customers).

With all the widely reported cyberattacks in the U.S., Americans are coming to understand their own risk as consumers, healthcare patients and bank customers. A 2018 Gallup poll revealed that 71% of those surveyed worry about the hacking of their personal data, while 67% worry about identity theft.

People feel especially vulnerable, because their data is out of their hands. They merely shop at businesses like Target and Home Depot that store their information online. But if these organizations aren’t using the best defenses against cybercrime, there’s little that customers can do about it. And that’s where the severe loss of customer trust occurs after a breach.

It’s important to keep in mind that most cyberattacks on businesses go unreported. So, while 156 high-profile attacks have occurred over the last 2 decades, far more are happening every day, on businesses of all sizes. (Source: Finances Online)

11) The average cost of a data breach in 2020 was $3.86 million

According to a joint report from IBM and the Ponemon Institute, the figure revealed a surprising 1.5% decrease over the 2019 figure, but it showed a 10% increase over the previous five years.

It’s too soon to see the decrease as a trend, but it’s a small move in the right direction. The costs included in the figure are a combination of those related directly and indirectly to dealing with the breach, notes CSO Online. Additional costs include lost opportunities from customer churn, bad publicity that leads to erosion of trust and loyalty and regulatory fines.

Companies that deploy a multilayered cybersecurity strategy that combines both antimalware and robust data backup are better positioned to quickly recover from an attack and minimize the financial impact. (Source: IBM)

12) 68% of U.S. companies have not invested in any cybersecurity insurance

Cyber insurance has become an increasingly crucial subcategory of business insurance over the past decade, stepping in to cover businesses against digital risks and liabilities. But statistics show that the majority of American companies are not insured, despite the rising threats.

Companies can often choose between two levels of cyber insurance coverage: first-party and third-party. When a business or person invests in first-party coverage, it covers direct losses to the insured party (such as data loss). Third-party goes one step further to protect and cover claims and legal actions taken by partners or customers against the insured party.

Given the rampant cybercrimes and frequent broadcasting of those crimes, it’s tough to understand why more businesses aren’t exploring this protective measure. While insurance alone won’t help a business recover from a massive cyberattack, it can help cover the steep financial setbacks. (Source: PC Magazine)

13) American businesses face a shortage of 314,000 cybersecurity professionals

This cybercrime statistic may be more of a workforce stat, but it’s important to illustrate it within the larger context of difficulties that businesses face in trying to protect their systems

According to CyberCrime Magazine, U.S. employers now consistently hire a cybersecurity workforce with numbers hovering around 715,000 people. However, there are still 314,000 unfilled cybersecurity positions, reflecting a major shortfall across multiple industries. Experts say this shortage is absolutely leaving networks vulnerable.

The shortage isn’t isolated solely to the U.S., either. According to a 2019 (ISC)² Cybersecurity Workforce Study, there is a global shortage of cybersecurity professionals, estimating that 4.07 million more workers are needed to defend businesses and consumers properly. (Source: Cybercrime Magazine)

14) 60% of malicious domains are connected to spam campaigns

This is another area where hackers exploited the COVID-19 pandemic to prey on users.

Between March 9, 2020, and April 6, 2020, hackers registered more than 300,000 coronavirus-related domains on the web. Hackers used these sites for a wide variety of malicious purposes, from laying malware to selling fake COVID vaccines and “cures.”

But the problem is not unique to the pandemic. Experts say that 60% of malicious domains are created for the purposes of sending spam email, often with malicious links and files attached. (Source: Tech Jury)

15) 30,000 websites hacked every day

Aside from accessing your networks and servers, hackers also use your website as a means of disrupting your business, stealing data and laying additional malware to compromise your visitors’ computers.

Worldwide, these hackers target businesses in nearly every industry, including retail, banking and finance, healthcare and the government. Ultimately, every website on the Internet is subject to the whims of hackers trying to gain access to valuable data on business’s customers, employees, financial matters and intellectual properties.

Blogging and content management platforms such as WordPress host 35% of all websites on the internet, often relying on poorly developed plugins. Savvy hackers know how to identify the vulnerabilities in these plugins. And in worst-case scenarios, they can completely hijack the website.

Here are some additional cybercrime statistics related to website hacks:

  • 62% of websites are found to have an SEO spam infection upon inspection. (This tactic involves hackers injecting keywords with outbound links across your site to gain better standing for their own websites.)
  • 47% of websites contain one or more backdoors allowing unauthorized access to your site management tools.
  • Third-party components and software defects are typically the most exploited vulnerabilities. (Source: Tech Jury and Sucuri)

16) Ransomware attacks increased by 485% in 2020

64% of ransomware attacks took place in the first two quarters of 2020, further showing that hackers struck while the iron was hot as everyone was distracted by the chaos of COVID-19. Overall, attacks increased by 485% in 2020 vs. 2019.

Ransomware has become one of the most destructive forms of malware today, encrypting businesses’ data on PCs and servers. Once encrypted, the data is unusable, including critical application data and O/S files. This causes systems to stop working, leading to widespread operational disruptions. Hackers demand a ransom payment to restore the data, but there’s no guarantee they’ll do it even if you pay. Plus, the cost of the disruption typically far outweighs the expense of the ransom. In worst-case scenarios, ransomware attacks force smaller businesses to close for good.

The prevalence of ransomware is another reason why businesses must deploy a dependable disaster recovery solution, so that encrypted data can be restored from backup. (Source: Info Security and Bitdefender)

17) Over 77% of businesses do not have an adequate cybersecurity incident response plan

Anytime a business operates without a cybersecurity plan, a successful cyberattack is far more likely. Cybercriminals specifically target these businesses, looking for system vulnerabilities as well as unsuspecting users. And unfortunately, statistics show that most businesses do not have such a plan in place. According to survey results from IBM, 77% respondents said they do not have a cybersecurity incident response plan applied consistently across the business.

“Consistently” is the telling word here. It’s common for organizations to deploy cybersecurity solutions across some areas of the business, but not all. Healthcare is a prime example, where facilities use a wide range of devices, software and systems, which change frequently. For the sake of time, new deployments often do not get the proper IT evaluation, leading to security gaps and vulnerabilities.

A cybersecurity incident response plan is vital for assessing risks and knowing how to properly respond to attacks when they occur. It helps businesses determine how to minimize the duration, downtime and damage associated with a cybersecurity incident. The incident response report should also provide guidance for identifying stakeholders after an attack, streamlining digital forensics to understand what happened, improve recovery and business continuity and reduce negative publicity and loss of customer confidence. (Source: IBM)


The latest cybercrime statistics show that businesses continue to face a wide range of threats, and many organizations have failed to keep up with the latest cybersecurity technologies. To defend against attacks such as ransomware, organizations need to implement a multilayered security strategy consisting of network defenses, antimalware solutions, cybersecurity training for employees and data backup. This strategy is essential for the prevention and mitigation of cybercrime, as well as for assuring speedy recovery from successful attacks.

Learn more

For more information on protecting your business from today’s cybersecurity threats, contact our experts at Invenio IT. Request a free demo of advanced disaster recovery systems from Datto, or get in touch with us by calling (646) 395-1170 or emailing success@invenioIT.com.

New call-to-action

Director of Marketing @ Invenio IT