33 Alarming Cybercrime Statistics for Businesses in 2023

23 December 2015.

A chilling winter in the United States.

Jackson was a 29-year-old male.

He wasn’t something special, just an average go-to-work-everyday kinda guy.

Although he worked as a cybersecurity consultant, he didn’t particularly care about cybercrime statistics on this very day.

Nah, something else occupied his mind.

See, Jackson had a ring in his pocket.

His girlfriend – Sophia, a 27-years-old blonde, had no idea this day will change her life.

Jackson’s plan was simple – to take her to their favorite restaurant, drop the ring in a glass of champagne, and hope for the best.

He even wrote her a little poem and imprinted in a napkin in the restaurant.

“Wow – someone’s feeling poetic tonight.” – said Sophia.

“As Plato said thousands of years ago – At the touch of love, everyone becomes a poet.” – Jackson whispered.

Sophia rewarded him a kiss.

Overall, the dinner went more smoothly than Jackson planned.

Finally, the waiter came with the champagne glasses.

Sophia saw the ring, and her eyes watered.

With a shaky voice, she replied: “Yes.”

And the power went out.

Thankfully it was just for a few seconds, and the happy couple could see each other’s shining faces.  

On the very same day, some 5700 miles away in the Ivano-Frankivsk region in Ukraine, about 230,000 people experienced a power outage as well.

Unfortunately, they had to stay without electricity in the cold for between one and six hours.

The cause of that power outage?

A cyber attack.

As a matter of fact, that was the first cyberattack that shut down the power grid.

That’s just one of the cyber crime cases that changed the world.

In case you aren’t sure what cybercrime is, feel free to browse our blog section.

Anyway, cybercrime is an enormous issue in 2022.

Therefore, today, we’ll have a look at some cybercrime stats to understand the impact they could have.

Stunning Cybercrime Statistics

• The average time to identify a data breach is 196 days.
• More than two-thirds of all DDoS attacks originate from China.
• Global cybersecurity spending was set to reach $124 billion in 2019.
• A ransomware attack was predicted to hit businesses every 14 seconds in 2019.
• The average cost of a data breach was $3.86 million in 2018.
• About 10% of all laundered money derive from cybercrime.
• In Q1 2019 alone there were 1.9 billion records exposed.
• 4.1 billion records were exposed in the first half of 2019.

These numbers make you stop and think for a while, don’t they?

Remember Jackson and Sophia?

They got married, and we wish them all the best.

In fact, 50% of Americans above 18 are married.

Do you know what else happened to half of the US citizens?

Around 145 million of them were affected by cyber attacks.

With that being the case, we’ll continue with some big numbers to shine a light on the cyber criminals’ actions.

Intriguing Cybercrime Statistics

Although the public’s notion of a hacker is a white male with a hoodie, somewhere in a dark room - this is not the case when we talk about actual cybercriminals.

1. Cybercrime will cost the world $6 trillion a year in 2021.

(Source: Cybersecurity Ventures)

Five years ago – in 2015, when the attack on Ukraine’s power grid occurred, cybercrime cost the world $3 trillion.

However, cybersecurity budgets grow YoY as well.

Eventually, we’ll be able to balance the scales in the near future.

2. Almost 56% of all mail traffic was spam in Q1 2019.

(Source: Kaspersky)

Something smells phishy about this statistic.

The bad news:

More than half of the global received emails aren’t what the average person believes them to be.

The good news:

At least this figure didn’t grow, compared to Q1 2018.

3. There are over 903 million malware so far in 2019.

(Source: AV-Test)

Okay now, this stat is mind-blowing.

It’s like there is a malware printer of some sorts somewhere and it just prints malware after malware.

In April 2019 alone, cybercriminals created 11.52 million new malware.

Even if they didn’t get a few days off to celebrate Easter, it’s still a staggering number of malicious software.

4. The average time to identify a data breach is 196 days.

(Source: IBM Security)

As a matter of fact, cybercrime stats show that’s how most cyber attacks work.

Cybercriminals infiltrate a system long before they trigger the attack.

Nevertheless, companies still need an average of 69 days to contain a data breach.

5. Botnet-as-a-Service costs $60 a day.

(Source: Checkpoint)

Come to think of it – $60 isn’t that much. You can buy a pair of sneakers for this amount.

But consider this – can your sneakers cause $720,000 in damage?

That is unless you kick  “The Three Wisest Monkeys" by Josignacio out of the window.

*Offtopic fact – Did you know there is a word for throwing something or someone out of a window? There is – it’s defenestration.

Anyway, with the increased number of IoT devices, botnets become more abundant and cheaper.

As a matter of fact, 127 new IoT devices connect to the internet every second.

Moreover, their security makes them look like a newborn baby, thrown into a pack of wolves.

6. 45% of all companies hit by ransomware pay the demanded amount.

(Source: Imperva)

Okay, so apparently we do negotiate with terrorists.

The bad news is that 17.5% of all infected companies paid the ransom, yet still lost their data.

Good news is 44.4% didn’t pay the ransom, but still managed to recover their data.

7. Cryptojacking malware impacts 20% of organizations every week.

(Checkpoint)

We are past the point when the term computer crime related to a virus or a trojan alone.

In 2020, cybercriminals prefer to use technological resources, instead of destroying them.

With that being the case, cryptojacking is gaining ground, despite the drop in cryptocurrencies’ value.

8. 75% of organizations increased their investment in cybersecurity in 2018.

(Source: BDO)

Considering that each of the recent cyber attacks in 2018 involved an average cost of $13 million – this stat isn’t surprising at all.

Furthermore, for the last five years, organizations’ directors have been increasing the time and money dedicated to cybersecurity.

Speaking about money, let’s see how the dark side is managing its finances.

Cybercrime Industry Worth – Revealed Numbers Behind Hidden Faces

When we look at the hacking statistics above, one thing becomes clear.

Cyber criminals can reach these dramatic figures only if they don’t work alone.

That’s why they join forces to form cybercrime groups.

They are run like every significant crime syndicate with strict order and efficient planning.

What is more, these organizations make more money than the global trade of illegal drugs.

9. The global cybercrime industry’s revenue was $1.5 trillion in 2018.

(Source: Bromium)

That’s a lot of money, isn’t it?

To put things in perspective – if cybercrime was a country, it would have a higher GDP than Spain or Mexico.

However, it would still be poorer than Jeff Bezos.

To get back to the point, let’s see the sources of cyber criminals’ earnings:

10. The average price of credit card data on the dark markets is $33.88.

(Source: Statista)

You, me, and 25% of the world’s population shop online.

The thing with cybercriminals is that they buy other stuff as well – like your bank details, for example.

They’ll have to spend almost $260 to obtain a set of those.

Overall, this is the most expensive piece of data on the dark web.

What about the cheapest one?

Well, if for some reason you still have an AOL account – its average price is $0.41 on the dark web markets.

11. About 10% of all laundered money derive from cybercrime.

(Source: Bromium)

Now.

I know our readers are more intelligent than everyday-check-out-some-info users.

So I’ll allow myself to be blunt about this one.

Everyone you don’t like launders money – be it politicians, crime cartels, or cyber criminals.

Furthermore, some of the people you do like and trust deal with shady organizations and have to launder their revenue.

With that being the case – about $1.6-$2 trillion laundered money circulate over the globe.

Cybercriminals themselves earn up to $200 billion from that.

Overall, internet crime pays. And it does so big time.

Due to the massive amount of money involved, cybercriminals need protection.

Therefore, they need guns.

12. 42% of the dark web’s listings display firearms.

(Source: RAND)

The fact that cyber criminals are after all criminals, sooner or later they’ll eventually face the police.

I know what you may be thinking – cybercriminals don’t need guns – they deal with far more sophisticated kinds of crimes.

Well, guess what – although that they do, a S.W.A.T. team is a S.W.A.T. team, no matter the type of the criminal.

They don’t stand much chance if they throw their laptop at the S.W.A.T. team, now, do they?

Actually, 84% of all listed firearms are pistols.

Let’s be honest – you can’t imagine a hacker with an M16 now, can you?

Now.

Let’s delve a little deeper in the different types of cybercrime.

Phishing Statistics – Why Do We Still Take the Bait?

How many of us have received an email from a Nigerian prince?

And how many rich aunts pass away every day?

The answer is simple – thousands, if not millions.

13. Phishing attacks on mobile devices have an average growth of 85% YoY since 2011.

(Source: ENISA)

Phishing is the most common way to deliver an internet attack.

If we consider that there are 3.5 billion smartphone users worldwide in 2021, it’s only natural phishing attacks will aim at this group.

The thing is, smartphones provide more channels that can get hacked, compared to traditional email.

Mobile messaging, social media apps, SMS, calls – cybercriminals exploit all communications channels we use.

Providing that this is the most common way malware enters your device, here’s what you should look out for:

14. Over a quarter of email attacks come from trusted individuals and brands with compromised accounts.

(Source: Agari)

The main reason phishing works is that it exploits people’s trust.

Therefore, to make things more believable, cybercriminals take advantage of famous people and brands’ emails.

As a matter of fact, 20% of all phishing uses a look-alike domain – like Linkedln (a lower-case L instead of the i).

Moreover, to avoid suspicion, 20% of all emails are personalized (like Hello your name,).

Personal data on the dark web is so cheap, it makes it easier for cybercriminals to fool us.

15. 15.82% of all spam is sent from China, Brazil is the favored target.

(Source: Kaspersky)

Since China houses more hackers than any other country in the world, it’s natural most attacks will originate from there.

For the most part, our spam has originated from these countries:

Nothing unusual here, everyone could have guessed the top three.

However, the targets are more interesting:

Most phishing attacks are directed at credit organizations – 25.78%.

16. Almost every second call to a mobile phone was a scam in 2019.

(Source: First Orion)

That sounds alarming.

The so-called “vishing” (or voice phishing) wasn’t so popular just two years ago.

In 2017 only 3.7% of total calls were vishing attacks.

Last year, in 2018 – their number increased to 29.2%.

According to cybercrime statistics, in 2019, 44.6% of all calls were a scam.

However, phishing and its by-products are solely means of delivery.

Of what? – you may ask.

Most often than not, the answer will be – malware.

Malware Statistics – the Web’s Cockroaches

Malware is ugly, nasty, and often hard to get.

There are lots of examples of malware, which you can see in our brilliant infographic.

17. Antivirus and anti-malware systems detect over 10,000 different malicious files every day.

(Source: Checkpoint)

So every 8.6 seconds a malware file is stopped.

That’s good, isn’t it?

Nonetheless, there are over 700 malware families in use every day.

18. 25% of cybercriminal attack groups use destructive malware.

(Source: Symantec)

If you wonder what destructive malware is – it’s exactly what it sounds like.

This malware’s purpose is to destroy networks and data with remarkable precision.

Internet security companies warn that these attack groups target an average of 55 organizations.

19. More than half of PCs with malware have had at least one more infection in the last 12 months.

(Source: Webroot)

When cybercriminals open a door, they leave it open for their colleagues as well.

54% of infected machines were infected again the same year.

Moreover, more than 39% experienced between two to five infections in 2018.

Be that as it may, malware isn’t on top of the newscast.

Data Breach Statistics – the Most “Famous” Cyber Attack Worldwide

Granting that you already know about the most notable data breach stats, let’s see what’s happened lately.

20. In Q1 2019 alone there were 1.9 billion records exposed. By the end of H1, the number had grown to 4.1 billion.

(Source: Risk Based Security, Forbes)

2019 started strong for cybercriminals in terms of data breaches.

There were more than 1,900 breaches in the first three months of 2019.

Compared to the same period in 2018 breaches rose with 56.4%.

Most of the breaches affected businesses (71.1%), followed by the medical sector (13.6%), and governments (7.8%).

21. Over 540 million Facebook users’ data was exposed in 2019.

(Source: Upguard)

One of the recent cybercrimes involved Facebook as a target.

The most popular social media suffered a data breach which exposed over half a billion records.

Moreover, Facebook suffered another data breach in 2018, when 30 million users’ data was exposed.

Around 14 million users’ sensitive data was accessed.

22. Nearly one-third of all data breaches expose between 101 and 1,000 records.

(Source: Risk Based Security)

The majority of data breaches (42%) expose 1 to 100 user details.

The successful data breaches, which reveal over 10 million records represent 1.1% of all attacks.

80.7% of attacks exposed our email addresses, followed by passwords (73.5%).

These figures rise with every passing year.

The only thing that goes down is our names – 16.2% are revealed, which is an improvement since 2018 (35%) and 2017 (40.7%)

23. The average cost of a data breach was $3.92 million in 2019.

(Source: Ponemon Institute, Security Intelligence)

Alright, so a cybercriminal/organization breaks into a company’s database and steals our records.

Furthermore, they use our data for their own purposes – to steal money (bluntly put), to gain access to other data, or anything else you can think of.

But it gets worse:

Once these cybercriminals abuse our data, they sell our accounts to third parties.

In fact, they receive an additional up to $148 per stolen record, according to cybercrime stats.

Although most Black Hat hackers (cybercriminals) are in it for the money, some of them want to make a point.

DDoS Statistics – Botnets on the Rise

It is extremely hard to stop such an attack, once it begins. The disturbed-denial-of-service is no joke.

First of all, this type of cyber attack requires a lot of resources and can shut down your business for more than a week.

If you want more details on DDoS, you can find more information in our cybercrime blog post.

24. DDoS attacks cost SMBs over $120,000 per attack.

(Source: Kaspersky)

DDoS attacks are mean and destructive in their nature.

Mostly used by hacktivists, they aim to prove a social/political point or to stop businesses functioning for monetary gain.

Therefore, enterprises are more vulnerable  – they lose over $2 million per attack on average.

25. The most extended DDoS attack in Q2 2018 lasted more than six days.

(Source: Nexusguard)

More than half (55.28%) last less than 90 minutes.

The average duration of one such attack was 318 minutes.

As usual, cybercriminals staged their attack primarily in the peak operation hours of their targets.

26. More than two-thirds of all DDoS attacks originate from China.

(Source: Kaspersky)

We mention China for the second time in this post.

Hackers living in China were responsible for 67.89% of all DDoS attacks.

The US wins the silver medal in the DDoS Olympics with 17.17%.

Which country holds the third place?

Umm… it’s not quite a country.

Surprisingly enough, 4.81% originate from Hong Kong, which is arguably a part of China.

By the way, South Korea was out of the top 10 list in 2018.

However, cybercrime statistics tell us that it ranked next to the US in previous years.

Last year the Asian country accounted for only 0.30% of all DDoS attacks.

Although cybercriminals can stop your business’s functions because of idealistic purposes, the majority will demand cash for their efforts.

Ransomware Statistics – Cybercrime’s Monetizer

I bet you’ve all heard the phrase, “We don’t negotiate with terrorists.”

However, the reality is quite different.

As mentioned before, almost half of companies pay the demanded ransom.

27. Almost half of organizations were hit by ransomware in 2018.

(Source: Checkpoint)

Now.

If we combine this fact with the previously mentioned numbers, it turns out almost 25% of organizations worldwide pay cybercriminals to save their data.

28. A ransomware attack will hit businesses every 14 seconds in 2019.

(Cybersecurity Ventures)

Two things can happen in 14 seconds.

1. Ransomware will strike a company.
2. You can end up in jail if you stare at a woman for more than 14 seconds in Kemala, India.

For the sake of this article, let’s focus on the former.

Cybersecurity ventures also predict that the interval between attacks will lessen to 11 seconds in 2021.

However, there are other types of cyber crimes, nastier than ransomware.  

Cryptojacking Statistics – the Silent Cyber Crime

First of all, let’s see the practical difference between crypto mining and its lawbreaking cousin - cryptojacking.

29. Cryptominers infect organizations 10 times more than ransomware.

(Source: Checkpoint)

There are several reasons for the shift from ransomware to cryptojacking.

It is easier, safer, and every system is a legitimate target.

Moreover, since this isn’t technically fraud, cybercriminals can access the money more quickly.

Although cryptojacking infects a lot of organizations, only 20% of them are aware of this.

30. Cryptominers earned more than $2.5 billion in the first half of 2018. That number will increase to $42.76 billion in 2025.

(Source: ENISA)

Cryptomining is a profitable venture, even if cryptocurrencies did lose some of their value in 2019.

ENISA’s research found that a cybercriminal who controls 2,000 computers can earn up to $500 a day.

With this in mind, the price of a crypto mining toolkit was only $30 on the Dark Web.

Although it’s a simpler and safer way to make money, recent cyber attacks’ reports show that cryptojacking is going down, since Coinhive shut down in February 2019.

Whereas cybercriminals seem to be on the rise, they don’t lack opposition.

Cybersecurity Statistics – the Knights in Shining Armor

“For though Iack a weapon, yet shall I lack no honour - and if you slay me weaponless, it is you who will be shamed.” – King Arthur.

31. Global cybersecurity spending was predicted to reach $124 billion in 2019.

(Source: Gartner)

With the increase of cyber attacks’ cost on businesses, a new trend is shaping up.

Each new year we spend more on cybersecurity than the year before.

In 2018, global cyber security spending amounted to $114 billion.

The lion share of this amount goes for security services – over $64 billion.

Cloud security is worth the least – an expected $459 million in 2019.

32. 81% of IT security experts agree that machine learning and artificial intelligence improve their ability to detect advanced threats.

(Source: Imperva)

Since 84% of organizations experience IT security skills shortage, who you gonna call?

While Ghostbusters are good at what they do, machine learning and AI are the right tools for the job.

Still, 65.2% of IT security experts believed their organization would be hit by a cyberattack in 2019.

33. 45% of US organizations have a formal cyber security strategy.

(Source: Hiscox)

Although US organizations don’t top the list as far as IT spending goes, they are still the most prepared to counter a cyberattack.

30% of US IT security staff ranks as expert or intermediate.

On the other hand, UK companies have the largest average IT budget.

Cyber security statistics can easily explain why the British are so keen on spending more money. The cost of UK firms’ breach is among the highest – an average of $463,000.

Wrap Up

That’s all folks.

With everything said so far, one thing is clear – cybercrime isn’t going anywhere but up.

Still, we have many handy tools and experts at our disposal.

Therefore we can’t be certain for whom the winter is coming, but they won’t face it alone.

Although cybercrime statistics are more or less pessimistic about our future, things are actually changing for the better.

Innovations like machine learning and artificial intelligence can boost our immunity to cyber attacks.

And who knows?

Hopefully, this article will be irrelevant in a decade or two.