List of Cybersecurity Statistics (2024)

Vimal Mohan

Vimal Mohan

Feb 06, 2024

Cybersecurity Statistics

The last three years have witnessed a paradigm shift in the way organizations function globally. Remote offices and WFH (work from home) jobs have increased exponentially. organizations are now encouraging BYOD (Bring Your Own Device) policies more than ever. A majority of tech companies globally have now adopted cloud computing by switching from on-premise infrastructure. And, this rapid change in processes has enabled organizations to be agile and maintain business continuity.

These developments also bring risk to the organization. These last 3 years have witnessed an upward spike in the cyber attacks stats. organizations are constantly battling bad actor instances and cyber breach attempts and are continuously working towards improving their cybersecurity posture from latest penetration models.

To give an overview of how things have changed, we’ve compiled a list of all the recent cybersecurity statistics all the way till 2023.

The current malpractice trends

  • Ransom was the primary motive for more than 70% of cybersecurity incidents globally. 
  •  Cyber attacks statistics of 2021 show that Phishing contributed to more than 40% of the breaches, followed by malware at 11% and hacking at 22%.
  • A CNET study on statistics on cyber attacks states that 2017 recorded 1506 breaches and the number shot up to 1862 in 2021. 
  • .doc, .exe,  and .dot were the commonly malicious emails attachment types
  • Globally, over 300 billion passwords are currently in use.
  • More than 40% of the world’s population is offline and will immediately become vulnerable when they connect to the internet.

Hiring for Security roles is not that easy too.

  • For every 10 cyber security positions rolled out, only 1 gets filled. Such is the resource crunch and the size of the cyber security market is not growing exponentially.

cybersecurity roles

The Cyber Security market is expected to grow

  • Fortune in its cybersecurity report predicts the cybersecurity industry to reach 300+ billion in the next five years (2028). This is because more than 95% of organizations globally do not protect their business assets securely. 
  • A Sophos study states that more than 53% stated that their IT team is not equipped and skilled to manage or prevent breach attempts from advanced hackers. 

The existing threat landscape

  • 2021 alone witnessed an exposure of 22 billion records due to data breaches. A study conducted by the WEF (World Economic Forum) states that human error will be the cause for more than 94% cybersecurity breaches. 
  • A Microsoft study states that cyberattacks on US in 2020 were 46%, while the global average was 20%.
  • More than 40% of all breach incidents are insider threats.
cyber security breaches

Now let’s take a look at the dollars spent on cybersecurity incidents

  • The COVID pandemic has increased recent data breaches by 600%
  • By 2025, global cybercrime is estimated to cost over $10 trillion annually. 
  • Globally over 6 trillion dollars will be spent toward cybercrime annually.
  • Cybercrime will cost over 1% of the total global GDP. This amount is more than the GDP of a few developing countries.
  • Ransomware statistics state, on an average a malware incident costs a business over $2.5 million (including the opportunity cost for recovery).
  • Cyber attack statistics 2021 state that the destructive power of ransomware has grown 57x when compared to 2015. Source
  • The USA houses over 30 million small and medium businesses and over 65% of them have had a security breach between 2018-2020.
  •  A breach incident costs an SMB between $120,000 to $1.2 million.
  • Statistics show that the cost of breach went up by $1.07 million for organizations with remote-work as the primary source of the breach.
  • Organizations implementing Security Driven AI have been able to cut expenses by 80%.
  • Over $1.75 million were saved per breach where Zero trust policies were implemented. source

Organizations spent a lot more than anticipated in post-breach scenarios

  • The cost of a breach has increased by 10% from 2020 to 2021.
  • Every record breached storing PII costs the business over $180.
  • Cyber attack statistics for 2020 +2021 + 2022 show a trend where over 50% of the cyber-attacks are targeted at SMBs.

cyber attacks

  • On average, an enterprise business witnesses over 130 security breaches annually.
  • 2021 cyber attack statistics shows cyber security spend increase to 21% for enterprise businesses annually.  
  • The annual security breach statistics of an enterprise increased by 27%.
  • It takes an average of 23 days for an enterprise to recover from a ransomware attack and over 22 days to recover from an attack initiated from the inside.
  • Over 70 million individuals become victims of cybercrime annually.
  • On average, an individual loses over $4400 to cybercrime.
  • Individuals face a loss of over $317 billion to cybercrime collectively.
  • On average individuals lose over $200 to phishing scams.

cyber security scams

  • Extortion, identity theft, breach of personal data, phishing, and non-payment took the top 5 positions in the data breach statistics of 2021.
  • Access to an individual’s online identity can be gained with roughly $1100.
  • PII records are sold at an average price of $200 per record.
  • It costs less than $50 to get malware and tutorials to use it.

CyberSecurity and Compliance

  • More than 70% of companies expect their compliance requirements to increase annually.
  • Enterprise companies spend over $10,000 per employee for compliance.

cybersecurity compliance

  • In 2018, on average, businesses spend over $1.3 million for compliance and an additional $1.8 million was expected to spend an additional $1.8 million.
  • A Varonis study states that an average employee has access to over 11 million files. Over 1,000,000 + files were left accessible to every employee. It also states that over 17% of employees are able to access sensitive information on business cloud.
  • More than 60% of businesses have over five hundred non-expiring passwords.
  • Over 77% of businesses lack an incident response plan

Global GDPR statistics

  • Spain was the leader in issuing GDPR fines in the year 2021. They issued 212 fines while the EU averaged at 70 per member country.
  • In 2021, GDPR fines worth $1.2 billion were passed.
  • In 2018, orgs spent over $9 billion to become GDPR compliant. Over 40% of a company’s GDPR compliance budget was spent on Legal teams.

gdpr stats

  • Over 88% of businesses spent over $1 million dollars to become GDPR compliant.
  • In the first year of GDPR’s release, over 89k breaches were recorded and GDPR’s regulatory bodies received over 140k complaints. The first year’s GDPR fines totaled over $62 million.

ISO 27001 around the world

  • ISO has over 24,000 international standards and in the year 2020, ISO released over 1600 standards.
  • Japan has the world’s highest ISO certifications.
  • Japan, India, and the UK constitute 67% of the total global ISO certifications.

ISO 27001 stats

  • A QSL survey states that over 70% of employees would trade their unique ID and password for a chocolate bar.
  • Over 75% of businesses experienced staff-related non-compliances due to inadequate compliance training.

Remote workers are more susceptible to a breach:

  • Companies who are still relying on reactive security models are feeling the fatigue of keeping up with the evolving threat landscape
  • An Accenture study states that more than 67% of global business owners are worried about their increasing cybersecurity risks and remote employees are still an easy target for bad actors and hackers.
  • The rate of cloud breaches is expected to increase steadily due to the increase in remote organizations.  As and when 5G witnesses mass adoption, IoT devices connected to 5G will witness a spike in breach attempts. That’s adding to the list of worries. 


Sprinto is a compliance automation solution that automates the compliance process. It cuts the time taken to become compliant from 6-12 months to as low as 14 business days (subject to vary depending on the size organization and their implementation speed). With Automation, the cost to become compliant is now a fraction of what it is (The current compliance fee for one framework is $100,000 – $250,000).

Talk to our experts today to breeze through your automation process. 

Vimal Mohan

Vimal Mohan

Vimal is a Content Lead at Sprinto who masterfully simplifies the world of compliance for every day folks. When not decoding complex framework requirements and compliance speak, you can find him at the local MMA dojo, exploring trails on his cycle, or hiking. He blends regulatory wisdom with an adventurous spirit, navigating both worlds with effortless expertise

How useful was this post?

0/5 - (0 votes)

Found this interesting?
Share it with your friends

Get a wingman for
your next audit.

Schedule a personalized demo and scale business

Here’s what to read next….

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.