Crunching the Cybersecurity Numbers

23 Jan 2020

Everyone loves a top 67 list, don’t they? Even if it’s a list that will make you abundantly aware that your cybersecurity isn’t as robust as it should be?

We’d be lying if we said we haven’t looked at cybersecurity over the last few months in our blog posts. It’s a day-to-day struggle for most businesses and as we (and countless others) have mentioned, it’s not an issue that’s going away anytime soon.

In fact, there are massive increases in hacked and breached data in the workplace and it’s not just the big boys that are being targeted. It’s businesses of all kinds and the smaller you are the less likely it is that you will be secure and, ergo, more likely that you will be targeted. For the hacker, getting into your systems is like taking candy from a baby. They don’t even break a sweat. They’ll contact you asking for money (usually in the form of bitcoin) and you either pay them or they have the (relatively straightforward) ability to ruin your business.

And without labouring the point (even though we probably do from time to time), there are thousands of businesses that have unprotected data and poor – if any – cybersecurity processes, practices and procedures in place. Without mincing words, it’s vital that you do because it’s now not a case of if, but when you’ll get attacked (and if you have a casual approach to cybersecurity, you will because you’re a sitting duck).

You ask any one of our clients and they’ll tell you that we are very happy, upbeat guys but where cybersecurity is concerned, we’re like the metaphorical dog with a bone. Persistently insistent.

So, without further ado, here we present the top 67 cybersecurity statistics for 2020. Hopefully it will go some way to letting you know the dire consequences of leaving your company data insecure and like many, having the (very wrong) attitude of ‘they don’t want us, they want the massive businesses so what’s the point of spending a fortune on protection we don’t need’ isn’t one you want to have.

First, despite what people think it doesn’t cost a fortune and second, you do need protection. Everyone does.


Section 1: The Overview Stats


1. Worldwide spending on cybersecurity is expected to reach $133.7 billion by 2022 (Gartner)

2. In 2018, 62% of businesses experienced a phishing or social engineering attack (Cybint Solutions)

3. 68% of business leaders feel their cybersecurity risks are increasing (Accenture)

4. In the first two quarters of 2019, data breaches exposed 4.1 billion records (RiskBased)

5. 71% of breaches were financially motivated and 25% were motivated by espionage (Verizon)

6. 52% of breaches featured hacking, 28% involved malware and 32–33% included phishing or social engineering (Verizon)

7. Between January 1 2005 and April 18 2018 there have been 8,854 recorded breaches (ID Theft Resource Center)

8. Enterprise infections were up by 12% in 2018 (Symantec)

9. The top malicious email attachment types are .doc and .dot which make up 37%, the next highest is .exe at 19.5% (Symantec)

10. This year, the estimated number of passwords used by humans and machines worldwide will grow to 300 billion (Cybersecurity Media)


Section 2: Data Breaches & Hacking Stats


11. Security breaches have increased by 11% since 2018 and 67% since 2014 (Accenture)

12. Hackers attack every 39 seconds, on average 2,244 times a day (University of Maryland)

13. The average time to identify a breach in 2019 was 206 days (IBM)

14. The average lifecycle of a breach was 314 days (from the breach to containment) (IBM)

15. 500 million consumers, dating back to 2014, had their information compromised in the Marriott-Starwood data breach made public in 2018 (Marriott)

16. In 2019, The average cost of a data breach is $3.92 million (Security Intelligence)

17. In 2016, 3 billion Yahoo accounts were hacked in one of the biggest breaches of all time (NY Times)

18. In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers (Uber)

19. In 2017, 147.9 million consumers were affected by the Equifax breach (Equifax)

20. In 2018, Under Armor reported that its “My Fitness Pal” was hacked, affecting 150 million users (Under Armor)


Section 3: Cybercrime Statistics by Attack Type


21. 94% of malware was delivered by email (Verizon)

22. 34% of data breaches involved internal actors (Verizon)

23. 51% of businesses experienced denial of service attacks in 2018 (Cybint Solutions)

24. 61% of organizations have experienced an IoT security incident (CSO Online)

25. 100,000 groups in at least 150 countries and more than 400,000 machines were infected by the Wannacry virus in 2017, at a total cost of around $4 billion (Technology Inquirer)

26. IoT devices experience an average of 5,200 attacks per month (Symantec)

27. In 2018, an average of 10,573 malicious mobile apps were blocked per day (Symantec)

28. 65% of groups used spear-phishing as the primary infection vector (Symantec)

29. 1 in 13 web requests lead to malware (Symantec)

30. Most malicious domains, about 60%, are associated with spam campaigns (Cisco)


Section 4: Cybersecurity Compliance & Government Statistics


31. 53% of companies had over 1,000 sensitive files open to every employee (Varonis)

32. 22% of all folders were available to every employee (Varonis)

33. By December 2018, only 50% of companies believed they were GDPR compliant (Data Center Frontier)

34. On average, every employee had access to 17 million files (Varonis)

35. 61% of companies have over 500 accounts with non-expiring passwords (Varonis)

36. Since the GDPR was enacted, 31% of consumers feel their overall experience with companies has improved (Marketing Week)

37. In the GDPR’s first year, there were 144,000 complaints filed with various GDPR enforcement agencies and 89,000 data breaches recorded (EDPB)

38. Equifax was found liable for their 2017 breach and was fined $425 million by the Federal Trade Commission (FTC) in 2019 (FTC)

39. The GDPR fines totalled $63 million in its first year (

40. Companies reportedly spent $9 billion on preparing for the GDPR (Forbes)


Section 5: Industry-Specific Cyber Attacks


41. 43% of breach victims were small businesses (Verizon)

42. Financial and Manufacturing services have the highest percent of exposed sensitive files at 21% (Varonis)

43. Financial services had 352,771 exposed sensitive files on average while Healthcare, Pharma and Biotech have 113,491 files on average — the highest when comparing industries (Varonis)

44. The banking industry incurred the most cybercrime costs in 2018 at $18.3 million (Accenture)

45. Smaller organizations (1–250 employees) have the highest targeted malicious email rate at 1 in 323 (Symantec)

46. The estimated losses in 2019 for the healthcare industry are $25 billion (SafeAtLast)

47. Lifestyle (15%), and Entertainment (7%) were the most frequently seen categories of malicious apps (Symantec)

48. Supply chain attacks are up 78% in 2019 (Symantec)

49. The financial services industry takes in the highest cost from cybercrime at an average of $18.3 million per company surveyed (Accenture)

50. The industry with the highest number of attacks by ransomware is the healthcare industry. Attacks will quadruple this year (CSO Online)


Section 6: Security Spending & Cost Statistics


51. This year, security services are expected to account for 50% of cybersecurity budgets (Gartner)

52. The average cost of a malware attack on a company is $2.6 million (Accenture)

53. $3.9 million is the average cost of a data breach (IBM)

54. Healthcare had the highest data breach costs at $429 per record (IBM)

55. The average cost per record stolen is $150 (IBM)

56. The total cost of cybercrime for each company increased by 12% from $11.7 million in 2017 to $13.0 million in 2018 (Accenture)

57. The cost of lost business averaged $1.42 million (IBM)

58. In companies with over 50k compromised records, the average cost of a data breach is $6.3 million (Ponemon Institute’s Cost of Data Breach Study)

59. Including turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill, the cost of lost business globally was highest for U.S. companies at $4.13 million per company (Ponemon Institute’s Cost of Data Breach Study)

60. Ransomware damage costs will rise to $11.5 billion in 2019 and a business will fall victim to a ransomware attack every 14 seconds at that time (Cybersecurity Ventures)


Section 7: Cybersecurity Job Statistics


61. 82% of employers report a shortage of cybersecurity skills (ISSA)

62. 61% of companies think their cybersecurity applicants aren’t qualified (ISSA)

63. It’s predicted that by 2021, 100% of large companies globally will have a CISO position (Cybersecurity Ventures)

64. By 2021, it’s projected that there will be 3.5 million unfilled cybersecurity jobs globally (Cybersecurity Ventures)

65. Since 2016, the demand for Data Protection Officers (DPOs) has skyrocketed and risen over 700%, due to the GDPR demands (Reuters)

66. 66% of cybersecurity professionals struggle to define their career paths (ISSA

67. 60% of cybersecurity professionals aren’t satisfied with their current job (ISSA)


So there we are. The statistics that aren’t necessarily designed to scare you into taking action but they sort of are.

Ask yourself these questions:

Is your sensitive data as secure as it can be?

Are you completely happy with your cybersecurity procedures, processes and practices?

Is there anything more you should be doing to secure your business critical data?

If you even have to think about the answers, you know what to do.

Contact us today on or call 020 7078 0789 and we’ll talk cloud and email security, communications platforms, cutting-edge IT solutions or who you’d prefer to babysit your kids, Hammond, May or Clarkson?


Koncise Solutions

Go Back