Too many firms have spent years building customer trust, just to see it all vanish in an instant. A single cyberattack can wipe out sensitive data and lock you out of your own systems, unless you pay a hefty ransom.
It’s a harsh reality of running a company in an online-first environment, and it’s essential to understand the sheer magnitude of this threat. In this blog post, we’ll dive into the numbers that highlight just how urgent cybersecurity has become.
Let’s take a closer look!
We’ll start with some general cybersecurity stats to introduce you to the current state of this industry.
Here’s a good way to describe how mind-bending this figure really is — only two countries in the entire world (USA and China) have bigger national economies.
This is a 10% increase compared to 2023 and also the highest total ever. These figures are based on the IBM and Ponemon Institute survey involving 600+ organizations and 3,500+ cybersecurity and business leaders.
In a nutshell, this reveals the growing recognition among leadership that cybersecurity is not just an IT issue but a critical business risk.
Based on the World Economic Forum report, most leaders intend to strengthen controls for third parties with access to their data, and re-evaluate the countries with which they do business.
More notably, only 7% of those breaches did not result in significant damage. All other enterprises reported unexpected downtime, data exposure, and financial loss.
Now let’s see how some of the largest countries in the world cope with online security threats.
To make things worse, this figure is estimated to quadruple by 2028 to a whopping $1,816 billion.
The average self-reported cost of cybercrime for small businesses was $49,600. At the same time, medium and large businesses reported $62,800 and $63,600, respectively.
The same research shows that 90% of companies expect even more cyberattacks to happen in the next 12 months.
However, the percentages are much higher for medium enterprises (70%) and large businesses (74%).
It looks like Canada is the only country with the declining trend in this area as nearly 20% of companies reported cyber incidents in 2019 and 2021.
There are many types of cyber attacks and malicious actors, but some of them are hit harder and more often than others. In this section, we’ll show you the most common types of security threats.
This stat is absurd even if we translate it to the number of attacks per second: 191.
These are malicious programs that appear harmless or useful while secretly compromising systems. Trojan horses are so efficient because most people trust what they see and fail to double-check downloads.
These scams rely on tricking people into clicking links or sharing sensitive info.
This sharp increase shows how ransomware attacks are becoming more lucrative for cybercriminals, probably due to the growing sophistication of attacks and the high value of sensitive data.
This reinforces the importance of using security tools, keeping devices updated, and avoiding apps from unverified sources.
Some industries are particularly vulnerable because they manage sensitive financial data and personal records. Here are some of the most significant stats by industry.
Though gigantic, this attack is far from being the only one in the healthcare sector. For instance, a similar incident occurred at Anthem Inc. in 2015, exposing the records of nearly 79 million people.
Accounting practices have access to sensitive client information, which makes these firms increasingly attractive targets for malicious actors.
At the same time, reports reveal that eCommerce fraud cost businesses $130 billion by the end of 2023.
McKinsey adds that financial service companies mainly struggle with third-party and supply chain management. That’s because banks and similar companies are dependent on third-party providers in areas such as IT and data protection.
The numbers keep growing. For instance, organizations in this same sector used to face ‘only’ some 500 cyber threats in 2020.
Small and medium-sized enterprises are common targets among cyber criminals, mostly because they lack resources and infrastructure to protect themselves. The following stats reveal the current state of cybersecurity among SMEs.
In other words, data security is a priority for most companies, which reflects the increasing awareness of the risks posed by data breaches.
What’s worse, the cost of a security incident went well over $1 million in some cases — a hit most small firms couldn’t survive.
This stat highlights a growing misconception that SMEs are less likely to be targeted by cyber criminals. In reality, they are often seen as easier targets due to limited resources and weaker security measures.
Many firms are facing a shortage of skilled professionals who can effectively handle attacks, making it even more important to invest in upskilling or even outsourcing expertise to make sure strong defense systems are in place.
Delays in recovery usually lead to lost revenue, damaged customer trust, and operational downtime. That’s why every company should prepare an incident response plan to reduce recovery time.
Work habits have changed big time in the last decade as we keep seeing more employees working remotely. However, this poses additional threats that no organization can afford to neglect.
The situation is similar in many developed countries all over the globe. For instance, news reports suggest that nearly 40% of Australians work from home at least once a week.
This figure reflects the new challenges that remote work has introduced. We are mainly referring to issues such as unsecured home networks and increased use of personal devices.
In addition, 46% of them have saved a work file onto personal devices.
Employees are obviously more exposed to phishing attempts without the safeguards of a corporate network.
The risks of transitioning to remote work without adequate preparation are too high — many businesses rushed the shift, leaving gaps in their cybersecurity defenses.
Given the circumstances, it’s easy to conclude that the cybersecurity job market must be truly dynamic. Here are just a few figures to confirm this conclusion.
The industry is growing rapidly to combat evolving cyber threats. However, despite this seemingly large number, the demand for skilled experts still outpaces supply — as you’ll see below.
Almost a quarter of these (750,000) are in the US, but the trend is truly global.
Information security analysts who work by the hour charge some $58 on average. At the same time, the BLS expects a 33% growth rate by 2033 for this occupation. This is much higher than the average for all professions (4%).
The Middle East, Africa and Asia-Pacific regions witnessed the biggest growth rates. In these regions, the cybersecurity workforce increased by almost 12% year-on-year.
The ISC2 report noted that over one-third of respondents cited AI as the biggest skills shortfall on their teams. According to IT professionals, AI and automation will have the most significant impact on their ability to secure their organizations.
The bottom line is that cybercriminals don’t discriminate — they target vulnerabilities regardless of business size or industry. The risk is too high to stay passive, and it’s essential to invest in strong security mechanisms to keep malicious actors at bay. Remember that being proactive is the only way to protect your data and preserve your business reputation.
Dražen Vujović is a journalist and content writer. More importantly, he is a father of two and a long-distance runner.
