Cyberattack statistics 2024

Cyberattacks have quickly become one of the most significant threats to modern businesses. 

With technological advancements such as artificial intelligence and rapid digitalization, along with increased global tensions, the threat of cybercrime has never been higher. The cybersecurity industry is constantly adapting, which can make it difficult to keep up with the latest cyberattack news, trends, and stats.  

How can you prepare your startup for data security in 2024 and beyond? In this guide, we dissect the most important cybersecurity statistics, facts, figures, and trends as they relate to your startup.

Costs of cybercrime

The biggest risk posed by cybersecurity threats is financial loss. In fact, stats and trends show that cyberattacks are one of the most costly threats to businesses. Worldwide, cybercrime cost companies an estimated $8 trillion in 2023, a staggering number that is expected to rise to nearly $24 trillion by 2027.

Cybersecurity Ventures also reports that cybercrime represents the greatest transfer of economic wealth in history.

Cybercrime for small and medium businesses

It is easy to assume that cybercriminals are mostly targeting massive, publicly traded companies. But attacks on small and medium businesses (SMBs) are actually on the rise — and for certain types of cyberattacks, smaller businesses are even more at risk. 

A cyberattack can be particularly damaging to small businesses, disrupting normal operations and damaging important IT assets or infrastructure. This type of damage can be impossible to recover from without the budget or resources to do so. Cybersecurity is expensive to maintain and many smaller companies simply cannot afford the expense.

Nearly half of cyberattacks affect small businesses

As we mentioned earlier, small businesses are by no means safe from cyber threats. In fact, 46% of all cyberattacks worldwide affect businesses with fewer than 1,000 employees.

41% of small businesses experienced a cyber threat

In 2023, small businesses were hit hard by cyberattacks, with more than 40% reporting an attack.

Small businesses more likely to be targeted by phishing attempts

Companies with fewer than 100 employees receive 350% more social engineering attacks, such as phishing, than larger enterprises.

Many SMBs are not prepared for a cyber threat

Around half of all small businesses don’t have a cybersecurity plan. Additionally, around 33% of small businesses use free cybersecurity rather than professional-level solutions.

Regions most affected by cyberattacks

Some countries are better prepared for cyberattacks than others. And while most countries around the world are rapidly improving their systems, many are behind the curve. Here are a few regional cyberattack statistics.

The United States accounts for 59% of all ransomware attacks

Ransomware is one of the most costly and disruptive cybersecurity threats. This type of cyberattack is on the rise in the United States, with 59% of all ransomware attacks taking place there.

Russia has the highest cybercrime threat level in the world

According to the World Cybercrime Index, Russia is by far the country most at risk of cybercrimes. There are several reasons for this, including organized criminal activity, Russian government involvement, and lack of legal enforcement.

Other at-risk regions include Ukraine, North Korea, Nigeria, the U.S., China, Romania, Brazil, and India.

In 2024, Poland has experienced the most cyberattacks in the world 

Russia may have the highest risk, but Poland is experiencing the most attacks. According to the country’s Cyberspace Defense Forces, Poland received over 1,000 cyberattacks per week in 2024. The country has seen a sharp uptick in cyberattacks since the 2022 Russian invasion of Ukraine, and the Polish government has accused the Kremlin of many of the attacks.

Nordic countries have the best cybersecurity infrastructure

Finland, Norway, and Denmark have the strongest cybersecurity systems and are the most prepared for an attack.

Types of cyberattacks on the rise in 2024

Cyber threats are constantly evolving to bypass improved security systems and extort companies for more money and information. But what are the most common types of cyberattacks in 2024?

Malware

One of the most common cybersecurity risks, there are currently more than 1.2 billion malware programs in existence. Malware is an umbrella term for any kind of malicious computer software that can damage computer systems and assist cybercriminals. The number of detected malware programs slightly decreased in 2024, but the threat is by no means going away.

Ransomware

Ransomware is a specific type of malware that aims to force businesses to pay a sum to unlock files and data in their systems. This cyber threat is a form of extortion and is one of the most costly cyberattacks for businesses. Ransomware attacks have been on the upswing, growing by around 67% in 2023.

Phishing and social engineering

Another common type of cyberattack that affects businesses is social engineering, in which cybercriminals earn the trust of then manipulate employees. The most frequent social engineering attack is phishing. Phishing perpetrators may pretend to be a reputable company and send emails and messages to employees attempting to get access to sensitive personal information, passwords, bank account numbers, etc. According to Z Scaler, phishing attempts rose by 58.2% in 2023, and the finance industry was the most targeted sector.

Interestingly, around 43% of all recorded phishing attacks were imitating Microsoft.

Impact and severity of cyberattacks

Cyberattacks can impact an organization in many ways — from minor disruptions in operations to major financial losses. Regardless of the type of cyberattack, every consequence has some form of cost, whether monetary or otherwise.

Consequences of the cybersecurity incident may still impact your business weeks, if not months, later. Below are five areas where your business may suffer.

The longtail costs of a data breach can extend for months to years and include significant expenses that companies are not aware of or do not anticipate in their planning.

These costs include lost data, business disruption, revenue losses from system downtime, notification costs, or even damage to a brand’s reputation. In the visual below, we outline the impacts a business may face from the first year up to the third year.

Financial losses

According to the FBI International Crime Report, Americans lost $12.3 billion due to 2023 cyberattack incidents.

Cyberattacks are getting more and more expensive, with 2023 seeing an all-time high average data breach cost of $4.45 million!

There are several ways a company could lose money during a cyber threat:

• Theft
• Regulatory fines
• Liability expenses

Loss of productivity

The most obvious impact of a cyberattack is financial losses, but a cyber threat can also disrupt your standard business operations leading to a loss of productivity. Major malware or security breaches can force companies to place many of their operating systems on pause while they investigate the attack. This downtime can lead to a damaged reputation, loss of clients/customers, and, ultimately, less cash flow.

Reputation damage

Cyberattacks can also harm your business reputation. When a major data breach occurs, customers and clients may feel less secure with your company, causing them to pack up and leave. Additionally, when a company’s internal systems are down for an extended period, the stock price can drop, which is exactly what happened in the recent CrowdStrike IT outage.

A cybersecurity threat may cause initial financial burdens such as regulatory fines and liability payments, but it is reputation damage that may be hardest to overcome

Legal liability

Another major consequence that can follow a cyberattack is legal penalties and fines. If your company fails to maintain proper cybersecurity measures and that lack of measures eventually leads to a cyberattack or data breach, you could be fined. Your company must be vigilant in cybersecurity prevention and follow specific processes for reporting incidents to avoid penalties. 

For example, in 2024, Intercontinental Exchange was fined $10 million for violating data breach reporting rules.

Business continuity problems

Mapping out a business continuity plan (BC) is one of the most important steps a business can take to survive a cyberattack. This allows the company to continue with foundational functions during emergencies, such as power outages, data breaches, and cyberattacks. BCs have become increasingly important in recent years with the digitalization of practically everything in the business world. A business continuity plan can be the difference between a company failing or succeeding after a major cyber threat.

Cyberattacks by industry

Some industries are more vulnerable to cyberattacks than others, simply due to the nature of their business. While any industry could be subject to a data breach, those most at risk are businesses that are closely involved with people’s daily lives.

Companies that hold sensitive data or personally identifiable information are common targets for hackers. Types of businesses or organizations that are most vulnerable to cyberattacks include:

Manufacturing

According to IBM’s 2024 Threat Intelligence Index, the manufacturing industry takes the cake with the largest number of cyberattacks in 2023. The cyber threat to the manufacturing industry has grown rapidly since 2019. At that time, manufacturing only experienced about 8% of all cyberattacks, while in 2023, it accounted for more than 25%! Manufacturers in the Asia Pacific region are particularly affected by cyber threats.

Banks and financial institutions

Unsurprisingly, the banking and finance sector was one of the most affected industries in 2023. Banking institutions hold lots of sensitive data such as credit card information, bank accounts, and personal customer or client data, so there is a major risk of losses in this industry.

Interestingly, the share of cyberattacks directed at the banking and financial industry has shrunk slightly from 23% in 2020 to 18.2% in 2023.

Professional services

The third most affected industry in 2023 was the professional and business services industry, which accounted for around 15% of all cyberattacks. This included accountancy and law firms, marketing agencies, IT, and others. These professionals hold sensitive data on clients, which can make them a prime target for a cyberattack.

Energy

Accounting for 11% of all cyber incidents in 2023 was the energy sector. This percentage has nearly doubled since 2019 and has been on a steady increase. Data breaches, hacking, and extortion are the biggest threats to the energy sector, causing major disruptions in the oil, gas, electric, and renewable energy sectors.

In the visual below, we break down common types of cyber incidents and the varying impacts on industries.

Cybersecurity industry statistics

As you might expect, the recent rise in cyber threats has increased the demand for cybersecurity. So, what is the current state of the cybersecurity industry?

Cybersecurity workforce at an all-time high

In 2023, there were an estimated 5.5 million workers in the cybersecurity industry, a 9% increase from 2022 and a number that has steadily grown over the past few years. 

Cyber workforce expected to grow by 32%

According to the U.S. Bureau of Labor Statistics, the American cybersecurity workforce is expected to grow by 32% by 2032 and add around 53,000 new jobs. This is a significantly faster growth rate than other industries.

Cybersecurity job vacancies grew by 350%

While the tech industry was experiencing some massive layoffs, cybersecurity was growing. In the U.S. alone, there are currently 750,000 unfilled positions in the cybersecurity sector and a global shortage of more than 4 million!

Rise in cyber risk has caused an increase in cyber insurance premiums

Cyber liability insurance has grown exponentially in recent years as more businesses invest in policies to protect themselves from the growing risk of a cyberattack. That said, with the increased risk comes higher premiums. Cyber policy premiums rose by 11% in the first quarter of 2023 and 28% in the final quarter of 2022, and they are expected to continue to rise.

Information security spending

Statista Market Report’s information security spending reached $176 billion in 2023 and is expected to surpass $200 billion in 2024. By 2030, this spending is expected to be more than $300 billion, triple the amount spent in 2017.

Global security spending

Let’s take a look at how cybersecurity spending has grown around the globe — broken down by product or service.

Data breach discovery statistics

“Breach discovery” refers to the point in time when the company or business becomes aware that an incident has occurred. According to IBM, it takes a company 204 days on average to discover the breach — and up to 73 days to contain it.

Additionally, the use of AI in security systems significantly reduced the financial impact of cyberattacks. Companies that used extensive AI features discovered and contained data breaches 108 days sooner than those that didn’t. Data breaches also cost these companies $1.76 million less on average.

Companies that discovered and contained a data breach in fewer than 200 days saved more than $1 million compared to those that took more than 200 days. A slow response to a data breach can cause even more trouble for your company. It can result in a loss of customer trust, productivity, or major fines.

A data breach response plan is a proactive way to be prepared in the event that a breach does occur. Having a risk management strategy in place to combat incidents such as breaches can minimize the impact on your company and bottom line. An incident response plan, for example, provides guidance for your team during the phases of detection, containment, investigation, remediation, and recovery.

Who’s behind data breaches?

The average person might assume the files on a company database are a bunch of boring documents, but hackers know the hard truth about that hard drive.

According to Verizon’s Data Breach Investigations Report, the majority of cyberattacks are triggered by outsiders, insiders, company partners, organized crime groups, and affiliated groups. We break down the percentages of each:

• 65% external (organized crime, state-sponsored)
• 35% internal (employees, partners, etc.)

How to reduce the risk of cyberattacks

With the increasing threats of hackers mishandling your data, implementing processes to prevent data security breaches is the most responsible course of action after having adequate professional data breach insurance.

Data breach laws vary by state, so depending on where your business is located, there are different factors to take into consideration. Notifications around the breach, what’s covered, and penalties will look different depending on the incidence and state you’re located in.

1. Reduce data transfers

Transferring data between business and personal devices is often inevitable as a result of the increasing number of employees who work remotely. Keeping sensitive data on personal devices significantly increases vulnerability to cyber attacks.

2. Download carefully

Downloading files from unverified sources can expose your systems and devices to security risks. It’s important to only download files from sources and avoid unnecessary downloads to lower your device susceptibility from malware.

3. Improve password security

Password strength is the first line of defense against a variety of attacks. Using strings of symbols that don’t have a meaning, regular password changes and never writing them down or sharing them is a crucial step to protecting your sensitive data.

4. Update device software

Software providers work hard on continuously making their software more secure, and regularly installing the latest updates will make your devices less vulnerable to attacks.

5. Monitor for data leaks

Regularly monitoring your data and identifying existing leaks will help mitigate the potential fallout from long-term data leakage. Data breach monitoring tools actively monitor and alert you of suspicious activity.

6. Develop a breach response plan

Data breaches can happen to even the most careful and disciplined companies. Establishing a formal plan to manage potential data breach incidents, primary cyber attack response plan, and cyber attack recovery plan will help organizations of any size respond to actual attacks and contain their potential damage.

It’s clear that businesses are under a constant threat of cybercrime and must take steps to defend their data. Don’t wait until it’s too late, take steps today to prevent future data breaches and the consequences that follow. Akin to the need for having adequate cyber liability insurance, having adequate data protection is essential.

Sources: Cybersecurity Ventures 1, 2 | IBM | Ponemon | Statista | Verizon | World Economic Forum