Keepnet Labs Logo
Menu
HOME > blog > cyber security statistics and trends

300 Cyber Security Statistics & Trends (Updated August 2025)

This blog post explores key cybersecurity statistics and trends for 2025, providing businesses with valuable insights into the latest cyberattack patterns. Analyze up-to-date cyber security stats and improve your cybersecurity strategies.

300 Cyber Security Statistics & Trends (Updated August 2025)

Cybersecurity is evolving rapidly as cyberattacks become increasingly sophisticated, and organizations need to stay informed about the latest trends and threats. Keepnet has compiled 300 key cybersecurity statistics, highlighting recent data on emerging threats, advanced attack techniques, and evolving security trends, aligning with broader cybercrime statistics reported globally.

This comprehensive guide explores key cybersecurity statistics, including cyber crime statistics worldwide, cyber attacks statistics, and the cost of cybercrime. We'll also delve into malware statistics, social engineering statistics, and global cybersecurity statistics. Whether you're curious about how many cyber attacks happen per day, cybersecurity spending statistics, or the global cost of cybercrime, these insights highlight the evolving threats and defenses in our connected world. From internet safety statistics to predictions for a cyber pandemic, we've compiled 300 eye-opening stats to inform your strategy.

This blog post will help businesses strengthen their cybersecurity strategies by exploring the most up-to-date information and identifying key areas for improvement based on the latest cyber attack statistics and trends for 2025.

Global Cybercrime Statistics 2024-2025

Cybercrime continues to rise at an unprecedented pace, reshaping the global threat landscape for individuals, businesses, and governments alike. Recent reports reveal staggering financial losses, with projections indicating trillions of dollars at risk in the coming years. Beyond financial impact, the sheer volume of attacks highlights how widespread and accessible cybercrime has become. These cybercrime statistics underscore the urgent need for stronger defenses, proactive awareness, and global collaboration to mitigate evolving threats.

1- Cybercrime is set to cost businesses up to $10.5 trillion by 2025 and could reach as high as $15.63 trillion by 2029. (Source: Statista)

2- Cybercrime costs are expected to escalate worldwide to almost $14 trillion by 2028. (Source: Statista)

3- Cybercrime losses reported to the FBI’s Internet Crime Complaint Center (IC3) increased by 22% between 2022 and 2023. (Source: Cobalt.io)

4- In 2024, the United States Internet Crime Complaint Center (IC3) received 859,532 complaints of suspected internet crime with reported losses exceeding $16 billion—a 33% increase in losses from 2023. (Source: IC3)

5- The top three cyber crimes in the US by number of complaints reported by victims in 2024 to IC3 were phishing/spoofing, extortion, and personal data breaches. (Source: IC3)

6- Phishing/spoofing was the top cyber crime reported to the IC3 in 2024, making up 193,193, or 23% of all complaints. (Source: IC3)

7- Victims of investment fraud, specifically those involving cryptocurrency, reported the most losses to IC3 in 2024, totaling over $6.5 billion. (Source: IC3)

8- People over the age of 60 suffered the most losses at nearly $5 billion and submitted the greatest number of complaints to IC3 at 147,127 complaints in 2024, a 43% increase in losses and 46% increase in number of complaints compared to 2023. (Source: IC3)

9- UK businesses who were victims of cyber crime experienced an average of 30 cyber crimes of any kind in the last 12 months. (Source: GOV.UK)

10- In the UK Government's study, 18% of micro businesses, 25% of small businesses, 43% of medium businesses, and 52% of large businesses were likely to experience cyber crime. (Source: GOV.UK)

11- Investment fraud made up roughly 37% of all money lost in reported complaints in 2023, amounting to $4.57 billion. (Source: Statista)

12- Three-quarters of consumers have had their personal information lost or stolen in some form of cybercrime. (Source: III)

13- Russia tops the list of the most significant sources of cybercrime at a national level, followed by Ukraine, China, the USA, Nigeria, and Romania in the first ever ‘World Cybercrime Index’ compiled in 2024. (Source: University of Oxford)

14- Russian-speaking cybercriminals dominate the global ransomware industry, with an estimated 75% of ransomware revenue going to actors linked to the Russian-language underground. (Source: Global Initiative)

15- Cybercrime up 600% Due to COVID-19 Pandemic. (Source: PurpleSec)

16- Worldwide, cyber crimes will cost $10.5 trillion annually by 2025. (Source: PurpleSec)

17- The global annual cost of cybercrime is estimated to be $6 trillion per year. (Source: PurpleSec)

18- Cybercrime cost makes up a value worth 1% of the Global GDP. (Source: PurpleSec)

19- 71.1 million people fall victim to cyber crimes yearly. (Source: PurpleSec)

20- Individuals lose $4,476 USD on average. (Source: PurpleSec)

21- Individuals lose $318 billion to cybercrime. (Source: PurpleSec)

22- Individuals of phishing scams lost $225 on average. (Source: PurpleSec)

23- The average (mean) annual cost of cyber crime for businesses is estimated at approximately £1,120 per victim (this excludes crimes where the cost is unknown). For individuals, reported losses from phishing and related scams averaged $4,476 USD per victim in 2024, based on global cybercrime reports. (Source: GOV.UK Cyber Security Breaches Survey 2024)

Statistics on the Cost of Cybercrime

The financial toll of cybercrime continues to surge, placing immense strain on organizations of all sizes. From soaring data breach costs to skyrocketing ransomware payments, the numbers reveal a trend of relentless escalation year after year. With the U.S. and other regions paying significantly above the global average, businesses face unprecedented risks that go far beyond technical disruptions. These cybersecurity statistics highlight not only the direct monetary losses but also the long-term reputational damage and operational setbacks that make cybercrime one of the most pressing global challenges today:

24- The average cost of a data breach globally is growing to around $4.88 million, a 10% increase year-on-year. (Source: IBM)

25- The industrial sector is experiencing the highest increase in data breach costs, rising by $830,000 on average year-on-year. (Source: SecurityIntelligence)

26- Data breach costs are projected to be the highest in the U.S., followed by the Middle East, Benelux, and Germany. (Source: Statista)

27- All four territories experience costs higher than the global average of $4.88 million, with the U.S. paying almost double this amount. (Source: Statista)

28- Ransomware costs victims an average of $1.85 million per incident, with attacks rising by 13% over a five-year period. (Source: Astra)

28- The average cost of a data breach now stands at $4.88 million, showing a 10% rise compared to the previous year. (Source: IBM)

30- The global average cost of a data breach in 2024 is $4.88 million, a 10 percent increase over last year. (Source: IBM)

31- The average per-capita cost of a data breach is $165, one dollar higher than 2022. (Source: IBM)

32- The average total cost of a ransomware breach is $5.13 million, 13 percent higher than in 2022. (Source: IBM)

33- A data breach can cost a company an average of $1.3 million in lost business. (Source: IBM)

34- In the US, a data breach costs an average of $9.44M. (Source: GetAstra)

35- Cybercrime is predicted to cost $8 trillion by 2023. (Source: GetAstra)

36- Cybercrime cost the world USD 9.5 trillion in 2024. (Source: eSentire)

37- The average cost of a corporate data breach in 2023 stood at $4.45 million. (Source: IBM)

38- The cybercrime economy of 2023 was $8 trillion. (Source: Cybersecurity Ventures)

39- The world lost $255,000 every second to cyberattacks in 2023. (Source: GetAstra)

40- On average, a malware attack costs a company over $2.5 million (including the time needed to resolve the attack). (Source: PurpleSec)

41- The average cost of a data breach to small business can range from $120,000 to $1.24 million. (Source: PurpleSec)

42- Data breach costs rose from $3.86 million to $4.24 million in 2021, the highest average total cost in the 17-year history of this report. (Source: PurpleSec)

43- The average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach. (Source: PurpleSec)

44- It costs $180 per record with PII that was breached. (Source: PurpleSec)

45- When remote work is a factor in causing a data breach, the average cost per breach is $173,074 higher. (Source: IBM)

46- Worldwide cybercrime costs are estimated to hit $10.5 trillion annually by 2025, emphasizing the need for enhanced cybersecurity measures. (Source: Statista)

47- Cybercrime losses reported to the FBI's Internet Crime Complaint Center (IC3) increased 22% between 2022 and 2023. (Source: Federal Bureau of Investigation)

48- The average ransomware payment in 2021 increased by 82% year over year to $570,000. (Source: PurpleSec)

49- Ransomware payments reached a record $1.1 billion in 2023. (Source: Chainalysis)

50- Ransomware costs are projected to reach around $265 billion USD annually by 2031, significantly up from $20 billion in 2021. (Source: Cybersecurity Ventures)

Data Breach Statistics

Data breaches remain one of the most damaging aspects of cybercrime, with both the frequency and impact continuing to escalate globally. Recent reports show billions of records exposed, millions of files left open to excessive access, and a concerning lack of incident response planning across organizations. The costs are particularly severe in industries like healthcare, where breach expenses have surged dramatically in recent years. With cloud-based data making up the majority of breaches, businesses face growing challenges in securing sensitive information against increasingly sophisticated threats.

51- The ITRC's mid-year 2025 report reveals 1,732 data breaches occurred in the first half of the year, marking an 11% rise from last year. (Source: ITRC)

52- The prevalence of cyber breaches and attacks in medium and large businesses remains high (67% medium and 74% large) and was similar to 2024 (70%). (Source: GOV.UK)

53- So far, data breaches exposed 7 billion records in the first half of 2024. (Source: IT Governance)

54- On average, every employee has access to 11 million files. (Source: Varonis)

55- 15 percent of companies found 1,000,000+ files open to every employee. (Source: Varonis)

56- 17 percent of all sensitive files are accessible to all employees. (Source: Varonis)

57- About 60 percent of companies have more than 500 accounts with non-expiring passwords. (Source: Varonis)

58- More than 77 percent of organizations do not have an incident response plan. (Source: Cybint)

59- The average time to detect a data breach is 118 days. (Source: ThoughtLab)

60- Since 2020, healthcare data breach costs have increased 53.3%. (Source: IBM)

61- 70% of data breaches caused significant or very significant disruptions. (Source: IBM)

62- The average time to detect a breach 2024. (Source: Various)

63- 82% of breaches involved cloud-based data. (Source: IBM)

64- 540 million accounts were affected in the latest Facebook breach. (Source: DataProt)

Ransomware Statistics

Ransomware statistics show just how rapidly this threat is escalating, now making up the majority of global cyber attacks. Cybersecurity statistics 2025 reveal that ransomware attacks are expected to contribute heavily to the $10.29 trillion cybercrime economy, making it one of the most costly and disruptive threats today. U.S. cyber attack statistics, along with government cyber security statistics worldwide, highlight how critical sectors like healthcare, finance, and education are being targeted with increasing frequency. These scary cybersecurity statistics confirm that ransomware is not only growing in volume but also in severity, forcing organizations to rethink defenses and invest in stronger recovery strategies.

65- In 2025, ransomware alone accounts for 68% of all detected threats, with global cybercrime damages estimated at $10.29 trillion. (Source: Demandsage)

66- Ransomware was the leading motive for more than 72% of cybersecurity incidents in 2023. (Source: Statista)

67- The share of breaches caused by ransomware grew 41% in the last year. (Source: GetAstra)

68- Ransomware is 57x more destructive in 2021 than it was in 2015. (Source: PurpleSec)

69- 121 ransomware incidents have been reported in the first half of 2021, up 64% year-over-year. (Source: PurpleSec)

70- The largest ransom demand observed so far in 2021 is $100 million. (Source: PurpleSec)

71- Ransomware has become a popular form of attack in recent years growing 350% in 2018. (Source: PurpleSec)

72- Ransomware detections are on the rise with Ryuk detections increasing by 543% over Q4 2018. (Source: PurpleSec)

73- 81% of cyber security experts believe there will be more ransomware attacks than ever in 2019. (Source: PurpleSec)

74- In 2019 ransomware from phishing emails increased 109% over 2017. (Source: PurpleSec)

75- 59% of all organizations were hit by ransomware attacks over the last year. (Source: Sophos)

76- Ransomware attacks increasingly target organizations of all sizes, with 47% of organizations with revenue under $10 million reporting attacks over the past year. (Source: Sophos)

77- Ransomware attacks surged by 126% in Q1 2025. (Source: Check Point)

78- Ransomware attacks increased 20% in 2024. (Source: Chainalysis)

79- The healthcare sector is the most targeted by ransomware, with 66% of organizations hit in the past year. (Source: Sophos)

80- Ransomware attacks on the healthcare sector increased 128% in 2023. (Source: Rubrik)

81- Ransomware attacks on healthcare organizations impact 6 million patient records. (Source: Comparitech)

82- Ransomware attacks on healthcare organizations affect an average of 19,000 appointments per attack. (Source: Comparitech)

83- Ransomware attacks on hospitals lead to longer stays and delays in procedures. (Source: Comparitech)

84- Ransomware victims who pay the ransom are attacked a second time 80% of the time. (Source: Cybereason)

85- Ransomware victims who pay the ransom only recover 65% of their data on average. (Source: Sophos)

86- Ransomware victims who pay the ransom experience recovery costs that are 10 times higher. (Source: Sophos)

87- Ransomware victims that use backups to recover save nearly $1.4 million on average compared to those who pay the ransom. (Source: Sophos)

88- Ransomware victims that use backups to recover are able to restore data in a week or less 71% of the time. (Source: Sophos)

89- Ransomware victims that pay the ransom are able to restore data in a week or less 57% of the time. (Source: Sophos)

90- Ransomware attacks on lower education institutions have the lowest recovery rate at 63%. (Source: Sophos)

91- Ransomware attacks on state and local governments have the highest recovery rate at 79%. (Source: Sophos)

92- Ransomware attacks on healthcare organizations have a recovery rate of 67%. (Source: Sophos)

93- Ransomware attacks on financial services organizations have a recovery rate of 75%. (Source: Sophos)

94- 72% of GCO survey respondents reported a rise in cyber risks, with ransomware remaining a top concern. (Source: Global Cybersecurity Outlook 2025)

95- 45% of respondents rank ransomware as a top organizational cyber risk in the 2025 survey. (Source: Global Cybersecurity Outlook 2025)

Vulnerability and Exploit Statistics

Cybersecurity statistics 2025 highlight a sharp rise in vulnerabilities and exploits, with daily CVE disclosures reaching record-breaking levels. Cyber attack statistics by year show that 2025 is on track to surpass 2024’s historic peak of over 40,000 reported CVEs, making it clear that software flaws remain a primary entry point for attackers. U.S. cyber attack statistics and global government cyber security statistics reveal that unpatched vulnerabilities are among the leading causes of breaches, often exploited in ransomware and phishing campaigns. These scary cybersecurity statistics confirm that thousands of new weaknesses emerge every day, raising the question of how many cyber attacks happen per day in the world—and how many could be prevented with timely patching.

96- In the first half of 2025, CVE reports have continued to rise, showing this isn’t just a short-term trend. In 2024, there were about 113 CVEs published daily, but in 2025, that number has increased to 131 per day. At this pace, 2025 is on track to surpass the 2024 record of over 40,000 CVEs. (Source: Techzine)

97- CVE Growth in 2024: A staggering 22,254 CVEs (Common Vulnerabilities and Exposures) were reported by mid-2024, reflecting a 30% jump compared to 2023 and a 56% increase from 2022. (Source: SC Magazine)

98- Daily Vulnerability Disclosures: By late 2024, an average of 115 CVEs were disclosed daily—a testament to the increasing complexity of modern cyber threats. Expect these numbers to rise further in 2025. (Source: GitHub)

99- Vulnerability-based attacks surged by 124% in Q3 2024 compared to the same period in 2023. This increase is largely attributed to the growing accessibility of LLM tools like ChatGPT. (Source: Indusface)

100- With 25% of breaches linked to stolen credentials and application vulnerabilities, the importance of securing applications becomes increasingly critical in a digital-first world. (Source: Verizon)

101- More than 99% of technologists acknowledge that production applications contain at least four vulnerabilities. (Source: Contrast Security)

102- In 2024, 0.91% of all CVEs (204 out of 22,254) were weaponized—representing a 10% year-over-year increase. (Source: SC Magazine)

103- Between November 2021 and October 2023, more than 70% of cyberattacks globally targeted the Microsoft Office Suite, making it the most exploited platform. (Source: Statista)

104- Browser exploits ranked second, accounting for nearly 12% of attacks, while Google’s Android was exploited in about 6% of the detected incidents during this period. (Source: Statista)

105- In 2023, 38% of intrusions began with attackers exploiting vulnerabilities, marking a 6% increase compared to the previous year. (Source: Darkreading)

106- 28,778 new vulnerabilities were discovered in 2023. (Source: CVEDetails)

107- 2022’s total vulnerabilities were nearly 3,700+ less than 2023. (Source: CVEDetails)

108- At a current rate of 14.8%, 2025 will have 33K+ CVEs. (Source: GetAstra)

109- Fortra’s reactive stance allowed hackers to exploit a zero-day vulnerability, affecting over 130 companies. (Source: GetAstra)

110- 70% of the most exploited vulnerabilities in 2023 were zero-days—a significant leap from 2022. (Source: CISA)

111- Prolonged Exploitation Windows: Zero-day vulnerabilities are not only exploited immediately after discovery but remain active threats for up to 2 years, largely due to delayed patching. (Source: SC Magazine)

112- The 2025 DBIR report found that vulnerability exploitation was the initial access method in 20% of breaches. (Source: Verizon)

113- In 2024, a record-breaking 40,009 Common Vulnerabilities and Exposures (CVEs) were published, marking a nearly 39% increase from 2023 and highlighting the growing complexity of the threat landscape. (Source: Edgescan)

Cyber Attacks Statistics 2024

Cyber attacks statistics 2024 show that cyber attacks continue to escalate, with over 2,200 cyber attacks per day worldwide—equating to one every 39 seconds. Cyber attack statistics by year highlight a steep rise in incidents, with organizations facing an average of 1,876 weekly attacks in Q4 2024, representing a 75% year-over-year increase.

114- Over 2,200 cyberattacks occur daily worldwide. (Source: Demandsage.com)

115- There are 2,200 cyber attacks per day. (Source: GetAstra)

116- A cyber attack happens every 39 seconds on average. (Source: GetAstra)

117- The average number of cyber attacks per organization per week reached 1,876 in the fourth quarter of 2024, a 75% year-over-year increase. (Source: Check Point)

118- In Q2 2024, organizations experienced an average of 1,636 cyber attacks per week, representing a 30% year-over-year increase. (Source: Check Point Research)

119- Threat actors deployed an average of 11.5 attacks per minute in 2023, including 1.7 novel malware samples per minute. (Source: BlackBerry)

120- 92% of malware was delivered via email. (Source: GetAstra)

121- The second quarter of 2024 saw a 20% year-over-year increase in DDoS attacks. (Source: Cloudflare)

122- Google defended against a massive DDoS attack, handling over 398 million requests per second. (Source: Google Cloud)

123- The largest DDoS attack was 1.3 terabytes per second. (Source: DataProt)

124- Enterprises experienced 130 security breaches per year, per organization, on average. (Source: PurpleSec)

125- 22.7% increase in cost of cybersec per year. (Source: PurpleSec)

126- 27.4% increase in annual number of security breaches. (Source: PurpleSec)

127- 50 days – average time needed to resolve an insider’s attack. (Source: PurpleSec)

128- 23 days – how long it takes to recover from a ransomware attack. (Source: PurpleSec)

129- The second quarter of 2024 saw a 30% increase in cyberattacks compared to Q2 2023, the highest increase in the last two years. (Source: Check Point Research)

130- Cybersecurity incidents now rank among the leading risks for companies of all sizes, including small, mid-size, and large companies. (Source: Allianz)

Industry-Specific Cybersecurity Stats

Industry-specific cybersecurity statistics reveal that no sector is immune from the growing wave of digital threats, with healthcare, education, small businesses, and government agencies among the hardest hit. Cyber attack statistics by year show sharp increases in incidents across hospitals, schools, and SMBs, with U.S. cyber attack statistics highlighting especially severe impacts on smaller organizations. Government cyber security statistics further confirm that public-sector entities struggle with talent shortages and inadequate cyber resilience, leaving them exposed to attacks. These scary cybersecurity statistics demonstrate how many cyber attacks happen per day across industries, underscoring the urgent need for stronger defenses and long-term resilience strategies.

131- The healthcare sector is experiencing the highest increase in data breach costs. (Source: IBM)

132- Annually, hospitals spend 64 percent more on advertising in the two years following a breach. (Source: American Journal of Managed Care)

133- Hospitals cyber attack impacts 800 operations. (Source: BBC)

134- In Q1 2024, the education sector experienced an average of 2,507 cyber attacks per week, indicating a significant rise in targeted attacks on educational institutions. (Source: Parachute)

135- 61% of small and medium-sized businesses (SMBs) were hit by cyber attacks in 2023. (Source: FirewallTimes)

136- Over 50% of all cyber attacks are done on SMB’s. (Source: PurpleSec)

137- There are 30 million SMB in the USA and over 66% of all SMB’s had at least 1 incident between 2018-2020. (Source: PurpleSec)

138- 1 in 10 small businesses suffer a cyberattack each year. (Source: DataProt)

139- 60% of small businesses go out of business after being victims of a cyber attack. (Source: DataProt)

140- Small business cyber attack statistics 2024. (Source: Various)

141- 35% of small organizations believe their cyber resilience is inadequate, a proportion that has increased sevenfold since 2022. (Source: Global Cybersecurity Outlook 2025)

142- 71% of cyber leaders at the Annual Meeting on Cybersecurity 2024 believe that small organizations have already reached a critical tipping point where they can no longer adequately secure themselves against the growing complexity of cyber risks. (Source: Global Cybersecurity Outlook 2025)

143- 38% of public-sector respondents report insufficient cyber resilience, compared to 10% of medium-to-large private-sector organizations. (Source: Global Cybersecurity Outlook 2025)

144- 49% of public-sector organizations indicate they lack the necessary talent to meet their cybersecurity goals, an increase of 33% from 2024. (Source: Global Cybersecurity Outlook 2025)

Cybersecurity statistics 2025 reveal that global spending on security continues to surge as organizations face escalating threats and costly breaches. Cyber attack statistics by year show that both large enterprises and small businesses are steadily increasing their IT budgets for defense, with U.S. cyber attack statistics confirming rising investments across every sector. Government cyber security statistics also highlight the shift toward security services such as consulting, outsourcing, and hardware support, which now make up the largest segment of the market. These scary cybersecurity statistics demonstrate how many cyber attacks happen per day in the world—and why cybersecurity spending is projected to surpass $400 billion by 2030.

145- The cybersecurity technology market was valued at $185.7 billion in 2024. (Source: techopedia.com)

146- On average, 12% of IT budgets are spent on cybersecurity. (Source: Business)

147- 97% of businesses expect to increase their cybersecurity budgets in the next 12 months. (Source: Cisco)

148- Worldwide spending on security and risk management is projected to reach $215 billion in 2024, a 14.3% increase from 2023. (Source: Gartner)

149- 78% of small and medium businesses say they will increase investment in cybersecurity in the next 12 months. (Source: AAG IT)

150- The security services segment, comprised of consulting, IT outsourcing, implementation, and hardware support, is the largest security segment with projected revenues of almost $90 billion in 2024. (Source: Gartner)

151-51% of organizations plan to increase security investments due to a breach. (Source: IBM)

152- 51% of business leaders view cybersecurity as a key business enabler. This compares to 37% who view it as a necessary cost of doing business. (Source: PracticalEcommerce)

152- The global cybersecurity market is expected to grow to $266.2 billion by 2027. (Source: MarketsandMarkets)

153- The cybersecurity industry has an 8.9% CAGR. (Source: GetAstra)

154- Cybersecurity budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80%. (Source: ThoughtLab)

155- 66% of organizations expect their cybersecurity budget to grow in the coming year. (Source: PWC)

156- The cybersecurity market is expected to grow to $300 billion by 2024. (Source: DataProt)

157- The average security budget of small businesses is 500$. (Source: DataProt)

158- Global cybersecurity spending will reach $212 billion in 2025. (Source: Gartner)

159- 15.1% of organizations plan to increase spending on information security in 2025. (Source: Gartner)

160- The global security market value is forecast to reach $424.97 billion in 2030. (Source: Fortune Business Insights)

161- 93% of organizations expect to increase cybersecurity spending over the next year. (Source: Splunk)

162- Global spending on cybersecurity reached approximately $213 billion in 2024, driven by increased investments in software and services amid rising threats. (Source: McKinsey via Secureworks Boardroom Cybersecurity Report 2024)

Statistics on Workforce and Skills in Cybersecurity

Cybersecurity statistics highlight a growing workforce of over 4.7 million professionals worldwide, yet the industry continues to face a severe skills gap. Cyber attack statistics by year show that threats are rising faster than talent availability, with U.S. cyber attack statistics confirming that organizations struggle to recruit and retain qualified experts. Government cyber security statistics and global workforce reports warn that nearly 3.5 million cybersecurity jobs may remain unfilled by 2025, creating significant risks for businesses of all sizes. These scary cybersecurity statistics reveal not only how many cyber attacks happen per day in the world but also how the shortage of skilled defenders intensifies the impact of each attack.

163- The global cybersecurity workforce is estimated to be around 4.7 million people. (Source: ISC2)

164- Median pay for information security analysts was $102,600 annually in 2021. (Source: BLS)

165- The lowest 10 percent earned less than $61,520, and the highest 10 percent earned more than $165,920. (Source: BLS)

166- Chief information security officers made an average annual salary of $170,980 as of July 2022. (Source: PayScale)

167- Typical entry-level education is a bachelor’s degree. (Source: BLS)

168- The expected growth rate for tech jobs is nearly twice the national rate for all jobs over the next 10 years. (Source: CyberStates)

169- Information security analysts are projected to grow by 35% from 2021 to 2031, which is much faster than average. (Source: BLS)

170- 56,500 jobs are estimated to be added during 2021-2031. (Source: BLS)

171- Cybersecurity Ventures projects there will be 3.5 million unfilled cybersecurity positions in 2025 globally. (Source: Cybersecurity Ventures)

172- The cyber skills gap has increased by 8% since 2024, with two out of three organizations reporting moderate-to-critical skills gaps, and only 14% of organizations are confident that they have the people and skills they need today. (Source: Global Cybersecurity Outlook 2025)

173- The cyber skills gap has widened since 2024, with two in three organizations reporting moderate-to-critical skills gaps, and only 14% of organizations are confident that they have the people and skills required. (Source: Global Cybersecurity Outlook 2025)

174- Gartner predicts nearly half of cybersecurity leaders will change jobs by 2025. (Source: Gartner)

175- 55% of cybersecurity experts have reported increased stress levels due to heightened cybersecurity threats and challenges. (Source: CFO)

176- 82% of chief information security officers (CISOs) would consider becoming a whistleblower if their organization was willfully ignoring security and compliance, thus putting the business at risk. (Source: Splunk)

177- 84% of CISOs fear being personally liable for cybersecurity incidents. (Source: Splunk)

AI and Generative AI in Cybersecurity

178- 97% of companies are reporting GenAI security issues and breaches. (Source: Capgemini)

179- 24% of companies believe they can use GenAI technology to make incident response more efficient in the future. (Source: Capgemini)

180- 85% of cybersecurity professionals attribute the increase in cyberattacks to the use of generative AI by bad actors. (Source: CFO)

181- 46% of security experts believe the integration of generative AI in business operations will increase vulnerability to cyberattacks. (Source: CFO)

182- By 2027, 17% of cyberattacks will employ generative AI. (Source: Gartner)

183- Concerns about AI in cybersecurity include the potential for increased privacy concerns (39%), undetectable phishing attacks (37%), and a general increase in the volume and velocity of attacks (33%). (Source: CFO)

184- Just 15% of stakeholders feel non-AI tools can detect and stop AI-generated threats. (Source: Darktrace)

185- 70% of organizations find AI highly effective in detecting threats that were previously undetectable. (Source: Ponemon Institute)

186- 35% of CISOs are already using AI for security applications. (Source: Splunk)

187- 61% will likely use AI in the next 12 months. (Source: Splunk)

188- 66% of organizations expect AI to have the most significant impact on cybersecurity in the year to come, but only 37% report having processes in place to assess the security of AI tools before deployment. (Source: Global Cybersecurity Outlook 2025)

189- 47% of organizations cite adversarial advances powered by generative AI (GenAI) as their primary concern, enabling more sophisticated and scalable attacks. (Source: Global Cybersecurity Outlook 2025)

190- 66% of respondents believe that AI will affect cybersecurity in the next 12 months, but only 37% have processes in place for safe AI deployment. (Source: Global Cybersecurity Outlook 2025)

191- 47% of organizations cite the advance of adversarial capabilities (e.g., phishing, malware development, deepfakes) as their top concern surrounding GenAI. (Source: Global Cybersecurity Outlook 2025)

192- 26% of companies reported using AI and machine learning solutions to predict and handle breaches. (Source: ThoughtLab)

193- Companies with extensive use of AI and automation security tools cost 2.2 percent less in breach costs. (Source: IBM)

194- Security Driven AI had best cost mitigation, saving up to $3.81 million (80% cost difference). (Source: PurpleSec)

195- Generative AI will probably be used for cyber activities in 2024. (Source: CrowdStrike)

Social Engineering Statistics

Cybersecurity statistics confirm that phishing and social engineering remain the most common and dangerous forms of cybercrime, with up to 98% of cyberattacks involving some type of manipulation. Cyber attack statistics by year show that more than three-quarters of targeted cyberattacks in began with a phishing email, highlighting the ongoing dominance of email as an attack vector. U.S. cyber attack statistics and government cyber security statistics reveal that nearly half of organizations experienced successful phishing or social engineering attempts in the past year. These scary cybersecurity statistics demonstrate how many cyber attacks happen per day in the world and reinforce why phishing awareness and training remain critical for businesses of all sizes.

196- Up to 98% of cyberattacks – against businesses and otherwise – involve social engineering. (Source: Sprinto)

197- Over 75% of targeted cyberattacks start with an email in 2024, making phishing a primary vector for cybercrime. (Source: Norton Antivirus)

198- 42% of organizations report experiencing phishing and social engineering attacks in 2024. (Source: Global Cybersecurity Outlook 2025)

199- 42% of organizations experienced a successful social engineering attack in the past year. (Source: Global Cybersecurity Outlook 2025)

200- 98% of cyberattacks in 2024 relied on social engineering tactics, such as phishing or pretexting, making it the most common attack vector. (Source: Huntress)

Cybersecurity Readiness and Strategies

201- 72% of business owners are concerned about future cybersecurity risks arising from hybrid or remote work. (Source: Statista)

202- 74% of businesses are confident in their ability to detect and respond to cyberattacks in real-time, a high of 81% of C-suite leaders vs. 66% of Front-line managers. (Source: VikingCloud)

203- 53% of companies actively train staff on how to minimize internal risks. (Source: Securonix)

204- More than 86% adopting zero trust models. (Source: Cisco)

205- Up to 60% of companies on supply chains will be using the risk of cybersecurity as a buying consideration when partnering with others. (Source: Gartner)

207- Around 76% of security leaders are concerned about cyber threats evolving in sophistication – and 72% believe they are “first adopters” of technology to combat them in the years ahead. (Source: KPMG)

208- Only 3% of organizations globally have the “Mature” level of readiness to be resilient against cybersecurity risks. (Source: Cisco)

209- 83% of large businesses see security as a significant threat to their business. (Source: IBM)

210- 80% of organizations use cybersecurity automation tools. (Source: Security Boulevard)

211- Cloud security spending is expected to increase at a 24.7% rate between 2023 and 2024, the fastest of any segment. (Source: Gartner)

212- 62% of IT leaders do not believe they are effectively securing their cloud resources. (Source: Arctic Wolf)

213- 42% of IT leaders said that cloud security gaps were their primary area of concern. (Source: Arctic Wolf)

214- 49% of business leaders rated modernization of technology including cyber infrastructure as their top priority over the next 12 months. (Source: PWC)

215- Only 4% of organizations are confident in their assurance of security to users of connected devices and related technologies. (Source: World Economic Forum)

216- Only 4% of organizations feel confident in their security to “users of connected devices and related technologies are protected against cyberattacks.” (Source: GetAstra)

217- 50% of C-suite leaders will have cybersecurity risk-related performance requirements embedded in their contracts by 2026. (Source: Gartner)

218- Organizations with a zero-trust approach saw average breach costs $1.76 million less than organizations without. (Source: IBM)

219- Zero trust security policies saved $1.76 million per breach. (Source: PurpleSec)

220- 41% of cybersecurity executives report using Zero Trust architecture principles. (Source: ThoughtLab)

221- 30% of executives said their budgets aren’t sufficient to ensure proper cybersecurity. (Source: ThoughtLab)

222- 31% of executives said their main cybersecurity challenge was improper identification of key risks. (Source: ThoughtLab)

223- 50% of companies outsource their cybersecurity operations center. (Source: ThoughtLab)

224- The most used cybersecurity framework was ISO 27001/27002 at 48% of companies. (Source: ThoughtLab)

225- 55% of companies run internal cybersecurity assessments. (Source: ThoughtLab)

226- Only 38% of companies say they have made notable improvements after a breach. (Source: ThoughtLab)

227- Only 23% of companies say their cybersecurity metrics are well understood by the board and senior executives. (Source: ThoughtLab)

228- The top cybersecurity investment is upskilling cybersecurity and IT staff, with 46% of companies reporting this. (Source: ThoughtLab)

229- 63% of companies have some form of email security measure. (Source: ThoughtLab)

230- Only 29% of companies reported using multi-factor authentication. (Source: ThoughtLab)

231- 46% of organizations test cyber incident response time and planning every quarter. (Source: Deloitte)

232- 41% of organizations identified hybrid IT situations as their biggest cybersecurity challenge. (Source: Deloitte)

233- 46% of companies have identified increased CEO support as a major driver of cybersecurity-aware work culture. (Source: PWC)

234- 53% of users haven’t changed their passwords in the last 12 months. (Source: LastPass)

235- 57% of users reported having a password written down on a sticky note. (Source: Keeper Security)

236- 37% of employees use their employer’s name as a portion of their password. (Source: Keeper Security)

237- 44% of users reported recycling passwords across personal and business-related accounts. (Source: Keeper Security)

238- 62% of users have shared a password over email or text messages. (Source: Keeper Security)

239- 73% of companies in North America use browsers that are out of date. (Source: Statista)

240- 61% of respondents’ organizations provided work-issued devices to employees as needed, 65% did not deploy a new antivirus (AV) solution for those same devices. (Source: PurpleSec)

241- 44% of respondents’ organizations did not provide cybersecurity training that focused on potential threats of working from home (like ensuring home networks had strong passwords, or devices were not left within reach of non-authorized users). (Source: PurpleSec)

Compliance and Regulatory Statistics

Cyber security statistics reveal that compliance and regulatory pressures are shaping how organizations allocate their security budgets, with 66% of companies citing mandates as the main driver of spending. Cyber attack statistics by year highlight the growing financial impact of non-compliance, with GDPR fines alone exceeding €1.6 billion in 2023 and major penalties levied against companies like Meta, TikTok, and Uber.

242- 66 percent of companies say that compliance mandates are driving spending. (Source: CSO Online)

243- 78 percent of companies expect annual increases in regulatory compliance requirements. (Source: Thomson Reuters)

244- For large firms, the cost of compliance can approach $10,000 per employee. (Source: Forbes)

245- The total amount of HIPAA violation fines and settlements in 2023 was $4,176,500. (Source: Compliancy Group)

246- In 2023, the General Data Protection Regulation imposed record fines exceeding €1.6 billion – more than the total fines imposed in 2019, 2020, and 2021 combined. (Source: Statista)

247- Meta was fined $1.3 billion for GDPR violations in 2023. (Source: Reuters)

248- TikTok was fined $370 million for breaching a number of GDPR rules in 2023. (Source: Forbes)

249- Spotify was fined $5.4 million in 2023. (Source: CyberNews)

250- Uber was fined €290m in 2024. (Source: Infosecurity Magazine)

251- 76% of chief information security officers (CISOs) at the World Economic Forum’s Annual Meeting on Cybersecurity in 2024 report that fragmentation of regulations across jurisdictions greatly affects their organizations’ ability to maintain compliance. (Source: Global Cybersecurity Outlook 2025)

252- 78% of leaders from private organizations feel that cyber and privacy regulations effectively reduce risk in their organization’s ecosystems. (Source: Global Cybersecurity Outlook 2025)

Cyber Security Statistics on Supply Chain and Third-Party Risks

Cyber security statistics show that supply chain and third-party risks are now among the fastest-growing attack vectors, with nearly half of global organizations expected to be impacted by a supply chain attack within the next two years. Cyber attack statistics by year highlight major incidents like the MOVEit breach, which compromised more than 620 organizations worldwide.

253- Up to 60% of companies on supply chains will be using the risk of cybersecurity as a buying consideration when partnering with others. (Source: Gartner)

254- The MOVEit Supply Chain Attack compromised more than 620 organizations. (Source: NCSC)

255- 45% of global organizations will be impacted by a supply chain attack over the next two years. (Source: Gartner)

256- 54% of large organizations identified supply chain challenges as the biggest barrier to achieving cyber resilience. (Source: Global Cybersecurity Outlook 2025)

Cyber Insurance Statistics

Cybersecurity statistics reveal that the demand for cyber insurance is rising rapidly as businesses face growing financial risks from data breaches, ransomware, and phishing attacks. U.S. cyber attack statistics show that premiums surged by 50% in 2022, reaching $7.2 billion, with one in three companies now carrying cyber liability coverage.

257- US cyber insurance premiums surged 50 percent in 2022, reaching $7.2 billion in premiums collected from policies written by insurers. (Source: Insurance Journal)

258- 1 in 3 US companies has purchased data-breach insurance coverage or cyber liability insurance. (Source: DataProt)

259- The cyber insurance market is expected to be worth $20 billion by 2025. (Source: DataProt)

260- Global cyber insurance premiums are projected to grow from $14 billion in 2023 to $29 billion by 2027. (Source: Munich RE)

Cyber Security Statistics on Malware and Web Application Threats

Cybersecurity statistics reveal that malware and web application vulnerabilities remain among the most exploited attack vectors, with 17% of all cyber attacks targeting insecure applications. Cyber attack statistics by year show that 98% of web applications contain flaws—mostly due to coding errors—that can expose organizations to malware, data theft, and redirection to malicious websites.

261- 17% of cyber attacks target vulnerabilities in web applications. (Source: PT Security)

262- 98% of web applications are vulnerable to attacks that can result in malware, redirection to malicious websites, and more. (Source: PT Security)

263- 72% of vulnerabilities were due to flaws in web application coding. (Source: PT Security)

264- Hackers got away with more than $2 billion in cryptocurrencies in 2023. (Source: GetAstra)

265- Access to Someone’s entire online identity is worth roughly $1,000. (Source: PurpleSec)

266- PII goes for roughly $200 per record. (Source: PurpleSec)

267- $50 gets you malware + tutorial on how to use it. (Source: PurpleSec)

268- A $34 monthly investment could net a criminal $25,000 a month. (Source: PurpleSec)

269- Hackers steal $46 million worth of cryptocurrency every month. (Source: PurpleSec)

270- Six of the top ten most expensive crypto breaches occurred in 2021. (Source: PurpleSec)

271- Cryptocurrency theft grew even more, with roughly $3.2 billion worth of cryptocurrency stolen in 2021 — a 516% increase compared to 2020. (Source: PurpleSec)

Cyber Security Statistics on Geopolitical and Emerging Risks

Cybersecurity statistics 2025 show that geopolitical tensions are directly shaping how organizations build and adapt their cyber defense strategies. Cyber attack statistics by year indicate that threats such as cyber espionage, intellectual property theft, and disruption of critical operations are increasingly tied to global conflicts and political instability.

272- Nearly 60% of organizations state that geopolitical tensions have affected their cybersecurity strategy. (Source: Global Cybersecurity Outlook 2025)

273- 31% of CEOs cite cyber espionage and loss of sensitive information/intellectual property (IP) theft as their top concern, while 45% of cyber leaders are concerned about disruption of operations and business processes due to geopolitical tensions. (Source: Global Cybersecurity Outlook 2025)

274- 15% of respondents in Europe and North America lack confidence in their country’s ability to respond to major cyber incidents targeting critical infrastructure, compared to 36% in Africa and 42% in Latin America. (Source: Global Cybersecurity Outlook 2025)

275- 60% of organizations reported that their cyber strategies were influenced by geopolitical tensions. (Source: Global Cybersecurity Outlook 2025)

276- Experts predicted a "cyber pandemic" in 2024 with record-breaking data breaches amid geopolitical tensions and AI-driven phishing threats; this materialized as global cybercrime costs reached $9.5 trillion USD, a 15% increase from 2023. (Source: Cybersecurity Ventures; World Economic Forum)

Cyber Security Statistics on Blockchain and Crypto Security Stats

Cybersecurity statistics reveal that while blockchain technology continues to drive massive economic growth, it also introduces unique security challenges. Cyber attack statistics by year show that blockchain adoption is accelerating, with projections of $175 billion in business value by 2025 and a $1.76 trillion boost to global GDP by 2030.

277- The global blockchain technology market is estimated to accumulate $20 billion in revenue by 2024. (Source: PurpleSec)

278- Blockchain tech is predicted to generate an annual business value of over $175 billion by 2025. (Source: PurpleSec)

279- Blockchain could add $407 billion in GDP in the USA alone. (Source: PurpleSec)

280- The UK stands to achieve a $72 billion boost to the economy, and Germany could see a $95 billion increase. (Source: PurpleSec)

281- 60% of CIOs were on the verge of integrating blockchain into their infrastructure by the end of 2020. (Source: PurpleSec)

282- Blockchain will boost global GDP by $1.76 trillion by 2030. (Source: PurpleSec)

283- 51% of attacks, in which hackers acquire more than half of the network’s computational power, are an issue that has plagued many blockchain systems. (Source: PurpleSec)

Cybersecurity statistics 2025 reveal that Managed Detection and Response (MDR) is becoming one of the fastest-growing areas in the security market, with half of all organizations expected to adopt MDR services by 2025. Cyber attack statistics by year show that outsourcing security operations—particularly detection and response—has surged, with more than 90% of companies prioritizing MDR for risk reduction and cost savings.

284- By 2025 50% of organizations will be using MDR services. (Source: PurpleSec)

285- By 2024 more than 90% of organizations looking to outsource security will focus on detection and response services. (Source: PurpleSec)

286- 30% of organizations leveraging Open Systems MDR saw a reduction in overall risk. (Source: PurpleSec)

287- Up to 50% cost savings in Cyber security operations. (Source: PurpleSec)

288- 60-75%+ attainment on first-to-know and first-to-report threats. (Source: PurpleSec)

289- The percentage of organizations that will use Managed EDR services will grow to 25% by 2024. (Source: PurpleSec)

290- 68% of organizations have experienced one or more endpoint attacks that successfully compromised data and/or their IT infrastructure. (Source: PurpleSec)

291- Gartner’s latest EDR Forecast predicts that global enterprises’ spending will reach $13.3 billion in 2021, growing to $26.4 billion in 2025. (Source: PurpleSec)

292- 82% of CISOs have reevaluated their security policies in response to the support needed for work-from-home (WFH) and virtual teams, endpoints often lack needed patches to stay secure or are overloaded with conflicting software agents. (Source: PurpleSec)

293- 76% of IT security decision-makers say their enterprise EDR has increased in 2021. (Source: PurpleSec)

294- Global Market Outlook (2017-2026), sales of EDR solutions—both on-premises and cloud-based—are expected to reach $7.27 billion by 2026, with an annual growth rate of nearly 26%. (Source: PurpleSec)

Additional Cybersecurity Statistics

Cybersecurity statistics 2025 reveal that cyber threats continue to evolve in sophistication, with nearly 40% of businesses reporting a breach or attack in the past year. Cyber attack statistics by year show sharp rises in cloud intrusions—up 75%—and eCrime activity, with leak site victims increasing by more than 76%.

295- 39% of businesses reported cyber security breaches or attacks in the last 12 months. (Source: PurpleSec)

296- Cloud environment intrusions increased by 75% over the past year. (Source: CrowdStrike)

297- Cloud-conscious cases increased by 110% over the past year. (Source: CrowdStrike)

298- There has been a 76% increase in victims named on eCrime leak sites. (Source: CrowdStrike)

299- Malware-free activity (like phishing, social engineering, using trusted relationships, and other means) made up 75% of detected identity attacks in 2023. (Source: CrowdStrike)

300- New Hires show 44% higher cyber risks. (Source: Keepnet)

Stay Ahead of Cyber Threats with Keepnet Human Risk Management

As cyberattacks grow increasingly complex, businesses must actively address the human element, which contributes to 68% of breaches, according to the 2024 Data Breach Investigations Report. This aligns with current cyberattack statistics, which highlight that human error remains one of the largest vulnerabilities in cybersecurity defenses.

Keepnet helps organizations tackle this vulnerability by offering targeted security awareness training and phishing simulations that cover vishing, smishing, and QR phishing, mimicking real-world attacks. These customized simulations enable employees to recognize and avoid advanced phishing tactics, a key component in modern cyber defenses. With Keepnet’s behavior-based training, staff learn how to handle specific threats they’re likely to encounter, minimizing the risks posed by human error.

This combination of realistic simulations and focused training enhances organizations' ability to defend against evolving phishing techniques and social engineering attacks.

Watch the video below to discover how Keepnet Security Awareness Training can boost your organization’s defenses and equip your team with the skills to confidently navigate today’s complex cybersecurity landscape.

Watch the video below to see how Keepnet’s Phishing Simulator strengthens your defenses by training your team to quickly spot and respond to phishing threats.

Editor's Note: This article was updated on August 20, 2025.

SHARE ON

twitter
linkedin
facebook

Schedule your 30-minute demo now!

You'll learn how to:
tickEnhance your cybersecurity with Keepnet's training, boosting phishing report rates by up to 92%.
tickGet phishing risk scores, compare against industry standards, and share insights with executives for enhanced security.
tickAccess over 2,000 training courses in 36 languages to enhance awareness and protection against evolving cybersecurity risks.