Cybersecurity, Cyber-attacks & Hacking – 47 Statistics and Facts

With the internet and technology playing a bigger role in our day to day lives, we are getting susceptible to the threats of the field, as well. Cybercrimes are getting more sophisticated with each passing day, and cybersecurity is becoming a major concern for individuals and organizations alike.

We won’t be going out about telling you how to stay safe on the internet or how to keep your devices away from malware. The objective of this article is to showcase how cyber-attacks and the methods used to prevent can have a small to significant impacts on our lives.

A cyber-attack can stop wars and start them, generate a whole new class of economy and bring one existing economy to ruins. Here are some interesting facts and stats associated with cybersecurity and cyberattacks to give you a deeper insight into this fascinating niche.

Let’s see how much money is involved

Not every cyber-attack is for monetary purposes, but there is no denying the fact that hackers around the world want to use their craft to make more money. Some do it by carrying out a cyber-attack while others make money by preventing attacks.

Cybersecurity is a rapidly growing industry, creating a lot of jobs and keeping organizations safe. Undoubtedly, there is a lot of money involved in the whole affair of cyber-attacks and their prevention.

1. $6 trillion global losses annually by 2021: Cybersecurity Ventures have estimated a whopping $6 trillion yearly losses because of cybercrime by 2021. It accounts for both direct and indirect monetary losses, including stolen money, fraud, theft of intellectual property, etc.

The estimate is a steep rise from the $3 trillion prediction for 2015.

(Source: Cybercrime magazine)

2. The average cost for organizations is $13 million: Just like the previous stat, this number is also rising every year. The average cost of cybercrime for a company in 2017 was $11.7 million out of 350 enterprises (companies) surveyed. The 12% rise in one year and an overall 72% rise in cost for the past half-decade may leave a lot of executives sweating.

(Source: Accenture)

3. US incurs average $27.37 million loses per company because of cybercrimes: The nation tops the charts when it comes to the cost of cybercrime. Some of the other bigger losers are Japan, Germany, and the UK.

Japan displaced Germany from the 2nd spot on the list of nations and their cost to cybercrime.

(Source: Accenture)

4. A data breach causes $3.92 million on a global average: Data breach report for the year 2019 from Ponemon Institute came up with this number after studying cyber breaches at 507 organizations from different countries. It is a 1.5% increase from the previous year and 12% growth for the past half-decade.

(Source:  Security Intelligence)

5. The United States has allocated $15 million to cybersecurity in 2019: With internet becoming the new warzone, nations are obliged to spend more on cybersecurity. You know it’s a serious affair when the biggest economy of the world spares such a large chunk for the subject matter.

(Source: The White House)

Frequency and volume of cyberattacks

Let us now have a look at some numbers other than the one with currency symbols attached to them. It might be surprising for one to know how common these cyber attacks are and the depth of their reach. Let’s crunch some numbers then.

6. The world’s first DDoS attack happened back in 1988, and it was an accident.

A 20-year-old Robert Morris wanted to know how many devices were connected to the internet. The program was supposed to make every device send a signal back to the server, but it was so fast that it shut down a significant portion of the internet.

The program he wrote is now popularly known as Morris worm.

(Source: World Economic Forum)

7. An organization comes across 145 security breaches on average

The same data for the year 2017 was 130. It is a substantial increase in the short duration of a year. With the prediction of 11% increase in the number for the next year, we are looking at a 67% hike in cybercrimes against organizations.

(Source: Accenture)

8. An attack happens every 39 seconds

A study from the University of Maryland reports that a cyber-attack happens every 39 seconds. Cybercriminals lurk on the internet all the time, inspecting various sources looking out for any shortcomings in the security structure.

Poorly chosen passwords are among the leading causes of such attacks.

(Source: Security Magazine)

9. China and Russia are the biggest sources of cybercrimes

A report from Center for Strategic and International Studies (CSIS) has identified China and Russia as the two countries used to conduct a significant portion of cyber-attacks around the world.

Both the nations have governments inclining towards communism and don’t see eye to eye with US on a lot of issues.

(Source: US News)

10. 700 million people got affected by cybercrimes

There are still a lot of countries with very loose cybersecurity laws and regulations. And if you bring in all those people who don’t pay much attention to online security, it gives you 700 million victims of cybercrimes worldwide.

(Source: SAFE AT LAST)

11. 1 in 10 people has become a victim of cybercrime at some point: The irony is that online fraud doesn’t discriminate between any demographic. If you are using the internet, then you are on their radar.

(Source: Telegraph)

Let’s talk about Ransomware

Ransomware took the world by storm a few years ago. The malware encrypts all the data stored on the user’s device and then demands money (usually in the form of cryptocurrency) for the victim to get access to data. The healthcare sector seemed to be one of their top targets, with hackers locking out all the vital patient stats. The malware disrupted a lot of lives and businesses and is still being used by hackers around the world.

12. The first ransomware attack happened back in 1989: Floppy disks containing the malware were distributed to AIDS researchers around the world. The disks contained malware which would lock users out from their computers unless they pay for it. It is worth noticing that even back then, it was the healthcare industry that got targeted.

(Source: Becker’s Hospital)

13. The aggregate ransomware cost can be 11.5 billion: A study by Cybersecurity ventures predicted the damage costs because of ransomware to reach $11.5 billion by 2019. The malware still has a significant share when it comes to costs incurred by all cyber attacks.

(Source: Cybereason)

14. More than 600 million ransomware attacks were carried out in 2016: The year 2016 is going to be remembered by most cybersecurity experts as the one in which ransomware shook the world. It spread across the entire globe like an epidemic. Even though the total number of attacks got lesser in subsequent years, there were still more than 200 million ransomware attacks in the year 2018 alone.

(Source: Statista)

15. Ransomware is demanding $41,198 on average from the victims: This number is multiple times high compared to what they were demanding back in 2016. Even though the number has gone so high, the future increase doesn’t seem to be so steep. People are more reluctant to pay the ransom than ever.

(Source: Coveware)

16. 98% of victims get the decryption tool after paying the ransom: We do not want to motivate you to pay the ransom with this stat. And not all the decryption tools provided by attackers work anyway. 94% tools help victims recover their data while the other 6% leaves them with lost data and less money.

(Source: Coveware)

Silicon Valley giants and their oopsies

We all tend to take to the bigger companies as gold standards when it comes to business and related practices. But even the most robust setups can sometimes have faults. We have put together a list of few instances when the giant corporates put your information at risk, and it was all their fault.

17. Twitter probably left your password unprotected: Twitter asked all its 336 million users (at that time) to change their passwords, back in the first quarter of 2018. They reportedly found a bug which was saving passwords in plain text instead of encrypting them. Even though they did not report any breach, it was a huge blunder from their side.

(Source: Time)

18. Facebook left ‘hundreds of millions’ of passwords un-hashed: Even Facebook reported making an oopsie and not encrypting user passwords while storing them on their servers. The passwords stored in plain text involved users of Facebook lite and Instagram, as well.

(Source: The Guardian)

19. Amazon allowed its workers to listen to customer recordings: It was quite a surprise for a lot of people when they discovered that someone from Amazon might’ve been listening to all their conversations with Alexa and Echo devices. While the company stated that it was only for developmental purposes, their choice of not being upfront about it made a lot of users angry.

(Source: Independent)

20. Google left passwords unprotected for 14 years: And here is one more bogey in the “leaving passwords unprotected” train. Google came clean in one of their blog posts, mentioning how they made an error back in 2005 which led to storage of passwords in plain text. However, they did not mention how many passwords got affected.

(Source: Softonic)

21. Intel was manufacturing vulnerable CPUs since 2012: A bug was recently discovered in Intel chips that allowed attackers to gain access to a lot of user’s information such as passwords and chats. Even though one can get to safety with just a Windows update, the tech giant’s reputation got a hit from the news.

(Source: Forbes)

The biggest attacks and breaches

Cyber attacks come in all forms and reach. There are some for which no one cares to bat an eye, and then there are the ones that shake up the whole world. There can be various parameters to measure the magnitude of an attack. Some may want to consider how many lives it affects, while there might be some who give more weightage to the nature and severity of the attack. Here is a list of few attacks which are the biggest among others, in our opinion.

22. Equifax lost personal information of 143 million people
It is considered to be one of the biggest security breaches of all time. The credit reporting agency lost personally identifiable information and a lot of other sensitive data of consumers. It was a result of poor cybersecurity installations from the company. The silver lining is that it was somewhat of an eye-opener for a lot of organizations dealing with sensitive information of their customers.

(Source: CSO)

23. Yahoo data breach affected 500 million users
In 2014, some state-sponsored hackers were able to get their hands on account information of around 500 million Yahoo users. It is not the only data breach associated with Yahoo, but the scale of this incident makes it stand out from the rest.

A recent court settlement makes its users eligible for a claim of $358 each.

(Source: Pindrop)

24. Around 383 million people affected by Marriot data breach: The Marriot hotel data breach, which was initially estimated to affect more than 500 million people, was one of the major cyber-attacks for the year 2018. They have till now confirmed to lose more than 5 million unsecured passport numbers along with around 20 million of the unencrypted ones.

(Source: TechCrunch)

25. 100 million Quora users were asked to reset their passwords: Only sometime after the Marriot data breach, cybersecurity was all over the news because of the Quora breach. The leading question and answers website confirmed a data breach and reached out to around 100 million of its users to reset their password.

(Source: Forbes)

26. Personally identifiable information of 1.1 billion Indian citizens was accessible for only $7: ‘Aadhaar’ data, something along the lines of social security information in the USA, of more than 1.1 billion Indian citizens got compromised. The criminal would allow one to dive into the sea of information for 10 minutes at just 500 INR.

(Source: The Tribune)

The weirdest attacks and breaches

There is one cybercrime every now and then one which is different from the rest, and this uniqueness is often absurd to a lot of people. The differences we are talking about can be the motive of the hack, its outcome, or even the reaction it gets. Here are a few cyber-attacks which we felt deserve an honourable mention because of their uniqueness.

27. When hackers leaked information from an adult dating website: Ashley Madison, an extramarital dating website, got breached by a group called ‘The Impact Team.’ They stole users’ personal information and threatened to publish it online unless the website shuts down immediately. Website remained online, and the group published the information on the dark web. A lot of suicides were later connected to the published information.

(Source: Wikipedia)

28. They hacked a car in the middle of the highway: But this one was only to show that cars can be hacked. Researchers Charlie Miller and Chris Valasek first meddled with the slightly less important systems such as the music system and air conditioning. They later acquired control of its transmission and braking system. However, such a demonstration would only motivate smart vehicle manufacturers to create more robust systems.

(Source: Kaspersky)

29. MI6 replaced bomb-making instructions with cupcake recipes: Sometimes the good guys need to give the bad guys a taste of their own medicine. In one such incident the British intelligence agency MI6 modified the contents of al-Qaeda’s online guide to bomb-making with and recipes for making the best cupcakes. I would definitely prefer exploding cupcakes over bombs.

(Source: The Telegraph)

30. When the hacker replaced the Spanish Prime Minister and puts Mr Bean’s picture instead: A hacker replaced the image of Spain’s PM on the country’s EU presidency website with an image of popular Mr. Bean’s character. Even though it was a brief show, the hack got a lot of attention from people within and outside the nation.

(Source: BBC)

31. Printers across the globe were urging people to subscribe to pewdiepie: The tussle for being the biggest channel on YouTube was at its peak when this incident happen. Someone hacked into various printers connected to the internet and made them print out a message urging people to subscribe to pewdiepie. Pewdiepie is not the biggest YouTube channel anymore, but his fans gave it all for sure.

(Source: The Verge)

Major masters in crime

Just like any other field, this one has got some celebrities too. Some get famous for their sheer brilliance (even if it was used for some wrongdoing) while others get fame because of the impact they make on the world. And it’s not just all lone wolves out there, some hunt in packs too. There are often groups and state-sponsored organizations which pull off the biggest stunts in the field. Here are some of the noticeable individuals, groups, and states.

32. The person who created Zeus and stole more than $100 million: Evgeniy Mikhailovich Bogachev, popularly known as Slavik, is a Russian hacker with a bounty of $3 million over his head from FBI. He is considered to be the man behind Zeus, the malware he used to capture bank account details.

(Source: Business Insider)

33. China and the US house the greatest number of hackers: With China being at the top of the list in this one, it is US, which seems to be at the receiving end in most scenarios. State-sponsored cybercrime is not a foreign concept anymore, and there have been a lot of rumours of China backing the hackers on its soil.

(Source: Ajura)

34. NSA is probably the biggest hacker group in the world: Whistleblower Edward Snowden told the whole world how the security agency of the world’s biggest economy gets into the private lives of anyone they want. It was revealed that they have special teams such as TAO (Tailored Access Operations) to get in computers and corrupt them with malware.

(Source: Mashable)

35. Kevin Mitnick went from FBI’s most wanted list to being a security consultant to Forbes 500 companies: Mitnick is one of the popular names if we look at the history of hacking. Mitnick hacked into the servers of a lot of big corporations around the world. He was later caught and started his own security consultancy after serving his sentence.

(Source: SecurityTrails)

36. Alexsey Belan compromised more than 700 million accounts in 3 years: Alexsey was responsible for the 2014 data breach of Yahoo. It affected more than 500 million accounts. He made money by selling user data to third parties. According to law enforcement agencies, he has affected more than 700 million accounts, including the Yahoo ones.

(Source: AVG)


It is difficult to put a tag on everything happening in the field of cybersecurity. While you may need to worry about all of them, there are some which deserve your attention for sure. Here are some random facts and stats which may interest you.

37. There will be 3.5 million unfilled cybersecurity jobs by the year 2021: With the number of cybercriminals increasing, there is a demand for people who can fight the menace. Most firms are now allotting more to their cybersecurity budget and opening new positions.

(Source: Cybercrime Magazine)

38. It takes organizations an average of 206 days to identify a data breach: The stat is suggestive of how companies are still not taking cybersecurity seriously, and are putting valuable data at risk. The organization responsible for coming up with the stat, wants companies to aim for a period of less than 100 days.

(Source: IT Governance)

39. Small businesses are the biggest targets of cyberattacks: Since they don’t have a robust infrastructure to fight off hackers, small and medium businesses turn out to be easy prey. A recent study showed that 50% of small businesses have come across a cyberattack, and 70% of cyberattacks target small businesses.

(Source: Inc)

40. Singapore is the safest country when it comes to cybersecurity: Singapore might be the place for you to live if cyber safety is a big concern of yours. The United States was second in the list while France topped the chart for Europe. Vietnam was at the bottom of the list.

(Source: No jitter)

41. Malware directed towards smartphones increased by 50% at the beginning of 2019: Everyone is using a smartphone these days, and cybercriminals are now targeting them. A compromised mobile phone can leak a lot of valuable information such as banking details, personal chats, email accounts, and a lot more.

(Source: ZD Net)

42. 51% of people use the same password for personal and business accounts: Sometimes it is your carelessness that may land you in trouble. Using the same password for different accounts is a bad practice. It will take only one account to get compromised in order to compromise all your accounts.

(Source: Yubico)

43. 67% of users don’t use any form of 2FA for their personal accounts: The number drops down to only 55% when it comes to business accounts. It is worth noting that two-factor authentication reduces the probability of online fraud significantly.

(Source: Yubico)

44. North Korea generated $2 billion to fund its weapon of mass destruction: The information is said to come from a confidential UN report. The nation has supposedly created an army of hackers to carry out sophisticated cyber-attacks or businesses and rival nations.

(Source: Reuters)

45. Non-payment or non-delivery is the most common form of cybercrime in the US: This information came out from all the internet crimes reported in the country. Extortion and personal data breach had a close contest for second place while phishing was the 5th most reported cybercrime in the country.

(Source: Statista)

46. 90% of the hackers aged under 35: HackerOne came out with this stat with more than 300,000 registered hackers (white hat) on the platform. The highest share was enjoyed by the demographic aged between 18 to 24, and least number of participants were observed to be aged between 50-64.

(Source: The Hacker Report 2019)

47. There is always a motive behind an attack: Cyber attacks are carried for many purposes such as teaching a lesson to a company, to steal valuable information, extort money from an organization, become famous and many other purposes. North Korea for example recently attacked an Indian nuclear plant to steal some nuclear secrets.

(Source: Great Game India)

Data sources

  1. Cybercrime magazine
  2. Accenture
  3. Accenture
  4. Security Intelligence
  5. The White House
  6. World Economic Forum
  7. Accenture
  8. Security Magazine
  9. U.S. News
  11. Telegraph
  12. Becker’s Hospital
  13. Cybereason
  14. Statista
  15. Coveware
  16. Coveware
  17. Time
  18. The Guardian
  19. Independent
  20. Softonic
  21. Forbes
  22. CSO
  23. Pindrop
  24. TechCrunch
  25. Forbes
  26. The Tribune
  27. Wikipedia
  28. Kaspersky
  29. The Telegraph
  30. BBC
  31. The Verge
  32. Business Insider
  33. Ajura
  34. Mashable
  35. SecurityTrails
  36. AVG
  37. Cybercrime Magazine
  38. it governance
  39. Inc
  40. No jitter
  41. ZD Net
  42. Yubico
  43. Yubico
  44. Reuters
  45. Statista
  46. The Hacker Report 2019
  47. Great Game India