Cybersecurity Statistics, Facts, and Trends

Talk about cyberattacks is trending, but how worrisome is it, really? According to the latest crime report released by the FBI, cybercrime has been steadily increasing, with a sharp uptick in the past three years.^[1] It may come as a surprise that some of the most common cyberattacks are also the most preventable.

While there is no surefire technique to prevent becoming a victim of one of these crimes, there are some tips and strategies that you can practice to protect yourself and others. But first, it’s worth knowing more about what’s out there.

Below is a list of the most common types of cyber attacks in 2022 and the approximate number of people they impacted:^{Note Reference [1]}

1. Phishing: 300,000
2. Personal Data Breach: 59,000
3. Non-Payment/Non-Delivery: 52,000
4. Extortion: 39,000
5. Tech Support Scams: 33,000

Knowing the data about cyberattacks and other cyber scams can help spread awareness about the most common types of cybercrime.

Cyberattack Statistics

A cyberattack is an intentional attempt to gain unauthorized access to a computer system to steal, disable, expose, alter, or destroy data. Cyberattacks can impact companies and individuals, and target any system, network, or device connected to the internet, including servers, computers, and mobile devices.

• According to a 2023 World Economic Forum report, widespread cybercrime and cyber insecurity rank among the top 10 risks to be concerned about in the next decade.^[2]
• In 2021, the FBI estimated $6.9 billion in potential losses due to cybercrime.^{Note Reference [1]}
• In 2022, the FBI received over 800,000 internet crime complaints, totaling over $10.2 billion in potential losses.^{Note Reference [1]}
• A 2022 Statista report estimated that cybercrime losses globally will grow from $8.44 trillion in 2022 to $23.84 trillion by 2027.^[3]

Phishing is the most common type of cybercrime. However, losses from investment fraud and business email compromise (BEC) far surpass losses from other cybercrime types, although fewer people are impacted.

Cyberattacks by Industry

In the chart below, find the targets of cybercrime broken down by industry, according to IBM.

Over the past five years, industry targets for cyberattacks have shifted. Manufacturing has risen to the top, now representing the most targeted industry, taking the longstanding place of finance. By contrast, cybercrime targeting retail has become significantly less frequent.

During the first quarter of 2023, more than 6 million data records were subject to a data breach. Globally, this cost companies upward of $4.45 million each on average.^[5]

The lifecycles of these attacks vary, but in 2022 on average, it took companies 243 days to identify a credentials-related breach and an additional 84 days to contain it.^{Note Reference [5]} This means that, in total, it took almost an entire year (327 days) to fully recover from a breach. This trend has not improved much in recent years.

Because data breaches are so expensive and time consuming, many industries are beginning to look for preventative solutions by investing in cybersecurity.

Phishing Statistics

Disguised as trustworthy attachments, links, or services, phishing tricks people into revealing sensitive information or downloading malicious software. Phishing targets both lone individuals and businesses.

A successful phishing attack can often lead to data breaches, identity fraud, credit card fraud, ransomware attacks, BEC, and extortion.

• According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), more than 90% of all cyberattacks begin with a phishing email.^[6]
• This helps explain the fact that phishing schemes are the number one cybercrime today.^{Note Reference [1]}
• Despite cybersecurity measures that block many of these attacks, over 300,000 internet users fell victim to a phishing scheme last year.^{Note Reference [1]}

Phishing attacks have been on the rise over the past five years.

Phishing attacks cost the U.S. roughly $52 million in 2022.^{Note Reference [1]} While the dollar loss from phishing is less than from other cybercrimes, it is still significant.

A 2021 Ponemon Institute study states that phishing schemes can cost large organizations nearly $15 million annually. Loss of employee productivity is one of the major costs associated with phishing.^[7]

Cyber Scams Targeting Individuals

Cyber scams targeting individuals — as opposed to those targeting corporations — present a threat in today’s wired world. Ranging from investment scams and tech support fraud, to personal data breaches and romance scams, data on different crime types highlights just how vulnerable individuals are to cybercrime.

According to the most recent FBI Internet Crime Report, monetary loss is proportional to age, with older groups suffering bigger losses:^{Note Reference [1]}

• Individuals ages 60 and over were subject to the biggest losses of all age groups totaling $3.1 billion.
• People 20 and under lost the least, at $210.5 million.
• These trends, however, did not follow suit for complaints. People 30-39 filed the most complaints out of any age group.

Romance Scams

In a romance scam, perpetrators trick individuals into believing they are in a relationship and sending money to their romantic partner. These scammers might convince victims to make wire transfers or send gift cards or other forms of payment.

In 2022, online romance scams cost the U.S. $1.3 billion, according to the Federal Trade Commission.^[8] With a victim count nearing 70,000 and a median reported loss of $4,400, romance scams pose a significant threat.

Payments using cryptocurrency and bank wires collected the highest dollar amounts, together accounting for more than 60% of total losses. However, gift cards remain the most frequently used payment method.^{Note Reference [8]}

While dating apps provide an easy platform for scammers to target people looking for love, they are surprisingly not the most common medium used. Instead, 40% of romance scams involving a loss of money last year started with an unexpected private message on Facebook or Instagram.^{Note Reference [8]}

Cryptocurrency Scams

According to Cybercrime Magazine, cryptocurrency scams are also on the rise.

• Among investment scams, cryptocurrency fraud rose from $907 million in 2021 to $2.57 billion in 2022, an increase of 183%.^{Note Reference [1]}
• Leading cybersecurity data suggests that cryptocrime will cost the world $30 billion annually by 2025.^[9]
• These trends are expected to continue to rise 15% annually, making cryptoscams among the costliest types of crime in the near future.^{Note Reference [9]}

The FBI received the most cryptocurrency fraud complaints from individuals aged 30-49.^{Note Reference [1]} Some examples of crypto-investment scams reported in 2022 are linked to:

• Liquidity mining
• Hacked social media
• Celebrity impersonation
• Fake real estate professionals
• Fake employment offers

Tech Support Fraud

Tech support fraud remains among the top five cybercrime types over the last five years, more than doubling its victim count from 14,000 to 33,000 from 2018-2022.^{Note Reference [1]} Despite the relatively low attack rate when compared to phishing, for example, dollar loss in tech support fraud has increased exponentially.

While people in any age group can be potential targets, tech support scams tend to target people ages 60 and older.^[10]

Cybersecurity Statistics

In their most recent report on the attitudes and behaviors toward cybersecurity, the National Cybersecurity Alliance demonstrates that certain needs are unmet. For people to change their online behaviors and act in ways that promote online safety, they need more accessible cybersecurity measures and more awareness of what is at stake.

For one, there is the issue of access to training. Many retirees (84%) and those not actively employed (86%) report having no access to training.^[11] This is important when considering how training affects people’s online behavior. More than half of participants (58%) who received training reported they were better at recognizing phishing messages.^{Note Reference [11]}

Creating strong and unique passwords, rotating them out regularly, and using multi-factor authentication (MFA) are proven methods to increase online security. However, rather than using a password manager (7%) or storing passwords in a browser (6%), many opt for less secure methods to remember passwords, such as storing them in a notebook (37%) or in a note on a phone (13%). On top of that, 43% of participants had never heard of MFA.^{Note Reference [11]}

The greatest barrier to improving online security behavior is a lack of motivation to do so, with 40% reporting low versus only 25% reporting high motivation to change.^{Note Reference [11]}

Growing Demand for Cybersecurity Professionals

The good news is that by tracking the uptick in cybercrime, companies are becoming incentivized to acknowledge the increasing importance of awareness about cybersecurity. The increasing investment in information security and risk management products and services translates to a bright outlook for jobs in the cybersecurity industry.

The Bureau of Labor Statistics (BLS) projects employment for security analysts will grow 32% from 2022-2032. These professionals earned a median yearly wage of $112,000 in May 2022. A bachelor’s degree in computer science could be enough to help you land one of the projected 16,800 yearly job openings in information security.^[12]

In response to current and projected demands for cybersecurity professionals, the White House released its highly anticipated cybersecurity workforce and education strategy this July. Looking to improve digital literacy and promote jobs in cybersecurity while also strengthening national security, this initiative promises wide-scale financial incentives and investments across the federal government and nonprofit sector.