Cybersecurity statistics

Table of Contents

    John Minnix

    May 10, 2024

    112 Cybersecurity Statistics You Should Know In 2024

    The team at Bright Defense has compiled a comprehensive list of up-to-date cybersecurity statistics for 2024. In this article, you’ll find hand-picked statistics about:

    • Global cybersecurity statistics
    • Cybercrime statistics
    • Cybersecurity employment statistics
    • AI cybersecurity stats

    Without further ado, let’s see the stats!

    Cybersecurity stats

    Global Cybersecurity Statistics

    1. Only 3% of organizations globally have the “Mature” level of readiness to be resilient against cybersecurity risks. (Cisco)
    2. On average, 12% of IT budgets are spent on cybersecurity. (Forbes)
    3. 97% of businesses expect to increase their cybersecurity budgets in the 12 months. (Cisco)
    4. Worldwide spending on security and risk management is projected to reach $215 billion in 2024, a 14.3% increase from 2023. (Gartner)
    5. 83% of large businesses see security as a significant threat the their business. (
    6. 78% of small and medium businesses say they will increase investment in cybersecurity in the next 12 months. (AAG IT)
    7. The security services segment, comprised of consulting, IT outsourcing, implementation, and hardware support, is the largest security segment with projected revenues of almost $90 billion in 2024. (Gartner)
    8. 51% of organizations plan to increase security investments due to a breach. (IBM)
    9. 51% of business leaders view cybersecurity as a key business enabler. This compares to 37% who view it as a necessary cost of doing business. (PracticalEcommerce)
    10. 80% of organizations use cybersecurity automation tools. (Security Boulevard)
    11. Cloud security spending is expected to increase at 24.7% rate between 2023 and 2024, the fastest of any segment. (Gartner)
    12. 62% of IT leaders do not believe they effectively securing their cloud resources. (Arctic Wolf)
    13. 42% of IT leaders said that cloud security gaps were their primary area of concern. (Arctic Wolf)
    14. 49% of business leaders rated modernization of technology including cyber infrastructure as their top priority over the next 12 months. (PWC)
    15. Legal and compliance department investment in tools for governance, risk, and compliance will increase by 50% by 2026. (Gartner)
    16. 40% of organizations are planning to introduce a security awareness training program within the coming year. (Arctic Wolf)
    17. The average US employee has 75 passwords. (TechReport)
    18. Only 27% of business leaders were confident that their organization was cyber-resilient in 2023. (PracticalEcommerce)
    19. 83% of small US business are not financially prepared to recover from a cybersecurity attack. (Mastercard)
    20. Basic cybersecurity hygiene can protect against 98% of attacks. (Microsoft)
    21. 24% of organizations say that building a culture of security awareness is an urgent concern. (Arctic Wolf)
    22. Only 43% of large business consider ransomware a top three investment priority. (
    23. Multi-factor authentication prevents 99.9% of phishing attacks. (Microsoft)
    24. Only 28% of US business use MFA. Denmark is the global leader at 46%. (TechReport)
    25. Zero trust adoption increased to 33% in 2023. (Security Boulevard)
    26. About 90% of businesses in the United States have a cyber insurance policy. (TechReport)
    27. Only 17% of small businesses encrypt data. (Small Business Trends)
    28. 53% of small businesses have over 1,000 unencrypted sensitive folders. (Small Business Trends)
    Cybersecurity statistics

    Cybercrime Statistics

    1. Global cybersecurity crime damage is expected to hit $10.5 trillion by 2025. (Cybercrime Magazine)
    2. If cybercrime were a country, it would be the world’s third-largest economy after the United States and China. (Forbes)
    3. There were 425,078,513 victims of cybercrime in 2022. (Identity Theft Resource Center)
    4. 89.7% of organizations in the United States exprerienced at least one cyber attack in the last 12 months. (TechReport)
    5. 73% of companies expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. (Cisco)
    6. Hackers attack a computer with internet access every 39 seconds on average, or 2,244 times per day. (Clark School)
    7. The FBI’s Internet Crime Report showed that business email compromises cost US businesses $5,136.98 per minute in 2022. (The SSL Store)
    8. 52% of organizations affected by a cybersecurity incident in the last 12 months said it cost them at least $300,000. (Cisco)
    9. Seven million unencrypted files are compromised daily. (Small Business Trends)
    10. An estimated 33 billion electronic records were stolen in 2023. (Independent)
    11. The average cost of a data breach reached $4.45 million in 2023, an increase of 15% over the previous three years. (IBM)
    12. 43% of cybersecurity attacks targeted small and medium businesses. (Small Business Trends)
    13. Telephone-oriented attack attempts increased to an average of 300,000 to 400,000 thousand calls made daily. (Proofpoint)
    14. 87% of small enterprises hold customer data that could be compromised during an attack. (Small Business Trends
    15. In 2023, Data breach costs were up 21.4% for companies with 500 to 1,000 employees, and 13.4% for companies with fewer than 500 employees. Data breach costs had decreased for companies with over 5,000 employees. (The SSL Store)
    16. Ransomeware damages are expected to reach $265 billion by 2031. (Cybercrime Magazine)
    17. 69% of ransomware attacks are delivered by email. (
    18. 48% of organizations see ransomware as the attack vector they are most concerned by. This is followed by Phishing (33%), and email compromise (33%). (Arctic Wolf)
    19. Ransomware attacks were the most costly data breach in 2023, with an average cost of $4.62 million. (IBM)
    20. California had the highest losses from cybercrime of any US state in 2022, at over $2 billion. This is followed by Florida, New York, Texas, and Georgia. (Statista)
    21. In the first half of 2023, there were 1,862 publicly disclosed data breaches, exposing over 22 billion records. (Identity Theft Resource Center)
    22. Data was encrypted in 76% of attacks. In 97% of those instances, organizations got their data back. (Sophos)
    23. 75% of small and medium businesses cannot operate if hit by ransomware. (Small Business Trends)
    24. There was a 1620% increase in Zero-Day attaches in the first three quarters of 2023, compared to all of 2022. (Identity Theft Resource Center)
    25. Companies take an average of 277 days to identify and respond to a cyberattack. (Independent)
    26. 80% of external software exploits were previously known vulnerabilities that were not mitigated. (The SSL Store)
    27. 83% of breaches involved external parties. (Verizon)
    28. 85% of breaches involved human error. (Security Boulevard)
    29. Stolen credentials are a factor in 49% of data breaches. (The SSL Store)
    30. Cyberattacks targeting the software supply chain will cost the global economy $80.6 billion annually by 2026. (Juniper Research)
    31. Phishing attacks were the most common type of data breach in 2023, accounting for 36% of all breaches. (Verizon)
    32. 66% of organizations were hit with ransomware in 2023. (Sophos)
    33. 47% of ransomware targeted the United States in April 2023. (Malwarebytes)
    34. There are over 560,000 new malware threats daily. (Security Boulevard)
    35. Over 1,000 ransomware variants are currently active. (Malwarebytes)
    36. Ransomware attacks occurred every 11 seconds in 2023, with an average ransom demand of $170,404. (Sophos)
    37. Ransomware as a Service (RaaS) operations are becoming increasingly sophisticated, with over 100 active RaaS groups operating worldwide. (Chainalysis)
    38. Ransomware as a service attacks can be purchased for as little as $40. (Crowdstrike)
    39. The total value received by ransomware attackers dropped from $766 million in 2021 to $457 million in 2022, due to more victims refusing to pay their attacker. (Chainalysis)
    40. 36% of respondents to a 2024 survey from PWC said they had a data breach that caused $1 million or more in damages over the previous three years. (PWC)
    41. The healthcare industry had the highest average cost per data breach at $5.3 million. (PWC)
    42. The average healthcare record costs $675 on the black market. (The SSL Store)
    43. 2,025 US schools, colleges, and universities were victims of ransomware attacks in 2022. (The SSL Store)
    44. Bitcoin remains the most popular cryptocurrency for ransomware payments, accounting for over 98% of all transactions. (Elliptic)
    45. Nation-state threats to critical infrastructure increased by 40% in 2022. (The SSL Store)
    46. 27% of law firms reported that they have had at least one data breach. (Legal Talk Network)
    47. Cybercrime rates increased 125% during the covid pandemic. (Independent)
    Cybersecurity crime stats

    Cybersecurity Employment Statistics

    1. By 2026, 70% of boards will include at least one member with expertise in cybersecurity. (Gartner)
    2. The world had 3.5 million unfilled cybersecurity jobs in 2023. (Cybercrime Magazine)
    3. Cybersecurity job growth is anticipated to be 35% over the next decade. (
    4. Women make up only 24% of the cybersecurity workforce. (Cybernews)
    5. 68% of organizations say that staffing issues are the top threat to achieving their cybersecurity objectives. (Arctic Wolf)
    6. 46% of companies in a Cisco survey said they had more than 10 unfilled cybersecurity roles at the time of survey in 2024. (Cisco)
    7. Cybersecurity Security Specialists, an entry-level role in cybersecurity, earn an overage of $102,677. (Monster)
    8. 67% of small and medium businesses say they do not have the in-house expertise to deal with a data breach. (AAG IT)
    9. 47% of cyber leaders say they have some training gaps or critical people or skills gaps. (PracticalEcommerce)
    10. 71% of organizations say they have been impacted by the cybersecurity skills shortfall. (Help Net Security)
    11. 61% of mid-sized businesses have no dedicated cybersecurity staff. (Help Net Security)
    12. Only 9% of organizations say their workers adhere to security best-practices. (Help Net Security)
    Cybersecurity employment stats

    AI Cybersecurity Statistics

    1. The AI in cybersecurity market was valued at $22.4 billion ion 2023, and will expand to $60.6 billion by 2028. This represents a growth rate of 21.9%. (Markets and Markets)
    2. Organizations that use security AI save $1.76 million on average compared to organizations that don’t. (IBM)
    3. 21% of organizations are seeing benefits to their security programs due to Gen AI. (PWC)
    4. North America account for 35.1% of AI cybersecurity revenue, representing the largest region. (Grand View Research)
    5. The enterprise business segment has the leading revenue share for cyber-AI at 23.7%. Banking, financial services, and insurance (BFSI) was the second largest vertical. (Grand View Research)
    6. 47% of organizations are using AI for cyber risk detection and mitigation. (PWC)
    7. 69% of organizations say they cannot respond to cyber threats without AI. (Enterprise Apps Today)
    8. 40% of organizations with more than 500 employees use AI-driven cybersecurity tools. (Enterprise Apps Today)
    9. 55% of organizations plan to invest in AI-driven security technologies over the next 12 to 24 months. (Cisco)
    10. Ransomeware victims saved an average of $470,000 and 33 days when they involved law enforcement after a data breach. (IBM)
    11. 78% of respondents believe that Gen AI will lead to a catastrophic cyber attack. (PWC)
    12. 69% of organizations say they will use Gen AI for cyber defense in the next 12 months. (PWC)
    13. 83% of companies surveyed say that auditors should incorporate AI in their audit process. (CFO Brew)
    Cybersecurity AI Stats

    Cybersecurity Statistics By Country

    1. Denmark is the top-ranking country in terms of cybersecurity performance. The United States ranks 45th. The worst-performing nation is Tajikistan. (TechReport)
    2. The United States had the highest average data breach costs in 2023 of any region. This was followed by the Middle East, Canada, Germany, and Japan. (The SSL Store)
    3. The United States has the highest percentage of ransomeware trojan attacks across all countries. (TechReport)
    4. 60% of large enterprises in the UK subcontract cybersecurity functions. (CIO Look)
    5. The United Kingdom had the highest number of cybercrime victims per million internet users in 2022 at 4,783. This was up 40% from 2020. The United States was second at 1,494 victims per million, which represented a 13% decrease over 2020. (AAG IT)
    6. 31% of businesses in the UK are attacked at least once a week. (Independent)
    7. 76% of respondents in the US, Canada, UK, Australia, and New Zealand experienced at least one cyber attack in 2022. (AAG IT)
    8. The Netherlands was most targeted for cyber attacks by both insiders (86%) and outsiders (84%). (Proofpoint)
    9. The United States has the largest percentage of firms with cyber experts. (TechReport)
    10. 18% of US businesses had to pay a fine due to a security breach. (TechReport)
    11. Of EMEA countries, organizations in Sweden were most likely to suffer a successful phishing attack. (Proofpoint)
    12. Only 35% of German organizations train their employees on insider threats. (Proofpoint)
    Cybersecurity stats by country

    Bright Defense is Your Cybersecurity Compliance Partner

    Is cybersecurity a priority for you and your organization? Bright Defense can help. Our mission is to defend the world from cybersecurity threats through continuous compliance. We help you improve your security posture to help mitigate the risk of a data breach.

    With our monthly service offering, our CISSP and CISA-certified security experts will develop and execute a cybersecurity plan to meet compliance standards, including SOC 2, CMMC, HIPAA, ISO 27001, and NIST. Our service includes:

    • Gap analysis
    • Risk assessment and risk management
    • Generation and implementation of security policies
    • Business continuity planning
    • Certification assistance

    We also include our managed compliance automation platform, security awareness training, phishing testing, and vCISO services.

    Get started today with Bright Defense!

    An overview of Bright Defense’s cybersecurity compliance services

    Get In Touch

      Group 1298 (1)-min