9 Terrifying Cybersecurity Stats

Taylor Karl
9 Terrifying Cybersecurity Stats 3042 0

9 Terrifying Cybersecurity Stats

A Cybersecurity Professional’s Worst Nightmare

Sure, witches and skeletons are scary, but have you ever had your network compromised? The impact could be (cue the lightning strike and dramatic music) ...TERRIFYING. The thought of your organization's data being held for ransom or sold to the highest bidder is the type of nightmare scenario that keeps cybersecurity professionals up all night. In celebration of National Cybersecurity Awareness Month, (and our love of all things that go bump in the night) we present you with 9 scary cybersecurity stats that are certain to make your skin crawl.

  1. Human error is consistently the #1 cause of cybersecurity breaches, accounting for 95% of all data breaches.

Human error in the workplace has been an issue since humans have been in a workplace—it’s simply inevitable. Whether it’s employees not installing software security updates or falling victim to phishing emails, human error leads to cracks in your cybersecurity defenses, thus giving cybercriminals access to your infrastructure and data. While it is impossible to fully eliminate human error, consistent cybersecurity awareness training can help your employees recognize a cybercriminal’s attack so they can follow your organization’s cybersecurity protocols to prevent incursions.

  1. A cyberattack happens every 39 seconds.

A study completed by the A. James Clark School of Engineering at the University of Maryland was one of the first research studies to quantify the near-constant rate of hacker attacks on computers connected to the internet. In this study, they found that cybercriminals attack every 39 seconds on average. It was noted that the monitored computers in this study were attacked an average of 2,244 times a day! Additionally, they discovered and compiled a list of the most common non-secure usernames and passwords used by too many people, which give cybercriminals a high rate of attack success.

Cybersecurity Training Solutions


  1. The average lifecycle of a data breach in 2022 was 277 days.

A September 2022 report by UpGuard showed that the average lifecycle of a data breach in 2021 was 287 days. For 2022, the average lifecycle dropped to 277 days. UpGuard also published 17 key findings from the 2022 IBM Cost of a Data Breach report, which stated the average cost of a breach rose to $4.35 million. Training employees on the importance of cybersecurity vigilance can help prevent sensitive information from being leaked as well as save an organization millions of dollars annually.

  1. According to cyberattack statistics, small businesses were the main targets of 43% of cyberattacks.

The Small Business Administration (SBA) released a survey that showed 88% of small business owners felt their businesses were vulnerable to cyber-attacks. Many small businesses think they can’t afford cybersecurity, however, according to the SBA, small businesses can strengthen their cybersecurity defenses using many cost-effective and free resources available to them.

  1. Cloud services attacks continue to grow.

In 2020, many organizations shifted to a work-from-home model due to COVID-19 lockdowns and became more reliant on cloud services to continue business operations. During this time, 83% of organizations adopted cloud-based storage, and with this substantial growth in usage comes new threats to organizations’ data.

  1. On average, a malware attack on a company cost $2.6 million.

Viruses, ransomware, scareware, worms, spyware and trojans are some of the most common types of malware used in cyber-attacks. While cybercriminals use malware to hack into computer systems, they use social engineering to hack the minds of their targets to get them to take questionable actions and unwittingly give access to an organization’s network to the cybercriminal. It is recommended that organizations keep all software updated, back up important files regularly, and scan executable files before running them.

  1. In 2021, the global cost of cybercrimes exceeded $6 trillion. In 2022, that cost ballooned to $7 trillion

This staggering amount represents the greatest transfer of economic wealth in history. Cybercrime is more profitable than the global trade of all major illegal drugs combined. According to the FBI’s Internet Crime Report, the cost of cybercrimes reached $4.2 billion in the U.S. in 2020 alone. Cybercrime has become so prevalent that the demand for cybersecurity professionals has grown year over year. According to Cybersecurity Ventures, from 2013 to 2021 the number of unfilled worldwide cybersecurity jobs grew 350%, from one million positions to 3.5 million in 2021. As cybercrime becomes the fastest growing crime in the U.S. and the world, there will be a need for greater numbers of cybersecurity professionals. It is predicted that by the end of 2025, there will still be 3.5 million open positions worldwide, the same as 2021.

  1. Breaches caused by ransomware and the associated cost grew in 2022.

According to 2022 IBM Cost of a Data Breach report, the share of data breaches caused by ransomware grew 41% in 2022. Breaches also took 49 days longer than average to identify and contain in the past year. Along with the increase in the number of ransomware breaches, the average cost of a ransomware attack grew to $4.54 million.

  1. Approximately 90% of data breaches and hacks are the result of phishing attacks.

Email phishing attacks, and the associated social engineering, are the most common type of attack, with approximately 90% of successful data breaches using this method. Their success rests on the fact that phishing emails are tailored to mimic real-world organizations and even colleagues. It is extremely important that employees are trained to recognize a phishing attack and what they should do in the event they receive a suspicious email.

Some Closing Thoughts

While the above cybersecurity stats may have caused your hair to stand on end, we do have some good news. At United Training, we are on the cutting-edge of cybersecurity with training programs designed to ensure that your organization can best prevent cyberattacks and protect your sensitive data. View our entire lineup of Cybersecurity learning solutions.