Did the COVID-19 pandemic really affect cybersecurity? Short answer – Yes. Cybercrime is up 600% due to COVID-19.

These cybersecurity statistics will help you understand the state of online security and give you a better idea of what it takes to protect yourself.

Phishing, ransomware, and business malware have been the most widespread types of cyberattacks in the United States, resulting in data compromises. In 2024, 455 cases of phishing and its variations were detected. Ransomware followed in the second place, with 188 attacks.

In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

Introduction

Cyber Security Statistics: Cybersecurity has become a top priority for organizations worldwide, driven by the escalating volume and complexity of cyber threats. As businesses increasingly adopt digital technologies, the risk of cyberattacks, such as data breaches, ransomware, and phishing, has risen, creating significant challenges for data privacy and security.

The increasing frequency of high-profile cyber incidents has exposed vulnerabilities in various sectors, prompting governments and organizations to enhance their cybersecurity measures. In response, emerging technologies such as artificial intelligence and machine learning are being integrated to enhance threat detection and response capabilities.

The following statistics offer a comprehensive overview of the cybersecurity landscape, shedding light on the trends, risks, and developments that are shaping this critical field.

In 2024, manufacturing saw the highest share of cyberattacks among the leading industries worldwide. During the examined year, manufacturing companies encountered more than a quarter of the total cyberattacks. Organizations in the finance and insurance followed, with around 23 percent. Professional, business, and consumer services ranked third, with 18 percent of reported cyberattacks. Manufacturing industry and cyberattacks The industry of manufacturing has been in the center of cyberattacks in a long time. The share of cyberattacks targeting organizations in this sector in 2018 was at 10 percent, while in 2024, it amounted to 26 percent. The situation is even more compliacted when we look at the cyber vulnerabilities found in this sector. In 2024, critical vulnerabilities in manufacturing companies lasted 205 days on average. IT perspective and prevention With recent technology developments, cybersecurity is crucial to an organization’s success. Realizing this, companies have been gradually increasing cybersecurity investments. Thus, in 2024, the cybersecurity budget worldwide was forecast to increase to nearly 283 billion U.S. dollars. Roughly nine in ten board directors of companies worldwide in professional services and media and entertainment industries say they expect an increase in the cybersecurity budget.

The average cyber attack takes 280 days to identify and contain and it costs an average of about $3.86 million to deal with properly.

An extensive dataset offering key insights into cyber security statistics and trends for 2025, including data breaches, cybercrime costs, threat vectors, and industry-specific impacts.

Introduction

Small Business Cyber Attack Statistics: Cyber threats remain a significant security concern for small businesses in 2024. They make good targets for cybercriminals because they have limited resources and, many times, inadequate security measures of their own. The knowledge of the current cyber threats is printed on the mind of any small business owner so that a strategy can be fabricated to protect against them.

This article will present the statistics and trends of small business cyberattacks.

The largest reported data leakage as of January 2025 was the Cam4 data breach in March 2020, which exposed more than 10 billion data records. The second-largest data breach in history so far, the Yahoo data breach, occurred in 2013. The company initially reported about one billion exposed data records, but after an investigation, the company updated the number, revealing that three billion accounts were affected. The National Public Data Breach was announced in August 2024. The incident became public when personally identifiable information of individuals became available for sale on the dark web. Overall, the security professionals estimate the leakage of nearly three billion personal records. The next significant data leakage was the March 2018 security breach of India's national ID database, Aadhaar, with over 1.1 billion records exposed. This included biometric information such as identification numbers and fingerprint scans, which could be used to open bank accounts and receive financial aid, among other government services.

Cybercrime - the dark side of digitalization As the world continues its journey into the digital age, corporations and governments across the globe have been increasing their reliance on technology to collect, analyze and store personal data. This, in turn, has led to a rise in the number of cyber crimes, ranging from minor breaches to global-scale attacks impacting billions of users – such as in the case of Yahoo. Within the U.S. alone, 1802 cases of data compromise were reported in 2022. This was a marked increase from the 447 cases reported a decade prior. The high price of data protection As of 2022, the average cost of a single data breach across all industries worldwide stood at around 4.35 million U.S. dollars. This was found to be most costly in the healthcare sector, with each leak reported to have cost the affected party a hefty 10.1 million U.S. dollars. The financial segment followed closely behind. Here, each breach resulted in a loss of approximately 6 million U.S. dollars - 1.5 million more than the global average.

Some industries are affected by cyber attacks more than others. These next cybersecurity statistics detail specifically who is affected by cyber-attacks and why they are.

Percentage of enterprises impacted by cyber security incidents in specific ways by the North American Industry Classification System (NAICS) and size of enterprise.

The European Repository of Cyber Incidents (EuRepoC) is releasing the Global Dataset of Cyber Incidents in Version 1.3 as an extract of our backend database. This official release contains fully consolidated cyber incident data reviewed by our interdisciplinary experts in the fields of politics, law and technology across all 60 variables covered by the European Repository. Version 1.3 covers the years 2000 – 2024 entirely. The Global Dataset is meant for reliable, evidence-based analysis. If you require real-time data, please refer to the download option in our TableView or contact us for special requirements (including API access).

The dataset now contains data on 3416 cyber incidents which started between 01.01.2000 and 31.12.2024. The European Repository of Cyber Incidents (EuRepoC) gathers, codes, and analyses publicly available information from over 220 sources and 600 Twitter accounts daily to report on dynamic trends in the global, and particularly the European, cyber threat environment.

For more information on the scope and data collection methodology see: https://eurepoc.eu/methodology

Full Codebook available here

Information about each file

please scroll down this page entirely to see all files available. Zenodo only displays the attribution dataset by default.

Global Database (csv or xlsx):
This file includes all variables coded for each incident, organised such that one row corresponds to one incident - our main unit of investigation. Where multiple codes are present for a single variable for a single incident, these are separated with semi-colons within the same cell.

Receiver Dataset (csv or xlsx):
In this file, the data of affected entities and individuals (receivers) is restructured to facilitate analysis. Each cell contains only a single code, with the data "unpacked" across multiple rows. Thus, a single incident can span several rows, identifiable through the unique identifier assigned to each incident (incident_id).

Attribution Dataset (csv or xlsx):
This file follows a similar approach to the receiver dataset. The attribution data is "unpacked" over several rows, allowing each cell to contain only one code. Here too, a single incident may occupy several rows, with the unique identifier enabling easy tracking of each incident (incident_id). In addition, some attributions may also have multiple possible codes for one variable, these are also "unpacked" over several rows, with the attribution_id enabling to track each attribution.

Dyadic Dataset (csv or xlsx):
The dyadic dataset puts state dyads in the focus. Each row in the dataset represents one cyber incident in a specific dyad. Because incidents may affect multiple receivers, single incidents can be duplicated in this format, when they affected multiple countries.

In the early hours of January 3, 2025, a mid-sized financial firm in Ohio discovered something chilling: over 1.2 terabytes of client data had been quietly siphoned off over the holidays. The attackers left no ransom demand, no calling card, just a system-wide silence and a massive void in customer...

Introduction

Cybersecurity Statistics: In a world that is increasingly becoming digital, cybersecurity statistics are now more important than ever for enterprises, governments, and individuals. The world has undergone significant changes in terms of online data storage and e-commerce, which have expanded the threat landscape. Cybercriminals have become sophisticated by using advanced methods to compromise security systems, steal private information, and disrupt operations. Cybersecurity statistics result in huge financial losses as well as reputational damages, hence making it one of the most critical elements in modern-day businesses and governance.

The global cybersecurity market has grown tremendously over the past few years due to the increasing number and complexity of cyber threats. In 2023, the cybersecurity industry was estimated to be worth around $217 billion, representing an increase of 15% from 2022. This growth was primarily due to increased awareness regarding cyber risks, coupled with numerous high-profile data breaches affecting both organizations and governments across the globe.

A quiet morning in Atlanta turned chaotic for a mid-sized healthcare provider. Every computer screen across the facility suddenly went dark, replaced by a single message: "Your data has been encrypted." Operations froze. Appointments were canceled. And the cost of recovery reached into the millions. Unfortunately, this isn’t a rare...

Introduction

Chinese Cyber Attack Statistics: Chinese cyber attacks have become a major global issue over the last 20 years. These attacks target governments, businesses, and important industries around the world. Many of these attacks are supported by the state, and their main goals are spying, stealing intellectual property, and gaining advantages in areas like technology, defence, and telecommunications.

In 2024, the global digital world will continue to face threats from cyberattacks linked to China. Because of this, governments and organisations need to strengthen their cybersecurity measures to protect their assets and data from these harmful activities.

Introduction

Workplace Cybersecurity Statistics: Workplace cybersecurity is a critical concern for businesses worldwide, as cyber threats continue to evolve and impact organizations of all sizes. In 2023, the average cost of a data breach reached a staggering $4.45 million, with small businesses particularly vulnerable. Over 90% of cyberattacks begin with human error, highlighting the importance of employee training and awareness.

As remote work becomes more prevalent, 61% of remote workers report using unsecured devices, further increasing security risks. With cybercrime projected to cost businesses $10.5 trillion annually in 2025, investing in robust cybersecurity measures has never been more vital for organizational resilience and data protection.

Pay attention to the following cybersecurity statistics to learn how to protect yourself from attacks.