Did the COVID-19 pandemic really affect cybersecurity? Short answer – Yes. Cybercrime is up 600% due to COVID-19.

These cybersecurity statistics will help you understand the state of online security and give you a better idea of what it takes to protect yourself.

An extensive dataset offering key insights into cyber security statistics and trends for 2025, including data breaches, cybercrime costs, threat vectors, and industry-specific impacts.

Phishing, ransomware, and business malware have been the most widespread types of cyberattacks in the United States, resulting in data compromises. In 2024, 455 cases of phishing and its variations were detected. Ransomware followed in the second place, with 188 attacks.

The average cyber attack takes 280 days to identify and contain and it costs an average of about $3.86 million to deal with properly.

According to a 2024 survey of Chief Information Security Officers (CISO) worldwide, Ransomware attacks were a leading cybersecurity risk, with roughly ** percent naming it as one of the three major cybersecurity threats. A further share of ** percent of the respondents found malware to be a significant risk to their organizations' cybersecurity. Email fraud compromise and DDoS attacks followed closely, with ** percent.

In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

Introduction

Cybersecurity Statistics: In a world that is increasingly becoming digital, cybersecurity statistics are now more important than ever for enterprises, governments, and individuals. The world has undergone significant changes in terms of online data storage and e-commerce, which have expanded the threat landscape. Cybercriminals have become sophisticated by using advanced methods to compromise security systems, steal private information, and disrupt operations. Cybersecurity statistics result in huge financial losses as well as reputational damages, hence making it one of the most critical elements in modern-day businesses and governance.

The global cybersecurity market has grown tremendously over the past few years due to the increasing number and complexity of cyber threats. In 2023, the cybersecurity industry was estimated to be worth around $217 billion, representing an increase of 15% from 2022. This growth was primarily due to increased awareness regarding cyber risks, coupled with numerous high-profile data breaches affecting both organizations and governments across the globe.

Percentage of enterprises impacted by cyber security incidents in specific ways by the North American Industry Classification System (NAICS) and size of enterprise.

Over 95% of cybersecurity breaches occur as a result of human error.

Introduction

Cybersecurity in Healthcare Statistics: As the healthcare sector increasingly integrates digital technologies, the need for robust cybersecurity measures has become more critical than ever. Adopting electronic health records (EHRs), telemedicine, and connected medical devices has significantly enhanced patient care and operational efficiency.

However, this digital shift has also exposed healthcare organizations to a rising tide of cyber threats, including data breaches, ransomware attacks, and hacks of medical devices. The sensitive nature of the data fuels these threats, such as personal health information (PHI) and payment records, making healthcare one of the most targeted cyberattack industries.

In response to these growing risks, healthcare providers must prioritize implementing stringent cybersecurity policies and embrace cutting-edge technologies like encryption, artificial intelligence, and multi-factor authentication. The sector is grappling with challenges such as outdated security systems, inadequate staff training, and the complexities of safeguarding networks of interconnected devices.

As cyberattacks become more frequent and sophisticated, understanding cybersecurity statistics within healthcare is essential for identifying vulnerabilities, assessing risks, and strengthening defenses to protect sensitive patient data and maintain trust within the industry.

In 2024, manufacturing saw the highest share of cyberattacks among the leading industries worldwide. During the examined year, manufacturing companies encountered more than a quarter of the total cyberattacks. Organizations in the finance and insurance followed, with around 23 percent. Professional, business, and consumer services ranked third, with 18 percent of reported cyberattacks. Manufacturing industry and cyberattacks The industry of manufacturing has been in the center of cyberattacks in a long time. The share of cyberattacks targeting organizations in this sector in 2018 was at 10 percent, while in 2024, it amounted to 26 percent. The situation is even more compliacted when we look at the cyber vulnerabilities found in this sector. In 2024, critical vulnerabilities in manufacturing companies lasted 205 days on average. IT perspective and prevention With recent technology developments, cybersecurity is crucial to an organization’s success. Realizing this, companies have been gradually increasing cybersecurity investments. Thus, in 2024, the cybersecurity budget worldwide was forecast to increase to nearly 283 billion U.S. dollars. Roughly nine in ten board directors of companies worldwide in professional services and media and entertainment industries say they expect an increase in the cybersecurity budget.

The National Institute of Standards and Technology (NIST) provides a Cybersecurity Framework (CSF) for benchmarking and measuring the maturity level of cyber security programs across all industries. The City uses this framework and toolset to measure and report on its internal cyber security program.The foundation for this measure is the Framework Core, a set of cybersecurity activities, desired outcomes and applicable references that are common across critical infrastructure/industry sectors. These activities come from the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) published standard, along with the information security and customer privacy controls it references (NIST 800 Series Special Publications). The Framework Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous functions – identify, protect, detect, respond, and recover. When considered together, these functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk. The Framework Core identifies underlying key categories and subcategories for each function, and matches them with example references, such as existing standards, guidelines and practices for each subcategory. This page provides data for the Cybersecurity performance measure.Cybersecurity Framework (CSF) scores by each CSF category per fiscal year quarter (Performance Measure 5.12)The performance measure dashboard is available at 5.12 Cybersecurity.Additional InformationSource: Maturity assessment /https://www.nist.gov/topics/cybersecurityContact: Scott CampbellContact E-Mail: Scott_Campbell@tempe.govData Source Type: ExcelPreparation Method: The data is a summary of a detailed and confidential analysis of the city's cyber security program. Maturity scores of subcategories within NIST CFS are combined, averaged and rolled up to a summary score for each major category.Publish Frequency: AnnualPublish Method: ManualData Dictionary

Cybersecurity in Healthcare Statistics - Importance in Healthcare

• Only 36% of healthcare organizations have a comprehensive cybersecurity incident response plan.
• 80% of healthcare organizations plan to increase their cybersecurity budgets in the coming years.

(Source: HIMSS Cybersecurity Survey, Black Book Market Research)

Pay attention to the following cybersecurity statistics to learn how to protect yourself from attacks.

Between the first quarter of 2023 and the third quarter of 2024, the number of records exposed in data breaches in the United States decreased significantly. In the most recent measured period, over 93.7 million records were reported as leaked, down from around 116 million in the previous quarter.

Problem Statement

👉 Download the case studies here

Organizations face an increasing number of sophisticated cybersecurity threats, including malware, phishing attacks, and unauthorized access. A financial institution experienced frequent attempts to breach its network, risking sensitive data and regulatory compliance. Traditional security measures were reactive and failed to detect threats in real time. The institution sought a proactive AI-driven solution to identify and prevent cybersecurity threats effectively.

Challenge

Developing an advanced threat detection system required addressing several challenges:

Processing and analyzing large volumes of network traffic and user activity data in real time.

Identifying new and evolving threats, such as zero-day vulnerabilities, with high accuracy.

Minimizing false positives to ensure security teams could focus on genuine threats.

Solution Provided

An AI-powered threat detection system was developed using machine learning algorithms and advanced analytics. The solution was designed to:

Continuously monitor network activity and user behavior to identify suspicious patterns.

Detect and neutralize cybersecurity threats in real time, including malware and phishing attempts.

Provide actionable insights to security teams for faster and more effective threat response.

Development Steps

Data Collection

Collected network traffic logs, endpoint activity, and historical threat data to train machine learning models.

Preprocessing

Cleaned and standardized data, ensuring compatibility across diverse sources, and filtered out noise for accurate analysis.

Model Development

Developed machine learning algorithms for anomaly detection, behavioral analysis, and threat classification. Trained models on labeled datasets to recognize known threats and identify emerging attack patterns.

Validation

Tested the system against simulated and real-world threat scenarios to evaluate detection accuracy, response times, and reliability.

Deployment

Integrated the threat detection system into the institution’s existing cybersecurity infrastructure, including firewalls, SIEM (Security Information and Event Management) tools, and endpoint protection

Continuous Monitoring & Improvement

Established a feedback loop to refine models using new threat data and adapt to evolving attack strategies.

Results

Enhanced Security Posture

The system improved the institution’s ability to detect and prevent cybersecurity threats proactively, strengthening its overall security framework.

Reduced Incidence of Cyber Attacks

Real-time detection and response significantly reduced the frequency and impact of successful cyber attacks.

Improved Threat Response Times

Automated threat identification and prioritization enabled security teams to respond faster and more effectively to potential breaches.

Minimized False Positives

Advanced algorithms reduced false alarms, allowing security teams to focus on genuine threats and improve efficiency.

Scalable and Adaptive Solution

The system adapted to new threats and scaled effortlessly to protect growing organizational networks and data.

India Cyber Security Incidents: Total data was reported at 1,592,917.000 Unit in 2023. This records an increase from the previous number of 1,391,457.000 Unit for 2022. India Cyber Security Incidents: Total data is updated yearly, averaging 49,908.500 Unit from Dec 2004 (Median) to 2023, with 20 observations. The data reached an all-time high of 1,592,917.000 Unit in 2023 and a record low of 23.000 Unit in 2004. India Cyber Security Incidents: Total data remains active status in CEIC and is reported by Indian Computer Emergency Response Team. The data is categorized under India Premium Database’s Transportation, Post and Telecom Sector – Table IN.TF010: Information Technology Statistics: Cyber Security Incidents.

In 2023, ransomware was the most frequently detected cyberattack worldwide, with around 70 percent of all detected cyberattacks. Network breaches ranked second, with almost 19 percent of the detections. Although less frequently, data exfiltration was also among the detected cyberattacks.