Pay attention to the following cybersecurity statistics to learn how to protect yourself from attacks.

In 2024, manufacturing saw the highest share of cyberattacks among the leading industries worldwide. During the examined year, manufacturing companies encountered more than a quarter of the total cyberattacks. Organizations in the finance and insurance followed, with around 23 percent. Professional, business, and consumer services ranked third, with 18 percent of reported cyberattacks. Manufacturing industry and cyberattacks The industry of manufacturing has been in the center of cyberattacks in a long time. The share of cyberattacks targeting organizations in this sector in 2018 was at 10 percent, while in 2024, it amounted to 26 percent. The situation is even more compliacted when we look at the cyber vulnerabilities found in this sector. In 2024, critical vulnerabilities in manufacturing companies lasted 205 days on average. IT perspective and prevention With recent technology developments, cybersecurity is crucial to an organization’s success. Realizing this, companies have been gradually increasing cybersecurity investments. Thus, in 2024, the cybersecurity budget worldwide was forecast to increase to nearly 283 billion U.S. dollars. Roughly nine in ten board directors of companies worldwide in professional services and media and entertainment industries say they expect an increase in the cybersecurity budget.

In a survey conducted in 2024, around 26 percent of respondents among business and cyber leaders worldwide stated that the biggest cybersecurity challenge they faced was vulnerabilities in complex supply chain interdependencies. Moreover, 22 percent were concerned about the increasing sophistication of cybercrime.

Introduction

Cyber Security Statistics: Cybersecurity has become a top priority for organizations worldwide, driven by the escalating volume and complexity of cyber threats. As businesses increasingly adopt digital technologies, the risk of cyberattacks, such as data breaches, ransomware, and phishing, has risen, creating significant challenges for data privacy and security.

The increasing frequency of high-profile cyber incidents has exposed vulnerabilities in various sectors, prompting governments and organizations to enhance their cybersecurity measures. In response, emerging technologies such as artificial intelligence and machine learning are being integrated to enhance threat detection and response capabilities.

The following statistics offer a comprehensive overview of the cybersecurity landscape, shedding light on the trends, risks, and developments that are shaping this critical field.

Introduction

Cybersecurity in Healthcare Statistics: As the healthcare sector increasingly integrates digital technologies, the need for robust cybersecurity measures has become more critical than ever. Adopting electronic health records (EHRs), telemedicine, and connected medical devices has significantly enhanced patient care and operational efficiency.

However, this digital shift has also exposed healthcare organizations to a rising tide of cyber threats, including data breaches, ransomware attacks, and hacks of medical devices. The sensitive nature of the data fuels these threats, such as personal health information (PHI) and payment records, making healthcare one of the most targeted cyberattack industries.

In response to these growing risks, healthcare providers must prioritize implementing stringent cybersecurity policies and embrace cutting-edge technologies like encryption, artificial intelligence, and multi-factor authentication. The sector is grappling with challenges such as outdated security systems, inadequate staff training, and the complexities of safeguarding networks of interconnected devices.

As cyberattacks become more frequent and sophisticated, understanding cybersecurity statistics within healthcare is essential for identifying vulnerabilities, assessing risks, and strengthening defenses to protect sensitive patient data and maintain trust within the industry.

In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

In the early hours of January 3, 2025, a mid-sized financial firm in Ohio discovered something chilling: over 1.2 terabytes of client data had been quietly siphoned off over the holidays. The attackers left no ransom demand, no calling card, just a system-wide silence and a massive void in customer...

Introduction

AI Cybersecurity Statistics And Facts: Artificial intelligence (AI) is transforming the cybersecurity landscape, enhancing capabilities in threat detection, incident response, and predictive analytics, while also enabling cybercriminals to develop more sophisticated and elusive attacks. As more organizations adopt AI-driven security solutions, it becomes essential to examine the statistical trends shaping this dynamic field.

This report delivers a focused, data-centric analysis of AI’s growing role in cybersecurity, covering adoption levels, investment trends, emerging threats, and global defense measures, providing key insights for leaders facing the challenges of an increasingly intelligent and complex cyber threat environment.

In late 2024, a boutique digital marketing agency in Austin, Texas, experienced what seemed like a minor IT hiccup. Their systems froze for six hours. What they didn’t know was that a ransomware attack had quietly encrypted their data. Within 24 hours, the attacker demanded $25,000 in cryptocurrency. The firm,...

In early 2025, a small tech startup in Austin, Texas, discovered its customer database had been silently siphoned off over a period of three months. The breach wasn’t sophisticated, it was a simple phishing email that bypassed outdated filters. But the consequences were staggering: legal fees, compliance penalties, and reputational...

The foundation for this measure is the Framework Core, a set of cybersecurity activities, desired outcomes and applicable references that are common across critical infrastructure/industry sectors. These activities come from the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) published standard, along with the information security and customer privacy controls it references (NIST 800 Series Special Publications). The Framework Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous functions – identify, protect, detect, respond, and recover. When considered together, these functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk. The Framework Core identifies underlying key categories and subcategories for each function, and matches them with example references, such as existing standards, guidelines and practices for each subcategory. This page provides data for the Cybersecurity performance measure.Cybersecurity Framework (CSF) scores by each CSF category per fiscal year quarter (Performance Measure 5.12)The performance measure dashboard is available at 5.12 Cybersecurity.Additional InformationSource: Maturity assessment /https://www.nist.gov/topics/cybersecurityContact: Scott CampbellContact E-Mail: Scott_Campbell@tempe.govData Source Type: ExcelPreparation Method: The data is a summary of a detailed and confidential analysis of the city's cyber security program. Maturity scores of subcategories within NIST CFS are combined, averaged and rolled up to a summary score for each major category.Publish Frequency: Annual

Cybersecurity is no small deal these days, and anyone with even a remote understanding of digital security can tell you that. As digital devices connected to the internet become popular, threat actors also change how they target vulnerable demographics. We are talking about the emergence of new threats and the...

This Cybersecurity Intrusion Detection Dataset is designed for detecting cyber intrusions based on network traffic and user behavior. Below, I’ll explain each aspect in detail, including the dataset structure, feature importance, possible analysis approaches, and how it can be used for machine learning.

1. Understanding the Features

The dataset consists of network-based and user behavior-based features. Each feature provides valuable information about potential cyber threats.

A. Network-Based Features

These features describe network-level information such as packet size, protocol type, and encryption methods.

1. network_packet_size (Packet Size in Bytes)

   • Represents the size of network packets, ranging between 64 to 1500 bytes.
   • Packets on the lower end (~64 bytes) may indicate control messages, while larger packets (~1500 bytes) often carry bulk data.
   • Attackers may use abnormally small or large packets for reconnaissance or exploitation attempts.

2. protocol_type (Communication Protocol)

   • The protocol used in the session: TCP, UDP, or ICMP.
   • TCP (Transmission Control Protocol): Reliable, connection-oriented (common for HTTP, HTTPS, SSH).
   • UDP (User Datagram Protocol): Faster but less reliable (used for VoIP, streaming).
   • ICMP (Internet Control Message Protocol): Used for network diagnostics (ping); often abused in Denial-of-Service (DoS) attacks.

3. encryption_used (Encryption Protocol)

   • Values: AES, DES, None.
   • AES (Advanced Encryption Standard): Strong encryption, commonly used.
   • DES (Data Encryption Standard): Older encryption, weaker security.
   • None: Indicates unencrypted communication, which can be risky.
   • Attackers might use no encryption to avoid detection or weak encryption to exploit vulnerabilities.

B. User Behavior-Based Features

These features track user activities, such as login attempts and session duration.

1. login_attempts (Number of Logins)

   • High values might indicate brute-force attacks (repeated login attempts).
   • Typical users have 1–3 login attempts, while an attack may have hundreds or thousands.

2. session_duration (Session Length in Seconds)

   • A very long session might indicate unauthorized access or persistence by an attacker.
   • Attackers may try to stay connected to maintain access.

3. failed_logins (Failed Login Attempts)

   • High failed login counts indicate credential stuffing or dictionary attacks.
   • Many failed attempts followed by a successful login could suggest an account was compromised.

4. unusual_time_access (Login Time Anomaly)

   • A binary flag (0 or 1) indicating whether access happened at an unusual time.
   • Attackers often operate outside normal business hours to evade detection.

5. ip_reputation_score (Trustworthiness of IP Address)

   • A score from 0 to 1, where higher values indicate suspicious activity.
   • IP addresses associated with botnets, spam, or previous attacks tend to have higher scores.

6. browser_type (User’s Browser)

   • Common browsers: Chrome, Firefox, Edge, Safari.
   • Unknown: Could be an indicator of automated scripts or bots.

2. Target Variable (attack_detected)

• Binary classification: 1 means an attack was detected, 0 means normal activity.
• The dataset is useful for supervised machine learning, where a model learns from labeled attack patterns.

3. Possible Use Cases

This dataset can be used for intrusion detection systems (IDS) and cybersecurity research. Some key applications include:

A. Machine Learning-Based Intrusion Detection

1. Supervised Learning Approaches

   • Classification Models (Logistic Regression, Decision Trees, Random Forest, XGBoost, SVM)
   • Train the model using labeled data (attack_detected as the target).
   • Evaluate using accuracy, precision, recall, F1-score.

2. Deep Learning Approaches

   • Use Neural Networks (DNN, LSTM, CNN) for pattern recognition.
   • LSTMs work well for time-series-based network traffic analysis.

B. Anomaly Detection (Unsupervised Learning)

If attack labels are missing, anomaly detection can be used: - Autoencoders: Learn normal traffic and flag anomalies. - Isolation Forest: Detects outliers based on feature isolation. - One-Class SVM: Learns normal behavior and detects deviations.

C. Rule-Based Detection

• If certain thresholds are met (e.g., failed_logins > 10 & ip_reputation_score > 0.8), an alert is triggered.

4. Challenges & Considerations

• Adversarial Attacks: Attackers may modify traffic to evade detection.
• Concept Drift: Cyber threats...

In the first half of 2022, more than 40 percent of compromised information in automotive industry cyber attacks was consumer data. Company-sensitive and internet credential information were also among the most frequently compromised data types. Intellectual property was also known to be often targeted by cybercriminals.

According to a survey of global IT security professionals in 2025, malware was the most concerning cyber threat targeting organizations, with a relative value of **** on a five-point scale. Account takeover/credential abuse attacks ranked second, while phishing attacks followed.

Introduction

Workplace Cybersecurity Statistics: Workplace cybersecurity is a critical concern for businesses worldwide, as cyber threats continue to evolve and impact organizations of all sizes. In 2023, the average cost of a data breach reached a staggering $4.45 million, with small businesses particularly vulnerable. Over 90% of cyberattacks begin with human error, highlighting the importance of employee training and awareness.

As remote work becomes more prevalent, 61% of remote workers report using unsecured devices, further increasing security risks. With cybercrime projected to cost businesses $10.5 trillion annually in 2025, investing in robust cybersecurity measures has never been more vital for organizational resilience and data protection.

This dataset contains web traffic records collected through AWS CloudWatch, aimed at detecting suspicious activities and potential attack attempts.

The data were generated by monitoring traffic to a production web server, using various detection rules to identify anomalous patterns.

Context

In today's cloud environments, cybersecurity is more crucial than ever. The ability to detect and respond to threats in real time can protect organizations from significant consequences. This dataset provides a view of web traffic that has been labeled as suspicious, offering a valuable resource for developers, data scientists, and security experts to enhance threat detection techniques.

Dataset Content

Each entry in the dataset represents a stream of traffic to a web server, including the following columns:

bytes_in: Bytes received by the server.

bytes_out: Bytes sent from the server.

creation_time: Timestamp of when the record was created.

end_time: Timestamp of when the connection ended.

src_ip: Source IP address.

src_ip_country_code: Country code of the source IP.

protocol: Protocol used in the connection.

response.code: HTTP response code.

dst_port: Destination port on the server.

dst_ip: Destination IP address.

rule_names: Name of the rule that identified the traffic as suspicious.

observation_name: Observations associated with the traffic.

source.meta: Metadata related to the source.

source.name: Name of the traffic source.

time: Timestamp of the detected event.

detection_types: Type of detection applied.

Potential Uses

This dataset is ideal for:

• Anomaly Detection: Developing models to detect unusual behaviors in web traffic.
• Classification Models: Training models to automatically classify traffic as normal or suspicious.
• Security Analysis: Conducting security analyses to understand the tactics, techniques, and procedures of attackers.

Percentage of enterprises impacted by cyber security incidents in specific ways by the North American Industry Classification System (NAICS) and size of enterprise.