Pay attention to the following cybersecurity statistics to learn how to protect yourself from attacks.

Introduction

Cyber Security Statistics: Cybersecurity has become a top priority for organizations worldwide, driven by the escalating volume and complexity of cyber threats. As businesses increasingly adopt digital technologies, the risk of cyberattacks, such as data breaches, ransomware, and phishing, has risen, creating significant challenges for data privacy and security.

The increasing frequency of high-profile cyber incidents has exposed vulnerabilities in various sectors, prompting governments and organizations to enhance their cybersecurity measures. In response, emerging technologies such as artificial intelligence and machine learning are being integrated to enhance threat detection and response capabilities.

The following statistics offer a comprehensive overview of the cybersecurity landscape, shedding light on the trends, risks, and developments that are shaping this critical field.

In 2024, manufacturing saw the highest share of cyberattacks among the leading industries worldwide. During the examined year, manufacturing companies encountered more than a quarter of the total cyberattacks. Organizations in the finance and insurance followed, with around 23 percent. Professional, business, and consumer services ranked third, with 18 percent of reported cyberattacks. Manufacturing industry and cyberattacks The industry of manufacturing has been in the center of cyberattacks in a long time. The share of cyberattacks targeting organizations in this sector in 2018 was at 10 percent, while in 2024, it amounted to 26 percent. The situation is even more compliacted when we look at the cyber vulnerabilities found in this sector. In 2024, critical vulnerabilities in manufacturing companies lasted 205 days on average. IT perspective and prevention With recent technology developments, cybersecurity is crucial to an organization’s success. Realizing this, companies have been gradually increasing cybersecurity investments. Thus, in 2024, the cybersecurity budget worldwide was forecast to increase to nearly 283 billion U.S. dollars. Roughly nine in ten board directors of companies worldwide in professional services and media and entertainment industries say they expect an increase in the cybersecurity budget.

Introduction

Cybersecurity in Healthcare Statistics: As the healthcare sector increasingly integrates digital technologies, the need for robust cybersecurity measures has become more critical than ever. Adopting electronic health records (EHRs), telemedicine, and connected medical devices has significantly enhanced patient care and operational efficiency.

However, this digital shift has also exposed healthcare organizations to a rising tide of cyber threats, including data breaches, ransomware attacks, and hacks of medical devices. The sensitive nature of the data fuels these threats, such as personal health information (PHI) and payment records, making healthcare one of the most targeted cyberattack industries.

In response to these growing risks, healthcare providers must prioritize implementing stringent cybersecurity policies and embrace cutting-edge technologies like encryption, artificial intelligence, and multi-factor authentication. The sector is grappling with challenges such as outdated security systems, inadequate staff training, and the complexities of safeguarding networks of interconnected devices.

As cyberattacks become more frequent and sophisticated, understanding cybersecurity statistics within healthcare is essential for identifying vulnerabilities, assessing risks, and strengthening defenses to protect sensitive patient data and maintain trust within the industry.

In a survey conducted in 2024, around 26 percent of respondents among business and cyber leaders worldwide stated that the biggest cybersecurity challenge they faced was vulnerabilities in complex supply chain interdependencies. Moreover, 22 percent were concerned about the increasing sophistication of cybercrime.

In the early hours of January 3, 2025, a mid-sized financial firm in Ohio discovered something chilling: over 1.2 terabytes of client data had been quietly siphoned off over the holidays. The attackers left no ransom demand, no calling card, just a system-wide silence and a massive void in customer...

Introduction

AI Cybersecurity Statistics And Facts: Artificial intelligence (AI) is transforming the cybersecurity landscape, enhancing capabilities in threat detection, incident response, and predictive analytics, while also enabling cybercriminals to develop more sophisticated and elusive attacks. As more organizations adopt AI-driven security solutions, it becomes essential to examine the statistical trends shaping this dynamic field.

This report delivers a focused, data-centric analysis of AI’s growing role in cybersecurity, covering adoption levels, investment trends, emerging threats, and global defense measures, providing key insights for leaders facing the challenges of an increasingly intelligent and complex cyber threat environment.

This Cybersecurity Intrusion Detection Dataset is designed for detecting cyber intrusions based on network traffic and user behavior. Below, I’ll explain each aspect in detail, including the dataset structure, feature importance, possible analysis approaches, and how it can be used for machine learning.

1. Understanding the Features

The dataset consists of network-based and user behavior-based features. Each feature provides valuable information about potential cyber threats.

A. Network-Based Features

These features describe network-level information such as packet size, protocol type, and encryption methods.

1. network_packet_size (Packet Size in Bytes)

   • Represents the size of network packets, ranging between 64 to 1500 bytes.
   • Packets on the lower end (~64 bytes) may indicate control messages, while larger packets (~1500 bytes) often carry bulk data.
   • Attackers may use abnormally small or large packets for reconnaissance or exploitation attempts.

2. protocol_type (Communication Protocol)

   • The protocol used in the session: TCP, UDP, or ICMP.
   • TCP (Transmission Control Protocol): Reliable, connection-oriented (common for HTTP, HTTPS, SSH).
   • UDP (User Datagram Protocol): Faster but less reliable (used for VoIP, streaming).
   • ICMP (Internet Control Message Protocol): Used for network diagnostics (ping); often abused in Denial-of-Service (DoS) attacks.

3. encryption_used (Encryption Protocol)

   • Values: AES, DES, None.
   • AES (Advanced Encryption Standard): Strong encryption, commonly used.
   • DES (Data Encryption Standard): Older encryption, weaker security.
   • None: Indicates unencrypted communication, which can be risky.
   • Attackers might use no encryption to avoid detection or weak encryption to exploit vulnerabilities.

B. User Behavior-Based Features

These features track user activities, such as login attempts and session duration.

1. login_attempts (Number of Logins)

   • High values might indicate brute-force attacks (repeated login attempts).
   • Typical users have 1–3 login attempts, while an attack may have hundreds or thousands.

2. session_duration (Session Length in Seconds)

   • A very long session might indicate unauthorized access or persistence by an attacker.
   • Attackers may try to stay connected to maintain access.

3. failed_logins (Failed Login Attempts)

   • High failed login counts indicate credential stuffing or dictionary attacks.
   • Many failed attempts followed by a successful login could suggest an account was compromised.

4. unusual_time_access (Login Time Anomaly)

   • A binary flag (0 or 1) indicating whether access happened at an unusual time.
   • Attackers often operate outside normal business hours to evade detection.

5. ip_reputation_score (Trustworthiness of IP Address)

   • A score from 0 to 1, where higher values indicate suspicious activity.
   • IP addresses associated with botnets, spam, or previous attacks tend to have higher scores.

6. browser_type (User’s Browser)

   • Common browsers: Chrome, Firefox, Edge, Safari.
   • Unknown: Could be an indicator of automated scripts or bots.

2. Target Variable (attack_detected)

• Binary classification: 1 means an attack was detected, 0 means normal activity.
• The dataset is useful for supervised machine learning, where a model learns from labeled attack patterns.

3. Possible Use Cases

This dataset can be used for intrusion detection systems (IDS) and cybersecurity research. Some key applications include:

A. Machine Learning-Based Intrusion Detection

1. Supervised Learning Approaches

   • Classification Models (Logistic Regression, Decision Trees, Random Forest, XGBoost, SVM)
   • Train the model using labeled data (attack_detected as the target).
   • Evaluate using accuracy, precision, recall, F1-score.

2. Deep Learning Approaches

   • Use Neural Networks (DNN, LSTM, CNN) for pattern recognition.
   • LSTMs work well for time-series-based network traffic analysis.

B. Anomaly Detection (Unsupervised Learning)

If attack labels are missing, anomaly detection can be used: - Autoencoders: Learn normal traffic and flag anomalies. - Isolation Forest: Detects outliers based on feature isolation. - One-Class SVM: Learns normal behavior and detects deviations.

C. Rule-Based Detection

• If certain thresholds are met (e.g., failed_logins > 10 & ip_reputation_score > 0.8), an alert is triggered.

4. Challenges & Considerations

• Adversarial Attacks: Attackers may modify traffic to evade detection.
• Concept Drift: Cyber threats...

According to a survey of global IT security professionals in 2025, malware was the most concerning cyber threat targeting organizations, with a relative value of **** on a five-point scale. Account takeover/credential abuse attacks ranked second, while phishing attacks followed.

The National Institute of Standards and Technology (NIST) provides a Cybersecurity Framework (CSF) for benchmarking and measuring the maturity level of cybersecurity programs across all industries. The City uses this framework and toolset to measure and report on its internal cybersecurity program. The foundation for this measure is the Framework Core, a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure/industry sectors. These activities come from the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) published standard, along with the information security and customer privacy controls it references (NIST 800 Series Special Publications). The Framework Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous functions: identify, protect, detect, respond, and recover. When considered together, these functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk. The Framework Core identifies underlying key categories and subcategories for each function, and matches them with example references, such as existing standards, guidelines, and practices for each subcategory. This page provides data for the Cybersecurity performance measure. Cybersecurity Framework (CSF) scores by each CSF category per fiscal year quarter (Performance Measure 5.12) The performance measure dashboard is available at 5.12 Cybersecurity. Additional InformationSource: Maturity assessment /https://www.nist.gov/topics/cybersecurityContact: Scott CampbellContact E-Mail: Scott_Campbell@tempe.govData Source Type: ExcelPreparation Method: The data is a summary of a detailed and confidential analysis of the city's cybersecurity program. Maturity scores of subcategories within NIST CFS are combined, averaged, and rolled up to a summary score for each major category.Publish Frequency: AnnualPublish Method: ManualData Dictionary

It all started with a laptop on a kitchen table. One device, one user, and a Wi-Fi network not built for enterprise-grade security. Multiply that by millions, and you begin to grasp the scale of the remote work cybersecurity challenge. As the boundaries between home and work blur, so do...

In early 2025, a small tech startup in Austin, Texas, discovered its customer database had been silently siphoned off over a period of three months. The breach wasn’t sophisticated, it was a simple phishing email that bypassed outdated filters. But the consequences were staggering: legal fees, compliance penalties, and reputational...

This dataset contains web traffic records collected through AWS CloudWatch, aimed at detecting suspicious activities and potential attack attempts.

The data were generated by monitoring traffic to a production web server, using various detection rules to identify anomalous patterns.

Context

In today's cloud environments, cybersecurity is more crucial than ever. The ability to detect and respond to threats in real time can protect organizations from significant consequences. This dataset provides a view of web traffic that has been labeled as suspicious, offering a valuable resource for developers, data scientists, and security experts to enhance threat detection techniques.

Dataset Content

Each entry in the dataset represents a stream of traffic to a web server, including the following columns:

bytes_in: Bytes received by the server.

bytes_out: Bytes sent from the server.

creation_time: Timestamp of when the record was created.

end_time: Timestamp of when the connection ended.

src_ip: Source IP address.

src_ip_country_code: Country code of the source IP.

protocol: Protocol used in the connection.

response.code: HTTP response code.

dst_port: Destination port on the server.

dst_ip: Destination IP address.

rule_names: Name of the rule that identified the traffic as suspicious.

observation_name: Observations associated with the traffic.

source.meta: Metadata related to the source.

source.name: Name of the traffic source.

time: Timestamp of the detected event.

detection_types: Type of detection applied.

Potential Uses

This dataset is ideal for:

• Anomaly Detection: Developing models to detect unusual behaviors in web traffic.
• Classification Models: Training models to automatically classify traffic as normal or suspicious.
• Security Analysis: Conducting security analyses to understand the tactics, techniques, and procedures of attackers.

India Cyber Security Incidents: Total data was reported at 1,592,917.000 Unit in 2023. This records an increase from the previous number of 1,391,457.000 Unit for 2022. India Cyber Security Incidents: Total data is updated yearly, averaging 49,908.500 Unit from Dec 2004 (Median) to 2023, with 20 observations. The data reached an all-time high of 1,592,917.000 Unit in 2023 and a record low of 23.000 Unit in 2004. India Cyber Security Incidents: Total data remains active status in CEIC and is reported by Indian Computer Emergency Response Team. The data is categorized under India Premium Database’s Transportation, Post and Telecom Sector – Table IN.TF010: Information Technology Statistics: Cyber Security Incidents.

Cybersecurity is no small deal these days, and anyone with even a remote understanding of digital security can tell you that. As digital devices connected to the internet become popular, threat actors also change how they target vulnerable demographics. We are talking about the emergence of new threats and the...

This report reviews the impact of the cyber attack in May 2021 on the Health Service Executive (HSE) and other health bodies. It examines the HSE's cyber attack preparedness, the financial impact of the attack and the status of implementation of PWC's post incident review recommendations. .hidden { display: none }

Percentage of enterprises impacted by specific types of cyber security incidents by the North American Industry Classification System (NAICS) and size of enterprise.

Cybersecurity Dataset: Are We Ready in Latin America and the Caribbean? (2016)

This dataset supports the 2016 Cybersecurity Report, Are We Ready in Latin America and the Caribbean?, produced by the Inter-American Development Bank (IDB), Organization of American States (OAS), and Global Cyber Security Capacity Centre (GCSCC) at Oxford.

Data were collected via an online survey using the Cybersecurity Capability Maturity Model (CMM), developed by the GCSCC. The survey was translated into English and Spanish. Following a pilot phase, it was administered to a diverse group of national stakeholders across 32 countries in Latin America and the Caribbean.

The responses were aggregated, reviewed, cleaned, and supplemented with additional information from external sources to ensure completeness and accuracy.