30 Cyber Security Statistics for 2020

Thomas Gilham

In a world of ever-increasing cybercrime, cyber security ought to become a major priority for businesses, governments, organizations and individuals. At this particular point in time, cyber criminals are rapidly increasing, the costs associated with attempting to stop them are sky rocketing, and security breaches are costing trillions of dollars in lost information and information recovery.

The 30 cyber security statistics for 2019 that we are about to share with you should be a wake-up call. We guarantee that you will have a knot in your stomach before you are finished reading this list.

#1. Ransomware Preferred Method of Malware Attack

According to the FBI’s Ransomware Prevention and Response for CISOs report, there has been a 300 percent increase of ransomware attacks since 2015. Currently, on average, there are more than 4,000 ransomware attacks on households and corporate networks on a daily basis. This trend makes ransomware the greatest malware threat and the preferred method of hackers.

#2. An Under Armor Security Breach Effected 150 Million Users

On March 29, 2018, Under Armor announced that its “My Fitness Pal” was hacked. This breach of security effected its food and nutrition app as well as its website. Affected information included: usernames, email addresses and hashed passwords. Payment card data was also not affected because it is collected and processed separately. Indications are that approximately 150 million user accounts were affected by this security breach.

#3. The Highest Number of Malware-Infected Computers Are in China

More than half of the computers in China are reported to be infected with malware. Panda Security has estimated that 57.24 percent of Chinese computers are infected by malware with Taiwan and Turkey following at 49.15 and 42.52 percent respectively. These three countries have remained at the top of the list since 2014 and these figures show a 30 percent increase in infection over the past four years.

#4. Federal Spending by the U.S. Government for Cyber-Security Exceeds $30 Billion

U.S. government steadily increased its budget from $7.5 billion (2007) to $28 billion (2016) in efforts to combat malicious cyber attacks, asserts Tax Payers for Common Sense. This indicates a 373 percent increase in spending during that period and the trend has continued in the same direction, placing this year’s spending for cyber-security well over $30 billion. That is nearly 40% of what is spent in the U.S. Defense Department’s annual budget.

#5. Cybercrime Is Expected to Reach $6 Trillion Annually by 2021

“Cybercrime is the greatest threat to every company in the world, and one of the biggest problems with mankind,” according to Cybersecurity Ventures. The claim is backed up by data reporting that cybercrime cost companies $3 trillion in 2015 and spending has steadily increased. Their prediction is that costs will double by 2021, reaching the $6 trillion per year mark. If you consider that is six times the 2018 U.S. defense budget, that is a staggering amount being spent to protect against cyber attacks.

#6. A Data Breach Costs the Average Company About $3.86 Million

An IBM sponsored study by Ponemon Institute reported that an increase in the cost of a data breach had risen 6.4 percent over the cost in the previous year to $3.86 million. Their report also broke down that overall figure into the cost of each lost or stolen record containing sensitive and confidential information and noted a 4.8 percent rise over the previous year to $148 per record. Their study also predicts the likelihood of a breach within the next 48 months as well as a list of measures that can help mitigate them.

#7. In Spite of Knowing the Risks, 78% of People Still Click on Unknown Links

Whether it is some sort of psychological defect or some other factor, a researcher at Erlangen-Nuremberg University conducted a study that indicated that 78% of people click on unknown links in emails, though they claim to be aware of the risks. It was also noted in the study that fewer of the test subjects clicked on links whenever the email did not address them by name. Evidently, people feel more comfortable with being attacked if the attacker uses a proper form of address.

#8. Data Breaches Are Predicted to Cost More Than $150 Million Each by 2020

The quick breather between this statistic and #6 above probably won’t help much as you consider this statistic. According to Juniper Research, hacking has become such big business that they are projecting the costs of a data breach to go well above $3.8 million each and exceed $150 million each in just two more years. That increase is almost 4,000 percent if more efficient efforts to mitigate security breaches are not put into place.

#9. Encryption Helps Cover the Tracks of 90% of Hackers

The saying, “what’s good for the goose is good for the gander,” seems to apply to cybercrime as well. Hackers have gotten wise when it comes to being caught by authorities and utilize encryption techniques like VPNs to remain anonymous and cover their tracks. 90% of the CIOs surveyed by Venafi reported that they either had been or expected to be attacked by hackers hiding behind encryption. 87% of the same respondents also admitted that their security controls failed to adequately protect their companies from attack.

#10. Cryptojacking Attacks Exploded by 8,500% Last Year

Symantec reports that the explosion in the crypto-currency market has also caused something of a criminal gold rush by cyber criminals. Their report not only shows this staggering increase in 2017, but indicates that a theft of over $1.7 million was logged in December alone. According to Symantec, “With only a couple lines of code, or delivered via a browser, cyber criminals harness stolen processing power and cloud CPU usage to mine crypto currency.” This suggests that there are serious breaches of security in buying and selling crypto-currency.

#11. The Average Business Requires More Than 6 Months to Detect a Data Breach

Part of the reason for those inflated figures in #6 and #8 above is due to the length of time it takes for most businesses to detect a data breach. Hackers have gotten more sophisticated in doing their work undetected to the point that it requires an average of 197 days for a business to detect a breach, if they ever do, according to research reported on at ZD Net. Most businesses are experiences multiple attacks per month. If you make use of the figure of $148 per stolen record, in #6, you can quickly see how the cost of a security breach can quickly get out of hand.

#12. The Average Demand of a Ransomware Attack Was Cut in Half in 2018

Equal to an oral surgeon telling you that he will only have to extract two of your four wisdom teeth, the average demand of a ransomware attack was cut in half in 2018. The average in 2017 was $1,077 demanded per attack, but it seems that criminals have decided to offer a discount for faithful, paying customers. The new average is $522, which is still represents 1.5 times as much as was being paid out in 2016. According to Invenio IT, “some experts say that the drop is a ‘market correction,’ a natural result of the proliferation of ransomware.

#13. 99% of Mobile Malware Attacks Target Android Phones

If you were looking for a reason to switch to an iOS mobile device, this just might be the determining factor. According to F-Secure, 99% of all mobile malware is designed for Android devices. Over 19 million malware programs were designed specifically for Android mobile devices. Where that is a significant number of malware programs, this represents only 8% of all of the malware programs across all devices. Why is iOS not attacked as much? Their system of app distribution is more closed than Android and the iOS distribution and updating model is more effective at heading off attacks.

#14. 1 in 412 Emails Contain Malware

The good news is that this number took a significant dip from 1 in 131 emails in 2016. The bad news is that targeting seems to be more focused. The I Corps blog reports that Industry and public administration accounts are being targeted at the rate of 1 in 120 emails and those sectors following close behind are manufacturing, construction and financial institutions. The decrease is not particularly good news because it is likely that the focus has shifted to cryptojacking and more focused ransomware attacks.

#15. 62% of Businesses Are Unprepared to Deal with a Security Breach

Info-Security Magazine, reporting on the 2018 Travelers Risk Index, noted that out of the 1,000 companies who took part in their study, only 62% had a continuity plan outlining the steps the organization should take in the event of a breach. In correlation to this figure, two other statistics stand out: 52% believe that a cyber attack is inevitable and 55% have not completed a cyber-risk assessment of their systems.

#16. The Number of Records Exposed by Breaches Rose 389%

Where the total number of security breaches, according to the Identity Theft Resource Center (ITRC), only 44%, that increase led to a much sharper increase in the number of records exposed for possible identity theft or fraud. This 389% increase in exposed records has placed 179 million records at risk where a little over 46 million records were exposed the year before.

#17. 73% of Consumers Are Concerned About How Companies Use Their Data

At the beginning of 2018, a study reported by AE Ideas notes that 73% of users were concerned about how the data they shared was being used by internet companies. In relation to that figure, 77% wanted to see more transparency concerning the ads that were being targeted toward them in connection with the personal data collected from them. These statistics came out before the Facebook/Cambridge scandal.

#18. 58% of Malware Attacks Target Small Businesses

It should not come as a surprise that a cyber attack would target a small business rather than a large one. Taking on the likes of Amazon, eBay, Yahoo or IBM is like your seven-year-old sister taking on Connor McGregor. The Barkly Team reported that “Not only do they suffer more malware infections, the frequency of attacks against SMBs appears to be on the rise, as well.” The obvious reason for this statistic is that small businesses do not tend to have sufficient resources to cover all of the various vulnerabilities hackers are able to target.

#19. Word, PowerPoint and Excel File Extensions Are Most Used In Malicious Attacks

Malware programmers made use of Word, PowerPoint and Excel file extensions the most for their email traps, according to a Cisco study. 38% of the total number of malicious attacks studied in a period between January and September of 2017 made use of these file extensions. Coming in second were archive file extensions (.zip and .jar) at 37% and PDF files came in third at 14%. The reason these extensions are used more often is related to the fact that most people tend to place more trust in these types of files, which have easily recognizable file extensions.

#20. Unfilled Cyber Security Jobs Are Projected to Reach 3.5 Million by 2021

If you are looking for a wide-open job market to enter into, cyber security is probably going to be your best bet. Given the cost figures related to security breaches, demand is expected to rise dramatically. CSO reports that Cybersecurity Ventures are expecting to see an unmet need of 3.5 million cyber security related jobs by 2021. This is a dramatic, 200% increase over 2016 numbers of 1 million unfilled cyber security jobs. The issue is that the prevalence of cybercriminals is increasing at such a rapid rate that the available number of knowledgeable professionals to counter cannot keep up.

#21. North American and European Users Lag Behind the World in VPN Usage

When it comes to bypassing internet censorship and hiding browser activity, it should come as no surprise that the emerging markets for VPN usage are in the Asian Pacific and Latin America. Six of the top ten markets come out of the Asian Pacific, which makes up the vast majority at 30%. North American and European users use VPNs about half as much only 17%. This is on the increase as 2016 statistics had European and North America users in single digits.

#22. Trust In Facebook Took a 66% Plunge in 2018

The Facebook/Cambridge scandal had a significant impact on the social media giant in the spring of 2018. A Ponemon Institute, reported by NBC News Online, survey noted that a 66% plunge in overall confidence of Facebook came about after investigations and hearings were conducted concerning in relation to the scandal. User confidence fell from 79% to just 27% from Facebook’s highest level last year. The real impact was less dramatic as only 9% actually stopped using the platform and only 31% said that they probably would do the same.

#23. The Highest Percentage of IoT Device Attacks Originate in China

The origin of IoT attacks over the past year was more likely to be China than any other location in the world. More than 21% of malicious attacks on IoT devices originated in China, according to Symantec’s Internet Threat Security Report. The U.S. was the country of origin for 11% of attacks and the Russian Federation only accounted for 6% of the overall attacks. Almost 30% of attacks originated in the Asian Pacific as a whole. You will note that the largest percentage of VPN users are also in the Asian Pacific; coincidence?

#24. 400 Million New Malware Samples Were Produced in the 2nd Quarter of 2018

Daily Host News report says that the number of new malware samples produced in the second quarter of 2018 had reached 400 million. The figure is staggering in and of itself, but if you consider that 2015 reports had daily malware samples at 230,000, it becomes frightening. The average daily number of new malware samples would be close to 4.5 million given this statistic. That is close to a 1960% increase over a 3 year period.

#25. The Total Number of Passwords Use by Human and Machines Worldwide Should Reach 300 Billion by 2020

Cybersecurity Media interview with Thycotic Cyber Strategist, Joseph Carson, reports that the number of accounts a single individual is likely to be managing by 2020 will be between 60 and 90 due to the growth of IoT. Each of those accounts will require a password. Carson also estimates that 200 billion of the 300 billion total passwords will be utilized by machines. The major danger we will be facing, according to the report, is that “the need for multiple passwords can cause users to suffer from security fatigue, resulting in lazy behaviors such as using the same passwords across multiple accounts.”

#26. Total Number of Security Breaches Rose by 44.7% in the Past Year

Security breaches in 2017 reached an all-time high of 1,579, according to data collected by the ITRC. This number represents a 44.7% increase in security breaches reported in 2016. Hardest hit by security breaches were the business sector at 870, the medical/healthcare sector at 374, and the banking/credit/financial sector at 134. If the number of security breaches continues on the same trajectory, 2018 could see close to 2,300 breaches.

#27. Lifestyle Apps Account for 27% of Cybersecurity Issues

Though mobile cyber threats only make up 8% of the total number of cyber attacks in the past year, mobile malware still grew by 54% between 2016 and 2017 from 17,214 programs to 26,579 programs. Symantic notes that among the most targeted app categories are: lifestyle apps 27%, music apps 20%, and books and reference 10%. It is significant to note that 99.9% of the mobile malware discovered were hosted on third-party app stores.

#28. Only 27% of Daily Malicious Web Attacks Are Blocked

A 270 batting average might be okay for a hitter in the MLB, but when it comes to security and how much a malicious attack could cost you, it profoundly inadequate. Symantec reports that only a little over 600,000 of more than 220 million daily malicious attacks are actually blocked by malware detecting software. This staggering failure doubled within a year’s time. Analysts believe that the increased failure was related to coinmining efforts that increased in August of 2017.

#29. 1 in 13 Web Requests Lead to Malware

Here is a staggering statistic that should cause you to think twice about clicking on a URL link. Symantec also reports that 1 out of every 13 URLs analyzed at the gateway were found to be malicious. This is a 3% jump from the previous year in which only 1 in 20 URLs led to some sort of malware. If you consider that estimates place the average number of emails an employee receives in a business day, you have a potential of 10 malicious attack waiting to happen every day.

#30. Only 15% of Small Businesses Enforce Strict Password Policies

Given the 29 statistics that we just went through, you would think that individual users and small businesses would work harder at stricter security measures. That doesn’t seem to be the case. A Ponemon Institute Keeper Reportindicates that though 68% of small businesses that have a password policy do not strictly enforce it. Even worse, is that only 43% of survey respondents actually have a password policy to begin with, which means that only 15% of small businesses are actually enforcing strict password policies.


It is pretty easy to admit, based on the statistics we just shared, that cyber security is abysmal across the board. Cybercrime is a major issue in our digital world and its threat continues to grow out of control. Many of the measures needed to curb the growing trends are extremely complicated, costly and must be addressed at the highest corporate and governmental levels.

Your individual or small business security should be a major priority. You can prevent yourself from becoming a part of the above statistics by following these steps:

1. Conduct a cyber security risk assessment of your network and devices
2. Create a cyber security threat prevention plan for yourself, your family and your business or organization.
3. Execute your cyber security threat prevention plan.
4. Evaluate and update your cyber security threat plan frequently to adjust to new threats.

1 thought on “30 Cyber Security Statistics for 2020”

Leave a Comment