“No locale, no industry or organization is bulletproof when it comes to the compromise of data.”

Those words from Verizon’s “2016 Data Breach Investigations Report” neatly summarized the cyberthreat environment today. There is no immunity. This year’s wave of cybercrime statistics suggest that threats are well-funded, increasingly nefarious and more costly to victimized organizations. In fact, IBM President and CEO Ginni Rometty described cybercrime as “the greatest threat to every profession, every industry, every company in the world.”

20 Stunning Cybercrime Statistics

For anyone seeking support from the C-suite for more aggressive security investments, numbers can be a huge help. Here are the top 20 cybercrime statistics to encourage security teams to bolster their cybersecurity efforts. No scare tactics here — just the cold hard facts from a wide variety of sources.

Cost of a Data Breach

  1. The global cost of cybercrime will reach $2 trillion by 2019, a threefold increase from the 2015 estimate of $500 billion.
  2. The cybercrime cost figure above may be the tip of the iceberg. According to “The Global Risks Report 2016,” from the World Economic Forum, a significant portion of cybercrime goes undetected. This is particularly true in the case of industrial espionage and the heist of proprietary secrets, because illicit access to sensitive or confidential documents and data is hard to detect.
  3. According to the Identity Theft Resource Center’s (ITRC) “ITRC Data Breach Report,” more than 29 million records were exposed in 858 publicized breaches across sectors including financial, government, health care and education.
  4. According to the Ponemon Institute’s “2016 Cost of Data Breach Study: Global Analysis,” which queried 383 organizations that suffered at least one breach in 2016, the average cost per breach was $4 million. That figure rose to $7 million in the U.S.
  5. The same study found that the cost per record stolen averages $158 globally, but tops $220 in the U.S.
  6. Due to the intensity of compliance and regulations, the costs per breach to organizations in the health care and financial services sectors top all other industry groups, according to the Ponemon study.
  7. The financial hit resulting from theft of trade secrets ranges from 1 percent to 3 percent of an entire nation’s gross domestic product (GDP), according to IDG’s “Global State of Information Security Survey 2016.” The cost ranges from $749 billion to $2.2 trillion annually.
  8. Last year, IDG detected 38 percent more cybersecurity incidents than the year prior.
  9. Forty-eight percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.

**UPDATED** Read the Ponemon Institute 2017 Cost of Data Breach Global Study

SMB Struggles

  1. Small and midsized organizations (SMBs), defined as those with 100 to 1,000 employees, are hardly immune to cybercrime — actually quite to the contrary. According to Keeper Security’s “The State of SMB Cybersecurity” report, a staggering 50 percent of small and midsized organizations reported suffering at least one cyberattack in the last 12 months.
  2. The average cost of a data breach involving theft of assets totaled $879,582 for these SMBs. They spent another $955,429 to restore normal business in the wake of successful attacks.
  3. For these SMBs, 60 percent of employees use the exact same password for everything they access. Meanwhile, 63 percent of confirmed data breaches leverage a weak, default or stolen password.

Cybersecurity Spending and Resources

  1. Global spending to combat cybercrime will top $80 billion this year, with organizations increasingly focusing on detection and response because taking preventive approaches have not been successful in blocking malicious attacks.
  2. Spending on cyber insurance has swelled, primarily in the U.S., from $1 billion two years ago to $2.5 billion in 2016. Experts expect dramatic growth in the next five years as the insurance concept spreads globally.
  3. In 2016, 62 percent of organizations used managed security services for at least part of their cybercrime defenses, according to PwC’s “The Global State of Information Security” report.
  4. Just half of the global organizations PwC surveyed reported that they already use advanced big data analytics to model for and identify threats. Meanwhile, machine learning techniques are adding significant muscle to fraud detection and application security efforts.

Preparedness and Response

  1. Only 38 percent of organizations surveyed for ISACA’s “2015 Global Cybersecurity Status Report” believed they were prepared to meet the onslaught of sophisticated cybercrime.
  2. Of the 1,000 IT leaders polled for Invincea’s “2016 Cyberthreat Defense Report,” three-quarters reported that their networks had been breached in the last year, and 62 percent said they expect to suffer a successful cyberattack at some point this year.
  3. Phishing is a well-known cybercrime technique that involves defrauding an online account user by posing as a legitimate entity. According to the Verizon DBIR, 30 percent of phishing emails are actually opened, and 12 percent of those targeted click on the infecting link or attachment.
  4. An Osterman Research survey of 540 organizations in North America, the U.K. and Germany revealed that nearly half had sustained ransomware attacks in the last year.

Read the white paper: Adapt to new phishing threats and assess websites automatically

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today