50+ Cybersecurity Statistics & Trends [2026 Update]
Cybersecurity issues have long been a daily threat to businesses. Staying up-to-date on the latest cybersecurity statistics, trends, and facts helps you understand the risks and what you should be vigilant about.
The cybersecurity landscape is constantly changing, but it is obvious that cyber threats are becoming more serious and happening more frequently.
Here is a summary of some of the most interesting and alarming cybersecurity statistics for 2026:
- The yearly global cost of cybercrime is estimated to reach $10.5 trillion in 2026, and is projected to climb toward $12.2 trillion annually by 2031. ( Cybersecurity Ventures)
- Over 2,200 cyberattacks are happening every single day - roughly one every 39 seconds. ( University of Maryland)
- Around 1.7 million ransomware attacks happen every day. ( Statista)
- A large majority of organizations worldwide have been victims of ransomware attacks. ( Cybersecurity Ventures)
- Organized crime is responsible for 80% of all security and data breaches. ( Verizon)
- Ransomware attacks happen every few seconds. ( InfoSecurity Group)
- 71% of all cyberattacks are financially motivated (followed by intellectual property theft, and then espionage). ( Verizon)
and did you know that:
F-35 fighter jets face greater threats from cyber-attacks than from enemy missiles.
Source: Interesting Engineering ^
Thanks to its superior computing system, the F-35 stealth fighter jet is the most advanced plane in modern times. But its greatest feature becomes its greatest liability in a digitized world that's under constant threat of cyber attack.
List of Statistics & Trends
Here is a list of the latest up-to-date cybersecurity statistics to help you understand what is happening in the field of infosec, as well as what to expect in 2026 and beyond.
The yearly global cost of cybercrime is estimated to reach $10.5 trillion in 2026.
Source: Cybersecurity Ventures ^
The global cost of cybercrime is forecast to hit an eye-watering $10.5 trillion in 2026 - up from around $8 trillion in 2023 - and is projected to climb toward $12.2 trillion annually by 2031.
Global cybercrime damage costs at the $10.5 trillion-per-year rate break down to roughly:
- $10.5 Trillion per YEAR
- $875 Billion per MONTH
- $202 Billion per WEEK
- $28.8 Billion per DAY
- $1.2 Billion per HOUR
- $20 Million per MINUTE
- $333,000 per SECOND
Cybercrime is expected to be far more profitable than the global trade in all major illegal drugs combined.
The world will need to cyber-protect over 200 zettabytes of data. This includes data stored on both public and private servers, cloud data centers, personal computers and devices, and Internet of Things items.
To put that into context, there are 1 billion terabytes per zettabyte (and one terabyte is 1,000 gigabytes).
The cybersecurity industry is worth over $245 billion in 2026.
Source: Statista ^
The cybersecurity market is estimated to be worth around $248 billion in 2026, up from roughly $219 billion in 2025, and is forecast to keep growing at double-digit rates.
The need to protect computing platforms and data becomes more important as the world relies more on technology and digital assets. This is good news for the infosec industry and tech-minded job seekers.
There are 2,244 cyberattacks per day, equating to over 800,000 attacks per year. That's almost one attack every 39 seconds.
Source: University of Maryland & ACSC ^
It's hard to find up-to-date or fully accurate figures on this statistic, and the only reliable report dates back to 2003.
A Clark School study at the University of Maryland from 2003 is one of the first to quantify the near-constant rate of hacking attacks. The study found that 2,244 attacks happened daily, breaking down to almost one cyberattack every 39 seconds, and "brute force" was the most common tactic.
Today, we do not know the exact figure for the number of daily cyberattacks, but it is significantly more than this report's findings.
A more recent picture comes from Australia's national cyber agency (ASD/ACSC), which received over 87,400 cybercrime reports in the 2023-24 financial year (crimes reported, not hacks) - that works out to roughly one cybercrime report every six minutes.
There are around 4.8 million unfilled cybersecurity jobs worldwide.
Source: Cybercrime Magazine ^
As the threat and cost of cybercrime ramps up, so does the need for experienced professionals to tackle the problem. ISC2's most recent workforce estimate put the global shortfall at around 4.8 million cybersecurity-related jobs unfilled worldwide, up from a long-cited estimate of 3.5 million - with the Asia-Pacific region accounting for the largest share of the gap. (ISC2 has since shifted its focus from headcount to skills, with most organizations now reporting critical or significant skills gaps on their teams.)
According to Cisco, back in 2014, there were only one million cybersecurity openings. The current cybersecurity unemployment rate remains effectively 0% for experienced individuals, and it has been this way for years.
Credential phishing surged 703% in the second half of 2024, and phishing attacks now top one million per quarter.
Source: SlashNext & APWG ^
Phishing volume keeps climbing. SlashNext recorded a 703% jump in credential-phishing attacks in the second half of 2024, alongside a 202% rise in email-based attacks. The APWG has logged more than one million phishing attacks in a single quarter repeatedly through 2024 and 2025, peaking at 1,130,393 attacks in Q2 2025.
A large share of these attacks are credential harvesting, which remains the top cause of breaches. AI is now being used to generate convincing lures at scale, making the attacks harder to detect than ever.
Last year, the .com domain was the most common URL included in phishing email links to websites at 54%. The next most common domain was '.net' at around 8.9%.
Source: AAG-IT ^
.com domains still reign supreme when it comes to being spoofed for phishing purposes. 54% of phishing emails contained .com links, while 8.9% of them had .net links.
The most commonly used brands for phishing are LinkedIn (52%), DHL (14%), Google (7%), Microsoft (6%), and FedEx (6%).
Ransomware detections fell to 2.3 million in 2024, but the number of organizations hit actually rose.
Source: SonicWall ^
Ransomware is a type of malware that infects a user's computer and restricts access to the device or its data, demanding money in exchange for freeing them (using cryptocurrency because it is hard to trace).
Ransomware is one of the most dangerous hacks because it allows cybercriminals to deny access to computer files until a ransom is paid.
The raw volume has shifted dramatically toward "big-game hunting" - fewer, higher-impact attacks. SonicWall recorded 2.3 million ransomware hits in 2024, down 87% from 18.2 million in 2023, yet the number of impacted organizations actually rose by around 20%. The average ransomware payment in 2024 was roughly $850,700, with the total cost of an incident - including downtime and recovery - averaging close to $4.91 million.
71% of organizations worldwide have been victimized by ransomware attacks.
Source: Cybersecurity Ventures ^
A huge number of organizations have experienced ransomware attacks. Well over 70% of businesses have fallen victim, compared with 55.1% in 2018.
The median ransom payment is now around $1 million, but organizations routinely negotiate this down - the median amount actually paid can be a fraction of the original demand, and around 64% of victims now refuse to pay at all.
A study conducted by the Poneman Institute claims cyber attacks against US hospitals increase mortality rates.
Source: NBC News ^
Two-thirds of respondents in the Ponemon study who had experienced ransomware attacks said the incidents had disrupted patient care. 59% found they increased the length of patients' stays, leading to strained resources.
Almost 25% said the incidents led to increased mortality rates. At the time of the study, at least 12 ransomware attacks on US healthcare affected 56 different facilities.
Did you know that in September 2020, the Duesseldorf University Clinic in Germany was hit by a ransomware attack that forced staffers to direct emergency patients elsewhere. The cyberattack took down the entire IT network of the hospital, which led to doctors and nurses who were unable to communicate with each other or access patient data records. As a result, a woman seeking emergency treatment for a life-threatening condition died after she had to be taken over an hour away from her hometown because there wasn't enough staff available at local hospitals.
Around 80% of malicious links are now zero-hour (never-before-seen) threats.
Source: SlashNext & SonicWall ^
Roughly 80% of the malicious links SlashNext observes are previously unknown, zero-hour threats - many generated by AI moments before they are deployed, which defeats traditional signature-based detection. SonicWall reinforces the trend, recording 210,258 never-before-seen malware variants in 2024 - about 637 new variants every day. The rise in novel attacks shows how quickly hackers iterate to stay ahead of defenses.
A network or data breach is the top security breach to impact an organization's resilience and accounts. 51.5% of businesses were affected in this way.
Source: Cisco ^
While network and data breaches are the top types of security breaches, network or system outages come in a close second, with 51.1% of businesses affected . 46.7% had experienced ransomware, 46.4% had a DDoS attack, and 45.2% had accidental disclosure.
In 2024 the "Mother of All Breaches" exposed a staggering 26 billion records.
Source: Cybernews & IBM ^
Early in 2024, researchers uncovered the "Mother of All Breaches" (MOAB) - a compilation of roughly 26 billion records drawn from thousands of earlier leaks, including data from LinkedIn, X/Twitter, Adobe, and Dropbox. Later that year, the National Public Data breach exposed around 2.9 billion records - names, addresses, Social Security numbers, and dates of birth of US citizens - in what may be the most consequential single-source breach to date. In 2025, a further 16 billion login credentials were found compiled and exposed online, underscoring how breached data is endlessly recycled and resold.
Major platforms keep losing user data - from Twitter's 5.4 million accounts in 2022 to billions of records in recent mega-leaks.
Source: CS Hub & Cybernews ^
Back in July 2022, a hacker stole email addresses, phone numbers, and other data from 5.4 million Twitter accounts via a vulnerability the company had ignored. The pattern has only intensified since: recent years brought the 2.9 billion-record National Public Data leak, a 16 billion-credential compilation surfaced in 2025, and ongoing infostealer dumps that recycle stolen logins across the dark web.
Other notable incidents over the years included the attempted sale of 500 million stolen WhatsApp user details, more than 1.2 million credit card numbers leaked on the hacking forum BidenCash, and 9.7 million people's information stolen in the Medibank data leak in Australia.
Over 90% of malware comes through email.
Source: CSO Online ^
When it comes to malware attacks, email remains the favorite distribution channel of hackers. 94% of malware is delivered via email. Hackers use this approach in phishing scams to get people to install malware onto networks. Nearly half of the servers that are used for phishing reside in the United States.
30% of cyber security leaders say they can't hire enough staff to handle the workload.
Source: Splunk ^
There's a talent crisis within businesses, and 30% of security leaders say there's insufficient staff to handle an organization's cyber security. Furthermore, 35% say they cannot find experienced staff with the right skills, and 23% claim both factors are a problem.
When asked how they plan to tackle the issue, 58% of security leaders chose to increase funding for training, while only 2% picked to increase the use of cybersecurity tools with artificial intelligence and machine learning.
Nearly half of all cyberattacks target small businesses.
Source: Cybint Solution ^
While we tend to focus on cyber attacks on Fortune 500 companies and high-profile government agencies, Cybint Solutions found that small businesses were the target of 43% of recent cyber attacks. Hackers find that many small businesses haven't adequately invested in cyber security and want to exploit their vulnerabilities for financial gain or to make political statements.
Over the past year, 427.8 million malicious emails reached business inboxes.
Source: Hornetsecurity ^
When it comes to malware attacks, email remains the favorite distribution channel of hackers. In its most recent annual analysis of 55.6 billion emails, Hornetsecurity (formerly Vade) found that 427.8 million malicious emails reached business inboxes, with 36.9% of all email classified as unwanted. Phishing made up around a third of attacks, while malicious URLs accounted for nearly 23%. The method of choice for most attacks is impersonating well-known brands, with Facebook, Google, PayPal, and Microsoft being the favorites.
Google blocked roughly 27 million new malicious Android apps in 2025 - more than double the prior year.
Source: Google & Kaspersky ^
Mobile remains a major battleground for malware. Google's real-time scanning caught around 27 million new malicious sideloaded Android apps in 2025, more than double the roughly 13 million flagged in 2024. Kaspersky, meanwhile, detected over 1.1 million malicious or unwanted Android installation packages in 2024 - including some 69,000 mobile-banking Trojans - and reported that attacks on Android devices rose 29% in the first half of 2025 compared with the same period a year earlier.
The takeaway is clear: as users do more on their phones, attackers are following them there, increasingly targeting tablets and Internet of Things devices as well.
The global average cost of a data breach is now $4.44 million, while the US average stands at $10.22 million.
Source: IBM ^
According to IBM's 2025 Cost of a Data Breach report, the global average cost of a data breach eased slightly to around $4.44 million - a roughly 9% drop, which IBM attributes to faster, AI-assisted detection and containment. The United States remains by far the costliest country at around $10.22 million per breach, more than double the global figure.
While data breaches are serious and cost businesses millions of dollars, it's not the only problem they need to watch out for. Cybercriminals are increasingly using AI to scale attacks and targeting SaaS (software as a service) and cloud environments.
Selling cybercrime as a service continues to boom on the dark web, as do data-leak marketplaces where all of that stolen data ends up – for a price.
To add to the misery, the increased risks mean that cyber insurance premiums remain at elevated levels. Additionally, any business suffering from a large security breach will face an equally large fine for not keeping its security tight enough.
In 2024, the FBI's IC3 received 859,532 internet crime complaints in the US, with a record $16.6 billion in losses.
Source: IC3.gov ^
The FBI's Internet Crime Complaint Center logged 859,532 complaints in 2024 - a 33% jump over the prior year - with reported losses hitting a record $16.6 billion, averaging roughly $19,000 per complaint. Over the most recent five-year window (2020-2024), IC3 has amassed about 4.2 million complaints and $50.5 billion in losses. The top crime categories include phishing, extortion, personal data breaches, and investment fraud.
Business email compromise (BEC) remained one of the costliest categories, accounting for around $2.77 billion in losses in 2024 across more than 21,000 complaints.
Twitter continues to be a key target for hackers after users' data. In December 2022, 400 million Twitter accounts had their data stolen and put up for sale on the dark web.
Source: Dataconomy ^
The sensitive data included email addresses, full names, phone numbers, and more, with many high-profile users and celebrities included in the list.
This comes after another huge zero-day attack in August 2022, where over 5 million accounts were compromised, and the data was put up for sale on the Darkweb for $30,000.
In 2020 130 high-profile Twitter accounts were hacked, including the account of the current Twitter CEO – Elon Musk. The hacker gained around $120,000 in Bitcoin before scarpering.
Organized crime is responsible for 80% of all security and data breaches.
Source: Verizon ^
Despite the word "hacker" conjuring up images of someone in a basement surrounded by screens, the vast majority of cybercrime comes from organized crime. The remaining 20% consists of system admin, the end user, nation-state or state-affiliated, unaffiliated, and "other" persons.
One of the world's largest security firms admits it was the victim of a sophisticated hack in 2020.
Source: ZDNet ^
The hack of IT security firm FireEye was quite shocking. FireEye consults with government agencies to improve the security of networks that store and transmit data related to U.S. national interests. In 2020, brazen hackers breached the company's security systems and stole tools that FireEye uses to test government agency networks.
The vast majority of businesses are exposed to phishing every year, and AI is making attacks far more convincing.
Source: Cybertalk ^
Phishing remains the number one tactic that hackers use to get the data that they need for larger-scale attacks, and is now a factor in over 40% of all breaches. When phishing is customized for a targeted person or company, the method is called "spear phishing." AI-generated phishing lures are increasing click-through rates by as much as 54%, making attacks harder than ever to spot.
Around 15 billion phishing emails are sent daily, and that number continues to climb as attackers automate their campaigns.
According to Proofpoint's "State of the Phish" report, there is a severe lack of cybersecurity awareness and training that needs to be addressed.
Source: Proofpoint ^
From a survey conducted with 3,500 working professionals across seven countries, only 53% could correctly explain what phishing is. Only 36% correctly explained ransomware, and 63% knew what malware is. The rest either said they didn't know or got the answer wrong.
When compared to the previous year's report, only ransomware had gained an increase in recognition. Malware and phishing dropped in recognition.
This proves that business owners really need to step up and implement training and awareness throughout their organizations. 84% of U.S. organizations said security awareness training had reduced phishing failure rates, so this shows it works.
Only 12% of organizations that allow corporate access from mobile devices use a Mobile Threat Defense solution.
Source: Checkpoint ^
Remote working has exploded in popularity bus organizations aren't taking steps to protect their employees.
Considering that 97% of US organizations have faced mobile threats, and 46% of organizations have had at least one employee download a malicious mobile application, it seems unthinkable that only 12% of businesses have deployed security measures.
Furthermore, only 11% of organizations claim they don't use any methods to secure remote access to corporate applications from a remote device. Nor do they carry out a device risk check.
Healthcare remains a prime target - a single ransomware attack on vendor OneTouchPoint hit 4.11 million patient records.
Source: SCMedia ^
In one widely reported incident, 30 different health plans were targeted through the printing and mailing vendor OneTouchPoint, with Aetna ACE bearing the brunt at over 326,278 compromised patient records. Healthcare data breaches have continued to mount since, regularly ranking among the costliest and most disruptive each year.
Medical records are top-of-mind for hackers. Financial records can be canceled and reissued when cyberattacks are discovered. Medical records stay with a person for life. Cybercriminals find a lucrative market for this type of data. As a result, healthcare cybersecurity breaches and theft of medical records are expected to increase.
One out of three employees is likely to click on a suspicious link or email or comply with a fraudulent request.
Source: KnowBe4 ^
The Phishing by Industry Report that KnowBe4 published stated that a third of all employees failed a phishing test and are likely to open a suspicious email or click on a dodgy link. The education, hospitality, and insurance industries are most at risk, with insurance having a 52.3% failure rate.
Shlayer is the most prevalent type of malware and is responsible for 45% of attacks.
Source: CISecurity ^
Shlayer is a downloader and dropper for MacOS malware. It's typically distributed via malicious websites, hijacked domains, and posing as a fake Adobe Flash updater.
ZeuS is the second most prevalent (15%) and is a modular banking trojan that uses keystroke logging to compromise victim credentials. Agent Tesla comes in third (11%) and is a RAT that logs keystrokes, captures screenshots, and withdraws credentials via an infected computer.
60% of businesses that experience ransomware attacks pay the ransom to get their data back. Many pay more than once.
Source: Proofpoint ^
Despite repeated warnings from security agencies, ransomware continues to wreak havoc, with government and critical infrastructure sectors particularly hard hit.
According to Proofpoint's "State of the Phish" research, a large majority of businesses dealt with at least one ransomware infection, and a substantial share of those that were infected ended up paying the ransom.
Even worse, some organizations had to pay more than once.
Ransomware attacks are common, and the lesson here is that you should expect to be the target of a ransomware attack; it's not a matter of if but when!
In the US, the FTC received 6.5 million fraud and identity theft reports in 2024, with fraud losses hitting $12.5 billion.
Source: FTC Consumer Sentinel ^
Online fraud has surged in recent years. In 2024 alone, the Federal Trade Commission received around 6.5 million consumer reports, of which roughly 1.1 million were identity theft cases. Total reported fraud losses reached a record $12.5 billion - a 25% jump over the previous year, led by investment scams and imposter scams. It is estimated that around a third of Americans will experience identity theft at some point in their lives.
Credit card fraud is the most commonly attempted type of identity theft, and while it may cost you thousands, you'll be shocked to hear that the average price for your data is only $6. Yep, that's just six dollars.
Each time individuals have access to your personal data, you're at risk of identity theft. Thus, you want to ensure that you're always being smart with your data and protecting it from any potential hackers. You want to reduce any situation that may expose you and your personal data.
The United States suffers the most data breaches by location and receives 23% of all cybercrime attacks.
Source: Enigma Software ^
The United States has comprehensive breach notification laws, which drive up the number of reported cases; however, its 23% share of all attacks towers over China's 9%. Germany is third with 6%; the UK comes fourth with 5%, then Brazil with 4%.
What are the emerging trends in Cybersecurity for the next 5-10 years?
Source: ET-Edge ^
- Revolutionizing Defense with AI and ML: Integrating Artificial Intelligence and Machine Learning is not just an upgrade; it's a complete transformation of our cyber defense mechanisms. These cutting-edge technologies will become the cornerstone of cybersecurity, offering real-time detection and response capabilities that are smarter, faster, and more efficient than ever before.
- Quantum Computing: A Double-Edged Sword: As we enter the era of quantum computing, we face a paradox of progress. While quantum computing presents remarkable opportunities, it simultaneously poses a grave threat to existing encryption methods. Preparing for this quantum leap is no longer optional but critical for cybersecurity strategies in the coming decade.
- Securing the IoT Ecosystem: The Internet of Things is set to expand dramatically, weaving an intricate web of interconnected devices. From smart homes to industrial systems, the security of these networks will be paramount. The next decade will witness a surge in the development of robust security standards, advanced authentication protocols, and regular software updates, all aimed at fortifying the IoT against sophisticated cyber threats.
The journey into the future of cybersecurity is not just about staying ahead of threats; it's about redefining our approach to digital security in an ever-connected world.
Questions & Answers
Wrap Up
Cybersecurity is a big issue, and it's only getting bigger. As phishing attempts, malware, identity theft, and huge data breaches increase daily, the world is looking at an epidemic that will only be solved with worldwide action.
The cybersecurity landscape is changing, and it is obvious that cyber threats are becoming more sophisticated and harder to detect, plus they're attacking with more frequency.
Everyone needs to do their part to prepare and combat cybercrimes. That means making INFOSEC best practices routine and knowing how to handle and report potential cyber threats.
Don't miss our list of the best YouTube channels to learn about cybersecurity.
Sources – References
- https://www.hornetsecurity.com/en/press-releases/cyber-security-report-2024/
- https://interestingengineering.com/cyber-attacks-more-likely-to-bring-down-f-35-jets-than-missiles
- https://www.statista.com/statistics/1280009/cost-cybercrime-worldwide
- https://www.statista.com/outlook/tmo/cybersecurity/worldwide
- https://cybersecurityventures.com/stats
- https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report
- https://www.cisco.com/c/dam/en/us/products/collateral/security/security-outcomes-vol-3-report.pdf
- https://aag-it.com/the-latest-2022-phishing-statistics-updated-october/
- https://www.statista.com/statistics/494947/ransomware-attacks-per-year-worldwide/
- https://www.statista.com/statistics/204457/businesses-ransomware-attack-rate/
- https://venturebeat.com/security/report-ransomware-attack-frequency-and-amount-demanded-down-in-h1
- https://www.nbcnews.com/tech/security/cyberattacks-us-hospitals-mean-higher-mortality-rates-study-finds-rcna46697
- https://www.cshub.com/attacks/articles/the-biggest-data-breaches-and-leaks
- https://www.splunk.com/en_us/pdfs/gated/ebooks/state-of-security-2022.pdf
- https://www.vadesecure.com/en/blog/q3-phishing-and-malware-report
- https://www.govtech.com/security/hacking-top-ten.html
- https://venturebeat.com/security/report-average-time-to-detect-and-contain-a-breach-is-287-days/
- https://us.norton.com/blog/emerging-threats/cybersecurity-statistics#
- https://www.gdata-software.com/news/2023/08/37506-g-data-mobile-security-report-conflict-in-ukraine-causes-decline-in-malicious-android-apps
- https://www.ibm.com/reports/data-breach
- https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf
- https://dataconomy.com/2023/12/twitter-data-breach-400-million-user-hacker/
- https://www.cybertalk.org/2023/03/30/top-15-phishing-attack-statistics-and-they-might-scare-you/
- https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-state-of-the-phish.pdf
- https://www.enigmasoftware.com/top-20-countries-the-most-cybercrime/
- https://identitytheft.org/statistics/
- https://www.accountingtoday.com/news/average-price-of-stolen-digital-data-6-bucks-says-study
- https://www.scmagazine.com/feature/breach/most-of-the-10-largest-healthcare-data-breaches-in-2023-are-tied-to-vendors
- https://www.verizon.com/business/blog/resources/reports/dbir/2020/results-and-analysis/
- https://blog.checkpoint.com/2022/02/02/the-2022-workforce-security-report/
- https://www.knowbe4.com/typ-phishing-by-industry-benchmarking?submissionGuid
- https://www.cisecurity.org/insights/blog/top-10-malware-march-2022
- https://apwg.org/trendsreports/
- https://www.sonicwall.com/threat-report
- https://www.hornetsecurity.com/en/blog/cyber-security-report-2025-press-release/
- https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf
- https://www.ftc.gov/news-events/news/press-releases/2025/03/new-ftc-data-show-big-jump-reported-losses-fraud-125-billion-2024
- https://en.wikipedia.org/wiki/2024_National_Public_Data_breach
- https://cybersecurityventures.com/official-cybercrime-report-2025/
- https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2023-2024
If you want more statistics, check out our Internet statistics page here.