Disclosure: TheBestVPN is reader-supported. When you buy a VPN through links on our site, we may earn commissions. Learn more.

14 Most Alarming Cyber Security Statistics in 2020

Rob Mardisalu

Rob Mardisalu

I’ve updated these statistics to reflect 2018 and 2019. If you want to point out any corrections, let me know.

Cyber attacks are growing in prominence every day – from influencing major elections to crippling businesses overnight, the role cyber warfare plays in our daily lives should not be underestimated.

In fact, billionaire investor Warren Buffett claims that cyber threats are the biggest threat to mankind and that they are bigger than threats from nuclear weapons.

We have been compiling a list of relevant cyber-security statistics for you for years now and have decided to update our list with the most alarming cyber security statistics for 2020:

1. Americans are more worried about being a victim of cybercrime than being a victim of violent crime.

Read that again and let it sink in for a minute.

According to a Gallup study, Americans are more worried about cybercrime than violent crimes (including terrorism, being murdered, and being sexually assaulted). Not only are Americans more worried about cybercrime than other crimes, but their worries about cyber crimes has been consistent for about a decade now.

Specially, Americans are more worried about identity theft and being hacked:

  • 71 percent of Americans are worried about having their personal or financial information hacked.
  • 67 percent of Americans are worried about being a victim of identity theft.

By contrast:

  • 24 percent are worried about being a victim of terrorism.
  • 22 percent are worried about being attacked while driving, 20 percent about being sexually assaulted, and 17 percent about being murdered.
  • 7 percent are worried about being assaulted at the workplace.
american cybercrime statistics

2. There were more than 1.76 billion records leaked in January 2020 alone.

The year has barely started, but 2020 is on track to be a dangerously interesting year as far as data leaks is concerned.

In January 2020 alone, exactly 1,769, 185,063 user records were leaked. These include records from the famous Collection #1 breach containing user info and plain text passwords for about 772 million people compiled from some of the biggest data breaches to have happened, a MongoDB instance containing 854GB of data that exposed CVs containing sensitive information about 202 million Chinese users, and an Oklahoma government data leak that exposed 7 years of FBI investigations.

3. Ransomware is expected to cost businesses and organizations $11.5 billion in 2020.

The WannaCry ransomware attack made many people cry in 2017 — including the British National Health Service (NHS). It affected an estimated 200,000 computers in 150 countries and caused damages estimated to be in the billions of dollars. Other popular ransomware attacks include CryptoLocker, CryptoWall, TeslaCrypt, and SamSam.

Ransomware attacks aren’t slowing down any time soon. They will cost organizations an estimated $11.5 billion this year alone — and from individual computer users to governments, nobody is exempt. In fact, just recently, the local government of Jackson County, Georgia, had to pay $400,000 in ransom due to a ransomware attack and North Carolina’s Orange County experienced its third ransomware attack in six years.

4. Microsoft Office extensions are the most malicious file extensions used by email hackers.

According to data from Cisco’s 2018 Annual Cybersecurity Report, the most malicious file extension used by email hackers in 2018 was Microsoft Office formats. This includes files in the Word, PowerPoint, and Excel formats.

While the .EXE executable file format used to be very popular among hackers, most email service providers now block attachments with these formats due to their tendency to be exploited to distribute Malware. Microsoft Office formats have now taken the top spot for malicious file extensions; these formats are being exploited with the hope of using macros embedded in the documents to evade email security checks and computer antivirus programs.

Cisco’s study shows that 38 percent of malicious file extensions are Microsoft Office files. This is followed by archive file formats (.zip and .jar) at 37 percent and PDF files at 14 percent.

5. The main cause of data breaches are malicious or criminal attacks — and they are responsible for 48 percent of all data breaches.

Several factors have been found to be responsible for data breaches. They include:

  • Human error (such as negligence on the part of employees or contractors)
  • System glitches
  • Malicious or criminal attacks (in which a business was intentionally targeted with malicious intent)

IBM and Ponemon’s Institute’s Cost of a Data Breach Study found that not only are malicious or criminal attacks the major cause of a data breach, they are also the most costly. According to the study, 48 percent of data breaches are as a result of malicious or criminal attacks (compared to 27 percent for human error and 25 percent for system glitch).

data breach root cause graph

These attacks commonly involve malware infections, SQL injection, phishing/social engineering, and criminal insiders. These attacks generally cost $157 per user, compared to that from system glitches that costs $131 per user and that from human error that costs $128 per user.

data breach root causes graph 2

6. The global average cost of a data breach is $3.6 million — and it keeps increasing every year.

IBM and Ponemon Institute’s Cost of a Data Breach study also found that the average cost of a data breach for organizations worldwide is $3.6 million.

For the 2018 version of the study, IBM and Ponemon Institute interviewed over 2,200 IT, data protection, and compliance professionals from 477 companies that have suffered from a data breach in the past 12 months and found that, globally, the average data breach costs $3.86 million. What is perhaps more worrisome is that this is a 6.4 percent increase from the average cost of a data breach from the previous year. In the U.S., however, data breaches are more costly at an average of $7.91 million.

7. The global cost of cybercrime is expected to exceed $2 trillion in 2020.

According to Juniper Research’s The Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation report, the total cost of cybercrime is expected to exceed $2 trillion this year. According to Juniper, this is a four-fold increase when compared to the estimated cost of cybercrime in 2015 — just four years ago.

8. Mobile malware is on the rise but “grayware” could pose a more dangerous risk to mobile users.

According to data from Symantec’s 2018 Internet Security Threat Report, mobile malware is on the rise — with the number of new mobile malware variants introduced increasing by a massive 54 percent in one year. This is not helped by the fact that most mobile devices are running on older operating systems (only 20 percent of Android devices are running the newest release).

Despite the rise in mobile malware, a more alarming threat however is that posed by grayware; these are apps that appear to be safe but are rife with issues that put users’ privacy at risk. Symantec’s study found that 63 percent of grayware apps leak a device’s mobile number.

Remember that we recently released a study on how VPN apps ask for dangerous permissions? Specifically, 62 percent of top VPN apps ask for dangerous permissions and will qualify as grayware.

If you’re interested in reading more about VPNs, the following links might be valuable for you:

9. Cryptojacking is one of the more serious cyber threats to watch out for in 2020.

It’s highly unlikely you haven’t heard about cryptocurrency in the past few years.

There’s a new term you need to add to your vocabulary, however. It’s called “cryptojacking.”

Cryptojacking is when a hacker hijacks your computer and then uses its CPU power to mine cryptocurrencies.

According to Symantec’s 2020 Internet Security Threat Report, there were four times more cryptojacking events in 2018 than in 2017. Cryptojacking particularly peaked in 2018, and the month of January and February 2018 were particularly noteworthy — with Symantec blocking about 8 million cryptojacking attempts each month.

Cryptojacking will only rise in 2020, particularly as the cryptocurrency market continues to show new signs of life.

10. The number of groups using destructive malware increased by 25 percent in 2018.

Malware attacks is on the rise, but destructive malware more so. Destructive malware are malware that target computer systems with the aim of destroying them and rendering them inoperable.

According to Symantec’s 2020 Internet Threat Report, the number of groups using destructive malware increased by 25 percent in 2018. Notable attacks involving groups that use destructive malware that were exposed in 2018 involved the Thrip group compromising a satellite communications operator and then looking for and infecting computers running software that monitor and control satellites such as MapXtreme, Garmin, and Google Earth Server and the Iran-based Chafer group compromising a Middle East telecoms service provider.

thrip attack group malware infographic

11. Around 7 out of 10 businesses are not prepared to respond to a cyber attack.

We’ve taken a look at some shocking cyber statistics that show that the average cost of a data breach is in the millions and that malicious attacks are on the rise, yet a whopping 73 percent of businesses are not ready to respond to a cyber attack. This is according to the 2018 Hiscox Cyber Readiness Report. The study of more than 4,000 organizations across the US, UK, Germany, Spain, and the Netherlands found that most organizations are unprepared (cyber novices) and would be seriously impacted by a cyber attack.

worldwide cyber attack readiness graph

12. Phishing emails are responsible for about 91 percent of cyber attacks.

In most cases, 9 out of 10 successful cyber attacks can be traced to a phishing attempt. This is according to research conducted by PhishMe.

After sending 40 million simulated phishing emails to about 1,000 organizations, PhishMe found that 91 percent of cyber attacks start with a spear phishing email. Worse, these attacks are on the rise.

13. A staggering 92 percent of malware is delivered via email.

Email is a top contender when it comes to cyber attacks, and in line with PhishMe’s study above, according to Verizon’s 2018 Breach Investigations Report, email is responsible for 92 percent of malware.

The 2018 Verizon study that analyzed 53,308 security incidents and 2,216 data breaches in 65 countries found that email is responsible for 92.4 percent of malware while the web is responsible for a measly 6.3 percent.

14. More than 76 percent of cyber attacks are financially motivated.

As the cyberspace gets more sophisticated and intertwined with the real world, the stakes will continue to increase. More cyber attacks, hacks, and data breaches are motivated by financial purposes than anything else.

Verizon’s 2018 Breach Investigations Report also found that 76 percent of cyber attacks are motivated by money; most of these attacks (73 percent) are perpetrated by people outside of the organization, with the majority being carried out by organized criminal groups and 12 percent being carried out by nation-state or state-affiliated actors.