134 Cybersecurity Statistics and Trends for 2021

By Varonis

The worldwide information security market is forecast to reach $170.4 billion in 2022, according to Gartner. This is due in large part to organizations evolving their defenses against cyber threats — and a rise in such threats, including in their own companies. According to Cybint, 95% of cybersecurity breaches are caused by human error. It’s a telling takeaway about the cybersecurity landscape, and we’ve outlined more to give an idea of the field as a whole, along with the overall impact of cyber attacks.

To learn more about a variety of cybersecurity topics, drop in for a free security webinar.

  1. 95% of cybersecurity breaches are caused by human error. (Cybint)
  2. The worldwide information security market is forecast to reach $170.4 billion in 2022. (Gartner)
  3. 88% of organizations worldwide experienced spear phishing attempts in 2019. (Proofpoint)
  4. 68% of business leaders feel their cybersecurity risks are increasing. (Accenture)
  5. On average, only 5% of companies’ folders are properly protected. (Varonis)
  6. Data breaches exposed 36 billion records in the first half of 2020. (RiskBased)
  7. 86% of breaches were financially motivated and 10% were motivated by espionage. (Verizon)
  8. 45% of breaches featured hacking, 17% involved malware and 22% involved phishing. (Verizon)
  9. Between January 1, 2005, and May 31, 2020, there have been 11,762 recorded breaches. (ID Theft Resource Center)
  10. The top malicious email attachment types are .doc and .dot which make up 37%, the next highest is .exe at 19.5%. (Symantec)
  11. An estimated 300 billion passwords are used by humans and machines worldwide. (Cybersecurity Media)

Largest Data Breaches and Hacking Statistics

The increasing amount of large-scale, well-publicized breaches suggests that not only are the number of security breaches going up — they’re increasing in severity, as well. Data breaches expose sensitive information that often leaves exposed users at risk for identity theft, ruin companies’ reputations and almost always leave the company liable for compliance violations.

See the data breach statistics below to help quantify the effects, motivations and causes of these damaging attacks.

Impactful Hacking Stats

  1. The average cost of a data breach is $3.86 million as of 2020.  (IBM)
  2. The average time to identify a breach in 2020 was 207 days.  (IBM)
  3. And the average lifecycle of a breach was 280 days from identification to containment. (IBM)
  4. Personal data was involved in 58% of breaches in 2020. (Verizon)
  5. Security breaches have increased by 11% since 2018 and 67% since 2014. (Accenture)
  6. 64% of Americans have never checked to see if they were affected by a data breach. (Varonis)
  7. 56% of Americans don’t know what steps to take in the event of a data breach. (Varonis)

Historic Data Breaches

  1. In 2020, a Twitter breach targeted 130 accounts, including those of past presidents and Elon Musk, resulted in attackers swindling $121,000 in Bitcoin through nearly 300 transactions. (CNBC)
  2. In 2020, Marriott disclosed a security breach impacted data of more than 5.2 million hotel guests. (Marriott)
  3. The 2019 MGM data breach resulted in hackers leaking records of 142 million hotel guests. (CPO Magazine)
  4. 500 million consumers, dating back to 2014, had their information compromised in the Marriott-Starwood data breach made public in 2018. (CSO Online)
  5. In 2018, Under Armor reported that its “My Fitness Pal” was hacked, affecting 150 million users. (Under Armour)
  6. In 2017, 147.9 million consumers were affected by the Equifax Breach. (Equifax)
  7. The Equifax breach cost the company over $4 billion in total. (Time Magazine)
  8. In 2017, 412 million user accounts were stolen from Friendfinder’s sites. (Wall Street Journal)
  9. 100,000 groups in at least 150 countries and more than 400,000 machines were infected by the Wannacry virus in 2017, at a total cost of around $4 billion. (Technology Inquirer)
  10. In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers. (Uber)
  11. Uber tried to pay off hackers to delete the stolen data of 57 million users and keep the breach quiet. (Bloomberg)
  12. In one of the biggest breaches of all time,3 billion Yahoo accounts were hacked in 2013. (New York Times)

Cyber Crime Statistics by Attack Type

It’s crucial to have a grasp of the general landscape of metrics surrounding cybersecurity issues, including what the most common types of attacks are and where they come from. Some of these most common attacks include phishing, whaling, malware, social engineering, ransomware and Distributed Denial of Service (DDoS) attacks.

There are new malware and viruses being discovered every day.

Ransomware and Malware

  1. The average ransomware payment rose 33% in 2020 over 2019, to $111,605. (Fintech News)
  2. In 2018, an average of 10,573 malicious mobile apps were blocked per day. (Symantec)
  3.  94% of malware is delivered by email. (CSO Online)
  4. The average cost of a ransomware attack on businesses is $133,000. (SafeAtLast)
  5. 48% of malicious email attachments are office files. (Symantec)
  6. Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations, and the U.S. ranks highest with 18.2% of all ransomware attacks. (Symantec)
  7. Most malicious domains, about 60%, are associated with spam campaigns. (Cisco)
  8. About 20% of malicious domains are very new and used around one week after they are registered. (Cisco)


  1. After declining in 2019, phishing increased in 2020 to account for 1 in every 4,200 emails. (Symantec)
  2. 65% of groups used spear-phishing as the primary infection vector. (Symantec)
  3. 1 in 13 web requests lead to malware. (Symantec)
  4. Phishing attacks account for more than 80% of reported security incidents. (CSO Online)
  5. $17,700 is lost every minute due to a phishing attack. (CSO Online)

IoT, DDos, and Other Attacks

  1. By 2023, the total number of DDoS attacks worldwide will be 15.4 million. (Cisco)
  2. Attacks on IoT devices tripled in the first half of 2019. (CSO Online)
  3. Malicious PowerShell scripts blocked in 2018 on the endpoint increased 1,000%. (Symantec)
  4. The Mirai-distributed DDoS worm was the third most common IoT threat in 2018.  (Symantec)
  5. 30% of data breaches involve internal actors. (Verizon)
  6. IoT devices experience an average of 5,200 attacks per month. (Symantec)
  7. 90% of remote code execution attacks are associated with cryptomining. (Purplesec)
  8. 69% of organizations don’t believe the threats they’re seeing can be blocked by their anti-virus software.(Ponemon Institute’s Cost of Data Breach Study)
  9. 1 in 36 mobile devices have high- risk apps installed. (Symantec)

Cybersecurity Compliance and Governance Statistics

With new threats emerging every day, the risks of not securing files is more dangerous than ever, especially for companies and for companies with a remote workforce. More severe consequences are being enforced as stricter legislation passes in regions across the world. Some stand-outs from recent years include the European Union’s 2018  General Data Protection Regulation (GDPR) and California’s 2020  California Consumer Privacy Act (CCPA).

Companies need to take note of the lessons learned from the GDPR, as more iterations are expected to pass across the globe in the coming years. It’s crucial to properly set permissions on files and get rid of stale data. Keeping  data classification and governance up to par is instrumental to maintaining compliance with data privacy legislation like  HIPAA,  SOX,  ISO 27001 and more.

Try a  free risk assessment to see where your vulnerabilities lie.

  1. 66% of companies see compliance mandates driving spending. (CSO Online)
  2. In 2018, businesses spent $1.3 million on average to meet compliance requirements and were expected to put in an additional $1.8 million. (IAAP)
  3. On average, every employee has access to 11 million files. (Varonis)
  4. 15% of companies found 1,000,000+ files open to every employee. (Varonis)
  5. 17% of all sensitive files are accessible to all employees. (Varonis)
  6. About 60% of companies have over 500 accounts with non-expiring passwords. (Varonis)
  7. More than 77% of organizations do not have an incident response plan. (Cybint)

GDPR Cybersecurity Statistics

  1. Companies reportedly spent $9 billion on preparing for the GDPR and, in 2018, legal advice and teams cost UK FTSE 350 companies about 40% of their GDPR budget or $2.4 million. (Forbes)
  2. 88% of companies spent more than $1 million on preparing for the GDPR.  (IT Governance)
  3. In the GDPR’s first year, there were 144,000 complaints filed with various GDPR enforcement agencies and 89,000 data breaches recorded. (EDPB)
  4. 1,000 news sources blocked EU readers to avoid the GDPR compliance rules. (Nieman Lab)
  5. The GDPR fines totaled $63 million in its first year. (GDPR.eu)
  6. Google was fined $57 billion for GDPR violations by CNIL, a French data protection agency. (TechCrunch)
  7. Since the GDPR was enacted, 31% of consumers feel their overall experience with companies has improved. (Marketing Week)
  8. By 2019, only 59% of companies believed they were GDPR compliant. (ZDNet)
  9. 70% of companies agree that the systems they put in place will not scale as new GDPR regulations emerge. (DataGrail)

Industry-Specific Cyber Stats

When it comes to cybersecurity, not all industries are created equal. Industries that store valuable information like  healthcare and  finance are usually bigger targets for hackers who want to steal Social Security Numbers, medical records and other personal data. But really, no one is safe because lower-risk industries are also targeted due to the perception that they’ll have fewer security measures in place.

Take a  free 30-minute demo and see how Varonis can help keep your organization’s name out of data breach news.


  1. WannaCry ransomware attack cost the National Health Service (NHS) over $100 million. (Datto)
  2. The healthcare industry lost an estimated $25 billion to ransomware attacks in 2019. (SafeAtLast)
  3. More than 93% of healthcare organizations experienced a data breach in the past three years. (Herjavec Group)


  1. Financial services have 352,771 exposed sensitive files on average while healthcare, pharma and biotech have 113,491 files on average — the highest when comparing industries. (Varonis)
  2. 15% of breaches involved healthcare organizations, 10% in the financial industry and 16% in the public Sector. (Verizon)
  3. The banking industry incurred the most cybercrime costs in 2018 at $18.3 million  (Accenture)
  4. Trojan horse virus Ramnit largely affected the financial sector in 2017, accounting for 53% of attacks. (Cisco)
  5. The financial services industry takes in the highest cost from cybercrime at an average of $18.3 million per company surveyed. (Accenture)
  6. Nearly two-thirds of financial services companies have over 1,000 sensitive files open to every employee. (Varonis)
  7. Financial and manufacturing services have the highest percent of exposed sensitive files at 21%. (Varonis)
  8. On average, a financial services employee has access to nearly 11 million files the day they walk in the door. For large organizations, employees have access to 20 million files. (Varonis)
  9. The average cost of a financial services data breach is $5.85 million USD. (Varonis)
  10. Financial services businesses take an average of 233 days to detect and contain a data breach. (Varonis)


  1. The U.S. government saw 1.2 billion records breached in 2018. (Purplesec)
  2. Manufacturing companies account for nearly a quarter of all ransomware attacks, followed by the professional services with 17% of attacks, and then government organizations with 13% of attacks. (Security Intelligence)
  3. The U.S. government allocated an estimated $18.78 billion for cybersecurity spending in 2021. (Atlas VPN)


  1. Smaller organizations (1–250 employees) have the highest targeted malicious email rate at 1 in 323. (Symantec)
  2. Lifestyle (15%) and entertainment (7%) were the most frequently seen categories of malicious apps. (Symantec)
  3. Supply chain attacks were up 78% in 2019. (Symantec)

Security Spending and Cost Stats

Average expenditures on cybercrime are increasing dramatically, and costs associated with these crimes can be crippling to companies who have not made cybersecurity a part of their regular budget.  Cybersecurity budgeting has been increasing steadily as more executives and decision-makers are realizing the value and importance of cybersecurity investments.

  1. Security services accounted for an estimated 50% of cybersecurity budgets in 2020. (Gartner)
  2. The average cost of a malware attack on a company is $2.6 million. (Accenture)
  3. The healthcare industry incurs the highest average data breach costs at $7.13 million. (IBM)
  4. The total cost of cybercrime for each company increased by 12% from $11.7 million in 2017 to $13.0 million in 2018. (Accenture)
  5. The average annual security spending per employee increased from $2,337 in 2019 to $2,691 in 2020. (Deloitte)
  6. The cost of lost business averaged $1.52 million. (IBM)
  7. The average cost in time of a malware attack is 50 days. ( Accenture)
  8. The most expensive component of a cyber attack is information loss at $5.9 million. (Accenture)
  9. The average cost per lost or stolen record per individual is $146. (IBM)
  10. Data breaches cost enterprises an average of $3.92 million. (CSO Online)
  11. The average total cost of a data breach in smaller companies (500 employees or less) decreased in 2020, from $2.74 million in 2019 to $2.35 million in 2020. The average total cost in very large companies (more than 25,000 employees) decreased, as well, from $5.11 million in 2019 to $4.25 million. (IBM)
  12. In 2019 over 2020, Scandinavia saw the largest increase in total cost of data breaches at 12%, while South Africa saw the largest decrease at 7.4%. (IBM)
  13. The United States experiences the highest data breach costs in the world, at $8.64 million on average, followed by the Middle East at $6.52 million. (IBM)
  14. 50% of large enterprises (with over 10,000 employees) are spending $1 million or more annually on security, with 43% spending $250,000 to $999,999, and just 7% spending under $250,000. (Cisco)
  15. In 2018, spending in the cybersecurity industry reached around $40.8 billion USD. (Statista)

Cybersecurity Cost Predictions

  1. Worldwide cybercrime costs will hit $6 trillion annually by 2021. (Cybersecurity Ventures)
  2. Ransomware damage costs will rise to $20 billion by 2021 and a business will fall victim to a ransomware attack every 11 seconds at that time. (Cybersecurity Ventures)
  3. Damage related to cybercrime is projected to hit $10.5 trillion annually by 2025. (Cybersecurity Ventures)
  4. More than 70 percent of security executives believe that their budgets for fiscal year 2021 will shrink. (Mckinsey)

COVID-19 Cybersecurity Statistics

COVID-19 has impacted every industry and corner of the globe, and cyberspace is no exception. The global pandemic has paved avenues for cybercriminals to target many new victims: the healthcare industry, the unemployed, remote workers and more. Here are a few of the most impactful cybersecurity statics related to the pandemic.

    1. Since the pandemic began, the FBI reported a 300% increase in reported cybercrimes. (IMC Grupo)
    2. 27% of COVID-19 cyberattacks target banks or healthcare organizations and COVID-19 is credited for a 238% rise in cyberattacks on banks in 2020. (Fintech News)
    3. Confirmed data breaches in the healthcare industry increased by 58% in 2020. (Verizon)
    4. 33,000 unemployment applicants were exposed to a data security breach from the Pandemic Unemployment Assistance program in May. (NBC)
    5. Americans lost more than $97.39 million to COVID-19 and stimulus check scams. (Atlasvpn)
    6. In April 2020, Google blocked 18 million daily malware and phishing emails related to Coronavirus. (Google)
    7. 52% of legal and compliance leaders are concerned about third-party cyber risks due to remote work since COVID-19. (Gartner)
    8. Remote work has increased the average cost of a data breach by $137,000. (IBM)
    9. 47% of employees cited distraction as the reason for falling for a phishing scam while working from home. (Tessian)
    10. 81% of cybersecurity professionals have reported their job function changed during the pandemic.  (ISC)
    11. Half a million Zoom user accounts were compromised and sold on a dark web forum in April 2020. (CPO Magazine)
    12. Cloud-based cyber attacks rose 630% between January and April 2020. (Fintech News)
    13. Remote workers have caused a security breach in 20% of organizations. (Malwarebytes)

Cybersecurity Job Statistics

As rates of cyber attacks increase, so does demand for cybersecurity professionals and, thankfully, cybersecurity budgets continue to rise. However, the imbalance of the amount of skilled cybersecurity workers along with the high demand to fill cybersecurity positions has caused a cybersecurity skills shortage that sees no end in sight.

Interested in entering the field? Now is the time as the job field and  average salary is only projected to grow. Looking for cybersecurity talent? Best of luck, it may be necessary to come up with creative  cybersecurity skills shortage solutions — like outsourcing tasks, starting apprenticeships and partnerships with educational and military institutions to find fresh talent.

  1. 61% of companies think their cybersecurity applicants aren’t qualified. (ISSA)
  2. 70% of cybersecurity professionals claim their organization is impacted by the cybersecurity skills shortage. (ESG & ISSA)
  3. Since 2016, the demand for Data Protection Officers (DPOs) has skyrocketed and risen over 700%, due to the GDPR demands. (Reuters)
  4. 500,000 Data Protection Officers are employed (IAAP)
  5. More than two-thirds of cybersecurity professionals struggle to define their career paths. (ISSA)
  6. 61% of cybersecurity professionals aren’t satisfied with their current job. (ISSA)
  7. There was a 350 percent growth in open cybersecurity positions from 2013 to 2021.( Cybercrime Magazine)
  8. 40 percent of IT leaders say cybersecurity jobs are the most difficult to fill. (CSO Online)
  9. C ybersecurity engineers are some of the highest-paid positions started at $140K annually on average. (Cybint)

Security Job Prediction Stats

  1. The cybersecurity unemployment rate is 0% and is projected to remain there through 2021. (CSO Online)
  2. By 2021, 100% of large companies globally will have a CISO position. (Cybersecurity Ventures)
  3. By 2021, there will be 4 million unfilled cybersecurity jobs globally. (Netsparker)
  4. Information Security Analysts job positions in the US are expected to grow 31% from 2019–29. (Bureau of Labor Statistics)
  5. Computer Network Architect job positions in the US are expected to grow 5% from 2019–29. (Bureau of Labor Statistics)
  6. Computer Programmer job positions in the US are expected to decline 9% from 2019–29. (Bureau of Labor Statistics)

Below is a visual guide of some of the most important facts and figures that shape the cybersecurity field.