Loading...

Security Statistics

Looking for the latest security stats and trends? You've come to the right place.

  • Stat Icon
    WINDOWS 7 VULNERABILITY

    30% of Windows desktop computers are still running Windows 7 – which began its end-of-life in 2020.

  • Stat Icon
    POINT OF SALE GETS SAFER

    Continuing a multi-year decrease, POS declined to 5% of environments breached as merchants adopt safer standards.

  • Stat Icon
    "HELLO JOE"

    In 2019, Ever-evolving ransomware threats increasingly used algorithms to address victims by name.

  • Stat Icon
    HIDING BEHIND GMAIL

    30% of business email compromise attacks use gmail.com addresses in the from line.

  • Stat Icon
    27 MILLION DOLLARS!

    The amount that one single business email compromise scam cost a company in 2019.

  • Stat Icon
    SPAM GETS CANNED

    Only 28% of email messages are spam in 2019 – down from 45% in 2018

  • Stat Icon
    Impact of Global Cybersecurity Skills Shortage

    74% of cybersecurity professionals say their organization has been impacted by the global cybersecurity skills shortage.

  • Stat Icon
    ALL APPS VULNERABLE

    For a second straight year, 100% of web applications tested possessed at least one vulnerability, with the median number of vulnerabilities rising to 15, up from 11 in 2017.

  • Stat Icon
    CRYPTOJACKING DOMINATES WEB ATTACKS

    A steep year-over-year increase of 1,250% was observed in cryptojacking malware, which was almost non-existent in 2017.

  • Stat Icon
    THREAT RESPONSE TIME IMPROVES

    The median time duration from threat intrusion to containment fell to 27 days, from 67 days in 2017, and the median time between intrusion and detection for externally detected compromises fell to 55 days, down from 83 days in 2017.

  • Stat Icon
    SOCIAL ENGINEERING THE PRIMARY CONDUIT

    In both cloud and POS environments, 60% of breach investigations can attribute successful social engineering as the conduit to initial point of entry.

  • Stat Icon
    DATABASE VULNERABILITIES ABOUND

    The number of vulnerabilities patched in five of the most common database products was 148, up from 119 in 2017.

  • Stat Icon
    MALWARE-LADEN SPAM DOWN

    Spam messages analyzed containing malware significantly diminished in 2018, to 6% from 26% in 2017.

  • Stat Icon
    ASIA PACIFIC UNDER SIEGE

    The Asia-Pacific region led in the number of data compromises investigated, accounting for 35% of instances, overtaking North America at 30%.

  • Stat Icon
    264,483

    The number of unique phishing reports submitted during the second quarter of 2018.

  • Stat Icon
    WORSENING SKILLS SHORTAGE

    51% of IT and security professionals believe their organization had a problematic dearth of cybersecurity skills, up from 23% in 2014.

  • Stat Icon
    FIRST FEAR

    U.S. CEOs place cybersecurity as their No. 1 business worry, ahead of new competitors and a recession.

  • Stat Icon
    Worse before it gets better

    77% of organizations believe the problem of ransomware has gotten worse or stayed the same over the past year.

  • Stat Icon
    What's causing breaches?

    28% of breaches result from poor passwords, and another 28% from weak remote access security.

  • Stat Icon
    Under pressure

    63% of security professionals felt more pressure to secure their organizations in 2015 compared to the prior 12 months, and 65% expect to feel additional pressure this year.

  • Stat Icon
    There's a bug for that

    95% of mobile applications scanned by Trustwave contained at least one vulnerability, with a median total of 6.5.

  • Stat Icon
    The mighty will fall

    The share price of publicly traded companies in the U.K. will drop an average of 1.8 percent following a "severe breach.

  • Stat Icon
    The importance of security testing

    More than two-thirds of organizations consider security vulnerability testing to be a best practice.

  • Stat Icon
    The cost of cybercrime

    Cybercrime costs the worldwide economy roughly $450 billion annually, up nearly 200 percent in five years.

  • Stat Icon
    Spam prevalence relenting, but threat remains

    From an initial high of 93%, the amount of spam that comprises inbound email is down to 60%. But 6% of those unsolicited messages contain a malicious attachment or link.

  • Stat Icon
    Sleeping with the enemy

    81% of victims fail to detect a breach themselves.

  • Stat Icon
    Skills gap

    Shortage of security expertise has climbed from the eighth-biggest operational pressure facing security pros to the third-biggest.

  • Stat Icon
    Show me the ROI

    Attackers earned a 1,425% return on investment for exploit kit and ransomware schemes.

  • Stat Icon
    Short end of the stick

    By 2021, companies will be unable to fill 3.5 million open cybersecurity positions.

  • Stat Icon
    Send in the reserves

    84% want the size of their IT security team increased and 30% want it at least quadrupled.

  • Stat Icon
    Security spending on the rise

    Organizations spent 44% more money last year than the year before on security.

  • Stat Icon
    Risky business

    33% of companies have never commissioned a risk assessment.

  • Stat Icon
    Ransomware causalities

    30% of organizations experienced a successful ransomware attack over the past year.

  • Stat Icon
    Password pandemonium

    39% of passwords are eight characters, a length that takes an average of one day to crack. Compare that to 10-character passwords, which take an average of 591 days.

  • Stat Icon
    Overall spending on security up, but down per employee

    At 6.1% of the IT budget, the average spending on security has reached a five-year peak in 2014. However, when measured per employee, the average amount allocated to security in 2014 is lower than in 2010 ($450 versus $473).

  • Stat Icon
    Midsized companies lack IT security roles

    24% of midsize organizations do not have anyone with a dedicated information security or IT security role.

  • Stat Icon
    Malware everywhere

    59% of organizations have experienced a malware infiltration in the past six months.

  • Stat Icon
    Java withdrawal, as exploits plummet

    Exploits of Oracle Java decreased 63.5 percentage points, year over year. Functionality that now blocks Java content by default has made it a less susceptible target.

  • Stat Icon
    IT or Security?

    In 38% of enterprises, security is still indistinguishable from IT.

  • Stat Icon
    IoT deployment moving fast

    67% of companies either are already using IoT devices or planning to use them in the next year.

  • Stat Icon
    Hot commodities

    Job postings for cybersecurity professionals are up 91% year over year.

  • Stat Icon
    Higher learning

    73% of organizations are turning to education and training to make users less susceptible to social engineering and spear phishing - up 4% from the previous year.

  • Stat Icon
    "Flash" flooding

    33% of detected exploits are of Adobe Flash, up 28.2 percentage points from the previous year.

  • Stat Icon
    File transfers

    28% of security pros rank unauthorized file transfers as their top insider threat worry.

  • Stat Icon
    False sense of security

    70% of businesses believe they're safe from cyberattacks and data compromises.

  • Stat Icon
    External versus internal threats

    62% of security pros are more pressured by external threats than internal ones.

  • Stat Icon
    Evenly matched

    IT security practitioners are nearly split - 51% to 49% - over who poses the greatest threat: external adversaries versus trusted insiders.

  • Stat Icon
    Endpoints go managed

    Citing potential benefits like improved incident detection and response, as well as cost reduction, 57% of enterprise organizations are already using a managed security service in some capacity to protect their endpoints.

  • Stat Icon
    Emerging headaches

    44% of security pros rank the cloud as the riskiest emerging technology, with IoT (17%) and BYOD (16%) behind it.

  • Stat Icon
    Embracing managed security

    The number of security pros who either already partner or plan to partner with a managed security services provider has climbed from 78% to 86%.

  • Stat Icon
    Days gone by

    Breaches take a median length of 86 days to be detected, and 111 days from intrusion to containment.

  • Stat Icon
    Data going out the door

    49% of breaches involve the theft of personally identifiable info and cardholder data.

  • Stat Icon
    Data breach predictions

    In 2015, at least 60% of enterprises will discover a breach of sensitive data.

  • Stat Icon
    Cybercrime losses mounting worldwide

    $600 billion, or nearly 1% of global GDP, is lost to cybercrime every year.

  • Stat Icon
    Costs rising

    Business breach costs to jump to $2.1 trillion by 2019.

  • Stat Icon
    CISO reporting structure

    66% of financial CISOs report into the CIO, CRO or COO, whereas just 8% report directly to the CEO.

  • Stat Icon
    Business disruption attempts

    The second quarter of 2015 saw a 132% increase in DDoS attacks on Akamai's Prolexic network compared to Q2 in 2014, and a 7% increase compared to Q1 2015.

  • Stat Icon
    Bogus boss scams

    27% of organizations encountered a CEO fraud attack in the past 12 months.

  • Stat Icon
    B.Y.Uh-Oh

    Bring-your-own device (BYOD) is practiced at 59% of organizations, with another 13% planning to allow it.

  • Stat Icon
    Automated malware a top concern

    Automated malware was the top concern for security pros surveyed by 451 Research about the top security threats they face (28% of respondents).