Updated

Cybersecurity Statistics and Predictions, updated for 2024

Niek has worked at Eftsure for several years and has developed a clear understanding of the cyber threat landscape and the controls Australian businesses put in place to combat these threats.

Every year we see an increase in cyber attacks globally and 2023 was no exception. This year we saw an increase in data breaches, phishing attacks, business email compromise attacks and more. The theme in the news and beyond was around organisations of all sizes starting to tighten their belts when it comes to cyber security, as tactics are becoming more refined and evolving faster than ever before.

In 2024, we can expect to see more of a focus on improving security when it comes to cloud services and digital infrastructure. Last year, with an increase in cloud computing came a steady increase in cyber attacks in this space. Within the cloud and IoT space, organisations will be fighting against possible data breaches, disruptions or even data loss this year.

Another trend we predict will become a theme in 2024 is the introduction of passwordless authentication. At the end of last year, Google launched Passkey as secure way for users to access their accounts without having to remember their passwords. Instead, this feature allows the user to login with a fingerprint, face scan or pin. The technology relies on cryptography, making it more secure and phishing resistance than previous measures.

At the end of 2023, we saw a stir of conversations related to generative AI usage, especially as it pertains to cyber criminals using it for financial gain at the expense of political figures and celebrities. We can expect to see governments investing time and resources into trying to monitor and regulate generative AI usage. Which ties into our final prediction, captured in a recent article by Chuck Brooks from Forbes. The article highlights an expected increase in cyber security regulations specifically focused on mitigating space attacks.

His article states “the security risk management of satellites and space will emerge as a top priority among both the public and private sectors.” There’s been a clear gap identified in the level of protection surrounding satellites and spaced-based communication and sensing. We can expect this to be a key conversation topic in the media this year.

And with that, we leave you with the latest, greatest (and most alarming) cybersecurity statistics to know in 2024:

Top 2024 Cyber Statistics (Editor’s Choice)

  • Cybercrime costs are predicted to reach $9.5 trillion USD in 2024.
  • Among leading industries, manufacturing continues to rank as the most highly targeted on a global scale.
  • The projection for global spending on security and risk management in 2024 has increased by 14.3%, totalling $215 billion.
  • According to McAfee’s latest Global Scam Message Study, Australian’s spend an average of 63 minutes per week trying to assess the legitimacy of scam texts and emails.
  • The largest reported data leakages remain the Cam4 breach in March 2020, which exposed more than 10 billion data records, followed by the 2013 Yahoo data breach, where three billion data records were leaked.

Cybersecurity statistics

1. Cybercrime costs are predicted to reach $9.5 trillion USD in 2024.

The cost of cybercrime is continuously snowballing as cyber criminals get smarter and governments work to find ways to keep up with new strategies and tactics. This research also included the compounded consideration with the rising costs of damages associated with cybercrime, forecasting this cost could read $10.5 trillion by 2025.

2. Among leading industries, manufacturing continues to rank as the most highly targeted on a global scale.

Our team at Eftsure cross referenced this data with our own and in 2023 we successfully identified and stopped more cyber attacks against construction and manufacturing customers than those in other industries.

3. As of 2023, the global average cost per data breach rose to 4.45 million U.S. dollars. An increase from the 2022 reported $4.35 million.

A key theme we saw at the end of 2023 was executives discussing the things that keep them up at night: data breaches and security. It’s no surprise seeing the rising cost of data breaches. Not to mention, this dollar value doesn’t account for the reputational damages incurred as well.

4. The projection for global spending on security and risk management in 2024 has increased by 14.3%, totalling $215 billion.

Companies are feeling the pressure to implement improved controls and tighter security measures in an attempt to protect their own data and the data of their suppliers or customers. In finance departments, CFOs are looking to protect their teams from phishing attacks, BEC attacks, and more.

5. In Australia, the ASD recorded 94,000 reports of cyber scams were made to law enforcement this year. They estimate this means one every six minutes.

In the ASD Cyber Threat Report 2022-2023, a number of emerging trends were identified with the growing number of attacks. These include cybercriminal continuously adapting tactics to increase the max payment from victims, data breaches which left millions of Australians impacted, and an increase in cybercrime costs.

6. An F-35 fighter jet could be taken down easier by cyber attacks than a missile attack.

An interesting statistic, which ties into a forecasted trend we will hear more about in 2024: space cybersecurity. In a recent Forbes article, Chuck Brookes backs this by stating “The economic sustainability of the free world depends on space-based global communications and sensing. Unfortunately, many of the platforms lack adequate protection, and hence, space cybersecurity will play a significant role in protecting key infrastructure.”

We expect to see more conversations at government levels about space and cyber security, especially closely tied to conversations about local militaries.

7. A recent study of 500 Australian CFOs found that 50% say their business’s security concerns are higher heading into 2024 than the year prior.

In the same survey, 98% of CFOs said they feel cyber-crime is growing globally, adding a layer of anxiety as finance professionals tend to be one of the top targets for phishing scams within organisations.

8. 77% of organisations don’t have an incident response plan when it comes to cyber attacks.

Given these numbers, it’s highly likely most of these companies haven’t considered proactive protection measures to mitigate the risk of an incident. Regardless of levels of preparedness, it’s always important to have a response plan in place, especially when we consider some cyber attacks can take a matter of minutes to successfully compromise systems or extract data.

9. The size of the global cyber insurance market is expected to grow rapidly over the 5 years, with the total market size increasing from around $8B USD in 2020 to just over $20B USD by 2025.

According to Statista, the global cyber insurance market is expected to grow tremendously over the next five years. Some factors that come into play as why the market is expected to grow is from the increase in cyber threats, awareness of cyber risks, regulatory requirements, lack of in-house expertise such as IT teams or internal processes and growth in technology.

10. 45% of experts said cyber incidents causing business interruption is their number one fear above anything else.

This includes ongoing concerns and fears around ransomware attacks, cloud outages, IT system failures and threats of cyber war.

11. In the healthcare industry alone, there has been a 239% increase in hacking data breaches over the last four years.

The healthcare industry runs the highest costs for data breaches, with the average cost of a single data breach sitting at 11 million USD.

12. 1 in 10 US organisations have no insurance against cyber attacks

Which doesn’t pair well with the associated costs on the rise when it comes to these attacks.

13. According to the Javelin 2023 identity fraud survey, the number of adult victims remained nearly identical year-over-year, however the dollar losses fell in amount.

The report notes the reduction in financial losses can be attributed to the increased efforts from financial institutions to keep criminals from attacking their customers. However, the numbers are still glaring and there’s still plenty of space for improvement.

14. Researches from a top cyber security organisation and Stanford University say 88% of data breaches are caused by human error.

It only takes one person to accidentally become the driving force behind a breach large enough to take down an entire organisation. This could be as simple as an employee clicking on a malicious link. Which is why organisations are increasingly investing in cyber awareness training for their employees to reduce the risk of a successful attack.

15. The likelihood of a cybercrime entity being prosecuted in the US is estimated to be 0.05%

Adding even more emphasis on the need for people to become aware and vigilant, seeking protective measures rather than relying on reactive resolutions.

Working from home statistics

16. The average cost per breach is $173,074 higher when the breach occurs on remote workers.

Despite the evolving cybersecurity challenges in an office setting, it’s evident remote working can costs organisations a lot more in comparison.

17. 53% if adults have said remote working makes it easier for cybercriminals to take advantage of people.

Changes in workplace standards meant a higher number of employees working remotely. Cybercrime increased, with phishing being the most common method.

18. More than half a million Zoom user accounts were compromised and sold on the dark web.

The more popular video conferencing software Zoom becomes with companies bringing employees into remote work, the more cyber criminals will adapt their techniques to that format. Recently, we’ve seen reports of cyber criminals selling compromised Zoom accounts on the dark web to increase their chances for more data breaches.

19. 70% of organisations report allowing access to corporate assets from personal laptops or mobile devices, while only 17% report limiting access to corporate laptops only.

These statistics show the risks many companies are taking when it comes to potential data breaches. Unsafe device access is an easy way for attackers to find an entry into company servers and access private data. At the very least, organisations should be looking to tighten their access requirements to be on corporate devices only.

20. 71% of security leaders lack sufficient visibility into remote employee home networks.

According to a recent study, more people are using cloud services and iot devices that were never before part of a company’s security perimeter. More cyberattacks and security breaches are now a result of this and IT managers are now struggling to keep up with managing all these new technologies.

DOS/DDOS and IoT statistics

21. 75% of CISO respondents rank cloud and IoT as the biggest technology risks in the next five years.

This statistic is also mentioned by several tech experts in their 2024 forecast as their biggest area of concern. Cloud adoption was huge in 2023, and with great acceleration comes even greater risk. This will be an area where CISOs and other security professionals turn to improved procedures, security and automation.

22. In 2023, a new record was set by Google Cloud for the largest DDos attack ever

Up until this year, the largest DDoS attack on record was in 2018, but Google’s latest Distributed Denial of Service Attacks were said to be 7.5 times bigger than any other on record. Attacks can last from minutes to hours.

23. Based on historic data, Cisco predicts DDoS attacks will double from 7.9 million in 2018 to 15.4 million in 2023

Cisco’s data also pinpoints the United States as the most frequently targeted region, generally focused on Microsoft-based systems and services.

24. In 2023, IBM recorded 82% of breaches involved data stored in the cloud.

Once again enforcing the increased focus on cloud security in 2024.

25. The finance sector is the most targeted year after year. Last year, attacks in the finance sector increased 121% higher than attacks in 2021.

The finance industry has the most data and capital, making them a highly sought after target.

26. The longest DDoS attack in history occurred in 2018, shattering existing records by flooding the target’s systems with data for 329 hours.

Every year, the number of Distributed Denial of Service (DDoS) attacks increases, and the industry that receives the most targets is finance because they have the most amount of data and capital. These attacks can last from a minute to an hour depending on the company’s security controls.

Mobile scam statistics

27. 29.8 Billion USD was lost to phone scams in America in 2021

With this number only on the incline, we can expect to see higher numbers in 2024. These scams are also known as vishing (voice phishing) scams.

28. Australians aged 65 and over have reported losses of $20.5 million from phone scams.

For older Australians, their lack of understanding of mobile phones makes them vulnerable to mobile scams because they have less familiarity with modern technology. The advancement of technologies has only made it easier for scammers to target people like them.

29. Scams are most prevalent over mobile, with 33% if all scams in Australia coming from text messages.

The data shows Australian’s lost a reported $28 million to phone scams in 2022. Following closely behind text phishing scams were over phone calls (29%), where Australian’s reportedly lost the most, landing at $141 million dollars.

30. Consumers are 6-10 times more likely to fall for an SMS phishing attack than email based phishing.

There’s more awareness when it comes to email phishing, making it a bit harder to trick the end recipient as they are naturally more critical now than years before. However, with the rise of SMS phishing, there’s still work to be done.

31. According to McAfee’s latest Global Scam Message Study, Australian’s spend an average of 63 minutes per week trying to assess the legitimacy of scam texts and emails.

The same study said 54% of Australian survey respondents said they would prefer to deal with the stress of monthly tax filings than cope with scam messages all year long.

Social engineering statistics

32. Phishing remains the most common form of cyber crime worldwide, with recent data suggesting nearly 1.2% of all emails sent are malicious.

1.2% equates to 3.4 billions phishing emails being sent daily. Because of the nature of phishing emails, and cyber scammers growing increasingly clever, it’s no wonder even the most savvy of people can fall victims to these attacks.

Despite organisations having tactics such as segregation of duties in place, things can still slip through the cracks without proper process or automation in place.

33. Phishing attacks tend to fly under the radar and can take upwards of 295 days to identify.

IBM’s 2022 Data Breach Report noted phishing scams tend to take the third longest mean time to be identified. As a result, these breaches can cost organisations the most, with an average of 4.91 million USD.

34. Losses for small and micro businesses associated with scams doubled in 2022.

Scamwatch data reported losses amounted to $13.7 million in 2022, which was a 95% increase from the year before. It’s said the biggest contributor to these losses were through payment redirection scams, known as business email compromise.

If you’re a small or micro business owner and you haven’t considered adding payment protection for your business, have a chat with our team at Eftsure to see why businesses Australia wide trust our payment technology.

35. 98% of all cyber attacks are social engineering attacks.

In the FBI’s latest report, Phishing, Vishing, Smishing and Pharming account for the largest number of attacks.

36. Facebook is the leading social media platform for cybercriminals to use social engineering to scam users.

Between April and September 2020, there were over 4.5 million phishing attempts made. More recently in 2023, WhatsApp scams are growing in popularity along with other instant messaging platforms such as Telegram.

37. Every minute, $17,700 is lost due to a phishing attack.

Which explains why the costs associated with phishing and scam attacks continue to rise year over year. Individuals, organisations and governments are constantly trying to stay alert, aware and vigilant when it comes to phishing.

Data breach statistics

38. The largest reported data leakages remain the Cam4 breach in March 2020, which exposed more than 10 billion data records, followed by the 2013 Yahoo data breach, where three billion data records were leaked.

Although we’ve successfully closed another year without a record setting data breach, several companies still became victims to data breach attacks and data ransom. Companies include Microsoft, MOVEit, ChatGPT, US Department of Transportation and more.

39. 90% of data breaches occur because of spear phishing emails.

Spear phishing emails are more tailored than regular phishing emails. Meaning they appear to be more realistic to the reader. When the reader clicks the link, the scammer is able to access the device to retried personal identifiable information.

40. 43% of data breaches are insider threats.

However, not always intentional. Many data breaches are caused due to human error, but regardless a staggering realisation to know many data leaks are caused from internal sources.

41. 30% of all large data breaches take place at hospitals.

Lots of confidential information is stored in hospitals, especially in the healthcare industry. Moreover, due to tight timelines, hackers have an easier time conning staff to elicit sensitive information.

42. The LinkedIn breach exposed 700 million records in June-August 2021 (93% of Linkedin members).

In 2021, cyber criminals have accomplished the exposure of an astonishingly large data leak of over 700 million LinkedIn users, exposing their names, addresses, phone numbers, and email addresses, as well as their LinkedIn profiles. The hack followed the same method used in the extremely damaging April penetration of their users’ information that hackers also uploaded to the dark web for sale.

43. Notable 2023 database hacks include X (formerly Twitter), where 220 million users email addresses were leaked.

Alongside X (formerly Twitter) was the 2023 AT&T breach which exposed approximately 9 million customers personal data. These are just noteworthy breaches, as of October 2023 there were hundreds of other publicly disclosed incidents.

AI scam statistics

44. A study of +350 senior security electives found 70% believe AI benefits attackers more than defenders, yet 35% are still experimenting with it for cyber defence strategies.

Although the world of AI is moving at a rapid pace, there’s still much to be explored. As much as we expect to see acceleration with AI, we can also predict several attempts for government agencies to add improved regulations.

45. Organisations deploying security measures leveraging AI or automation spend on average 3.05 million USD, which is more than 50% lower than the spend associated with organisations without automated protective measures in place.

Although the cost of investing in cyber security is on the rise, data shows it pays to get on board with early adoption. This also includes encouraging organisations to consider streamlining their paid vendors, to ensure a cluttered list of apps and services don’t end up becoming an additional risk factor in itself.

46. Generative AI has dominated the AI conversation in 2023, leading 7 in 10 Australian’s to express concern about how their information will be handled after engaging with AI tools.

Generative AI is not only adding concern on consumers, but it’s a massive driver for businesses and governments to monitor and be mindful of as videos surface where key political figures have been manipulated into falsified statements. These videos can look so realistic, even the people in the videos have had to take a double take on if the events happened or not.

47. In 2023, we saw the rise of AI used to replicate human voice, also known as a “voice print” which was used to replicate familiar voices to friends and loved ones in an attempt to prompt theft and fraud.

A reputable security company said it picked up a 135% increase in sophisticated scam attacks leveraging AI in the first month of 2023.

2023-cybersecurity-guide-for-CFOs
Cybersecurity Guide for CFOs 2023: 6th Edition
Without this strategy, CFOs risk seeing cyber threats materialise into serious financial losses, along with a wide range of indirect costs like reputational damage.

That’s why we’ve created the Cybersecurity Guide for CFOs 2023 to help you create and implement a cyber-crime strategy, one that protects your organisation’s finances from a new generation of fraudsters.

FAQs

Every company and every person has sensitive data that needs protection. Luckily, it’s never too soon or too late to start protecting your business and or personal information from thieves and criminals. Cybersecurity is all about preventing unauthorised access to, use of, disclosure of or damage to an organisation’s assets (in this case, data) by malicious activity.

Every business needs to have cybersecurity as their top priority, particularly the CFO, who is most targeted. In order to stay ahead of cyber attacks, employees should be vigilant in the following:

– Regularly change passwords
– Examine carefully any emails that may contain a malicious link
– Limit access to sensitive data
– Update software regularly

With cyber crime presenting a large risk to their finances, a modern CFO cannot afford to be complacent. Being the Chief Financial Officer requires that a person have an extensive understanding of the risk involved with cyberspace and the consequences it may have on their duties.

Here is a list of cybersecurity tips and best practices to get you started:

– Use complex passwords across different devices and accounts
– Enable 2-factor or multi authentication
– Check for HTTPS on websites
– Back up data
– Avoid suspicious emails links or attachments
– Use VPNs

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.