Cybersecurity Statistics and Predictions, updated for 2024

The cost of cybercrime is continuously snowballing as cyber criminals get smarter and governments work to find ways to keep up with new strategies and tactics. This research also included the compounded consideration with the rising costs of damages associated with cybercrime, forecasting this cost could read $10.5 trillion by 2025.

Our team at Eftsure cross referenced this data with our own and in 2023 we successfully identified and stopped more cyber attacks against construction and manufacturing customers than those in other industries.

A key theme we saw at the end of 2023 was executives discussing the things that keep them up at night: data breaches and security. It's no surprise seeing the rising cost of data breaches. Not to mention, this dollar value doesn't account for the reputational damages incurred as well.

Companies are feeling the pressure to implement improved controls and tighter security measures in an attempt to protect their own data and the data of their suppliers or customers. In finance departments, CFOs are looking to protect their teams from phishing attacks, BEC attacks, and more.

In the ASD Cyber Threat Report 2022-2023, a number of emerging trends were identified with the growing number of attacks. These include cybercriminal continuously adapting tactics to increase the max payment from victims, data breaches which left millions of Australians impacted, and an increase in cybercrime costs.

An interesting statistic, which ties into a forecasted trend we will hear more about in 2024: space cybersecurity. In a recent Forbes article, Chuck Brookes backs this by stating “The economic sustainability of the free world depends on space-based global communications and sensing. Unfortunately, many of the platforms lack adequate protection, and hence, space cybersecurity will play a significant role in protecting key infrastructure.” We expect to see more conversations at government levels about space and cyber security, especially closely tied to conversations about local militaries.

In the same survey, 98% of CFOs said they feel cyber-crime is growing globally, adding a layer of anxiety as finance professionals tend to be one of the top targets for phishing scams within organisations.

Given these numbers, it’s highly likely most of these companies haven’t considered proactive protection measures to mitigate the risk of an incident. Regardless of levels of preparedness, it’s always important to have a response plan in place, especially when we consider some cyber attacks can take a matter of minutes to successfully compromise systems or extract data.

According to Statista, the global cyber insurance market is expected to grow tremendously over the next five years. Some factors that come into play as why the market is expected to grow is from the increase in cyber threats, awareness of cyber risks, regulatory requirements, lack of in-house expertise such as IT teams or internal processes and growth in technology.

This includes ongoing concerns and fears around ransomware attacks, cloud outages, IT system failures and threats of cyber war.

The healthcare industry runs the highest costs for data breaches, with the average cost of a single data breach sitting at 11 million USD.

Which doesn’t pair well with the associated costs on the rise when it comes to these attacks.

Despite the evolving cybersecurity challenges in an office setting, it’s evident remote working can costs organisations a lot more in comparison.

Changes in workplace standards meant a higher number of employees working remotely. Cybercrime increased, with phishing being the most common method.

The more popular video conferencing software Zoom becomes with companies bringing employees into remote work, the more cyber criminals will adapt their techniques to that format. Recently, we've seen reports of cyber criminals selling compromised Zoom accounts on the dark web to increase their chances for more data breaches.

These statistics show the risks many companies are taking when it comes to potential data breaches. Unsafe device access is an easy way for attackers to find an entry into company servers and access private data. At the very least, organisations should be looking to tighten their access requirements to be on corporate devices only.

According to a recent study, more people are using cloud services and iot devices that were never before part of a company's security perimeter. More cyberattacks and security breaches are now a result of this and IT managers are now struggling to keep up with managing all these new technologies.

This statistic is also mentioned by several tech experts in their 2024 forecast as their biggest area of concern. Cloud adoption was huge in 2023, and with great acceleration comes even greater risk. This will be an area where CISOs and other security professionals turn to improved procedures, security and automation.

Up until this year, the largest DDoS attack on record was in 2018, but Google’s latest Distributed Denial of Service Attacks were said to be 7.5 times bigger than any other on record. Attacks can last from minutes to hours.

Cisco’s data also pinpoints the United States as the most frequently targeted region, generally focused on Microsoft-based systems and services.

Once again enforcing the increased focus on cloud security in 2024.

The finance industry has the most data and capital, making them a highly sought after target.

Every year, the number of Distributed Denial of Service (DDoS) attacks increases, and the industry that receives the most targets is finance because they have the most amount of data and capital. These attacks can last from a minute to an hour depending on the company's security controls.

With this number only on the incline, we can expect to see higher numbers in 2024. These scams are also known as vishing (voice phishing) scams.

For older Australians, their lack of understanding of mobile phones makes them vulnerable to mobile scams because they have less familiarity with modern technology. The advancement of technologies has only made it easier for scammers to target people like them.

The data shows Australian’s lost a reported $28 million to phone scams in 2022. Following closely behind text phishing scams were over phone calls (29%), where Australian’s reportedly lost the most, landing at $141 million dollars.

There’s more awareness when it comes to email phishing, making it a bit harder to trick the end recipient as they are naturally more critical now than years before. However, with the rise of SMS phishing, there’s still work to be done.

The same study said 54% of Australian survey respondents said they would prefer to deal with the stress of monthly tax filings than cope with scam messages all year long.

1.2% equates to 3.4 billions phishing emails being sent daily. Because of the nature of phishing emails, and cyber scammers growing increasingly clever, it’s no wonder even the most savvy of people can fall victims to these attacks. Despite organisations having tactics such as segregation of duties in place, things can still slip through the cracks without proper process or automation in place.

IBM’s 2022 Data Breach Report noted phishing scams tend to take the third longest mean time to be identified. As a result, these breaches can cost organisations the most, with an average of 4.91 million USD.

Scamwatch data reported losses amounted to $13.7 million in 2022, which was a 95% increase from the year before. It’s said the biggest contributor to these losses were through payment redirection scams, known as business email compromise. If you’re a small or micro business owner and you haven’t considered adding payment protection for your business, have a chat with our team at Eftsure to see why businesses Australia wide trust our payment technology.

In the FBI’s latest report, Phishing, Vishing, Smishing and Pharming account for the largest number of attacks.

Between April and September 2020, there were over 4.5 million phishing attempts made. More recently in 2023, WhatsApp scams are growing in popularity along with other instant messaging platforms such as Telegram.

Which explains why the costs associated with phishing and scam attacks continue to rise year over year. Individuals, organisations and governments are constantly trying to stay alert, aware and vigilant when it comes to phishing.

Although we’ve successfully closed another year without a record setting data breach, several companies still became victims to data breach attacks and data ransom. Companies include Microsoft, MOVEit, ChatGPT, US Department of Transportation and more.

Spear phishing emails are more tailored than regular phishing emails. Meaning they appear to be more realistic to the reader. When the reader clicks the link, the scammer is able to access the device to retried personal identifiable information.

However, not always intentional. Many data breaches are caused due to human error, but regardless a staggering realisation to know many data leaks are caused from internal sources.

Lots of confidential information is stored in hospitals, especially in the healthcare industry. Moreover, due to tight timelines, hackers have an easier time conning staff to elicit sensitive information.

In 2021, cyber criminals have accomplished the exposure of an astonishingly large data leak of over 700 million LinkedIn users, exposing their names, addresses, phone numbers, and email addresses, as well as their LinkedIn profiles. The hack followed the same method used in the extremely damaging April penetration of their users’ information that hackers also uploaded to the dark web for sale.

Alongside X (formerly Twitter) was the 2023 AT&T breach which exposed approximately 9 million customers personal data. These are just noteworthy breaches, as of October 2023 there were hundreds of other publicly disclosed incidents.