By Leslie Wheeler • February 5, 2020

26 Must-Know Cybersecurity Statistics

You know how important cybersecurity is for your organization—but how can you convince your business leaders of the value in investing in a strong cybersecurity defense program?

Over the last decade, we’ve seen thousands of large and small organizations alike suffer crippling losses due to cybersecurity breaches. Criminals are using hacking, phishing, malware, and ransomware in ever more sophisticated ways to access confidential company data, including financial information, and cripple their systems. The fall-out can be massive.

We’ve rounded up some eye-opening statistics that provide a better look at how cybersecurity is impacting our world today. Here’s what you need to know in 2020 to build your game plan for the coming decade:

How many breaches happen and how are organizations affected?

  • Over 3,800 breaches occurred in the first half of 2019, exposing more than 4.1 billion records. That’s up by 54% from the previous year. (RiskBased Security)
  • 43% of organizations impacted by data breaches are small businesses (Verizon)
  • The average cost of a breach ranges from $2.2 million to $6.9 million (Ponemon Institute)
  • 56% of data breaches took 6 months or longer to discover (Verizon)
  • The average cost per lost or stolen record in a data breach is $148 (IBM)
  • Cybercrime is predicted to cause damage of over $6 trillion annually by 2021, up from $3 trillion in 2015. (Cybersecurity Ventures)
  • After experiencing a huge data breach that exposed 148 million Americans’ personal information in 2017, Equifax has spent over $1.4 billion on resulting costs, including investigative, legal, and security costs (BankInfo Security)
  • Cyberattacks are one of the leading risks to global economic stability (World Economic Forum)

Click here for more information!

Why and how do breaches happen?

  • 71% of breaches were financially motivated, and 21% were motivated by espionage (Verizon)
  • 69% of attacks were by outsiders, while 34% involved inside actors (Verizon)
  • 39% of breaches were caused by hacking, followed by unauthorized access (30%) and employee error (12%) (Identity Theft Resource Center)
  • Social media data breaches account for 56% of all breaches in the first half of 2018 (ITWeb
  • Routers and connected cameras make up 90 percent of infected devices (Symantec)
  • Supply chain attacks rose by 78 percent in 2018 (Symantec)
  • A cyber attack occurs every 39 seconds (University of Maryland)

How prepared are most organizations for a breach?

The bad:

  • 58% of companies have over 100,000 folders open to every employee. (Varonis)
  • Today, 83% of small businesses have no funds set aside to deal with recovery from a cybersecurity breach (InsuranceBee)
  • 39% of companies say they’re not prepared to handle a data breach (Avertium)

The good:

  • 63% of companies that have experienced a breach have implemented a biometric system or plan to launch one (Veridium)
  • 25% of companies are increasing IT budgets in response to a recent security incident (Spiceworks)
  • 17% of IT security professionals reported information security as the largest budget increase for 2018 (ZDNet)
  • 80 percent of organizations planned to increase security spending in 2018 (ZDNet)

If you're in the process of setting up your cybersecurity defense plan now, contact us via the link below for a free IT consultation:

Set up a free consultation session!

What’s the impact of building a cybersecurity defense plan?

  • 92% of customers say businesses must be proactive about protecting data security (PwC)
  • 85% of customers will not do business with a company if they have concerns about its security practices (PwC)
  • Building an incident response plan can save $340,000 per breach (Ponemon Institute)
  • Companies that contained a breach in less than 30 days saved over $1 million compared to those that took more than 30 days (IBM)


This year, stop simply hoping that a cyberattack won’t happen to your organization. Take precautions by auditing your current cybersecurity posture, educating your employees, and building a comprehensive cybersecurity plan to mitigate your risk.