40+ Cybersecurity Statistics for 2024 and Beyond

As organisations and individuals rely more heavily on online platforms for their day-to-day operations, the significance of cyber security cannot be overstated.

This article provides a comprehensive overview of the latest cybersecurity statistics for 2024, drawing from credible sources such as the UK Home Office, IBM, World Economic Forum, and many others.

We delve deep into the numbers, offering valuable insights into the current state of cybersecurity across four overarching areas:

• Economic Impact of Cyber Attacks

• Business Preparedness and Strategic Response

• Nature and Source of Cyber Threats

• Human Capital and Future Trends in Cyber Security

As we navigate these cybersecurity statistics, you will witness the magnitude of the challenges faced and the efforts being made to secure our digital future.

Statistics of Economic Impact of Cyber Attacks

The economic repercussions of cyber attacks are profound and extensive, affecting businesses of all sizes and sectors. The financial strain is not only in immediate costs incurred post-breach, but also in the long-term strategies and investments made to counteract such threats. The following statistics shed light on this financial dimension of cyber security.

• In 2023, the single most disruptive breach from the last 12 months cost each business, of any size, an average of approximately £1,100. (GOV.UK)
• Across UK businesses, there were approximately 2.39 million instances of cyber crime and approximately 49,000 instances of fraud as a result of cyber crime in the last 12 months. (GOV.UK)

• The average (mean) annual cost of cyber crime for businesses is estimated at approximately £15,300 per victim. (GOV.UK)
• The global average cost of a data breach in 2023 was USD 4.45 million, a 15% increase over 3 years. (IBM)

Statistics of Business Preparedness and Strategic Response

How prepared are businesses to face the burgeoning cyber threats? The readiness of an organisation to counteract cyber threats is a reflection of its strategic foresight and its emphasis on cyber security. These statistics provide insights into the strategic positioning of businesses vis-à-vis cyber threats.

• 30% of businesses deployed security monitoring tools. (GOV.UK)
• 3 in 10 businesses have undertaken cyber security risk assessments. (GOV.UK)
• 3 in 10 businesses have board members or trustees explicitly responsible for cyber security as part of their job role. (GOV.UK)
• 49% of medium businesses, 68% of large businesses and 36% of high-income charities have a formal cyber security strategy in place. (GOV.UK)
• 48% of UK organisations say a "catastrophic cyber attack" is the top risk scenario that they are formally incorporating into their organisational resilience plans in 2023, followed by global recession (45%) and resurgence of COVID-19 or a new health crisis (43%). (PwC)

• 50% of UK senior executives say they react to a disruption by invoking plans after an incident and focusing on recovery of business operations after a failure or incident, instead of taking a preventative and anticipatory approach that assumes incidents will occur, and embedding resilience capabilities to withstand disruption. (PwC)

• Fewer than half (47%) of UK senior executives say they formally coordinate and integrate business continuity, disaster recovery, crisis management, incident preparedness and response, and threat intelligence. (PwC)
• 53% of security executives and business leaders said cyber security is part of the core transformation team. (Accenture)
• Cyber transformers, organisations that are already proving how prioritising cyber security makes a difference, involve a team of cybersecurity professionals from the start of business planning. (Accenture)
• 45% of cyber transformers incorporate their ecosystem or supply chain partners into their incident response plan. (Accenture)
• 51% of organisations have updated their business continuity and enterprise risk plans. (Accenture)
• 48% of organisations said they implemented security controls, only for critical functions, balancing speed and risk management. 35% said they embed security controls in all transformation initiatives from the beginning. 18% said they deployed security after the transformation was initialised, only if vulnerabilities were detected, ensuring they could move the transformation as fast as possible. (Accenture)
• Cyber leaders ranked "increased use of cloud-based services" the most positive influence on an organisation's approach to cyber security, followed by "digital transformation initiatives" and "increased employee awareness about cyber attacks." (World Economic Forum)
• While business leaders (51%) viewed cyber security as a key business enabler, cyber leaders (39%) viewed it as a necessary cost of doing business. (World Economic Forum)

• 29% of cyber leaders feel confident their organisation is cyber resilient in 2023, increasing from 12% in 2022. (World Economic Forum)
• 17% of security executives expressed concern about the level of cyber resilience in their business. (World Economic Forum)
• In 2023, 77% of leaders state that security awareness in their organisation is greater than in 2019. (Hays)
• 71% of leaders say their organisation invests in upskilling its cyber security workforce. (Hays)
• 51% of organisations plan to increase security investments due to a breach, including incident response (IR) planning and testing, employee training, and threat detection and response tools. (IBM)

Statistics of Nature and Source of Cyber Threats

Cyber threats are manifold in nature, with attackers employing a variety of tactics to breach defences. Understanding the most common types of cyberattacks and the vulnerabilities they exploit is key to crafting an effective defence. The following stats depict the prevalent threat landscape.

• At 89%, phishing remains the most common type of cyber crime businesses experience, followed by viruses, spyware or malware (12%), hacking (7%), ransomware (4%), and denial of service (DoS) (2%). (GOV.UK)

• 97% of organisations have seen an increase in cyber threats since the start of the Russia-Ukraine war. (Accenture)
• At 39%, malware is the type of cybersecurity threat companies are most concerned about, followed by ransomware (37%), data loss (37%), insider threat/security breaches (29%), and distributed denial-of-service (DDoS) attacks (27%). (Netrix Global)
• Software or applications (24%) and cloud infrastructure (24%), employees (23%), and networking (16%) are top components businesses think make their company most vulnerable to risk. (Netrix Global)
• Plenty of emails are, unfortunately, making it past the filters. 56.5% of emails sent in 2023 were unsolicited spam emails. More than a third of all email messages are reported by survey respondents as spam. (OrbitMedia)
• Government (25%), business and professional services (14%), financial (12%), high tech (9%), and healthcare (9%) are attractive targets for both financially and espionage motivated actors. (Mandiant)

• 79 minutes is the average time it takes an adversary to land and move laterally through a network. (CrowdStrike)
• Academic, technology, industrials, manufacturing, professional services, financial services, telecommunications, government, healthcare, and retail are the top ten sectors advertised by access brokers or threat actors who acquire access to organisations and provide or sell this access to other actors, including ransomware operators. (CrowdStrike)
• 84% of leaders report their organisation experienced a phishing attack. (Hays)
• 82% of breaches involved data stored in the cloud. (IBM)

Statistics of Human Capital and Future Trends in Cyber Security

The human element plays a pivotal role in cyber security. Whether it's the shortage of skilled professionals, insider threats, or the future direction of cybersecurity roles, understanding the human capital dimension is vital. These statistics bring to light these aspects.

• 13% of businesses say they review the risks posed by their immediate supplier. (GOV.UK)
• By 2025, nearly half of cyber security leaders will change jobs, 25% for different roles entirely due to multiple work-related stressors. (Gartner)
• By 2025, a lack of talent or human failure will be responsible for over half of significant cybersecurity incidents. (Gartner)
• By 2025, insider risk will cause 50% of organisations to adopt formal programs to manage it, up from 10% today. (Gartner)
• By 2027, 50% of large enterprise CISOs will have adopted human-centric security design practices to minimise cybersecurity-induced friction and maximise control adoption. (Gartner)
• 40% of cyber transformers use third parties or managed services providers to administer cybersecurity operations and address talent shortages. (Accenture)

• 89% of cyber transformers rely heavily on automation. And 96% of respondents whose organisations substantially automate their cybersecurity programs recognise that automation helps them alleviate cyber talent shortages, a key challenge for any company seeking cyber resilience. (Accenture)
• 52% of companies are currently using Software-as-a-Service (SaaS) for cybersecurity, and 22% would consider SaaS. (Netrix Global)
• Energy utilities (25%), insurance and asset management (20%), public sector (15%), and banking and capital markets (14%) reported they are missing critical people and skills to respond to and recover from cyber attacks. (World Economic Forum)
• 90% of leaders said the skills gap had affected their ability to implement their cyber security strategy. (Hays)
• The top five skills or implementations that would enhance security capability are cloud security, Governance, Risk, and Compliance (GRC), security architecture, security engineering, and Security Incident and Event Management (SIEM) or Security Operations Center (SOC). (Hays)
• The average savings for organisations that use security AI and automation extensively is USD 1.76 million compared to organisations that don't. (IBM)

Protecting Your Business From Cyber Security Threats

Cybersecurity landscape is both dynamic and challenging, with ever-evolving threats and the relentless pursuit of solutions.

As we've observed from the cybersecurity statistics presented, the implications of cyber threats are profound, spanning from immediate financial losses to long-term strategic shifts. Businesses, irrespective of their size, are grappling with these challenges, making pivotal decisions on preparedness and strategic responses.

It's evident that while there is a growing awareness and investment in cybersecurity, there remains much to be done. Cybersecurity is not just a technical concern but a societal one, underpinning the safety and trust in our interconnected world.

A comprehensive risk management and business continuity management procedure will cover what is required to protect cyber security and business resilience. C2 Meridian's Risk Management module is an exceptional stand-alone RMS in its own right. However, when utilised as an integrated module to C2's BCMS, you unlock the power of the intelligent data stored within it.

By doing this, the system completely understands your organisational structure, exactly where everything is located, and knows the real-time impact if any part of your business, locations, systems, suppliers and more were to be disrupted. This means that the system can automatically assess the impact of any risk, and ensure the correct people within your organisation are notified of them without any added manual effort.

For a complete look at what C2 Meridian can do for your organisation, simply book a demo today.

Frequently Asked Questions about Cybersecurity (Cybersecurity FAQs)

1. Is it "cybersecurity" or "cyber security"?

The correct term is "cybersecurity." This compound noun refers to the practice of protecting systems, networks, and programs from digital attacks. The word is formed by combining "cyber," relating to technology and computers, with "security." While "cyber security" as two separate words can sometimes be seen in use, the widely accepted and most commonly used term in both professional and academic contexts is "cybersecurity."

2. Is there a difference between UK and US English in the use of the term "cybersecurity" or "cyber security"?

In both UK and US English, the term "cybersecurity" is generally used as a single, compound word. There's a common misconception that British English prefers "cyber security" as two separate words, while American English uses "cybersecurity." However, in practice, the single-word form "cybersecurity" is widely accepted and used in both language variants. It's important to note that language evolves, and variations can occur, but as of now, "cybersecurity" is the standard form in both UK and US English.

3. What is cybersecurity?

Cybersecurity refers to the practice and techniques used to protect computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks, unauthorised access, or damage. It encompasses a wide range of measures and technologies designed to safeguard digital assets and information from cyber threats. This includes implementing security policies, using antivirus software, securing network infrastructure, and educating users about safe computing practices.

4. Why is cybersecurity important?

Cybersecurity is crucial because it protects all categories of data from theft and damage. This includes sensitive data, personally identifiable information (PII), protected health information (PHI), intellectual property, data, and governmental and industry information systems. Without a cybersecurity program, an organisation or individual cannot defend themselves against data breach campaigns, making them an easy target for cybercriminals. The increasing volume and sophistication of cyber attackers and attack techniques compound the need for robust cybersecurity.

5. What are cybersecurity threats?

Cybersecurity threats are malicious acts that seek to damage data, steal data, or disrupt digital life in general. These threats include attacks like computer viruses, data breaches, Denial of Service (DoS) attacks, and other attack vectors. Cyber threats can originate from various sources, including corporate spies, hacktivists, terrorist groups, hostile nation-states, criminal organisations, lone hackers, and disgruntled employees. As technology evolves, so does the nature of these threats, making it essential to have updated and dynamic cybersecurity measures in place.