54 Cybersecurity Statistics Technology Companies Need To Know

Severe cyber threats often threaten the technology sector because of the level of sensitive data companies and their third-party vendors process and store. Developing a comprehensive awareness of cybersecurity trends is one of the easiest ways for tech companies to protect themselves from cybercriminals, scams, and other cybersecurity threats.

Keep reading to discover 54 cybersecurity statistics your technology organization should know along with the most prevalent cybersecurity risks threatening the tech sector.

Learn how UpGuard helps tech organizations scale securely >

Top Cybersecurity Breach Statistics To Know

Alongside the healthcare industry, the tech sector (including FinTech providers specializing in financial services) ranks as one of the most susceptible industries to data breaches. In the past, data breaches have inflicted devastating consequences on large enterprises and small businesses in the tech sector. Organizations that have fallen victim to a breach have incurred damages to their reputation, stability, and financial health.

In 2023, the average cost of a data breach was $4.45 million, according to a report developed by IBM and the Ponemon Institute.

Other intriguing statistics from the 2023 IBM report include the following:

• The average cost of a data breach increased by 22% year-over-year
• The average cost of a data breach in the tech sector was $4.66 million
• The average cost of a data breach for companies with fewer than 500 employees was $3.31 million
• 52% of data breaches compromised customer PII, including customer names, credit card numbers, and other information
• 40% of data breaches compromised employee PII
• Only 33% of data breaches were identified by an organization’s internal security team
• The average time to identify and contain a data breach was 277 days
• 20% of organizations that experienced a data breach paid 250,000 or more in fines

Notable Data Breaches in the Tech Sector

The tech sector has witnessed several significant data breaches in recent years. The following breaches are some of the most damaging that have occurred since 2020:

• Microsoft (January 2021): Hackers exploited four different zero-day vulnerabilities to compromise 60,000 accounts worldwide, including multiple government agencies.
• Facebook (April 2021): Cybercriminals exposed the personal data of 530 million users by exploiting a vulnerability in the social media platform’s “sync mobile device contacts” tool.
• LinkedIn (April 2021): Hackers scraped the LinkedIn platform and stole over 700 million user records, including phone numbers and geolocation data.
• Yahoo (2013 - 2016): Cybercriminals in Russia used backdoors and stolen backups to access and steal user records containing personally identifiable information (PII).

Recommended Reading: Biggest Data Breaches in US History

Cybercrime Stats

The technology industry is susceptible to various forms of cybercrime due to its reliance on digital infrastructure, extensive third-party supply chains, and valuable personal data. The tech sector must maintain robust information security programs to prevent cybercrime, deter hackers and other cybercriminals, and protect sensitive information.

In 2022, cybercrime caused more than $10.3 Billion in damages, according to a report charting the monetary impact of cybercrime from 2002 to 2022 by Statista.

The most common forms of cybercrime affecting the tech industry include:

• Malware: Software that executes unauthorized actions on a system user’s account
• Phishing Attacks: Social engineering attack that targets a user’s credentials through an email, text message, or phone call
• Ransomware Attacks: A type of malware attack that locks and encrypts a user’s data
• DDoS (Denial of Service) Attacks: A type of attack that overwhelms a system and prevents access by flooding infrastructure with localized traffic‍
• BEC (Business Email Compromise) Attacks: A specific type of spear phishing attack that attempts to trick employees into harmful actions against the organization

Cybersecurity Statistics By Type of Cyber Attack

By understanding cyber attack trends, your organization will be better prepared to prevent subsequent attacks. Learning more about the consequences and frequency of various cyber attack methods will allow your organization to improve its decision-making and allocate resources appropriately.

Malware Attack Statistics

Here are the most intriguing malware statistics every tech organization should be aware of in 2024:

• 560,000 new pieces of malware are sent by threat actors every 24 hours (Statista, 2023)
• Over the past decade, the total number of malware attacks has increased by 87% (Statista, 2023)
• In 2022, 5.5 Billion malware attacks were deployed (Statista, 2023)
• Every minute, four companies fall victim to a malware attack (DataProt, 2023)
• Trojan horses account for 58% of all malware attacks (DataProt, 2023)

Phishing Attack Statistics

Here are several critical phishing statistics you should know:

• 84% of companies experienced at least one phishing attempt in 2021 (State of the Phish, 2022)
• In 2023, phishing was the initial attack vector in 16% of data breaches (IBM)
• Phishing attacks increased by 45% year-over-year (State of the Phish, 2022)
• 3 Billion phishing emails are sent every day (ZDNET, 2021)
• 1.2 % of all emails sent are malicious (ZDNET, 2021)
• 22% of data breaches are caused by phishing scams (FBI, 2021)

Ransomware Attack Statistics

Here are six ransomware statistics affecting cybersecurity industry:

• Ransomware attacks accounted for more than $49.2 million in losses (FBI, 2021)
• 24% of all cyber attacks involve ransomware (Verizon, 2023)
• In 2022, the average ransom amount was $1.54 million (Sophos, 2023)
• On average, an affected company experiences 22 days of downtime after a ransomware attack (Statista, 2021)
• REvil, a malicious ransomware group, accounted for 37% of all ransomware attacks in 2021 (AAG, 2023)
• 93% of all ransomware is Microsoft Windows-based (AAG, 2023)

DDoS Attack (Denial of Service) Statistics

The cybersecurity market has perceived denial of service attacks as a significant threat for many years. Here are several statistics that showcase the effect DDoS attacks can have:

• 15 million infected IP addresses are hijacked by bots worldwide (G2, 2023)
• From 2021 to 2022, DDoS attacks rose by 67% (G2, 2023)
• 18.3% of all DDoS attacks targeted United States-based infrastructure (Station X, 2023)
• 4 million DDoS attacks over the last 40 years have lasted more than one hour (NetScout, 2023)
• 1 million DDoS attacks in the previous 40 years have lasted more than 12 hours (NetScout, 2023)

BEC (Business Email Compromise) Attack Statistics

Business Email Compromise (BEC) scams are on the rise. Here are five BEC attack statistics your organization needs to know to develop protective cybersecurity measures:

• 28% of all BEC scams are opened by employees (Abnormal, 2023)
• 2.1% of all BEC scams are reported by employees (Abnormal, 2023)
• From 2013 to 2022, BEC scams exploited over 137,000 U.S. victims (FBI, 2023)
• From 2013 to 2022, BEC scams stole over 17 Billion from American companies and citizens (FBI, 2023)
• From 2017 to 2020, 52,842 BEC attempts were recorded worldwide (Statista, 2022)

Internet of Things (IoT) Cybersecurity Stats

Over the last decade, IoT devices have surged in use. These devices provide organizations with many benefits, including streamlining processes, improving convenience, and reducing costs. However, IoT devices are also susceptible to various cyber threats. Organizations utilizing IoT devices must be aware of the risks.

• Over 15 Billion IoT devices were in use globally in 2023 (Statista, 2023)
• By 2030, the number of IoT devices used worldwide is expected to surpass 29 Billion (Statista, 2023)
• 25% of all cyber attacks will involve IoT devices (Gartner, 2018)
• In 2022, more than 112 million cyber attacks targeted IoT devices (Statista, 2023)

Remote Work Attack Statistics

Spurred by the COVID-19 pandemic and technological advancements such as IoT devices, remote authentication apps, and automation services, remote work has become a legitimate alternative to standard on-premise reporting for many organizations. These organizations need to know the following statistics to develop security procedures to protect their remote workers and business operations.

• 20% of organizations experience a data breach caused by a remote worker (LinkedIn, 2023)
• Remote work has increased the average cost of a data breach by $137,000 (LinkedIn, 2022)
• In April 2020, more than 500,000 Zoom passwords were sold on the dark web (Forbes, 2020)
• Between January and April 2020, cyberattacks on cloud services increased by 630% (HIPAA Journal, 2020)

Cryptocurrency Scam Statistics

Between 2020 and 2021, the cryptocurrency market surged unprecedentedly. However, since 2021, notable events like the collapse of FTX (Nassau-based cryptocurrency exchange) have altered the perception of crypto from intrigue to apprehension. Throughout the fourth quarter of 2023, the crypto market has shown a slight resurgence, yet persistent risks—such as volatility, regulatory uncertainty, scams, and security vulnerabilities—remain.

• From 2021 to the first half of 2022, 46,000 people reported losing money to a crypto scam (FTC, 2022)
• $3.8 Billion in cryptocurrency was stolen by cybercriminals in 2022 (Chainalysis, 2023)
• DeFi protocols accounted for 82.1% of all crypto-based attacks in 2022 (Persona, 2023)
• The Ronin spyware attack stole 173,000 Ethereum (worth $595 million at the time) in March 2022 (Persona, 2023)
• 140 million crypto-hacking attempts were deployed in 2022 (Statista, 2023)

Zero-Trust Statistics

As IoT devices, remote work, and cyber attacks rise, security teams deploy zero-trust security models to challenge traditional “trust but verify” principles and develop robust cyber protections. Overall, here is how zero-trust stacks up against common cybercriminals:

• On average, zero trust reduces the cost of a data breach by $1 million (IBM, 2023)
• 47% of SMEs are using multi-factor authentication (Jumpcloud, 2023)
• 21% of security professionals use more than 100 systems to manage digital identities (Solutions Review, 2021)
• 72% of security leaders in Europe have implemented cloud access security brokers (Fortinet, 2023)

How Does UpGuard Help the Tech Sector

UpGuard helps technology security teams with external attack surface monitoring, third-party risk management, incident response, data security, and other cybersecurity ventures.

UpGuard’s cybersecurity toolkit includes two comprehensive products: UpGuard Vendor Risk (TPRM and third-party security posture) and UpGuard BreachSight (first-party attack surface monitoring).

Cybersecurity professionals using UpGuard can access these powerful tools:

• Data Leak Detection: Prevent data leakage due to breaches, phishing attempts, identity theft, ransomware, endpoint vulnerabilities, human error, and other cyber threats
• Security Ratings: Understand your organization’s and your vendor’s security posture
• Vendor Risk Assessments: Reduce the time it takes to assess new and existing vendors‍
• Vendor Tiering: Classify vendors based on their level of inherent cyber risk and your organization’s unique risk tolerance‍
• Compliance Reporting: Map vendor details against common compliance frameworks (NIST, ISO 27001, PCI, etc.) and initiatives ‍‍
• 24/7 Continuous Monitoring: Receive real-time updates when security incidents affect your security rating or the security rating of one of your third-party vendors
• ‍Third-party integrations: Configure UpGuard within your existing security tools and web applications