90+ 2024 Cybersecurity Statistics and Trends

Digital platforms make work more productive, collaboration and communication easier, and user experiences more intuitive and interactive. But as our lives get more concentrated online, technology also makes it a lot easier for hackers and scammers to find new targets.

Cybersecurity pros and cybercriminals are pitted against each other in a constant race to see who can deploy emerging technology faster. Business leaders, workers, and individuals are often unaware of new threats or technologies that can be turned against them — making it even more important for cybersecurity teams to retain an advantage.

Knowing the trends is a key first step to keeping your data secure. Let’s take a look at the cybersecurity statistics and trends shaping 2024, including persistent threats and evolving dangers.

Editor’s Picks: Cybersecurity Statistics

• The cybersecurity market is expected to grow to $300 billion this year.
• Cloud environment attacks increased by 75% between 2023 and 2024.
• 70% of cybersecurity pros say their organization is affected by a shortage of skilled IT employees.
• Over 90% of successful breaches utilize known vulnerabilities that are left unpatched.
• Identifying and containing a data breach takes an average of 277 days.
• The average security budget of small businesses is $500, while the average cost of a data breach is almost $5 million.
• Hackers find new vulnerabilities every 17 minutes.

Common Cybersecurity Threats in 2024

Cyberattacks are on the rise in 2024 with the increasing use of cloud platforms and AI opening up new ways for bad actors to exploit systems. Many organizations, especially small businesses, are slow to implement security enhancements like multi-factor authentication and passwordless authentication. Cybercriminals continued to rely on methods like phishing, ransomware, and malware. New weaknesses were exposed by attacking IoT devices and hackers using deepfakes to gain an advantage over users.

Types of Cyberattacks

Hackers are always looking for new vulnerabilities, but human error is still the number one way for them to gain access to systems — either through social engineering or poor security habits.

• Over 75% of attacks start with a phishing email.
• Over 90% of malware is delivered via email.
• 17% of attacks are launched on web applications.
• Up to 88% of data breaches are caused by human error.
• In tests conducted by IBM X-Force, security misconfigurations make up 30% of web application vulnerabilities.
• 85% of cybersecurity pros identify generative AI as the cause behind the increase in attacks in 2024.

Now let’s break down the numbers for the most common attacks.

Phishing

Internet users are more aware of phishing than they’ve ever been, but criminals keep finding ways to make phony emails look more realistic, especially by exploiting new tools like AI. 

• 96% of phishing attacks are carried out using email.
• 30% of small businesses identify phishing as the biggest threat to their data.
• Phishing attacks have increased by over 1,000% as a result of generative AI.
• Almost 60% of organizations report daily and weekly phishing attacks.
• 50% of people who were tricked by a phishing attack say it was because they were distracted or tired.
• Hackers faked emails from Microsoft in over 40% of phishing attempts.

Ransomware

Incidents of ransomware hit an all-time high in 2024, with the trend of Ransomware as a Service (RaaS) platforms enabling new wave of criminals with minimal technical skills.

• Over 60% of attacks on government agencies involve ransomware.
• Ransomware is deployed in 80% of cyberattacks on retail companies.
• Almost 50% of organizations have a ransomware payment policy in place.
• Less than 10% of businesses who met the demands of hackers and paid a ransom got all of their data back.
• Paying a ransom makes it up to 80% more likely of additional attacks in the future.
• 25% of consumers will stop using a product that has been a victim of ransomware.

Distributed Denial-of-Service (DDoS)

DDoS attacks reached fierce new levels this year, as the most powerful offensives reached speeds of almost 2 Tbps. Computer software, IT service providers, gaming, gambling, and casinos, and media companies were the top five industries targeted by DDoS attacks.

• DDoS incidents rose 46% in the first half of 2024 compared to the same period in 2023.
• Russia led the way in blocked IP addresses with over 8.2 million.
• The U.S. was next in line with over 3 million IP blocked addresses.
• China finished third with 1.4 million blocked IP addresses.
• Attacks that lasted over three hours surged 103% this year.
• DDoS attacks against cryptocurrency firms soared over 600%, compared to a rise of 15% over all other organizations.
• The 911 S5 botnet was dismantled by the FBI in 2024, after it infected over 19 million devices globally over the course of its lifetime.

Malware

Advances in AI helped hackers create more sophisticated malware that evolves on the fly to evade security systems. AI also aided in creating more realistic phishing bait to lure users into launching malware programs.

• 560,000 new malware programs are exposed daily.
• There are over 1 billion malware programs that exist globally.
• Between 2023 and 2024 malware attacks increased by 30%.
• 48% of organizations have had data stolen by malware.
• Android devices are 50 times more likely to be vulnerable to malware than iOS devices.
• Word, Excel, and PDF files are the most common vectors to spread malware via email.
• 58% of malware infections are launched by Trojans.
• China has the highest number of computers infected with malware.
• The U.S. is the top target for malware attackers, getting hit with 900% greater frequency than the number two target U.K.

Advanced Persistent Threats (APTs) 

APTs use the most advanced tools to avoid detection and remain inside systems to steal information and sabotage long-term operations. They’re often deployed in high-stakes attacks against governments or major organizations. 

• Attacks against the supply chain increased significantly in 2024, making up 17% of APT incidents.
• AI models like WormGPT and FraudGPT are increasingly being used by bad actors to launch APT spear-phishing attacks.
• In 2024 hacktivists are estimated to have been responsible for up to 10% of APT attacks, compared to only about 2% historically. The increase is connected to the rise of geopolitical conflicts.
• It’s estimated that 60-70% of APT attacks are focused on espionage.

Man-in-the-Middle (MITM)

In a man-in-the-middle (MITM) attack, hackers intercept data as it’s exchanged between two parties. This type of breach is usually done over an unsecured Wi-Fi network or through spoofing IP addresses, login pages, or other legitimate access points. 

• MITM attacks are responsible for 19% of successful cyberattacks this year.
• MITM compromised emails have increased by 35% since 2021.
• Internet of Things (IoT) environments and smart devices are being targeted more frequently by MITM attacks. 

Insider Threats

An organization is only as secure as the people inside of it. Some insiders make honest mistakes, some are negligent, and others intentionally defy rules. To combat individual vulnerabilities more companies have looked to IT unification strategies turned to Zero Trust policies.

• Insider threats are responsible for almost 43% of all breaches.
• Roughly 50% of insider threats are considered accidental, and the other 50% intentional.
• 80% of employees admit to using shadow IT SaaS applications without approval.
• 65% of organizations have implemented Zero Trust models to improve access management and compliance.
• Companies using conditional access strategies save $1 million or more on costs related to data breaches than companies without Zero Trust policies in place.

Emerging Cyberthreats

New threats that surfaced in 2024 were driven by a rise in geopolitical tensions, hackers weaponizing AI tools, and new technologies providing novel attack vectors for thieves to exploit. 

State-Sponsored Attacks

Specific events like the Paris Olympics and U.S. elections contribute to the rise of state-sponsored attacks. With the recent surge in armed conflict, expect cyber operations by enemies and allies to expand across the globe.

• China, Russia, North Korea, and Iran have all been identified as a cause of cyberattacks on the U.S. and its allies.
• Online attacks in Ukraine have increased over 300% since the start of the war with Russia in 2022.
• During the Israel-Hamas conflict DDoS attacks against Israeli websites have increased by 400%, while DDoS attacks against Palestine increased 60% within the first two days of the conflict.

Unsecured Internet of Things (IoT) Devices

Increasing adoption of smart devices, medical devices, and home systems give cybercriminals new targets to aim for every day. This year, security researchers demonstrated how MITM attacks could be used to unlock, start, and steal Tesla vehicles through the Tesla phone app.

• Organizations are expected to invest up to $15 trillion in IoT by 2025.
• IoT devices are usually attacked five minutes after getting online.
• 48% of businesses say they are unable to detect IoT security breaches on their network.
• Routers are the point of entry in almost 75% of IoT attacks.
• 98% of IoT traffic is not encrypted.

Deepfake and Emerging Technologies

Cybercriminals are using deepfakes to make scams more effective, even against the savviest users — making it one of the fastest-growing facets in online crime.

• 64% of surveyed IT pros predict an increase in deepfake attacks over the next 18 months.
• 75% of organizations reported at least one deepfake-related security issue during the past year.
• Deepfake fraud skyrocketed over 1,700% in North America last year.
• 73% of organizations plan to invest in training to identify deepfakes.
• 52% of employees who fell prey to a phishing link believed the email came from a C-suite executive at their organization.

Cryptojacking

Bad actors hijack business and personal devices, then configure them in a network to mine cryptocurrencies. 

• Cryptojacking attempts increased almost 400% in the last year.
• Healthcare and education were the hardest hit by cryptojacking. Healthcare experienced an almost 700% rise. Education organizations were hit with 320 times the number of attacks as the previous year.
• It’s expected 13.5 million users will be compromised by cryptojacking this year.

Incidence Rate Statistics

New technologies and motivations lead bad actors to launch attacks against all types of institutions and individuals. 2024 is expected to be the costliest year for cybercrimes yet as incidents continue to rise.

• Data breaches exposed over 7 billion records in the first half of 2024.
• In 2023 over 7 trillion intrusion attempts were reported, 20% more than 2022.
• There was a 71% year-over-year increase in attacks that used stolen credentials.
• 50% of all known vulnerabilities have been published in the last five years.
• The National Vulnerability Database reported over 30,000 new intrusion points were discovered last year.

The Cost of Cybercrime

The worldwide cost of cybercrime is expected to hit $9.5 trillion in 2024 and rise an additional $1 trillion through 2025. In addition to the high price of attacks, ransoms, and lost revenue, affected organizations also face recovery expenses, regulatory fines, and reputational damage that leads to a loss of customers.

Financial Impact on Businesses

It’s well documented that cyberattacks cost businesses millions per incident. Defenses are never foolproof, but strong security policies and mitigation plans can limit damage and save organizations a significant amount of money in the event of a breach.

• In 2024, recovery from ransomware attack costs an average of $2.73 million.
• $17,700 is lost every minute due to phishing attacks.
• Enterprise organizations spend $2700 per full time employee per year on cybersecurity.
• Hospitals spend 64% more on advertising after being exposed in data breaches.
• In 2024, cybersecurity spending is expected to increase 8% to $87 billion in the U.S.
• Cyber insurance premiums cost U.S. organizations over $12 billion this year.

Economic Consequences

To protect consumers and promote cybersecurity, governments are creating stricter privacy and data laws that come along with major consequences for business. The EU’s General Data Protection Regulation (GDPR) is seen as the model legislation for many countries moving forward.

• Meta was fined $1.3 billion for violating GDPR regulations in 2023.
• TikTok was fined $379 million for failing to protect the data of minors.
• 94% of U.S. companies are not prepared to comply with GDPR requirements.
• 78% of organizations expect increases in regulatory compliance.

Notable Cybercrime Cases

Data breaches are on the rise since 2022. Here are some of the cyberattacks that have made headlines so far in 2024.

• A ransomware attack disrupted operations in the Change Healthcare system for weeks. The company is said to have paid a $22 million ransom, and congressional testimony revealed the attack may have affected up to one-third of all Americans.
• X (formerly known as Twitter) was hit with an attack that exposed the personal information of 235 million users.
• MGM Resorts suffered a data breach that compromised over 140 million records, including sensitive customer information. The estimated cost of the breach was $15 million.
• LoanDepot fell to a ransomware attack that exposed the data of 16.6 million customers and resulted in a class action lawsuit. In total, the incident cost the company almost $27 million.

Cybersecurity Jobs and Career Outlook

With cybercriminals getting bolder and expanding operations every year, cybersecurity is one of the fastest-growing fields. Currently it’s estimated there are 4.7 million security pros, but nearly two-thirds of industry leaders believe their security teams are understaffed. Education and hands-on experience are key to staying ahead of malicious actors.

Demand for Cybersecurity Professionals

Organizations from small businesses to enterprise companies to government institutions are making it a priority to expand their cybersecurity operations.

• 93% of organizations expect to increase cybersecurity spending in the next year.
• 70% of organizations say their IT teams are understaffed.
• According to Cybersecurity Ventures, there will be over 3 million unfilled cybersecurity positions globally in 2025.
• In 2023 the unemployment rate for cybersecurity professionals was near 0%.
• The growth rate for tech jobs is almost double the rate for all jobs during the next decade.

Career Opportunities and Salary Trends

Cybersecurity offers skilled professionals plenty of opportunity. 

• Information security analyst positions are expected to grow 33% from 2023 to 2033.
• Chief Information Security Officer (CISO) salaries averaged over $170,000 per year in 2022.
• The median salary for security analysts is over $100,000 in 2024.
• Salaries for entry-level roles in cybersecurity average over $60,000.

Secure Your Environment With JumpCloud

JumpCloud deploys multiple strategies to help secure your environment. Explore more to see how JumpCloud can be part of your cybersecurity solution with SSO, password management, and system insights that keep you informed of everything going on with your network. 

Sign up for a free JumpCloud account to see how we can get you to your cybersecurity goals. By teaming up against bad actors, we can make a positive impact on cybersecurity trends.