62 Compelling Hacking Statistics 2024: Data on Common Attacks, Impact & Prevention

Individuals and businesses today are embracing the acceleration of digital capabilities. However, there comes with it the risk of falling victim to a cyber attack. With the rapid shift to digital platforms brought about by the COVID-19 pandemic, hacking incidents have only become prevalent. Thus, it’s important for consumers and organizations to be aware of the risks of their online activities.

In this article, you will find a compilation of hacking statistics. These will help shed light on the various issues surrounding cybersecurity. Get to know some eye-opening data on these topics from email hacking statistics to password hacking statistics. These show that hacking is a very real threat that can happen to anyone. Moreover, social media hacking statistics will show how individuals and corporations can be targets. With awareness of the risks, one can adopt steps to prevent hacking incidents.

What industries are most frequently targeted by hackers?

Certain industries are more vulnerable to cyberattacks due to the nature of their operations and the sensitive data they handle. Understanding which sectors face the highest risk of hacking can help organizations proactively strengthen their cybersecurity measures.

• Healthcare: The healthcare sector is a primary target for cyberattacks, with hackers aiming to access personal patient data and medical records. Medical data is highly valuable on the black market, and ransomware attacks on hospitals can disrupt critical services.
• Financial Services: Financial institutions, including banks, insurance companies, and investment firms, are frequently targeted due to the valuable financial information they handle. Cybercriminals aim to steal credit card data, account information, and perform identity theft, often resulting in severe financial losses for both institutions and their clients.
• Retail and E-commerce: Retailers, especially those with an online presence, are prone to attacks aimed at stealing customer payment information. The rise of e-commerce has increased the sector’s vulnerability, making credit card theft and account compromise common threats.
• Government and Defense: Government agencies are high-value targets for cyber espionage and sabotage. Hackers targeting this sector often have political or espionage motives and aim to access classified information or disrupt national security.
• Education: Educational institutions hold a wealth of sensitive data, including student records and research information. Limited cybersecurity resources in many educational settings make them attractive targets for ransomware attacks and data breaches.
• Energy and Utilities: The energy sector, which includes power grids and water utilities, is essential to national infrastructure. Attacks on these facilities can have far-reaching impacts, from disrupting power supplies to affecting public safety.
• Manufacturing: Manufacturing companies, particularly those with automated processes and supply chain operations, are increasingly targeted for intellectual property theft and disruption. Cyberattacks in this industry can halt production, leading to significant financial losses.

General Hacking Statistics

There has been a rise in internet crimes reported in the United States and the United Kingdom. Hacking statistics indicate various methods for malicious actors to carry out their intent. However, common methods involve the use of hacking into emails and social media accounts. Compromised passwords because of weak credentials and lost or stolen passwords likewise contribute to the problem.

• In the past five years, there were over 2.2 million complaints of internet crimes reported to the FBI’s Internet Crime Complaint Center. (FBI IC3, 2020)
• 70% of data breaches in 2020 occurred in on-premises assets while 24% occurred in cloud assets. (Verizon, 2020)
• 96% of data breaches in 2020 involved information technology. In contrast, only 4% involved operational technology. (Verizon, 2020)
• There were 55 new ransomware families/unique variants tracked in 2020. 21 of them or nearly 40% were observed to be stealing data from victims. (F-Secure, 2021)
• Companies in the UK experienced on average 157,000 cyberattacks during the first quarter of 2020. This translates to more than one attack per minute. Furthermore, the rate of attack was 30% higher compared to the first quarter of 2019. (Beaming, 2020)
• The FBI IC3 reported a spike of 400% in cybercrime reports during the pandemic. (The Hill, 2020)
• White hat hackers earned around $40 million in bounties in 2019. Six hackers surpassed $1 million in lifetime earnings in 2019. (HackerOne, 2020)

Email Hacking Statistics

• 46% of organizations got malware through email. In contrast, 22% of organizations got malware from other sources. (Verizon, 2020)
• 96% of social actions were delivered through email. On the other hand, 3% were delivered via a website while only 1% were delivered through phone or SMS. (Verizon, 2020)
• During the first half of 2020 51% of malware was delivered through emails. This slightly increased to 52% during the second half of 2020. (F-Secure, 2021)
• From July to August 2020, there was a 214% increase in COVID-themed spam. The top threat delivered through COVID-related spam is AgentTesla at 27%. AgentTesla is a form of malware-as-service. It lets attackers steal user credentials and other information through screenshots, keyboard logging, and clipboard capture. (F-Secure, 2021)
• There has been a rise of 15% in phishing incidents recorded in 2020 compared to 2019. (F5 Labs, 2020)
• 55% of phishing sites used target brand names and identities in their URLs. Moreover, 52% of malicious links indicate the brand name either in the domain name or the path. (F5 Labs, 2020)

Password Hacking Statistics

• In April 2020, hackers sold 500,000 Zoom passwords, which ended up on dark web crime forums. The information that hackers obtained included names and Zoom URLs. (Forbes, 2020)
• 68% of small and medium businesses (SMBs) worldwide say that their employees’ passwords have been lost or stolen in the past year. Similarly, 68% of SMBs said that employees using weak passwords were one of their biggest pain points. (Ponemon Institute, 2019)
• Attacks involving compromised passwords cost SMBs an average of $384,598 for each attack. (Ponemon Institute, 2019)
• 55% of SMBs worldwide say that they do not have employee password usage policies. They were also unsure of such a policy. (Ponemon Institute, 2019)
• Less than half (48%) of SMBs worldwide require employees to use strong or unique passwords. Only 25% said that they can determine if employees are sharing passwords. (Ponemon Institute, 2019)
• Only 38% of SMBs worldwide prohibit employees from using the same password on internal systems. On the other hand, only 29% said that they require minimum password lengths. (Ponemon Institute, 2019)
• 52% of adults aged 16 to 50+ in the US reuse the same password. They use the same password for multiple but not all of their accounts. In contrast, 35% use a different password for all accounts. Meanwhile, 13% reuse the same password for all their accounts. (Google/Harris Poll, 2019)
• A survey revealed that 91% of people know that using the same password or variation puts them at risk. However, 66% always or mostly use the same password. (LastPass, 2020)

Social Media Hacking Statistics

• During the first half of 2020, there was a 95% increase in executive/VIP-related threat activity for social media profiles. In total, there were 1.2 million incidents for more than 7,000 executives with highly public social media profiles. (ZeroFOX, 2021)
• On average, there were nearly three attempts per month at hijacking corporate social media accounts. Every year, takeover attempts occur around 30 times per institution. (ZeroFOX, 2021)
• Botnets can be used for launching disinformation campaigns using inauthentic social media, DDoS attacks, and other malicious acts. Bots can make up for 60% of overall web traffic. However, less than half of these can be declared as bots. These make tracking and blocking botnets challenging. (Council to Secure the Digital Economy, 2020)
• 53% of activity in fraud groups on social media involved discussions on carding or carding services. On the other hand, 16% discussed account takeover while 9% discussed wire transfers. (RSA Security, 2020)

Most Common Hacking Attacks Statistics

Hacking statistics from the FBI reveal that phishing is the top internet crime that victims complain about. Phishing attempts to imitate top brands to lure users into clicking on a malicious link. On the other hand, other reports point to various forms of malware used in data breaches like ransomware and infostealers.

• The top internet crime that people reported to the FBI IC3 was phishing. In 2020, the FBI IC3 received 241,342 phishing complaints. In second place was nonpayment or non-delivery with 108,869 complaints. Other top complaints involved extortion (76,741), personal data breaches (45,330), and identity theft (43,330). (FBI IC3, 2020)
• More than 80% of breaches that used hacking involved brute force or the use of lost or stolen credentials. (Verizon, 2020)
• External actors were responsible for 70% of data breaches. On the other hand, only 30% involved internal actors. More importantly, organized criminal groups were behind 55% of data breaches. (Verizon, 2020)
• 45% of data breaches featured hacking. Other tactics malicious actors utilized were errors from causal events (22%), social attacks (22%), malware (17%), and misuse by authorized users (8%). (Verizon, 2020)
• Only 18% of organizations were able to block at least one piece of ransomware through the year. (Verizon, 2020)
• Backdoor malware comprised 19% of malware samples in 2020 while 12% were keyloggers. (Verizon, 2020)
• 97% of data breaches in mobile devices involved error cases. (Verizon, 2020)
• In 2020, infostealers comprised 33% of malware threats. They are followed by Remote Access Trojans or RATs (32%) and Trojans (17%).  (F-Secure, 2021)
• The most impersonated brand in phishing attacks is Outlook at 19%. In second place is Facebook at 17% while Office365 ranked third at 10%. (F-Secure, 2021)
• Ransomware attacks have increased by 800% during the pandemic. The switch to remote work has allowed hackers easy access to devices and networks. (MonsterCloud, 2020)

Reasons for Hacking Statistics

Hackers don’t hack just for fun. After all, it can be risky, especially in regions where cybersecurity laws are strict. For some, this risk is worth taking depending on their motivation. In most cases, it is for financial gain or corporate espionage. However, there are also those who simply hack to participate in bug bounty programs, to learn new techniques, or even to carry out political motives.

• 64% of data breaches in mobile devices were financially motivated. On the other hand, 5% were done for espionage purposes. (Verizon, 2020)
• 91% of data breaches in North American organizations were financially motivated. Motives of espionage consisted 5% of the breaches while 3% were motivated by grudges. (Verizon, 2020)
• Unlike black hat hackers, there are hackers who participate in bug bounty programs. In a survey, 78% of white hat hackers said that they want to use their hacking experience to look for or better compete for career opportunities. (HackerOne, 2020)
• By the end of 2019, white hat hackers earned a total of more than $82 million for valid vulnerability reports. (HackerOne, 2020)
• 68% of global white hat hackers said that their reason for doing hacking is to be challenged. On the other hand, 53% said they wanted to make money while 51% said that they wanted to learn tips and techniques. (HackerOne, 2020)
• Foreign governments, cybercriminals, and hacktivists have an interest in stealing data from government organizations. In 2020, data theft and leak attacks comprised 25% of attacks against governments. (IBM, 2021)

Why Businesses Get Hacked

• The FBI IC3 received 19,369 Business Email Compromise (BEC)/ Email Account Compromise (EAC) complaints in 2020. These incidents led to adjusted losses of $1.8 billion. In addition, the FBI IC3 noted an increase in the number of BEC/EAC complaints. Hackers used stolen information from these breaches to put up a bank account for receiving lost or stolen BEC/EAC funds. Afterward, hackers transferred the funds to a cryptocurrency account. (FBI IC3, 2020)
• 32% of supply chain attacks targeted utility software. On the other hand, 24% targeted application software. Meanwhile, 12% targeted the code repository. Managed Service Provider and targeted software hosting both comprised a 5% share in the attacks. Other targets comprised 22% of the attacks. (F-Secure, 2021)
• One of the reasons businesses get hacked is to extort money from their users. For example, back in 2015, there was a data breach of Ashley Madison users. The company is a provider of an online dating service for married people. The breach involved 9.75GB in files and 32 million accounts. In 2020, breached data from 2015 was reused in sextortion emails. Compromised account owners were asked to pay 0.1188 in Bitcoin or $1,059 or risk public exposure of their sensitive account data. (Vade Secure, 2020)
• 60% of senior decision-makers in SMBs place cybersecurity at the bottom half of their priorities. (Keeper, 2019)
• Small businesses with 500 employees or less underestimate the likelihood of a cyberattack. Two out of the three senior SMB leaders believe that a cyberattack is unlikely. (Keeper, 2019)
• One out of four senior SMB leaders says that they don’t know where to start with cybersecurity measures. (Keeper, 2019)

The Impact of Hacking Statistics

Currently, the financial impact of internet crimes in the US amount to billions in losses. In the next five years, cybercrime losses will amount to trillions worldwide. Online payment fraud and hacking of cryptocurrency exchanges will likely be more prevalent, adding to the growing list of cybercrime trends.

• Total losses due to internet crimes in the US amounted to $4.2 billion in 2020. (FBI IC3, 2020)
• The cost of cybercrime is expected to cost the world $10.5 trillion annually by 2025. This amount is equivalent to losing $11.4 million per minute. In addition, the global costs of cybercrime are projected to grow by 15% year-on-year in the next five years. (Cybersecurity Ventures, 2020)
• There were 2,474 complaints related to ransomware made to the FBI IC3 in 2020. They accounted for $29.1 million in adjusted losses. (FBI IC3, 2020)
• In 2020, the state with the most number of internet crime victims was California. The Golden State reported 69,541 victims of internet crimes. Next to California is Florida with 53,793 victims and Texas with 38,640 victims. (FBI IC3, 2020)
• California was also the top state in terms of victim losses. The state recorded $621.5 million in losses due to internet crimes. New York came in second with $415.8 million in losses. Meanwhile, Texas came in at third place with $313.6 million in losses. (FBI IC3, 2020)
• Ecommerce losses due to online payment fraud are expected to reach over $25 billion annually by 2024. Forty-two percent of ecommerce payment fraud is expected to come from China. (Juniper Research, 2020)
• In 2019, the average value stolen through hacking cryptocurrency exchanges was $26 million. On the other hand, the median value that hackers stole was $16 million. (Chainanalysis, 2020)

Hacking Prevention Statistics

One way for individuals to avoid being victimized by hackers is to use strong passwords. However, data from leading reports show users do not follow best practices for passwords even though they are aware of the consequences. On the bright side, there is a growing awareness of using multi-factor authentication for personal and work accounts.

• Only 24% of US adults aged 16 to 50+ use a password manager. However, many people also say that they need a better way to track passwords. (Google/Harris Poll, 2019)
• Only 55% of US adults aged 16 to 50+ could correctly define the term “password manager.” Moreover, only 32% could correctly define “phishing,” “password manager,” and “two-step authentication”. (Google/Harris Poll, 2019)
• 53% of users around the globe have not changed their password in the last 12 months despite hearing about data breaches in news reports. (LastPass, 2020)
• 42% consider an easy-to-remember password as more important than a very secure password. (LastPass, 2020)
• In the same survey, 80% of people said that they will be concerned when their password is compromised. Yet, 48% said that they will not change their password if it’s not required. (LastPass, 2020)
• 42% of people think that their accounts aren’t worth a hacker’s time. (LastPass, 2020)
• 54% of people said they use multi-factor authentication for their personal accounts. On the other hand, 37% said they use it for work. (LastPass, 2020)
• 69% of people surveyed said that they would create strong passwords for the financial accounts. Other accounts mentioned where users would create strong passwords were email accounts (47%), medical records (31%), and work-related accounts (29%). (LastPass, 2020)
• The worst password to use is 123456. It has more than two million users, takes less than a second to crack, and has been exposed over 23 million times. (NordPass, 2020)

The Lowdown on Hacking

Even in the midst of a raging pandemic, hackers have exploited less secure environments like the home office to launch their attacks. As technology advances, it is reasonably expected for hackers to become more sophisticated in their ways. Thus, cybercrimes are a very real and imminent threat that can affect anyone anywhere in the world.

The latest cybercrime statistics show that cybercrimes are becoming more prevalent. Thus, building cybersecurity awareness is helpful in protecting oneself from falling prey to hackers. And while these hacking statistics might seem daunting, the good news is that following cybersecurity best practices will help individuals and businesses to keep their information out of reach from malicious actors. From using strong passwords to multi-factor authentication, it’s best not to let one’s guard down while making transactions for personal or work purposes.

References:

1. Beaming. (2020). Cyber Threat Report Q1 2020. Retrieved from Beaming.
2. Chainanalysis. (2020). The 2020 State of Crypto Crime. Retrieved from Chainanalysis.
3. Council to Secure the Digital Economy (2020). International Botnet Guide and IoT Security Guide 2020. Retrieved from Council to Secure the Digital Economy.
4. F5 Labs. (2020). 2020 Phishing and Fraud Report. Retrieved from F5 Labs.
5. Google/Harris Poll. (2019 February). Online Security Survey Google / Harris Poll. Retrieved from Google/Harris Poll.
6. Federal Bureau of Investigation Internet Crime Complaint Center. (2020). Internet Crime Report 2020. Retrieved from FBI IC3.
7. F-Secure. (2021, March 30). Attack Landscape Update. Retrieved from F-Secure.
8. HackerOne. (2020, February 23). The 2020 Hacker Report. Retrieved from HackerOne.
9. IBM X-Force. (2021 February). X-Force Threat Intelligence Index. Retrieved from IBM X-Force.
10. Juniper Research. (2020, March 30). Ecommerce Losses to Online Payment Fraud to Exceed $25 Billion Annually by 2024. Retrieved from Juniper Research.
11. LastPass by LogMeIn. (2020, April 14). Psychology of Passwords: The Online Behavior That’s Putting You at Risk. Retrieved from LastPass by LogMeIn.
12. Lurey, C. (2019, July 24). Cyber Mindset Exposed: Keeper Unveils its 2019 SMB Cyberthreat Study. Retrieved from Keeper Security.
13. Miller, M. (2020, April 16). FBI sees a spike in cybercrime reports during the coronavirus pandemic. Retrieved from The Hill.
14. MonsterCloud. (2020, March 23). Coronavirus Alert – Ransomware Attacks Up by 800%. Retrieved from MonsterCloud.
15. Morgan, F. (2020, November 13). Cybercrime To Cost The World $10.5 Trillion Annually By 2025. Retrieved from Cybersecurity Ventures.
16. Nordpass. (2020). Top 200 most common passwords of the year 2020. Retrieved from NordPass.
17. Ponemon Institute. (2019 October). Exclusive Research Report: 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses. Retrieved from Ponemon Institute.
18. Verizon. (2020). 2020 Data Breach Investigations Report. Verizon.
19. Winder, D. (2020, April 28). Zoom Gets Stuffed: Here’s How Hackers Got Hold Of 500,000 Passwords. Retrieved from Forbes.
20. ZeroFOX Team. (2021, January 22). How Often Are Social Media Accounts Hacked?. Retrieved from ZeroFOX.

By Louie Andre

B2B & SaaS market analyst and senior writer for FinancesOnline. He is most interested in project management solutions, believing all businesses are a work in progress. From pitch deck to exit strategy, he is no stranger to project business hiccups and essentials. He has been involved in a few internet startups including a digital route planner for a triple A affiliate. His advice to vendors and users alike? "Think of benefits, not features."