*This article is regularly updated with latest cybercrime and cybersecurity statistics, there are more than 100 statistics in the list and growing.

There’s no doubt that cybercrime and cybersecurity are hot topics. Indeed, with global cybercrime damages predicted to cost $6 trillion annually by 2021, it’s important to be in-the-know about the potential threat cybercrime poses, the impact it is having, and what is being done about it.

To help create a clearer image of what is happening, we’ve compiled the most important of this data in an easily digestible format. In this guide, you’ll find out about recent cybercrime statistics and facts, which highlight the dangers of and responses to this growing threat. We’ve sourced the most useful stats from 2017-2018, but where none are available, we’re sharing earlier statistics that help to paint an overall picture.

We’ll then share a roundup of cybercrime and cybersecurity surveys, studies, and reports from across the globe. Toward the end, we’ll hone in on the varying statistics related to cybersecurity and internet freedom for specific countries. Using our detailed infographic, you can find out which countries are most and least safe. Finally, we’ll offer some practical tips to help you stay safe online and do your part in the fight against cybercrime including where to report crimes depending on which country you live in.

Cybercrime stats and facts

One of the biggest problems in trying to understand what’s happening in the ever-changing world of cybersecurity is that there is just so much information out there. Not only is the nature of threats constantly evolving, but the responses to them differ across the globe.

For example, one of the newest threats to consumers is not the loss of their data, but the use of their devices for bitcoin mining. In fact, Symantec found that there was an 8,500 percent increase in the detection of coinminers. This indicates that many cybercriminals are more than happy to just use a victim’s computer power and resources to mine cryptocurrencies instead of stealing any personal data or money.

The cybercrime statistics don’t lie: 2016 and 2017 were pivotal years in cybersecurity, marking both rapid growth in mischievous and harmful online criminality, as well as increasingly rapid responses to digital crime. Most notably, ransomware has taken center stage, stealing the limelight from most other forms of malware.

Meanwhile, although data breaches are becoming less an aberration and more the norm, a general malaise among both consumers and some of the world’s largest businesses (more specifically, the twice-troubled Equifax), casts a worrisome eye on the overall security of private user data.

“Hackers Hone their Skills While Consumers Remain Complacent,”

(Symantec, in a November 2016 press release.)

However, not all increases in cybercrime have been relegated to attacks on businesses and average consumers. Cyberactivism has also been on the rise, most notably through cases like the Panama Papers in 2015 and most recently, the Paradise Papers release. Both leaks reveal private data on methods the world’s ultra-wealthy are using to house money in offshore locations, presumably to avoid taxes in their home countries.

From data loss to government cybersecurity spending, we’ve researched some of the most head-turning and noteworthy cybercrime stats for 2017 and 2018, with a few notable facts that are still relevant from 2016. Below, you’ll find a categorized list that reveals why these are growing areas of concern for cybersecurity professionals and internet users alike.

Cybercrime statistics: The big picture

One thing the previous few years have taught us that cybercrime is one issue that should not be ignored. The following “big picture” stats should help put the growing threat of cybercrime into perspective:

  • Globally, cybercrime was the 2nd most reported crime in 2016. (Source: PWC)
  • In proportion to the total number of crimes, cybercrime now accounts for more than 50% of all crimes in the UK. (Source: National Crime Agency)
  • An attacker resides within a network for an average 146 days before detection. (Source: Microsoft)
  • Between April and June 2017, over 11,800 people reported incidents of cybercrime to the Australian Cybercrime Online Reporting Network. (Source: ACORN)
  • A University of Maryland study found that hackers are attacking computers and networks at a “near-constant rate”, with an average of one attack every 39 seconds. (Source: University of Maryland)
  • Most network intrusions—63 percent—are the result of compromised user passwords and usernames.  (Source: Microsoft)
  • In their 2017 Annual Cybersecurity Report, Cisco found that globally, 8 percent of malicious email attachments were docm files (a type of Microsoft Word XML file that executes macros). (Source: Cisco)
  • 18 million new malware samples were captured in In Q3 2016. (Source: Panda Security)
  • According to Gartner, by 2020, 25 percent of cyber attacks against enterprises will involve IoT devices. (Source: Gartner)
  • At 91.6 percent, “Theft of Data” continues to be the chief cause of data breaches in 2016 counting total by identities stolen. “Phishing, Spoofing, and Social Engineering” were a distant second at 6.4 percent. (Source: Symantec)
  • The U.S. had the most data breaches of any other country, by a large margin. There were 1013 data breaches in the U.S. in 2016. By comparison, second place U.K. had just 38 breaches. (Source: Symantec)
  • The number of ransomware families increased from 30 in 2015 to 98 in 2016, revealing the distinct focus by cyber criminals on using ransomware to extort money from businesses and individuals. (Source: Symantec)

The average ransomware demand also increased significantly, from $294 in 2015 to $1,077 in 2016. (Source: Symantec)

  • Ransomware developers have been increasingly demanding popular cryptocurrency bitcoin in recent years, due to its improved privacy over fiat currencies. However, more private coins such as monero and Zcash are set to become popular with cybercriminals in 2018, due to their improved privacy over bitcoin. (Source: Bloomberg)
  • Most than 400,000 DDoS attacks are reported each month across the globe. (Source: Calyptix Security)
  • Mobile platforms are one of the fastest-growing targets for cyber criminals. Symantec identified 18.4 million malware detections in 2016, a 105 percent increase of 2015. (Source: Symantec)
  • In 2017, Wikileaks released a stash of over 8,000 classified CIA documents. (Source: New York Times)
  • That same year, hackers released 2GB of emails from French presidential candidate Emmanuel Macron. (Source: Reuters)
  • In 2016, 70% of all financial fraud in the UK was done through remote purchases using stolen information or cards. (Source: FFA UK)
  • There may be 3.5 million unfilled cybersecurity jobs by 2021. (Source: Cybersecurity Ventures)
  • Cybersecurity company RSA predicts mass data breaches will continue to play a large role in cybersecurity threats. (Source: RSA)
  • Most cybercrime is now mobile. Over 60% of online fraud is accomplished through mobile platforms. Additionally, 80 percent of mobile fraud is accomplished through mobile apps instead of mobile web browsers. (Source: RSA)
  • McAfee finds that the average number of records lost to hacking in 2017 was 780,000 per day. (Source: McAfee)
  • Up to 0.80 percent of the world’s GDP is now being lost to cybercrime. (Source: McAfee)

Cybercrime directly impacting consumers

One of the more troubling trends we found for 2016 and 2017 is the impact on consumers. The stark increase in data breaches results in an unprecedented amount of compromised personal information. As more consumers become exposed to data-hungry criminals, it’s increasingly apparent that personal protections against data theft are more important than ever.

  • Surprisingly, 76 percent of consumers in 21 countries acknowledge the importance of keeping their account information secure, yet many still share their passwords, among other risky behaviors with their data. A further 35 percent allow at least one device to go unprotected and vulnerable to all forms of viruses and malware. (Source: Symantec)
  • A vast majority of U.S. consumers (80 percent) now have a home internet network. One in ten has also experienced a cyber attack through their home networks. (Source: Hartford Steam Boiler)

cybercrime 2018(Source: Trend Micro)

  • Most smart home attacks occur in the U.S., China, and the U.K. (Source: Trend Micro)
  • In 2016, the majority of credit fraud reported in Australia and New Zealand to the Veda Shared Fraud Database (an Equifax company)—45 percent—came from fraudulent credit applications. (Source: Veda)
  • In 2016, 412 million Friend Finder Network records were stolen, including plaintext passwords. (Source: LeakedSource via Computer World)
  • 2015-2016 saw identity takeover become the fastest-growing type of fraud in Australia and New Zealand, with up to 80% of reported cases of fraud falling into this category. (Source: Veda)
  • In Australia, as of 2016, 57 percent of credit application fraud now occurs online. (Source: Veda)
  • 53 percent of Millennials in the UAE experienced at least one incident of cybercrime in 2015. A further 2.53 million consumers in the country fell victim to online criminals. (Source: Arabian Business)
  • In the U.S., consumers who fell victim to cybercriminals in 2015 spent an average of 21 hours dealing the consequences, for a cost of around $358 per person. (Source: Symantec)
  • 72 percent of people globally believe that connected home devices offer hackers new ways to steal data. (Source: Symantec)
  • 41 percent of people globally cannot properly identify a phishing email and often guess as to an email’s legitimacy. (Source: Symantec)

(Source: Symantec)

  • Cyberbullying is a primary concern in the U.S., where 64 percent of parents believe their children are more likely to experience bullying. By comparison, only 31 percent of parents in Germany share this concern. (Source: Symantec)
  • The Netherlands had the lowest cybercrime rate in 2015 at just 14 percent of the population. Indonesia had the highest in the world, with 59 percent of the population. (Source: Symantec)
  • The 2016 Norton Cybersecurity Insights Report found that the U.S. is the most susceptible developed country for cyber attacks. Around 39 percent of U.S. residents were victims of cybercrime, compared to 31 percent globally. (Source: Symantec)
  • In the past year, Nearly 700 million people in 21 countries experienced some form of cybercrime. (Source: Symantec)
  • Verizon reports that 30 percent of phishing emails in the U.S. are opened, with 12 percent of those targeted by these emails clicking on the infected links or attachments. (Source: Verizon)
  • The PyeongChang Winter Olympics is the latest high-profile event to be targeted by cybercriminals. Hackers shut down the event website and caused other internet and broadcast disruptions on the night of the opening ceremony. Travelers heading to the game had previously been warned about the risk of attacks. (Source: NYT)
  • Thanks to the growing number of data breaches, personal data is easier to buy on the dark web than ever. RSA reports personal data can cost as little s $0.20 to $15 USD. (Source: RSA)
  • A large amount of private and stolen consumer information is being shared online through social media groups built around such activity. Credit card services make up 53 percent of the topics discussed in such groups, followed very distantly by account takeovers (16 percent). (Source: RSA)
  • According to ThreatMatrix, mobile fraud rose 24 percent year-over-year in the beginning of 2018, with over 150 million global attacks in the first half of the year. (Source: ThreatMatrix)
  • The US saw the worst of the mobile fraud risk, with a 44 percent year-over-year increase. (Source: ThreatMatrix)

The increasing cost of cybercrime

The Edward Snowdens and Panama Papers John Does are unfortunately rare examples of cybercriminals. Most cybercriminals aren’t stealing data and leaking secrets for the sake of justice. Instead, most are out for personal gain, typically stealing money directly from consumers and businesses, or selling that data on the Dark Web. Regardless of their motivation, however, responding and stemming the tide of cybercrime is a massively costly endeavor.

  • $500 billion: Microsoft’s estimate for the total potential cost of cybercrime to the global community in 2016. (Source: Microsoft)
  • $14 billion: The amount the U.S. government spent in 2017 on cybersecurity. The government intends to spend 19 million in 2017. (Source: CIO)
  • $2.1 trillion: The total global annual cost of all data breaches by 2019, as suggested by Juniper Research. (Source: Juniper Research)
  • $1.5 trillion: The total revenue cybercriminals coaxed out of their victims worldwide in 2017. (Source: RSA)

cybercrime 2018

(Source: Microsoft)

  • $3.8 million: The average cost of a data breach to a business. (Source: Microsoft)
  • $158 billion: The collective amount of money consumers lost globally in 2015 due to cybercrime.  The U.S. accounts for $30 billion of that loss. (Source: Symantec)
  • $16 billion: The Javelin Strategy & Research 2017 Fraud Report discovered that 15.4 million U.S. consumers (17.5 percent increase) lost $16 billion to identity fraud in 2016. This marked a rise from 2015, when 13.1 million victims lost $15.3 billion. (Source: Javelin Strategy & Research)
  • $50 million: The total cost of cybercrime across 237 major companies in 6 countries. (Source: Micro Focus)
  • $530 million: The cost of the January 2018 Coincheck hack, the biggest cryptocurrency heist to date. (Source: Time Money)
  • $292 million: The average fraud value following a cybercriminals’ takeover of a consumer’s mobile banking account. (Source: RSA)
  • $600 billion: The global cost of cybercrime in 2017. (Source: McAfee)
  • $2 million: The average cost of a DDoS attack on an enterprise in 2017. (Source: Kaspersky)

Businesses increasingly on the receiving end of hacks and breaches

Internationally, businesses are intimately familiar with the need for data protection. Yet 2017 has taught us that even some of the largest businesses holding some of the most sensitive consumer data are still vulnerable—and at times, poorly secured. Around the world, hackers increasingly targeted businesses and governments. Small businesses and even hospitals learned the hard way that enterprise businesses are not the only ones who need to be concerned.

  • 32 percent of U.S. organizations were victims of cybercrime in 2016, with 34 percent expecting to become victims in the next two years. (Source: PWC)
  • In 2016, adware affected around 75 percent of organizations in 13 countries. (Source: Cisco)
  • In the first half of 2018, the industry with the highest number of reported DDoS attacks was the wired telecommunications carrier industry, with almost 800,000 attacks during that period. (Source: Calyptix Security)
  • According to Gartner, by the end of 2017 more than half of all network attacks targeting enterprises globally will bypass network controls by using encrypted traffic. Gartner believes that by 2017, more than 50% of the network attacks targeting enterprises will use encrypted traffic to bypass controls. (Source: Gartner)
  • Gartner revealed that 35 percent of respondents in a global survey were targeted by an SSL or TLS-based attack. (Source: Gartner)
  • A 2016 Vanson Bourne survey of companies in the U.K., France, Germany, and the U.S. indicates that a shocking 90% of CIOs have been attacked or expect to be attacked by hackers hiding behind encryption methods. (Source: Vanson Bourne)

43 percent of cyber attacks against businesses worldwide target small companies.

(Source: Symantec)

  • Data breaches are increasingly impacting stock prices, including a nearly half-percent decrease in company shares following a data breach. (Source: Comparitech)
  • Although Finance, Insurance, and Real Estate have the highest email malware rate (ever 1 in 182 emails), Construction was a close second with malware in 1 in every 179 emails. (Source: Symantec)
  • The phishing rate against businesses has been going down for the past few years, from 1 in 965 emails in 2014 to 1 in 2596 in 2016. (Source: Symantec)
  • Business email compromise (BEC) scams are among the most common cybersecurity threats impacting businesses worldwide. 96% of businesses report having received BEC scam emails. (Source: Agari)
  • 63 percent of in-house lawyers for corporations prefer to have changes in the federal law that enforce uniform reporting and notifications after data breaches. (Source: ACC)
  • The same number of corporate lawyers (63 percent) also noticed an increase in corporate funds allocated for cybersecurity-related events. (Source: ACC)

More statistics:

Cybercrime and cybersecurity predictions for 2018

We’re barely a couple of months into the New Year, but reports of cybercrimes are already creating headlines. Here are some of the predictions being put forward regarding what we can expect to see during the rest of the year.

  • The World Economic Forum (WEF) 2018 Global Risks Report includes cybersecurity threats as one of its four key areas. It predicts that cyberattacks will constitute the third largest global threat in 2018. (Source: WEF)
  • Ransomware is set to take center stage again in 2018. Even as the dust settles on the Bad Rabbit ransomware attack, it’s likely that new and more sophisticated threats will emerge in the year to come. (Source: Comparitech)
  • Cybercriminals will increasingly use artificial intelligence and machine learning to conduct attacks. (Source: Symantec)
  • The US government is considering allowing the use of nuclear weapons in the fight against cybercrime. (Source: NYT)
  • With the GDPR deadline looming, businesses will need to step up their cybersecurity initiatives to avoid fines and bad PR in the wake of an attack. (Rosslyn Data Technologies)

Cybercrime and cybersecurity surveys, studies, trends and reports

Cybercrime continues to be a massive problem facing governments, businesses, and the general public worldwide. According to Statista, cybercrime accounted for $1.33 billion (~ GBP £978 million) in damages in 2016 in the US alone. With massive cyberattacks occurring on a regular basis, things are seemingly out of control. The most effective way organizations and individuals can combat cybercrime is through improved cybersecurity. Professionals in this field are in high demand, and rightly so.

It’s also no wonder that organizations across the globe are conducting studies and surveys and compiling in-depth reports all based around these topics. Such organizations include government bodies, multinational professional services firms, and security solution companies, among others. The focus of their studies include perception of cybersecurity and cybercrime, preparedness to tackle threats, and what the future holds.

In honor of National Cyber Security Awareness Month, we’ve rounded up these surveys and studies for easy access. The reports are grouped by region and you’ll also find details about who conducted each one, the number or respondents involved (where applicable), and the main purpose or focus.


ITU Global Cybersecurity Index (2017) [PDF]

A heat map from the ITU cybersecurity survey.
The Heat Map of National Cybersecurity Commitments with dark green being the most committed and red the least. (Source: ITU)

The International Telecommunications Union (ITU) is the United Nations’ specialized agency for information and communication technologies. This index was first launched in 2014 and measures the commitment of ITU Member States towards cybersecurity.

Key findings:

  • Countries around the world continue to be committed to cybersecurity and there is improvement of the cybersecurity agenda in various countries within each region
  • Cooperation could be improved at all levels, within and between regions
  • Commitment in Europe remains high but regions in Africa and the Americas need support

PwC The Global State of Information Security Survey (2017)

PwC is a multinational professional services network based in the UK. In this case, 10,000 business and IT executives were surveyed to find out what they’re focusing on now and in the foreseeable future.

Key findings:

Survey respondents are focusing on four main areas:

  • Adopting safeguards for digital business models
  • Utilizing intelligence and information-sharing programs
  • Security of the Internet of Things (IoT)
  • Managing geopolitical cyberthreats

EY – Global Information Security Survey (2017) [PDF]

An infographic from the EY cybersecurity survey.
A representation of cybersecurity within an organization. (Source: EY)

Ernst & Young (EY) is another multinational professional services firm based in the UK. For this report, they surveyed 1,735 CIOs, CISOs, and other executives from companies across the globe. It evaluates how businesses are performing with respect to their cybersecurity capabilities. It then offers insight into how cyber resilience can be achieved.

Key findings:

  • Overall, organizations appear to be moving in the right direction
  • The pressure of increased regulation has spurred organizations to invest in strengthening their corporate shield
  • Companies are better able to see threats coming than they were three years ago
  • Most organizations aren’t prepared to react to a breach

Cybersecurity Trends Spotlight Report (2017) [PDF]

An attack response time infographic.
This chart shows the time taken to recover from an attack. (Source: Herjavec Group)

The 350,000 member LinkedIn Information Security Community collaborated with Crowd Research Partners to produce this report. It explores cybersecurity trends, and offers benchmark data to help companies evaluate their own performance.

Key findings:

  • Most cybersecurity professionals accept that successful attacks will occur in the near future and are boosting their budgets
  • Some of the largest obstacles faced include lack of skilled workers and low budgets
  • Priorities include improved threat detection, better analytics, and threat blocking
  • Concern over cloud computing, in areas such as data loss and data privacy, remains high
  • There are increasing concerns around Bring Your Own Device (BYOD) initiatives, including data leakage or loss and the downloading of unsafe applications or content

Tenable Global Cybersecurity Assurance Report Card (2017)

Tenable is a cyber exposure company that helps organizations understand and reduce their cyber risk. Its Report Card is in its second year, this year’s being based on findings from a survey of 700 security practitioners. It assigns indices and grades to countries and industries based on awareness and preparedness. Note that the linked article offers an overview of the report findings, but you’ll have to subscribe in order to download a copy of the full report.

Key findings:

  • The average overall score dropped six percent compared to last year and the Global Risk Assessment Index dropped 12 percent
  • Risk assessment for cloud and mobile is one of the biggest enterprise security weaknesses, which is partly explained by increasingly widespread adoption and complex applications
  • The evolution and broadening of the threat landscape poses the largest challenge for security professionals, creating more opportunity for attackers and leaving all organizations vulnerable
  • It’s critical for organizations to understand threats as well as be able to assess their own strengths and weaknesses in the area of cybersecurity

Secureworks State of Cybercrime Report (2017)

A chart showing the growth in the number of ransomware threats.
A chart to show the number of new ransomware threats observed per year. (Source: Secureworks)

Secureworks is a security solutions company that serves businesses across the globe. This report uses the company’s experience with and insight into things like criminal forums and monitoring global criminal activity. It delves into the criminal landscape and the subject of cyber crime as a market economy. Note that the linked article offers an overview of the report findings, but you’ll have to subscribe in order to download a copy of the full report.

Key findings:

  • The amount of losses incurred as a result of Business Email Compromise (BEC) and Business Email Spoofing (BES) increased sharply during 2015 and 2016
  • Ransomware, banking malware, and mobile malware continue to represent significant threats
  • Organized cybercrime can be compared to a business in which there are a range of roles and diverse cash out operations
  • Online crime can be considered a market economy where personal information is a relatively inexpensive commodity and affordable malware makes barrier to entry for cybercriminals low

Fortinet Global Enterprise Security Survey (2017)

IT security spend infographics from the Fortinet cybersecurity survey.
These charts show the average spend on IT security and the increase over last year. (Source: Fortinet)

Fortinet is US-based cybersecurity solutions company. It conducts an annual survey examining the challenges facing IT professionals and the attitudes towards cybersecurity in business.

Key findings:

  • In the past two years, most businesses have experienced a security breach
  • IT security is becoming a significant investment but it’s not being made enough of a priority
  • Cloud security is one area that is getting a lot of attention and planned investment
  • Organizations are overestimating their cybersecurity performance and are not providing employees with ample training in security awareness

ISACA State of Cybersecurity Implications (2016) [PDF]

ISACA is an international association with a focus on IT governance. In conjunction with RSA, they conducted this survey that received a total of 461 respondents. IT professionals from various parts of the globe participated to answer questions on organizational security and preparedness against cyber attacks.

Key findings:

  • Attack methodologies are becoming more sophisticated while the number of data breaches continues to go unchecked
  • Respondents don’t expect attacks to slow and anticipate being prey to an attack in the next year
  • Cybercriminals continue to use social engineering as a means to carry out attacks
  • The escalation of attacks is forcing businesses to take action and increase budgets, but it’s often difficult to fill security positions with skilled workers

RSA Current State of Cybercrime (2016) [PDF]

A representation of mobile channel cybercrime trends.
A representation of the cybercrime trends seen in the mobile channel. (Source: RSA)

RSA is a provider of security solutions to businesses across the globe. This one is not actually a survey itself, but rather a report based on findings from other surveys and the opinions of the authors.

Key findings:

  • With mobile changing the way organizations interact with consumers, the number of fraud attempts through mobile channels is dramatically increasing
  • Ransomware continues to proliferate with virtually no system immune to infection
  • The types of cybercrime taking place are evolving, as is the the way cybercriminals communicate
  • The increasingly widespread adoption of Chip and PIN credit cards means that in-person fraud will continue to give way to Card-Not-Present (CNP) fraud
  • The IoT opens up a whole new world of opportunity for attackers, with the risks remaining largely unknown


CSO US State of Cybercrime (2017)

CSO offers up news, research and analysis on the topics of security and risk management. This survey, conducted in conjunction with the US Secret Service and CERT, provides insight into the threats US businesses face and how companies are responding. 510 respondents include executives from US businesses, government agencies, and law enforcement services. Note the linked article offers an overview of the report findings, but you’ll have to subscribe in order to download a copy of the full report.

Key findings:

  • Companies are taking IT security more seriously, but the majority still see it as an IT issue rather than one of corporate governance
  • Cybersecurity budgets are increasing, with expenditures including new technologies, audits and assessments, new skills, and knowledge sharing
  • Companies are increasingly concerned about security but the large majority believe they are equipped to address threats
  • Although the overall number of attacks has reportedly decreased, the number of damaging incidents has risen

Deloitte-NASCIO Cybersecurity Survey (2016) [PDF]

An infographic showing the top cybersecurity initiatives for 2016.
Top cybersecurity initiatives for 2016. (Source: Deloitte-NASICO)

Deloitte, a US-based professional services firm, conducted this survey in conjunction with NASICO, a non-profit representing CIOs. The survey specifically targets State Chief Information Security Officers to offer a view of what’s happening at the government level.

Key findings:

  • At the governor level, awareness is increasing as CIOs and CISOs provide more frequent reports
  • Cybersecurity is becoming a more integral part of operations as the role of CISO is more commonplace and consistent
  • States that have a formal strategy and solid communication tend to have access to more resources, including funding and talent

PRC What the Public Knows About Cybersecurity (2017)

Pew Research Center is a nonpartisan organization providing information regarding US issues and trends. Instead of focusing on businesses, this study reveals what the American public knows about cybersecurity. 1,055 respondents answered 13 questions testing knowledge of cybersecurity issues and terms.

Key findings:

  • Cybersecurity knowledge among the public varies widely by topic but tends to be lower on technical issues
  • A significant number of people are unsure about the answers to many cybersecurity questions, particularly on topics such as Virtual Private Networks (VPNs) and botnets
  • Younger respondents and those with higher levels of education were more likely to respond correctly

NYSE Cybersecurity and the M&A Due Diligence Process (2016) [PDF]

The Governance Services department of the New York Stock Exchange teamed up with application security company Veracode to produce this report. Focusing on mergers and acquisitions (M&A), they asked 276 public company directors and officers about cyber risk management in an M&A environment. The report also provides benchmarking practices for future dealings.

Key findings:

  • A large majority of organizations state that an acquisition would be seriously affected if the target experienced a high-profile data breach
  • Two thirds of companies audit a target’s software applications as part of their due diligence process
  • A large majority of directors view intellectual property as a top consideration in the due diligence process

Symantec Operationalizing Cybersecurity in Healthcare Organizations (2017) [PDF]

Charts showing IT security budgets as a percentage of total budget.
IT security budgets as a percentage of total budget. (Source: Symantec)

Symantec is a software company specializing in security, storage, and backup solutions. This study, conducted in conjunction with HIMSS Analytics, surveyed 100 C-suite, business, IT, and clinical leaders. It explored how healthcare organizations are dealing with the issue of cybersecurity, including how it’s perceived and the resources being allocated to it.

Key findings:

  • Healthcare organizations continue to be heavily targeted with healthcare becoming the most cyberattacked industry
  • Many industry professionals continue to view cybersecurity as a HIPPA compliance issue
  • Organizations are increasing cybersecurity resources, but it is largely viewed as an IT issue rather than a risk management problem
  • Healthcare organizations need to operationalize cybersecurity strategies in order to defend themselves

KPMG Cyber Healthcare & Life Sciences Survey (2017) [PDF]

KPMG is a multinational professional services company headquartered in the Netherlands. This study involved 200 senior executives from the healthcare and life sciences fields. It examines where organizations are when it comes to cybersecurity, compared to where they should be. Key areas explored are data sharing, vendor management, and medical device implementation.

Key findings:

  • Organizations are improving their cybersecurity strategies, but not enough to keep up with the risks imposed by the new technologies they adopt
  • More than a third of organizations don’t have a CISO which implies they will lack the ability to execute security strategies effectively
  • There needs to be a mindset shift where cybersecurity enables innovation in order to avoid increased vulnerability

ESET/NCSA Survey (2016)

ESET is a security company providing anti-virus and firewall products. This survey was conducted in collaboration with the National Cyber Security Alliance (NCSA) to explore the perceptions and concerns held by the American public regarding the IoT. 1,527 respondents answered questions surrounding cybersecurity awareness and precautions.

Key findings:

  • Half of consumers are discouraged from purchasing IoT devices due to cybersecurity concerns, and many are also concerned about the security of connected appliances, toys, and other systems
  • Most people do not use basic precautionary measures to secure their home router, to which multiple devices are typically connected
  • The vast majority are aware that webcam hacking is an issue but few take steps to protect it

CSI Computer Crime and Security Survey (2011) [PDF]

A chart showing the proportion of targeted attacks.
This chart shows the proportion of attacks believed to be targeted. (Source: CSI)

The Computer Security Institute (CSI) was an IT professional membership organization that was absorbed by UBM in 2011. This report was in its 15th and final year and aimed to provide independent insight into understanding and defending against cyber threats. The 351 respondents were information security professional from a range of industries including consulting, financial services, and education, among others.

Key findings:

  • Malware infection incidents continued to be prevalent while financial fraud incidents decreased
  • Respondents were reluctant to share information about financial losses but they are estimated to have decreased over previous years
  • Most believe that losses are not attributable to malicious insiders but the majority agree that non-malicious insiders could account for some losses
  • Just under half of organizations use cloud computing and around 10 percent protect it with security tools


Cyber Review Consultations Report (2016)

This report was prepared by Nielsen based on a consultation overseen by the Government of Canada. It’s purpose was to provide an overview of challenges and trends and to propose a strategy for cybersecurity in Canada. 2,095 members of the Canadian public took part and answered questions on topics including the evolution of cyber threats and the economic significance of cyber security.

Key findings:

  • The most important areas of focus are privacy, collaboration, and the use of skilled workers
  • Key action areas include increasing public awareness, improving training for security professionals and law enforcement, developing regulations, and increasing resources
  • Other suggested actions include conducting audits, using stronger security measures, and being proactive and transparent
  • Constraints affecting cybersecurity include high costs, lack of information-sharing, no incentives or repercussions, and lack of reporting channels

PwC The Global State of Information Security Survey – Canadian Insights (2017) [PDF]

An inforgraphic to show the key findings of the PwC cybersecurity survey.
An overview of the key findings (Source: PwC)

This is an extension of the PwC survey we mentioned above. It reports specifically on Canadian businesses and how they’re dealing with cybersecurity compared to their global peers.

Key findings:

  • The vast majority of respondents follow a risk-based security framework and most use cloud-based security services
  • To improve cybersecurity, a little over half use Big Data, and most collaborate with others
  • The majority of respondents have purchased some form of cybersecurity insurance


EC Cyber Security Report (2015) [PDF]

The European Commission (EC) produced this report based on a survey of the 28 EU countries. It aims to gauge public opinion of cybersecurity, including experience and perception. Areas covered include internet usage, experience with cybercrime, and concern about this type of crime.

Key findings:

  • EU citizens feel that they are more informed about cybercrime and that they’re able to protect themselves, but a substantial minority feel differently
  • More people are changing their online behavior to mitigate security risks
  • Malicious software has been discovered on the devices of almost half of internet users, and other types of cybercrime have been experienced by a substantial number
  • Internet users are more concerned about experiencing cybercrime and worry that websites and public authorities are not keeping their information secure

CyberROAD Cybercrime Surveys Report (2016) [PDF]

CyberROAD is a research project funded by the EC to help the fight against cybercrime. This report covers three surveys involving a total of 2,200 respondents from the EU and 20 other countries. These included subject specialists, policy makers, and law enforcement personnel, among others. The goal was to investigate the impact of cybercrime in order to advise which areas of research the EU should invest in.

Key findings:

  • Organizations need to have proper cybersecurity plans in place to offer workers guidance and minimize their risk to threats
  • Lack of information-sharing means that many incidents go unreported and are not responded to appropriately
  • Security tends to be reactive instead of proactive, often due to resistance to new ideas
  • Much improvement could be seen if funding was targeted to the appropriate areas

UK Cyber Security Breaches Survey (2017) [PDF]

An infographic showing the percentage of businesses seeking guidance on cybersecurity.
This infographic displays the percentage of businesses seeking guidance on cybersecurity. (Source: UK Gov.)

The UK Government Department for Culture, Media & Sport conducted this survey in conjunction with Ipsos MORI Social Research Institute and the University of Portsmouth. 1,523 interviews were conducted with UK businesses to see how they view cybersecurity and the steps they’re taking to tackle the issue of cybercrime.

Key findings:

  • Businesses are recognizing cybercrime as an increasingly important issue, as exemplified by things such as dedicated senior cybersecurity roles and improved education of board members
  • Businesses could be doing more to protect themselves such as securing wireless networks and creating formal cybersecurity policies
  • Although businesses continue to suffer breaches, reporting remains uncommon

The State of IT Security in Germany (2016) [PDF]

Germany’s Federal Office for Information Security manages computer and communication security for the German government. This reports covers the state of cybersecurity in Germany, including current developments in IT security and vulnerabilities in IT systems.

Key findings:

  • The sophistication and number of different attacks are increasing while conventional defense measures are losing their effectiveness
  • The threat of ransomware is increasing, it needs to be taken seriously, and decisive action should be taken against it
  • Vulnerabilities in software and hardware create easy targets and more effort needs to be made to prevent, detect, and respond to attacks
  • There needs to be improved collaboration between state and business, and Germany should have an active role in European cybersecurity policy


ACSC Threat Report (2017) [PDF]

The Australian Cyber Security Centre (ACSC) is an Australian Government initiative to help harden the country’s networks against threats. This report summarizes what they have observed in terms of cybercrime and security over the past year, including trends, challenges, and responses.

Key findings:

  • Cybercrime is a popular option among criminals due to the potential for large profits with low risk
  • Ransomware is one of the most common cybercrime threats and its success means it’s likely to remain as such
  • Malware expertise is evolving to better target specific devices, including Android smartphones
  • As cybercrime defenses harden, criminals are using increasingly sophisticated social engineering tactics as a means to bypass them
  • Third parties, in particular service providers are increasingly attractive targets for criminals as they can provide access to primary targets

ACSC Cyber Security Survey (2016) [PDF]

This survey serves as a companion to the 2016 version of the above report. It covers both the government and private sectors and aims to provide an overview of how prepared organizations are to meet growing cyber threats. 113 organizations participated, including 68 private sector and 45 government.

Key findings:

  • Most organizations experienced some sort of cyberattack, with more than half experiencing successful ones
  • Most organizations display a high level of resilience but could do more, especially when it comes to preparation for and detection of cyberattacks
  • The number of organizations with response plans in place has increased significantly compared with last year, although review and testing of these plans need to be improved

APRA Cyber Security Survey Results (2016) [PDF]

The Australian Prudential Regulation Authority (APRA) is a government division that regulates the country’s financial services industry. The aim of this survey, which had 41 respondents, was to find out about cybersecurity incidents and their management within APRA-regulated sectors.

Key findings:

  • The varied types of incidents reported show the range of threats is evolving and appropriate defenses need to be maintained
  • Most boards and executive management are updated regularly on cybersecurity, with boards often being the primary governance authority for superannuation organizations
  • Most organizations identified cyber risk as a top enterprise risk but the quality and quantity of identified scenarios varied greatly

Asia Pacific

Telstra Cyber Security Report (2017) [PDF]

A chart to show the top business impacts of security incidents.
This chart shows the top business impacts of security incidents. (Source: Telstra)

Telstra is a large Australian telecommunications and media company. This report is based on a survey of 360 IT professionals from Asia and Australia. It aims to provide insights into the cybersecurity landscape, to help organizations manage and mitigate risks.

Key findings:

  • More than half of businesses have detected a breach at least once per month
  • Ransomware is the most prevalent type of attack and more than half of the organizations experiencing this type of incident paid the ransom
  • Most CXOs are heavily involved in cybersecurity initiatives, perhaps because they are now held more accountable in case of an incident
  • Cloud services have been widely adopted but many organizations are not prepared to handle the cyber risks posed
  • Almost all organizations have increased their IT security spends, demonstrating the perceived importance of this area

ESET State of Cybersecurity in APAC (2017) [PDF]

A chart showing the barriers to cybersecurity experienced by each country surveyed.
This chart shows the barriers to cybersecurity experienced by each country surveyed. (Source: ESET)

Security software company ESET conducted this survey with small and medium-sized businesses in the Asia Pacific region. More than 1,500 stakeholders were surveyed to gain an understanding of their cybersecurity perceptions and activities

Key findings:

  • Companies are increasing efforts to fight cybercrime, with most using antivirus software and firewalls and applying encryption to at least one type of device or information
  • There is still lots of room for improvement with over half experiencing attacks within the last year
  • Only just more than half have policies to inform employees about such breaches and fewer than half have methods to inform clients
  • Businesses need to do more to protect their data with few having basic preventive measures in place


EY – Global Information Security Survey – India Report (2017)

In the global EY survey listed above, out of the 1,735 CXO respondents, 124 were from India. This report breaks out data from these participants to create a view of cybercrime as it relates to Indian businesses.

Key findings:

  • As a result of the occurrence of large cyberattacks, companies are investing more in their corporate shield
  • Organizations are also focusing more on their abilities to see threats coming
  • Most companies continue to lag behind in preparation to react to a breach, and appear to ignore the fact that they more than likely will be or already have been attacked

KPMG Cybercrime Survey Report (2015) [PDF]

An infographic to show the proportion which type of personnel are most vulnerable to cybercrime.
An infographic to show the proportion which type of personnel are most vulnerable to cybercrime. (Source: KPMG)

In 2015, professional services firm KPMG conducted this survey that focused solely on cybercrime in India. It examines industry perception, which area of organizations are affected by cybercrime, and what measures companies are taking. 250 participants included CIOs, CISOs, and CAEs, among other executives from a range of industries.

Key findings:

  • Almost all respondents view cybercrime as a major business threat but fewer than half see it as part of the boardroom agenda
  • A large majority of CXOs believe the Banking, Financial Services, and Insurance (BFSI) sector is a top target for cybercrime and the majority believe directors and management are most vulnerable
  • Most organizations lack cyber risk management strategies, such as risk assessments and incident response plans
  • A large majority of companies have experienced a cyberattack in the past year and most believe there was external involvement

Cybersecurity and internet freedom statistics by country

It’s clear from the varied outcomes of the studies and surveys above that not all countries are equal when it comes to cybersecurity and internet freedom. Many are poorly equipped to handle cyber attacks, while others are better equipped but more frequently targeted. Some countries boast free and open internet, while others impose strict censorship systems that block access to the web and punish citizens for what they post.

Because so much data is now stored online, we’re constantly exposed to a number of dangers including ransomware, identity theft, malware and cyber attacks. These happen every second all over the world, costing the economy millions of dollars. But what countries are being attacked the most and who’s best prepared for a cyber attack?

This data visualization will delve into a number of metrics that demonstrate the variety of threats we face online, looking at which countries receive the highest amount of DDoS attacks, cyber espionage, and web application attacks. It’ll also journey across the world to find out which countries give their users the most freedom on the internet, and which are least prepared for cyber attacks. We’ll also take a look at just how much cybercrime is costing various countries.

Cyber Security Statistics and attacks by country

Cyber security statistics by country

7 easy ways to improve your privacy and security online

If you don’t want to be another statistic in next year’s report, we recommend you take a few simple steps toward protecting your privacy and security online.


Turn on your antivirus. There’s a good chance your computer already has antivirus software built in. If it doesn’t, or you don’t think it’s sufficient, there are plenty of free and paid antivirus programs to avail of.

Modern antivirus programs typically have two methods of finding and removing malware from your system. The first is a simple system scan, in which the antivirus will sift through every file on your computer to look for, quarantine, and remove malware. The second is real-time scanning, in which running processes and downloaded files are scanned as they appear on your computer and flagged accordingly.


Short for virtual private network, a VPN encrypts all of your internet traffic and routes it through a remote server in a location of your choosing. Commercial VPNs are typically paid subscription services that you can use by installing an app on your device. They have two primary effects.

The first is that all of your data is secured in an encrypted tunnel until it reaches the VPN server. This prevents your ISP and hackers on wifi networks from snooping on any of your internet activity and your traffic’s final destination.

The second is that your IP address, a unique number that can be used to identify your device and location, is masked behind the VPN’s server address. This helps to anonymize your internet activity. Most commercial VPNs group dozens or even hundreds of users together under a single IP address, making it impossible to trace activity back to a single user. VPNs can also be used to unblock geo-locked content that’s only accessible from certain countries, such as US Netflix or Hulu.

Secure browser extensions

Your web browser is the window through which you see the internet, and it can do a lot of things, but is also vulnerable to a number of attacks and exploits. A few browser extensions can help protect your privacy and improve security online. Here is a shortlist of browser extensions we recommend:

  • HTTPS Everywhere – opts for the SSL-encrypted versions of web pages whenever they are available
  • Disconnect or Privacy Badger – prevents websites from using tracking cookies and similar technologies to monitor your online behavior
  • Ad Block Plus – advertisements are a common attack vector by which to deliver malware and phishing ads to users. A good ad blocker can keep them at bay.
  • NoScript or ScriptSafe – stops Javascript from loading on your browser by default, which prevents drive-by-downloads that can infect your computer with malware


A firewall is an essential defense against unsolicited internet traffic coming or going from your computer. Firewalls are installed on almost all modern operating systems and NAT firewalls on most routers. Keep them turned on and be selective about programs you allow to “phone home” through the firewall.


Use strong, unique passwords. Use our password generator to create random, unique passwords for each of your accounts. Use a password manager so you don’t have to memorize them or write them down.

If you don’t want to go that route, at least use a combination of upper and lower case letters, numbers, and symbols. Never use the same password across all of your accounts. Never use your personal details that a hacker could figure out. Good passwords will go a long way in protecting your accounts.


Besides a good spam filter, there’s not much protection against phishing attempts. You just have to know how to spot them. Don’t open links or attachments in unsolicited emails or text messages. Always look for valid HTTPS certificates on websites where you need to input a password or financial information.

If you’re unsure about an email, contact the sender by some other means or ask a question that only they would know to verify their identity. Never, ever give out passwords or other private information in an email.

Read more: Common phishing scams and how to avoid them.

Security updates

Don’t ignore security updates. Even though they can be annoying, not updating your software not only endangers your device, but everyone on your network. Once a security update has been issued, hackers will deliberately target that software and users who ignore the security updates. So always update as soon as is practical.

How to Report a Cybercrime

If you’ve been a victim of cybercrime then you can find more information about reporting it using the links below: