With the internet and technology playing a
bigger role in our day to day lives, we are getting susceptible to the threats
of the field, as well. Cybercrimes are getting more sophisticated with each passing
day, and cybersecurity is becoming a major concern for individuals and
We won’t be going out about telling you how
to stay safe on the internet or how to keep your devices away from malware. The
objective of this article is to showcase how cyber-attacks and the methods used
to prevent can have a small to significant impacts on our lives.
A cyber-attack can stop wars and start
them, generate a whole new class of economy and bring one existing economy to
ruins. Here are some interesting facts and stats associated with cybersecurity
and cyberattacks to give you a deeper insight into this fascinating niche.
Let’s see how much money is involved
Not every cyber-attack is for monetary
purposes, but there is no denying the fact that hackers around the world want
to use their craft to make more money. Some do it by carrying out a cyber-attack
while others make money by preventing attacks.
Cybersecurity is a rapidly growing industry,
creating a lot of jobs and keeping organizations safe. Undoubtedly, there is a
lot of money involved in the whole affair of cyber-attacks and their
1. $6 trillion global losses annually by
2021: Cybersecurity Ventures have estimated a
whopping $6 trillion yearly losses because of cybercrime by 2021. It accounts
for both direct and indirect monetary losses, including stolen money, fraud,
theft of intellectual property, etc.
The estimate is a steep rise from the $3
trillion prediction for 2015.
(Source: Cybercrime magazine)
2. The average cost for organizations is $13 million: Just like the previous stat, this number is also rising every year. The average cost of cybercrime for a company in 2017 was $11.7 million out of 350 enterprises (companies) surveyed. The 12% rise in one year and an overall 72% rise in cost for the past half-decade may leave a lot of executives sweating.
3. US incurs average $27.37 million loses per company because of cybercrimes: The nation tops the charts when it comes to the cost of cybercrime. Some of the other bigger losers are Japan, Germany, and the UK.
Japan displaced Germany from the 2nd spot on the list of nations and their cost to cybercrime.
4. A data breach causes $3.92 million on
a global average: Data breach report for the year
2019 from Ponemon Institute came up with this number after studying cyber
breaches at 507 organizations from different countries. It is a 1.5% increase
from the previous year and 12% growth for the past half-decade.
5. The United States has allocated $15
million to cybersecurity in 2019: With internet
becoming the new warzone, nations are obliged to spend more on cybersecurity.
You know it’s a serious affair when the biggest economy of the world spares
such a large chunk for the subject matter.
(Source: The White House)
Frequency and volume of cyberattacks
Let us now have a look at some numbers
other than the one with currency symbols attached to them. It might be
surprising for one to know how common these cyber attacks are and the depth of
their reach. Let’s crunch some numbers then.
6. The world’s first DDoS attack
happened back in 1988, and it was an accident.
A 20-year-old Robert Morris wanted to know
how many devices were connected to the internet. The program was supposed to
make every device send a signal back to the server, but it was so fast that it
shut down a significant portion of the internet.
The program he wrote is now popularly known
as Morris worm.
(Source: World Economic Forum)
7. An organization comes across 145
security breaches on average
The same data for the year 2017 was 130. It
is a substantial increase in the short duration of a year. With the prediction
of 11% increase in the number for the next year, we are looking at a 67% hike
in cybercrimes against organizations.
8. An attack happens every 39 seconds
A study from the University of Maryland
reports that a cyber-attack happens every 39 seconds. Cybercriminals lurk on
the internet all the time, inspecting various sources looking out for any
shortcomings in the security structure.
Poorly chosen passwords are among the
leading causes of such attacks.
(Source: Security Magazine)
9. China and Russia are the biggest
sources of cybercrimes
A report from Center for Strategic and
International Studies (CSIS) has identified China and Russia as the two
countries used to conduct a significant portion of cyber-attacks around the
Both the nations have governments inclining
towards communism and don’t see eye to eye with US on a lot of issues.
(Source: US News)
10. 700 million people got affected by
There are still a lot of countries with
very loose cybersecurity laws and regulations. And if you bring in all those
people who don’t pay much attention to online security, it gives you 700
million victims of cybercrimes worldwide.
(Source: SAFE AT LAST)
11. 1 in 10 people has become a victim
of cybercrime at some point: The irony is that online
fraud doesn’t discriminate between any demographic. If you are using the
internet, then you are on their radar.
Let’s talk about Ransomware
Ransomware took the world by storm a few
years ago. The malware encrypts all the data stored on the user’s device and
then demands money (usually in the form of cryptocurrency) for the victim to
get access to data. The healthcare sector seemed to be one of their top targets,
with hackers locking out all the vital patient stats. The malware disrupted a
lot of lives and businesses and is still being used by hackers around the
12. The first ransomware attack happened
back in 1989: Floppy disks containing the malware
were distributed to AIDS researchers around the world. The disks contained
malware which would lock users out from their computers unless they pay for it.
It is worth noticing that even back then, it was the healthcare industry that
(Source: Becker’s Hospital)
13. The aggregate ransomware cost can be
11.5 billion: A study by Cybersecurity ventures
predicted the damage costs because of ransomware to reach $11.5 billion by
2019. The malware still has a significant share when it comes to costs incurred
by all cyber attacks.
14. More than 600 million ransomware
attacks were carried out in 2016: The year 2016 is
going to be remembered by most cybersecurity experts as the one in which
ransomware shook the world. It spread across the entire globe like an epidemic.
Even though the total number of attacks got lesser in subsequent years, there
were still more than 200 million ransomware attacks in the year 2018 alone.
15. Ransomware is demanding $41,198 on
average from the victims: This number is multiple
times high compared to what they were demanding back in 2016. Even though the number
has gone so high, the future increase doesn’t seem to be so steep. People are
more reluctant to pay the ransom than ever.
16. 98% of victims get the decryption
tool after paying the ransom: We do not want to
motivate you to pay the ransom with this stat. And not all the decryption tools
provided by attackers work anyway. 94% tools help victims recover their data
while the other 6% leaves them with lost data and less money.
Silicon Valley giants and their oopsies
We all tend to take to the bigger companies
as gold standards when it comes to business and related practices. But even the
most robust setups can sometimes have faults. We have put together a list of
few instances when the giant corporates put your information at risk, and it
was all their fault.
17. Twitter probably left your password
unprotected: Twitter asked all its 336 million users
(at that time) to change their passwords, back in the first quarter of 2018.
They reportedly found a bug which was saving passwords in plain text instead of
encrypting them. Even though they did not report any breach, it was a huge
blunder from their side.
18. Facebook left ‘hundreds of millions’
of passwords un-hashed: Even Facebook reported making
an oopsie and not encrypting user passwords while storing them on their servers.
The passwords stored in plain text involved users of Facebook lite and
Instagram, as well.
(Source: The Guardian)
19. Amazon allowed its workers to listen
to customer recordings: It was quite a surprise for
a lot of people when they discovered that someone from Amazon might’ve been listening
to all their conversations with Alexa and Echo devices. While the company
stated that it was only for developmental purposes, their choice of not being
upfront about it made a lot of users angry.
20. Google left passwords unprotected
for 14 years: And here is one more bogey in the
“leaving passwords unprotected” train. Google came clean in one of their blog
posts, mentioning how they made an error back in 2005 which led to storage of
passwords in plain text. However, they did not mention how many passwords got
21. Intel was manufacturing vulnerable
CPUs since 2012: A bug was recently discovered in
Intel chips that allowed attackers to gain access to a lot of user’s
information such as passwords and chats. Even though one can get to safety with
just a Windows update, the tech giant’s reputation got a hit from the news.
The biggest attacks and breaches
Cyber attacks come in all forms and reach. There are some for which no one cares to bat an eye, and then there are the ones that shake up the whole world. There can be various parameters to measure the magnitude of an attack. Some may want to consider how many lives it affects, while there might be some who give more weightage to the nature and severity of the attack. Here is a list of few attacks which are the biggest among others, in our opinion.
22. Equifax lost personal information of
143 million people
It is considered to be one of the biggest security
breaches of all time. The credit reporting agency lost personally identifiable
information and a lot of other sensitive data of consumers. It was a result of
poor cybersecurity installations from the company. The silver lining is that it
was somewhat of an eye-opener for a lot of organizations dealing with sensitive
information of their customers.
23. Yahoo data breach affected 500
In 2014, some state-sponsored hackers were able to
get their hands on account information of around 500 million Yahoo users. It is
not the only data breach associated with Yahoo, but the scale of this incident
makes it stand out from the rest.
A recent court settlement makes its users
eligible for a claim of $358 each.
24. Around 383 million people affected
by Marriot data breach: The Marriot hotel data
breach, which was initially estimated to affect more than 500 million people,
was one of the major cyber-attacks for the year 2018. They have till now
confirmed to lose more than 5 million unsecured passport numbers along with
around 20 million of the unencrypted ones.
25. 100 million Quora users were asked
to reset their passwords: Only sometime after the
Marriot data breach, cybersecurity was all over the news because of the Quora
breach. The leading question and answers website confirmed a data breach and
reached out to around 100 million of its users to reset their password.
26. Personally identifiable information of
1.1 billion Indian citizens was accessible for only $7: ‘Aadhaar’ data, something along the lines of social security
information in the USA, of more than 1.1 billion Indian citizens got
compromised. The criminal would allow one to dive into the sea of information
for 10 minutes at just 500 INR.
(Source: The Tribune)
The weirdest attacks and breaches
There is one cybercrime every now and then
one which is different from the rest, and this uniqueness is often absurd to a
lot of people. The differences we are talking about can be the motive of the
hack, its outcome, or even the reaction it gets. Here are a few cyber-attacks
which we felt deserve an honourable mention because of their uniqueness.
27. When hackers leaked information from
an adult dating website: Ashley Madison, an
extramarital dating website, got breached by a group called ‘The Impact Team.’
They stole users’ personal information and threatened to publish it online
unless the website shuts down immediately. Website remained online, and the
group published the information on the dark web. A lot of suicides were later
connected to the published information.
28. They hacked a car in the middle of
the highway: But this one was only to show that
cars can be hacked. Researchers Charlie Miller and Chris Valasek first meddled
with the slightly less important systems such as the music system and air
conditioning. They later acquired control of its transmission and braking
system. However, such a demonstration would only motivate smart vehicle
manufacturers to create more robust systems.
29. MI6 replaced bomb-making
instructions with cupcake recipes: Sometimes the
good guys need to give the bad guys a taste of their own medicine. In one such
incident the British intelligence agency MI6 modified the contents of al-Qaeda’s
online guide to bomb-making with and recipes for making the best cupcakes. I
would definitely prefer exploding cupcakes over bombs.
(Source: The Telegraph)
30. When the hacker replaced the Spanish
Prime Minister and puts Mr Bean’s picture instead: A
hacker replaced the image of Spain’s PM on the country’s EU presidency website
with an image of popular Mr. Bean’s character. Even though it was a brief show,
the hack got a lot of attention from people within and outside the nation.
31. Printers across the globe were
urging people to subscribe to pewdiepie: The tussle
for being the biggest channel on YouTube was at its peak when this incident
happen. Someone hacked into various printers connected to the internet and made
them print out a message urging people to subscribe to pewdiepie. Pewdiepie is
not the biggest YouTube channel anymore, but his fans gave it all for sure.
(Source: The Verge)
Major masters in crime
Just like any other field, this one has got
some celebrities too. Some get famous for their sheer brilliance (even if it
was used for some wrongdoing) while others get fame because of the impact they
make on the world. And it’s not just all lone wolves out there, some hunt in
packs too. There are often groups and state-sponsored organizations which pull
off the biggest stunts in the field. Here are some of the noticeable
individuals, groups, and states.
32. The person who created Zeus and
stole more than $100 million: Evgeniy Mikhailovich
Bogachev, popularly known as Slavik, is a Russian hacker with a bounty of $3
million over his head from FBI. He is considered to be the man behind Zeus, the
malware he used to capture bank account details.
(Source: Business Insider)
33. China and the US house the greatest
number of hackers: With China being at the top of the
list in this one, it is US, which seems to be at the receiving end in most
scenarios. State-sponsored cybercrime is not a foreign concept anymore, and
there have been a lot of rumours of China backing the hackers on its soil.
34. NSA is probably the biggest hacker
group in the world: Whistleblower Edward Snowden
told the whole world how the security agency of the world’s biggest economy
gets into the private lives of anyone they want. It was revealed that they have
special teams such as TAO (Tailored Access Operations) to get in computers and
corrupt them with malware.
35. Kevin Mitnick went from FBI’s most
wanted list to being a security consultant to Forbes 500 companies: Mitnick is one of the popular names if we look at the history of
hacking. Mitnick hacked into the servers of a lot of big corporations around
the world. He was later caught and started his own security consultancy after
serving his sentence.
36. Alexsey Belan compromised more than
700 million accounts in 3 years: Alexsey was
responsible for the 2014 data breach of Yahoo. It affected more than 500
million accounts. He made money by selling user data to third parties.
According to law enforcement agencies, he has affected more than 700 million
accounts, including the Yahoo ones.
It is difficult to put a tag on everything
happening in the field of cybersecurity. While you may need to worry about all
of them, there are some which deserve your attention for sure. Here are some
random facts and stats which may interest you.
37. There will be 3.5 million unfilled
cybersecurity jobs by the year 2021: With the
number of cybercriminals increasing, there is a demand for people who can fight
the menace. Most firms are now allotting more to their cybersecurity budget and
opening new positions.
(Source: Cybercrime Magazine)
38. It takes organizations an average of
206 days to identify a data breach: The stat is
suggestive of how companies are still not taking cybersecurity seriously, and
are putting valuable data at risk. The organization responsible for coming up
with the stat, wants companies to aim for a period of less than 100 days.
(Source: IT Governance)
39. Small businesses are the biggest
targets of cyberattacks: Since they don’t have a
robust infrastructure to fight off hackers, small and medium businesses turn
out to be easy prey. A recent study showed that 50% of small businesses have
come across a cyberattack, and 70% of cyberattacks target small businesses.
40. Singapore is the safest country when
it comes to cybersecurity: Singapore might be the
place for you to live if cyber safety is a big concern of yours. The United
States was second in the list while France topped the chart for Europe. Vietnam
was at the bottom of the list.
(Source: No jitter)
41. Malware directed towards smartphones
increased by 50% at the beginning of 2019: Everyone
is using a smartphone these days, and cybercriminals are now targeting them. A
compromised mobile phone can leak a lot of valuable information such as banking
details, personal chats, email accounts, and a lot more.
(Source: ZD Net)
42. 51% of people use the same password
for personal and business accounts: Sometimes it is
your carelessness that may land you in trouble. Using the same password for
different accounts is a bad practice. It will take only one account to get
compromised in order to compromise all your accounts.
43. 67% of users don’t use any form of
2FA for their personal accounts: The number drops
down to only 55% when it comes to business accounts. It is worth noting that
two-factor authentication reduces the probability of online fraud
44. North Korea generated $2 billion to
fund its weapon of mass destruction: The
information is said to come from a confidential UN report. The nation has
supposedly created an army of hackers to carry out sophisticated cyber-attacks
or businesses and rival nations.
45. Non-payment or non-delivery is the
most common form of cybercrime in the US: This
information came out from all the internet crimes reported in the country.
Extortion and personal data breach had a close contest for second place while
phishing was the 5th most reported cybercrime in the country.
46. 90% of the hackers aged under 35: HackerOne came out with this stat with more than 300,000 registered
hackers (white hat) on the platform. The highest share was enjoyed by the demographic
aged between 18 to 24, and least number of participants were observed to be
aged between 50-64.
(Source: The Hacker Report 2019)
47. There is always a motive behind an attack: Cyber attacks are carried for many purposes such as teaching a lesson to a company, to steal valuable information, extort money from an organization, become famous and many other purposes. North Korea for example recently attacked an Indian nuclear plant to steal some nuclear secrets.
(Source: Great Game India)
- Cybercrime magazine
- Security Intelligence
- The White House
- World Economic Forum
- Security Magazine
- U.S. News
- SAFE AT LAST
- Becker’s Hospital
- The Guardian
- The Tribune
- The Telegraph
- The Verge
- Business Insider
- Cybercrime Magazine
- it governance
- No jitter
- ZD Net
- The Hacker Report 2019
- Great Game India