Cyber Security Statistics and Trends for 2022

Floating Item

Cybersecurity Statistics and Trends for 2022


Cybersecurity Statistics – 2022 Key Findings

        • More than half (60%) of consumers reported an increased concern for data safety due to the COVID-19 pandemic.
        • In 2022, the total damage by cyberattacks reached $6 trillion.
        • Cybercrimes caused $2 trillion in damages so far.
        • There’s a cyberattack every 39 seconds.
        • A ransomware attack happens every 14 seconds.
        • On average, small businesses spend less than $500 on cybersecurity.


Cybercrime Statistics & Trends

Companies are targeted by a ransomware attack every 14 seconds.

(Cybercrime Magazine)

For hackers, the most lucrative type of malware is ransomware. Therefore, it’s no surprise that these attacks are now the most common and that they are targeted toward companies big and small. Every minute, four of these attacks are launched around the world.

A cyberattack happens every 39 seconds.

(University of Maryland)

An unsecure computer connected to the internet can become a target of more than 2,000 cyberattacks per day, cyber security stats revealed this year. Hackers targeting institutions manage to do it not by hand, but by employing scripts and automated tools that probe their targets for vulnerabilities.

Analysts believe the United States will become the target of more than 50% of worldwide cybercrime attacks in the next five years.

(Juniper Research)

American companies should look into reinforcing their defenses against cyber security attacks. Statistics and predictions from analysts place the US as the hottest target of cybercrime. Recent cyber security breaches and ransomware attacks show the signs of the growing threat.

In the US, only 10% of cybercrimes get reported.

(CPO Magazine)

Even though the United States is home to many IT giants and a large part of the internet industry, there aren’t that many reports on cybercrime. The reason is simple – often times it’s difficult or even impossible to prove that a digital crime actually happened. Reported cyber crime statistics are therefore much lower than the actual number of attacks.

Phishing accounts for 37% of all cyberattacks directed toward businesses.


More than one-third of all cyberattacks suffered by businesses involve phishing. These social engineering attacks exploit the possibility of human error, with hackers masking their malicious emails as legitimate messages from well-known companies and brands.

More than 90% of successful attacks against businesses originate from phishing.


Taking a deeper look into the phishing statistics, it becomes more obvious why this method is still the most popular one. It works. It works a little too well – not because it’s sophisticated or complex, but because it exploits human nature.

The largest DDoS attack was 1.3 terabytes per second.


In February 2018, a massive distributed denial of service attack struck down software depository platform GitHub. The hackers were sending 127 million packets every second, resulting in 1.3 TB of data transferred. The attack lasted for 10 minutes.

DDoS attacks are 39% more frequent than last year.


Cyber security statistics reveal that hackers are using DDoS attacks more than ever before. In fact, there was a 776% growth of attacks that used 100-400 Gbps of data in just one year. The usual targets of these attacks are satellite and wireless communications companies.

Hackers need just $1 to acquire their tools.


Hacking statistics are on the rise for one very simple reason – it has never been so affordable to become a hacker. A basic malware toolkit can be obtained for just $1, with many other tools costing a few hundred dollars or less. Data’s for sale too: You need just $25 to obtain a million compromised emails or passwords.

American companies are the least likely to pay a hacker’s ransom.


“Don’t negotiate with terrorists” is definitely a mantra among the American companies when dealing with ransomware. Only 3% of companies in the US paid ransom to hackers. On the other end of the cybersecurity statistics scale, companies in Canada have paid ransom to hackers in 77% of the time, followed by the UK at 42%.

Every other ransomware attack in 2018 targeted healthcare industry.


Ransomware statistics per industry paint a sad picture for the healthcare sector. This industry has been the most frequent target of hackers and malware, with 2018 seeing an increase of ransomware infections. By 2020, analysts believe, malware attacks on healthcare will quadruple.

More than 4 billion user accounts were exposed via data breaches in 2019.

(Risk Based Security)

Data breaches are on the rise. In the first half of 2019 there were more than 3,000 breaches, 54% more than in the same period of 2018. All told, these breaches exposed 52% more records and user accounts compared to the previous year.

A data breach in 2021 will typically cause $13 million worth of damage.

(Cybit Solutions)

Predictions are pretty grim when it comes to cyber attack stats. Not only will the costs of corporate cybersecurity continue to grow – including investments in cyber insurance – but data theft will continue to rise as well. Recent hacking events show that malicious internet users keep finding holes in digital defenses.

The biggest security breach in history affected 3 billion user accounts.

(Cybersecurity Ventures)

Internet company Yahoo! suffered a data breach of unmatched proportions in 2013. Reported in 2017, this breach was confirmed to be the biggest in the history of the internet according to cyber security breach statistics. The second biggest breach happened this year. It targeted 885 million accounts at First American Financial Corp.

95 user logins get stolen every second.


Whether through data breaches or malware, more than 3 billion passwords and credentials end up in the wrong hands each year. More services, especially e-banking, now require regular password updates, while experts recommend having different passwords for every website and app.

Many companies don’t believe they’re properly secured from cyberattacks.

(Insurance Information Institute)

A vast majority of businesses are well aware of the growing cyberattack threat, and more than half of interviewed companies expressed concern about possible breaches. That being said, most companies believe they need even more protection and countermeasures against hackers.

A cyberattack could hurt the company’s reputation in addition to causing direct financial loss.

(Insurance Information Institute)

This is the internet age, so there’s much more than the money on the line for modern companies. One devastating hack attack could impact employees and clients due to data loss, that’s clear. But the company’s public image can suffer too. And there can be legal issues down the line. Surveys show that most businesses are, first and foremost, concerned about the financial hit.

Human error is still the greatest cause of data breaches and security failures.

(Helpnet Security)

Cybersecurity statistics in 2019 are led by one major factor when it comes to causes for breaches – humans. Specifically, a single human error is enough to bring down the whole system, so properly educating employees and practicing healthy cybersecurity habits reduces the potential risk.

300 billion passwords will be generated by 2020.


Even though there are efforts to remove the need for traditional login (with biometrics and similar cutting-edge tech), we’ll have to type passwords for years to come. With more user logins and credentials in the wild, there’s a greater chance for hackers to obtain them.

58% of companies have more than 100,000 unprotected folders.


Network firewalls are only the first line of defense, and they’re not impenetrable. Once hackers get inside your company’s system, they can’t do much if you have additional file and folder protection. For nearly 60% of companies, this unfortunately isn’t the case – and that is a massive preventable vulnerability.

4 out of 10 companies have over 1,000 unprotected sensitive files on their servers.


Health records, Social Security numbers, even credit card numbers. These are all stored in files across many companies, but a significant number of companies haven’t properly protected these sensitive files from hackers. Among the business cyber security statistics in 2019, unprotected files are a significant security risk.

Every third user account is stale.


Once an employee leaves a company, in one of three cases their old account remains enabled even though it’s no longer in use. This is called a “stale account” and it poses a risk for the company as a potential entry point for hackers. Deactivating stale accounts reduces the number of logins in circulation.

More than 60% of companies have more than 1,000 stale user accounts.


It’s alarming how many companies keep hundreds, even thousands of obsolete user accounts. Removing or deactivating these accounts is a security step a lot of companies skip. Data breaches, statistics show, are enabled by these kind of accounts.

Just 1 in 5 Americans update their passwords after hacks are exposed in news reports.


Many people won’t change their passwords until they forget them. This is actually the most common reason for updating passwords among Americans. Only 20% of American users update their passwords after reading news about security breaches.

IoT devices can be hacked just minutes after they’re connected.


The idea of a smart home might not sound as amazing in the near future. IoT devices like smart TVs, thermostats, cars, and speakers are great, but not as safe as we might be led to believe. Current statistics on cybersecurity point toward IoT as the biggest and easiest entry point for hackers. These devices have no integrated protection from hackers, so relying on strong network firewalls is the only solution.

Cloud-based storage and apps need protection, too.


A growing trend of moving files and software from local devices to the cloud creates new risks. Cloud computing should be treated with equal care as traditional computer security, especially since one misconfigured server could cause millions of dollars of damage.


ICE Consulting is an IT and cybersecurity service provider dedicated to helping the Life Science Community grow. For over 25 years we have helped biotech companies scale from startup to commercialization. We are proud members and service providers for the California Life Science (CLS), Biocom, and SoCalBio communities.



International Organization for Standardization (ISO)
ISO compliance is achieved when an organization meets the requirements outlined in a specific standard developed by the International Organization for Standardization (ISO). ISO has developed thousands of standards that cover all areas of business. These ISO frameworks are used by organizations to embed internationally standardized business practices.
WordPress Popup
Health Insurance Portability and Accountability Act (HIPAA)
Compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) requires companies that deal with protected health information (PHI) to have physical, network, and process security measures in place and follow them. HIPPA laws are a series of federal regulatory standards that outline the lawful use and disclosure of protected health information in the United States.
WordPress Popup
Health Information Trust Alliance (HITRUST)​
The Health Information Trust Alliance (HITRUST) is a non-profit company that delivers data protection standards and certification programs to help organizations safeguard sensitive information, manage information risk, and reach their compliance goals. HITRUST stands out from other compliance frameworks because it harmonizes dozens of authoritative sources such as HIPAA, SOC 2, NIST, and ISO 27001. It is also the only standards development organization with a framework, assessment platform, and independent assurance program, which has helped drive widespread adoption.
WordPress Popup
Clinical Laboratory Improvement Amendments (CLIA)
Clinical Laboratory Improvement Amendments (CLIA) of 1988 contains the Code of US Federal Regulations that govern any entity that returns patient test results for the purposes of caring for that patient. CLIA ensures that there is a standard of quality associated with test results across laboratory testing performed on specimens from humans such as blood, body fluid, and tissue, for the purposes of diagnosis, prevention, or treatment of disease or assessment of human health. This ensures the accuracy, reliability, and timeliness of laboratory test results regardless of where the test was performed.
WordPress Popup
National Institute of Standards and Technology (NIST)​
NIST was created to improve U.S. innovation and competitiveness across industries “by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.”
Today, NIST remains one of the nation’s oldest physical science laboratories with a focus on three core competencies:
1. Measurement science
2. Rigorous traceability
3. Development and use of standards
NIST’s technical contributions to the development of information security standards have saved private industries more than $1 billion and drive consumer and business confidence.
WordPress Popup
General Data Protection Regulation (GDPR)
The goal of GDPR is to provide more stringent data privacy and security measures and more user-friendly disclosures and reporting on data protection practices. The regulations aim to allow individuals to control the use and storage of their own data, including any personally identifiable information.
WordPress Popup
Sarbanes-Oxley Act (SOX)​
The Sarbanes-Oxley (SOX) Act of 2002 was passed by the United States Congress into law to cut down on corporations that took part in fraudulent financial reporting. The act was passed on July 30 and its main intention is to protect investors. It’s regularly referred to as the SOX Act of 2002, and it includes strict reforms to previous securities regulations. By mandating these reforms, lawbreakers were now subject to stricter and tougher penalties.
WordPress Popup
Service Organization Control 2 (SOC 2)​
SOC 2 is coveted and hard to obtain information-security certification, and it demonstrates that an independent accounting and auditing firm has examined an organization’s non-financial reporting control objectives and activities. The auditing firm tests our controls over time to ensure that they are operating securely and effectively. Developed by the American Institute of CPAs (AICPA), SOC stands for Service and Organization Control. It defines criteria for managing customer data based on five “trust services principles” — security, availability, processing integrity, confidentiality, and privacy.
WordPress Popup