Cybersecurity Statistics: The Ultimate Guide

If you are working in the world of cybersecurity, the chances are that you are going to need to quote some cybersecurity statistics at some point. Whether you are a student, need to present in meetings, sell solutions or simply show that you are on top of the trends in the workplace, you will need the numbers to prove your point.

The world of cybersecurity is evolving so quickly that it can be hard to stay on top of the latest trends. This comprehensive reference guide to cybersecurity statistics gives you the numbers and references you need. Even better, as we see new reports, we’ll keep it up to date, so that you don’t have to! Bookmark this page today and you’ll have the information you need at your fingertips, ready to go.

The cloud computing revolution

One of the more defining trends in IT has been the rise of cloud computing. Investment in the cloud is displacing investment in on-premise IT at an aggressive rate, growing seven times faster than overall IT spending growth, according to IDC.
The growth is showing no signs of slowing down. ReportLinker research shows that the global cloud computing market size is expected to grow from USD 272.0 billion in 2018 to USD 623.3 billion by 2023, at a Compound Annual Growth Rate (CAGR) of 18.0%.
Although cloud computing has been a feature of the IT landscape since the early 2000s, implementation was slow initially in many areas, hampered by a lack of understanding and trust.
Inevitably, of course, growth picked up towards the end of the last decade. And then events took a turn that none of us saw coming – the world moved online with the COVID-19 pandemic.

The people shortage

A Deloitte and RMIT Online survey showed that out of 600 Australian businesses, 88% say it’s difficult to find skilled employees. But it seems some organisations don’t plan to do anything about it – 15% have no means of tackling the issue within their own organisation. https://itbrief.com.au/story/au-firms-fight-digital-skills-gap-in-the-age-of-work-evolution

While those businesses are doing what they can to address skill shortages, many (49%) rely on attracting new employees – but only 45% are focusing on internal training and education.

It’s an oversight that could cost businesses – according to the survey, the cost of replacing a bad hiring decision within six months is two and a half times the person’s salary.

Although businesses in Australia and throughout the world are struggling to find the right talent for their businesses, only 45% are solving the problem with training. Learn more https://bit.ly/skillgapsolved

According to weforum.org, there is a global cybersecurity workforce shortage of 3.12 million, broken down as follows: North America -376,000, Europe -168,000, LATAM -527,000 and -2.045 in APAC, leaving us seriously exposed. https://www.weforum.org/agenda/2021/05/cybersecurity-governments-business/

Palo Alto Networks quotes the Cybersecurity Workforce Study* which shows that, worldwide, the gap between open positions and the availability of experienced cybersecurity professionals is over 2.72 million.

The Australian Financial Review (https://www.afr.com/policy/economy/why-we-don-t-have-enough-workers-to-fill-jobs-in-4-graphs-20220621-p5avcc) reported that almost a third of Australian businesses were struggling to fill jobs, and most of these businesses attributed their struggles to applicants not having the required skills (59 per cent). When it comes to technology jobs, there’s a global shortage of workers with the necessary skills. Markets around the world are vying for workers with these skills, so Australia faces a competitive fight to attract that talent (https://www.afr.com/technology/skills-shortage-a-handbrake-for-technology-companies-20220503-p5ai8r)

These numbers were reflected among those we surveyed at Palo Alto Ignite 2022. 45% of respondents said that it is challenging for their organisation to find enough qualified and experienced staff. https://www.rededucation.com/students-cybersecurity-training-survey/

Big technology companies are laying off staff as market conditions change

https://securityintelligence.com/articles/laid-off-big-tech-cybersecurity-careers/

According to Bloomberg, businesses are now cutting jobs at a rate approaching that of early 2020. For example, in November 2022 alone, companies laid off more than 52,000 workers. Companies like Amazon and Meta also plan to let more than 10,000 staff members go over the next few years. But there’s one tech sector that’s still struggling to find talented staff: Cybersecurity.

But cybersecurity roles are increasing

According to data from Cyber Seek (https://www.cyberseek.org/heatmap.html), more than a million IT professionals are currently part of the cybersecurity workforce. This number has been steadily growing over the past few years. Despite the uptick, however, there are still more than 750,000 open cybersecurity positions across the country. In states such as Florida, Texas and California, there are anywhere between 25,000 and 83,000 job openings available.

The reason for this growing gap is simple: Cybersecurity threats are on the rise, and there aren’t enough skilled professionals to meet increasing demand.

Cybersecurity supply/demand heat map https://www.cyberseek.org/heatmap.html

Provides a current picture of:

Total cybersecurity job openings in the US
Total employed cybersecurity workforce US

US cybersecurity specialist demographics

According to zippia.com (https://www.zippia.com/cyber-security-specialist-jobs/demographics/):

Gender: 83.2% of cyber security specialists are male and only 16.8% are female. Women working as cyber security specialists earn 95c for every $1 earned by men.

Ethnicity: 65.7% of cyber security specialists are white, 9.6% are Asian, 9.2% are Black or African American, 9.0% are Hispanic or Latino, 6.1% unknown, 0.4% American Indian and Alaska Native.

Age: 60% of cyber security specialists are aged 40 and over, 30% are aged between 30 and 40 and only 10% are aged 20-30 years

Education: 56% of cyber security specialist have a Bachelor’s degree, 23% have an associate degree, 14% have a Masters, 4% have only a high school diploma and 3% have ‘other’ degrees.

The more educated cyber security specialists are, the more they earn. Cyber security specialists with a Master’s degree earn more than those without, with a median income of $102,962 in 2023. With a Bachelor’s degree, cyber security specialists earn a median annual income of $93,089 compared to $81,790 for cyber security specialists with an Associate degree.

Sector: Most (59%) cybersecurity specialists work in the private sector, 28% work in the public sector, 9% work in government and 4% work in education.

Cybersecurity teams are under pressure

Not surprisingly, cyber security teams are under the pump. According to #Forrester‘s #predictions 2023 Sydney presented in December 2022 (https://www.forrester.com/predictions/apac/)

66% of cyber security engineers have significant levels of stress at work
63% said their stress levels have risen over the past year.
51% have been prescribed medication for their mental health
19% are consuming more than three drinks daily

Senior executives are also feeling the pressure:

“One in four CISOs believe their employment would be in jeopardy if their enterprises were impacted by a breach,” according to this article https://www.cybertalk.org/2022/11/18/a-cisos-100-day-run-to-cyber-success/

Number of cyber attacks

96% of organisations were attacked in the last year (Source: What’s New in Cyber, Palo Alto Networks, 2022),

According to the IBM Cost of a Data breach Report (https://www.ibm.com/downloads/cas/3R8N1DZJ) 2022, 83% of organizations studied have had more than one data breach.

33% of security pros experienced operational disruption as a negative consequence of a breach (Source: What’s New in Cyber, Palo Alto Networks, 2022)

Global cyberattacks increased by 38% in 2022, compared to 2021, according to Check Point, Jan 2023 https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/–

Global cyberattacks increased by 38% in 2022, compared to 2021.
Global volume of cyberattacks reached an all-time high in Q4 with an average of 1168 weekly attacks per organization

Forbes reports that at the 2023 annual meeting of the World Economic Forum wrapped up in Davos, Switzerland, it ended with a disturbing prediction from one of the leading voices. Delivering a presentation on the 2023 Global Cybersecurity Outlook report, forum Managing Director Jeremy Jurgens revealed that 93 percent of those surveyed believe that a “catastrophic” cyber security event is likely in the next two years.

Cost of attacks and breaches

$2.4M USD is the average cost associated with recovering from a breach (Source: What’s New in Cyber, Palo Alto Networks, 2022).

IBM were more pessimistic in their Cost of a Data Breach Report 2022 (https://www.ibm.com/downloads/cas/3R8N1DZJ) : Their research showed that the cost of a data breach averaged USD 4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was USD 4.24 million. The average cost has climbed 12.7% from USD 3.86 million in the 2020 report. The news is even worse for those in the US, where the average cost of a breach was USD 9.44 million, the highest average cost globally.

According to the Australian Financial Review, https://www.afr.com/companies/media-and-marketing/optus-suffers-1-2b-brand-hit-as-woolies-tops-rankings-20230116-p5ccta the Optus brand suffered a $1.2 billion blow after a 2022 cyberattack, plummeting down the rankings of Australia’s most valuable brands, that was topped by Woolworths, Telstra and Commonwealth Bank. Medibank’s brand would also have likely been hit hard by its massive data hack, which wiped $1.8 billion from its market value in one day, but Brand Finance’s calculations for its 2023 list were compiled in early October – two weeks before the health insurer was hit by its own breach.

Forbes reports that by 2025, it’s expected that cybercrime will cost the world economy around $10.5 trillion annually, increasing from $3 trillion in 2015 according to Cybersecurity Ventures. To put that in context, if it were a country, then cybercrime would have the third largest GDP behind the US and China. Key drivers of this growth are the ongoing digitization of society, behavioural changes due to the global Covid-19 pandemic, political instability such as the war in Ukraine, and the global economic downturn.

Statistics from Palo Alto Networks Ignite 2022

96% of organisations were attacked in the last year (Source: What’s New in Cyber, Palo Alto Networks, 2022)

33% of security pros experienced operational disruption as a negative consequence of a breach (Source: What’s New in Cyber, Palo Alto Networks, 2022)

$2.4M USD is the average cost associated with recovering from a breach (Source: What’s New in Cyber, Palo Alto Networks, 2022)

77% of security executives think it is critical to reduce the number of security solutions and services they use (Source: What’s New in Cyber, Palo Alto Networks, 2022)

Cybersecurity and human error

According to a study by IBM, 95% of cyber security breaches result from human error (https://www.engineeringnews.co.za/article/the-role-of-human-error-in-cybersecurity-breach-2022-08-29/) and 19 out of 20 cyber breaches result from human error. Decision-based errors, where the user makes a faulty decision, result from a lack of knowledge, skills and information and can be avoided with further training.

Similar, if slightly lower, numbers were reported by researchers from Stanford University, who found that human error was behind approximately 88 percent of all data breaches (https://blog.knowbe4.com/88-percent-of-data-breaches-are-caused-by-human-error) . Human error is still very much the driving force behind an overwhelming majority of cybersecurity problems.

The study was done by Stanford University Professor Jeff Hancock and security firm Tessian. The study “Psychology of Human Error” (https://www.tessian.com/research/the-psychology-of-human-error/) highlighted that employees are unwilling to admit to their mistakes if organizations judge them severely.

Understanding the psychology behind human errors helps organizations to know how to prevent mistakes before they turn into data leaks. According to the study, nearly 50% of the employees stated that they are “very” or “pretty” certain they have made an error at work that could have led to security issues for their company. The study goes into detail about the differences between young and older employees, where younger users will more easily admit to mistakes and are also easier to phish.

In our survey of Palo Alto Ignite delegates in 2022, 48% of responders said they believed their organisation would be at risk if their people did not receive up-to-date cybersecurity training

2022 Global Cyberattack Statistics (Check Point)

From Check Point, Jan 2023 https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/

Check Point Research (CPR) releases new data on 2022 cyberattack trends. The data is segmented by global volume, industry and geography. Global cyberattacks increased by 38% in 2022, compared to 2021. These cyberattack numbers were driven by smaller, more agile hacker and ransomware gangs, who focused on exploiting collaboration tools used in work-from-home environments, targeting of education institutions that shifted to e-learning post COVID-19. This increase in global cyberattacks also stems from hacker interest in healthcare organizations, which saw the largest increase in cyberattacks in 2022, when compared to all other industries. CPR warns that the maturity of AI technology, such as CHATGPT, can accelerate the number of cyberattacks in 2023.

Global cyberattacks increased by 38% in 2022, compared to 2021.
Global volume of cyberattacks reached an all-time high in Q4 with an average of 1168 weekly attacks per organization
Top 3 most attacked industries in 2022 were Education/Research, Government and Healthcare
Geography of Africa experienced the highest volume of attacks with 1875 weekly attacks per organization, followed by APAC with 1691 weekly attacks per organization
North America (+52%), Latin America (+29%) and Europe (+26%) showed largest increases in cyberattacks in 2022, compared to 2021
USA saw a 57% increase in overall cyberattacks in 2022, UK saw a 77% increase and Singapore saw a 26% increase.
Looking back at cyberattacks for the healthcare sector in 2022, healthcare organizations in the US suffered an average of 1410 weekly cyberattacks per organization, which is 86% higher than the number we saw in 2021, with the healthcare sector ranking second out of all sectors for the most cyberattacks in the US.

Examples of attacks

January 2023: a cyber-attack on DNV impacted 6,000+ vessels using ShipManager software (https://theloadstar.com/cyber-attack-on-dnv-impacts-6000-vessels-using-shipmanager-software/)

Over 30,000 school students were told that classes for almost a following a cyber-attack in the US state of Iowa. (https://www.cybersecurityconnect.com.au/critical-infrastructure/8586-cyber-attack-takes-entire-school-district-offline-in-the-united-states}

Operational impact of breaches

33% of security pros experienced operational disruption as a negative consequence of a breach (Source: What’s New in Cyber, Palo Alto Networks, 2022)

Solutions

77% of security executives think it is critical to reduce the number of security solutions and services they use (Source: What’s New in Cyber, Palo Alto Networks, 2022)

The benefits of training

According to Huffington Post, Companies that invest in training make 24% more profit than those that don’t.

The value of IT certification

In the 2021 Value of IT Certification Report (https://home.pearsonvue.com/voc/2021-report) we saw:

The demand for IT certification is growing (16% increase in delivered exams)

The Cybersecurity Workforce Study* (ISC)2 Cybersecurity Workforce Study, 2021, (ISC)2, October 26, 2021. looks at the top 5 career motivators for technical certifications, finding them to be as follows:

Higher than average salary – 31% of respondents reported a median annual salary of US$100,000 or more and 50% of candidates received a pay increase of 6%–20%.
Promotions – 56% of candidates who earned IT certifications were promoted in their current roles.
Job satisfaction – 77% of respondents are satisfied or extremely satisfied with their jobs
Obtain new skills – 73% of respondents cited obtaining particular skills, knowledge, or competencies
Strengthen resumes – 56% of candidates used IT credentials to update and strengthen their resumes

IT certification generates significant ROI for certification earners and their employers – Seven out of 10 candidates met their goals for certification and would recommend certification to someone seeking to start or advance a career in IT. As a result, many attained new jobs (36%), pay raises (28%), and job promotions (21%). Their employers felt a direct and favorable impact as well, experiencing benefits such as increased quality of work, productivity, efficiency, and the employee’s ability to mentor others.

Many of the benefits that result from certification favorably impact both the candidate and his or her place of employment. Outcomes such as increased work quality, productivity, efficiency, innovation, and the ability to mentor others are direct benefits to work processes and people, which ultimately impact business profitability. For example, according to Global Knowledge’s 2020 IT Skills and Salary Report, IT decision-makers estimated the return on investment for each credentialed staff member to be about $10,000.

increased quality and value of work contributions 81%
greater ability to mentor and support co-workers 80%
increased ability to innovate and enhance work processes and outcomes 77%
able to perform a task or fill a role that i was not able to before 75%
increased efficiency (produce more in less time) 72%
increased productivity (produce more overall) 71%

This Palo Alto Networks infographic quotes Dan Flear, “Salary Trends 2020/2021’, to show that, aside from extrinsic benefits, candidates experienced many intrinsic benefits from certification, including:

76% greater job satisfaction

76% increased respect from peers

84% greater determination to succeed professionally

74% greater work autonomy and independence

91% increased confidence

In our survey of Palo Alto Ignite 2022 delegates, 35% of responders agreed with the statement ‘I am likely to have a better-paid career as a result of increased certification’ and only 28% said that they felt that employees with more certifications would be more likely to be promoted than those with fewer certifications. https://www.rededucation.com/students-cybersecurity-training-survey/

According to zippia.com (https://www.zippia.com/cyber-security-specialist-jobs/demographics/)

Types of training

Students prefer instructor-led training – We asked delegates at Palo Alto Ignite 2022 about their preferred delivery mode for training. Would they rather do Virtual instructor-led training, Live in-person training or Self-paced online training? The results were clear – 78% of students prefer instructor-led training, whether in person in a classroom setting or online, to the self-paced online model. https://www.rededucation.com/students-cybersecurity-training-survey/