Menu Icon
< back to main
 • 9 min read

Cybersecurity Statistics for 2021

What's new in ransomware, social engineering, and many other security threats

Cybersecurity Statistics for 2021
Jacob Fox
Jacob Fox

Jacob Fox is a search engine specialist at Cobalt. With a passion for technology, Jacob believes in the mission at Cobalt to transform traditional pentesting with the innovative Penetration Testing as a Service (PtaaS) platform focused on empowering companies to build out their pentesting programs.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

Looking back on the year 2020, the world saw a massive change in the ways nearly everyone lives their daily lives. This trend brought about by the physical world quickly stretched into the digital one. As Coronavirus spread, we saw a drastic increase in cyberattacks ranging from phishing attacks to sophisticated supply chain management attacks which took the digital world by storm.

The FBI reports that since the start of the coronavirus, cyberattacks have increased by 300%. This trend also highlighted by Google, showed the company blocked over 18 million coronavirus phishing attempts each day at the start of the pandemic. Overall the cyber threat trend continues to increase with more and more businesses and people relying on the internet to conduct their daily activities.

With that in mind, let’s dive into the cybersecurity data to see some of the biggest statistics going into 2021.

Top Cybersecurity Statistics for 2021

IBM Quote average business cost of cyberattack in 2020 over 3.86 million dollars

  • In 2020, the average business cost of a cyberattack is $3.86 million and it takes over 200 days to detect the breach. (IBM)
  • Cyberattacks projected to hit $6 trillion in annual loss in 2021 which has doubled since 2015. (Cybersecurity Ventures)
  • Cybersecurity spending estimated to exceed $1 trillion in 2021. (Cybersecurity Ventures)
  • There will be nearly 3.5 million open cybersecurity jobs waiting to be filled this year, with over 500,000 open positions in the United States alone. (Net Sparker)
  • 68% of business leaders felt the risk of a cyberattack increasing. (Accenture)
  • A majority of cyberattacks are motivated by financial gain, nearly 86%. The second leading motivator of a cyberattack includes state espionage. (Verizon)

Ransomware Statistics

ransomware Ransomware does not show any sign of slowing down. Looking at the 2020 statistics for these attack vectors, companies continue to pay a high price for both. Furthermore, attackers target a wide range of entities from local and national governments to businesses and nonprofits, creating a challenging approach to solve for.

  • Ransomware attacks cost businesses an estimated $20 billion in 2020, having grown by over 50 times since 2015. (Cybersecurity Ventures)
  • Ransomware infection rates continue to rise. Ransomware appears to be highest within populations heavily connected to the internet such as in the United States and Europe. (Symantec)
  • The most prevelant ransomware in Q4 of 2019 included REevil with attacks continuing into 2020. (NCBI)
  • Malicious email attacks are up 600% this year, fueled by the pandemic. (ABC News)
  • Average costs for ransom with a ransomware attack increased from $5,000 in 2018 to around $200,000 in 2020. (National Security Institute)
  • Estimates suggest in 2021 a ransomware attack will take place every 11 seconds. ( Cybercrime Magazine)
  • Nearly 1 in 6,000 emails contain a suspcious link potentially related to ransomware. ( Fortinet )
  • 42% reporeted their cyber insurnace did not cover all their losses from a ransomware attack. (Cybereason)

Malware Statistics

  • Malware-related expenses for companies rose 11% since 2019, reaching $3.2 million. (Accenture)
  • Research from CSO Online shows that early 95% of all malware attacks are delivered via email. (CSO Online)
  • Malware attacks rose 4-fold in 2017 and continue to be problematic as seen with breaches such as the Solar Winds attack. (Symantec)

Social Engineering Attacks

Statistics continue to show social engineering playing a part in a vast number of breaches. This includes malicious tactics such as phishing attempts, baiting, and tailgating.

Interesting, phishing attacks account for the first attack vector of nearly 1 in 3 of all cyberattacks. (Verizon, 2019)

The charts below showcases how prevelant social engineering attacks are. cybersecurity common types of attacks Source: Threat Report 2021 State of the Phish Report (Publication). (94085). Sunnyvale, CA: Proof Point.

Successful Hacking Attacks in 2020

There were dozens of different attacks in 2020, with likely more to be discovered and reported to the public in the near future.

According to Identity Force, the first quarter of 2020 showed a massive increase in breaches at the tune of 273% compared to the same data in 2019. Through this, we continue to see data breach statistics rising as a direct result of an increasingly connected digital world.

  1. Microsoft reported a breach of 280 million records at the start of 2020. (ZD Net)
  2. A targeted Twitter account breach leading to over $130 million in stolen funds. (CNBC)
  3. Fifth Third Bank reported an attack on their networks which exposed their customer data to hackers. The bank chain includes over 1,000 branches in 10 different states. (Cincinnati Enquirer)
  4. In March of 2020, Walgreens reported a breach of their app’s messaging feature which includes over 10 million users but the precise number of impacted users has not yet been reported. (Health IT Security)
  5. In April of 2020, Zoom, the popular video conferencing app, reported over 500,000 account credentials had been stolen by malicious actors, as reported by Bleeping Computer after the accounts were found online on the dark web. (Bleeping Computer)
  6. The Small Business Administration (SBA) reported attackers broke into their system as pandemic relief funds started to be allocated. This impacted an estimated 8,000 businesses across America. (ZD Net)
  7. A popular healthcare SaaS provider, Blackbaud released a notice of a system breach in February of 2020 which led to nearly two million medical records in the hands of bad actors. (Data Breach)
  8. One of the world’s largest security providers, Fire eye released a notice that their tools had been stolen by an advanced hacking attack. This attack appeared to be utilizing the firm’s tools to target government entities. (ZD Net)
  9. SolarWinds breach caused massive damage to government systems and private firms' networks with much of the damage still being determined, especially from a national security perspective. (CRN)

Solarwinds SUNBURST Attack

This attack is having such a large impact on what cybersecurity professionals will focus on for years to come. The Solarwinds breach highlighted the hyper-connected world we live in today and showed cybersecurity experts how vulnerabilities could pose a risk through 3rd party software integrations, putting an immense focus on supply chain attacks.

This breach of a supply chain system by suspected Russia’s Cozy Bear hacking group truly highlights an example of an espionage motive but still left consequences for many businesses unprepared for this type of attack.

Industry-Specific Cybersecurity Statistics

  • Public companies lose an estimated 8.6% of their value after a cyber breach, according to Comparitech. (Comparitech)
  • 66% of businesses experienced some form of phishing, including the most common type, spear-phishing attacks in 2020. This is down from 83% in 2019. (Proof Point)
  • French and Japanese companies are least likely to pay a ransomware attack and also see fewer breaches. (Proof Point)

According to (Proof Point's) research in the chart below, engineering and telecommunication companies struggle the most with phishing attacks with legal firms and hospitals pass phishing tests more frequently.

Proof Points Industry Cybersecurity Failure Rate Source: Threat Report 2021 State of the Phish Report (Publication). (94085). Sunnyvale, CA: Proof Point.

Small Business Attacks

  • 43% of small businesses have no cybersecurity defense plan in place. (Bull Guard)
  • Bull Guard also notes in the report that 60% of small business owners do not think their business is a target for cybercriminals.
  • 74% of small business attacks were executed by external actors, as opposed to internal employees, as reported in the Verizon 2020 report. (Verizon)
  • 84% of small business attacks focused on the monetary gain with 8% focused on espionage and the remainder focused on hacking for fun or grudges, again reported by Verizon.
  • 22% of small businesses transitioned to remote work without a cybersecurity plan in place. (Alliant)


2020-healthcare-data-breaches-by-monthSource: Alder, S. (2020). September 2020 Healthcare Data Breach Report (Rep.). HIPAA Journal.

  • September 2020 saw over 9 million medical records stolen. (HIPAA Journal)
  • September 2020 experienced 300% more breaches than the monthly average from 2020 of only 37.25 breaches per month in the healthcare sector.
  • A single SaaS provider to the healthcare industry led to the 300% increase when their systems were breached. (HIPAA Journal)

Education Sector

  • 41% of cybersecurity breaches were caused by social engineering attacks. (Impact)
  • 228 cyber breaches were reported last year specifically within the education sector in Verizon’s 2020 cybersecurity report, which analyzed 20 different sectors.
  • A vast majority of attacks were with ransomware, accounting for nearly 80% of education industry malware attacks. (Verizon)
  • Around 30% of education employees failed to pass a phishing test but this fell to around 5% after cybersecurity awareness training. (KnowBe4)

Financial Services

  • According to the 2020 Phishing report, around 31% of banking employees failed to pass a phishing test. (KnowBe4)
  • Only 71% of financial service attacks are actually financially motivated. (Foundly)
  • 1 in 4 malware attacks targeted financial service firms, leading any other industry. (Insights)
  • According to Optiv and Carbon Black, 47% of financial firms will have a threat hunting team established in 2019.

Frequently asked questions

What types of cyberattacks occur by percentage?

The most common cyberattack is a hacking breach and cyberattacks occurred with the following frequency:

  • 45% of breaches included hacking
  • 22% of breaches included errors as causal events
  • 22% included social attacks
  • 17% included malware
  • 8% involved misuse by authorized users


How many cyberattacks per day?

According to Security Magazine, there are over 2,200 attacks each day which breaks down to nearly 1 cyberattack every 39 seconds.

What percentage of cyberattacks include a social engineering aspect versus a technical problem?

According to Cybint, nearly 95% of all digital breaches come from human error.

Top Cybersecurity Statistics Reports

  1. Gartner Forecast Analysis on Information Security (Premium)
  2. Verizon 2020 Cybersecurity Report
  3. Symantec’s Internet Security Threat Report
  4. 2020 Q3 Data Breach Report by Risk Based Security
  5. Cisco’s Cybersecurity Reports
  6. Cost of Data Breach Report by IBM
  7. McAfee Labs Threat Reports

State of Pentesting 2021

Cybersecurity Insights

Related Stories

451 Research Takes a Close Look at Cobalt in Latest Report
451 Research Takes a Close Look at Cobalt in Latest Report
Recently, 451 did a deep dive on Cobalt — our business model, differentiators, and value prop — along with a SWOT analysis.
Read moreArrow Right
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community.
Read moreArrow Right
Day in the Life of a CISO: Cybersecurity in the Age of COVID
Day in the Life of a CISO: Cybersecurity in the Age of COVID
We continue to recap sessions from this year’s SecTalks virtual conference by sharing insights from two current chief information security officers.
Read moreArrow Right
4 Security Lessons We Learned From 2020
4 Security Lessons We Learned From 2020
Some of the top lessons we’ve learned from qualitative & quantitative research, thought leadership pieces, panel discussions, and customer stories.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens