20 Shocking Cybercrime Statistics: 2024 Edition

It has been said (and even been sung) that what goes up, must come down. And so, we should expect that after several years of worsening cybercrime, things should finally be diminishing.

However, this is not happening. On the contrary, hackers and bad actors are continuing to dial up their efforts to breach accounts and steal identities. And the evidence for this is not anecdotal — it is empirical. For proof, we present 20 shocking cybercrime statistics for 2024:

Costs

• The global cost of cybercrime is expected to reach $9.5 trillion (all figures in this article USD) in 2024 — this calculates to $26 billion per day, or $18 million a minute. [Source]
• Global cybercrime costs are predicted to reach $10.5 trillion by 2025. [Source]
• The average cost of a data breached has climbed to an all-time high of $4.45M per incident. [Source]
• Breaches triggered by malicious insiders are the most expensive at an average of$4.9M per incident. [Source]

Small and Medium-Sized Businesses (SMBs)

• 78% of SMBs are more concerned about cybersecurity than they were a year ago. [Source]
• 69% of SMBs say that they have experienced at least one cyberattack in the last year. [Source]
• 80% of SMBs say that they do not have a fully-deployed PAM solution in place. [Source]
• Less than 60% of SMBs say that they are using essential cybersecurity measures such as password managers, two-factor authentication (2FA), and cybersecurity training. [Source]

Remote Working

• 72 percent of businesses say that they are “somewhat concerned” or “very concerned” about the security risks of employees working remotely. [Source]
• 80% of security professionals say that they have seen increased security threats since the major shift to remote working started in 2020. [Source]
• 46% of businesses report at least one cybersecurity incident within the first two months of shifting to remote work. [Source]
• Only 51% of remote employees say that they have received cybersecurity training from their employer. [Source]

Phishing

• 62% of security professionals say that over the last few years phishing campaigns have increased more than any other type of threat. [Source]
• IT leaders pinpointed finance (27%) and IT (23%) teams as the most likely departments to be targeted by phishing emails. [Source]
• 79% of account takeover attacks started with a phishing email. [Source]
• 34% of organizations said a fraudulent invoice had been paid because of a “whaling” attack (phishing specifically targeted at C-level and senior executives). [Source]

Ransomware

• 70% of ransomware attacks target small businesses. [Source]
• Between Q1 2023 and Q1 2024, the number of reported ransomware cybercrime victims increased by 20%. [Source]
• The number of active ransomware groups more than doubled year-over-year, increasing 55% from 29 distinct groups in Q1 2023 to 45 distinct groups in Q1 2024. [Source]
• In 2024, 63% of ransom demands were $1M+, 30% of demands were for $5M+, and the average ransom payout was $2M (a 500% increase from 2023). [Source]

And Now for Some GOOD News

If you are rattled by these terrifying statistics (especially the ransomware stuff) then we apologize. However, we are sure that you agree ignoring or denying this reality is unwise. Cybercrime is a major problem and getting worse by the day.

Fortunately, there are ways that organizations and individuals can dramatically reduce the risks — and stay at least a step or two ahead of the bad guys. To learn more, we invite you to explore the Devolutions Cybersecurity Guide, where you will find advice and best practices related to:

• Threat Management
• Access Management
• Password Management
• End User Management
• Remote Working
• Optimizing Security
• Essential Security Tools
• Training

Plus, you can download the Devolutions’ State of IT Security in SMBs in 2023–24 Survey Report [PDF]. The report takes a deeper look at current threats and risks, and shares critical recommendations that are strategic, practical, and affordable for SMBs.