Top 10 cyber security statistics and trends for 2023

Top 10 cyber security statistics and trends for 2021

Updated Cyber Trends & Statistics for 2023

We recently updated our Cyber Trends and Statistics for 2023.

Cyber Statistics and Trends for 2021

According to the Global Risks Report of 2020 by the World Economic Forum, risks associated with cyber-attacks stand at seventh and eighth in terms of likelihood and impact respectively. Cyber threats are now the new norm across private and public sectors and continue to grow in 2021. The Targeting Scams report of 2019 by the Australian Competition and Consumer Commission (ACCC) identified that Australians lost more than $634 million to scams in 2019 alone. While it’s hard to quantify the real cost of cybercrimes to the Australian economy.  Estimates indicate the annual cost to be as high as $29 billion.

The Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report of June-2019 to July 2020 for Cyber Security Australia shows two notable spikes in cyber security incidents during October 2019 and April 2020. Particularly at the start of COVID-19 pandemic, there was an increase in spear-phishing campaigns and pandemic-themed malicious cyber activity. From 10th to 26th March 2020, ACSC received more than 45 COVID-related cybersecurity incident reports, as cybercriminals swiftly adapted phishing methods to take the coronavirus pandemic to their advantage.

Cyber is affecting more Australian small and medium businesses in 2021 than ever before…

To say the least, the pandemic affected all businesses – small and large. It also increased the cybercrime ratio multiple times due to the manifold possibilities around remote working and uncertainty along with lack of experience in protecting businesses while following a work-from-home model. In the wake of the pandemic, nearly all industries had to adopt new solutions quickly in order to adapt to the changing threat landscape.

2020 was a year of uncertainty and sudden adjustments. Some organizations may have responded well to the new challenges – others, maybe not. However, the new normal is here to stay for a while now. So how can small and medium Australian businesses prepare themselves for data security in 2021 and beyond? To understand how to protect your business from a cyber attack, let’s have a look at 10 must-know cyber-attack statistics and trends for the year 2021.

Related: Top 5 reasons why SMBs should put a cyber security strategy at the top of their plan in 2021

1. Growth of Cybercrime Costs

It is estimated that by 2025, cybercrime will cost approximately $10.5 trillion annually around the world, up from $3 trillion in 2015. This amounts to a growth rate of 15 percent every year. Cyber crime inflicted damages are estimated to reach 6 trillion USD in 2021.

If we measure cyber crime as a country, it can be considered as the world’s third-largest economy after USA and China. This is even larger than the damage caused annually as a result of natural disasters, and even more profitable than the combined trade of illegal drugs globally.

This cost has been estimated by looking at historical cybercrime data that includes yearly growth and an increase in state-sponsored and organized cybercrime campaigns. The cybercrime costs include destruction and damage of data, productivity losses, stolen money, financial and personal data theft, embezzlement, theft of intellectual property, forensic investigation, fraud, reputational damage, disruption to the services, and restoration of data.

In Australia alone, cybercrime costs amount to $29 billion every year. 53% of this cost is incurred on detection and recovery. The average cost incurred by a business on a single breach is $276,323.


Cyber Crime costs to Australian SMBs in 2021


2. Cyber Security attacks are surging for Small and Medium Business Australia

Cyber-attacks are particularly becoming a threat for small and medium sized businesses, considering they are easier targets. According to a 2019 Cost of Cybercrime Study by Accenture, small businesses faced 43 percent of cyber-attacks, but only 14 percent were prepared for defense.

A cyber-attack not only interrupts with routine functions of the organization, but it can also bring permanent harm to IT infrastructure and assets – making them irrecoverable in the absence of required resources or budget. Because of lack of resources and finances, small and medium businesses often ignore the need to invest in adequate backups and cyber security programs and become an easy target for cyber criminals.

According to a State of Cybersecurity Report by Ponemon Institute, small and medium businesses all over the globe showed alarming statistics:

  • Attack Frequency – 71% of SMBs surveyed had faced a cyber-attack in their lifetime and 66% of them had suffered an attack in the last 12 months.
  • Weak Security Measures – 45% believed that their security measures are not strong enough to mitigate cyber attacks
  • Difficult to Detect – 69% of SMBs suffered attacks that evaded their intrusion detection systems and 82% reported evasion of their anti-virus programs.
  • Employee Passwords – 68% of worldwide SMBs reported that their employee passwords were lost or stolen during the past year.

The attacks faced by small businesses most commonly included:

  • 57% phishing and social engineering attacks

  • 33% compromised or stolen devices

  • 30% of credential theft

Business leaders need to be abreast and understand the  consequences of each of these attacks to minimize the potential and ideally  prevent future threats altogether.

The ACSC conducted a cybersecurity survey for small business in November 2020. This survey concluded that 62% of the respondents, which included small and medium businesses, had experienced a cyber security incident. Moreover, 1 in 5 SMEs were unaware of the term “phishing”. Almost half of the respondents agreed on having a low level understanding of cyber security, rating themselves as ‘average’ or ‘below average’ with poor cyber security practices. Again, almost half of them reported that they spent less than $500 on cyber security every year.


The ACSC conducted a cybersecurity survey for small business in November 2020. This survey concluded that 62% of the respondents, which included small and medium businesses, had experienced a cyber security incident.


The report states that the biggest barriers to effective cyber security practices are the failure to identify weaknesses, not knowing where to begin, inability to understand the risk and impact of cyber threats, a lack of dedicated IT staff, and inefficient planning to respond to cyber-attacks.

The long-term costs and effects on a business of data breaches can go as far as months to even years. These are usually costs that are unanticipated during the planning process and can have a significant impact. These include disruption in business processes, data loss, notification costs, revenue loss resulting from downtime, and even the brand’s reputational damage.

3. Remote Work Challenges

A 2020 Global Risk Report on Cybersecurity in the Remote Work Era by Ponemon Institute surveyed 2215 IT and security employees in the USA, UK, Scandinavia, Australia and New Zealand. All these respondents belonged to organizations that directed their employees to work from home during COVID-19 pandemic.

This study found out that the security effectiveness of the organizations was significantly reduced due to the remote workforce model. It showed that prior to the pandemic 71% of respondents believed their organizations to be effective at mitigating vulnerabilities, risks and attacks across their organization. However, for post-COVID times, only 44% of respondents believed the same.

Furthermore, the time to respond to cyberattacks has also increased according to 56% of respondents and only 27% believe that it takes the same amount of time as pre-covid time.

Customer records are most vulnerable during remote working according to 55% of respondents. This is followed by financial loss, which is at risk according to 48% of respondents.

In terms of authentication, many organizations still don’t require their remote workers to use any form of authentication. Around 31% (one-third) of respondents said their organizations don’t require any authentication method. Out of the 69 percent respondents who said their organization uses authentication methods, 40% had organizations with two-factor authentication and only 35% had multi-factor authentication for improving remote access security.


Over 30% of Australian businesses do not require any MFA or authentication method to protect them from a cyber attack


4. Severity and Impact of Cyber Attacks

A cyber attack can impact any organization in numerous ways. It can vary in severity, and consequently result in low or high impact – from a minor disruption to a major financial loss. Regardless of the severity of the attack, it will always have a consequence – whether financial or otherwise. Organizations are usually impacted as a result of cyber attacks in the form of financial losses, reputational damage, loss of productivity, business continuity or legal liability problems.

One of the most common and high-impact threats is Ransomware. Ransomware attacks have increased 25% in the past year, whereas phishing and social engineering attacks increased by 62%. According to a report by Cybersecurity Ventures, a business falls victim to a ransomware attack every 11 seconds.  Understand Ransomware in more detail and how to safeguard your business against it.

CrowdStrike, an IT security company revealed in its Global Security Attitude Survey of 2020 that one of the world’s hottest ransomware targets of the world is Australia, with 67% survey respondents claiming their organization to have suffered a ransomware attack in 2020. This figure shows Australia at the second position among the surveyed countries, while India stood in the first place.

5. Industry-wide Cyber Attacks

Due to the different business nature of every industry, some are more vulnerable to cyber attacks than others. Although any industry can suffer a data breach, it is the ones that deal closely with people and customers that are the most at risk. These companies hold Personally Identifiable Information or sensitive customer data and are desirable targets of hackers. Some industries or organizations vulnerable to cyber attacks are:

  • Financial Institutions and Banks: sensitive customer information such as bank account details or credit card data.
  • Healthcare Industry: health record repositories, research data and patient records such as billing information, insurance claims and social security number.
  • Educational Institutions: student data such as enrollment details, financial record, research, names and address
  • Enterprises: Data that can benefit competitors such as intellectual property, product concept, marketing plans, employee and client details and contract deals

In Australia, the sectors most affected by cyber security incidents from July 2019 to June 2020 were Government- Commonwealth (436 incidents), State Government (367 incidents), followed by Health(164), Education(122) and other sectors.

2021 Cyber Security Incidents by industry for Australian businesses

6. Data Breaches

According to a report by IBM, an organization becomes aware of a breach incident after 197 days and is able to contain it in 69 days. Organizations that were able to contain a breach within 30 days were able to save more than $1 million as compared to those that took more time than 30 days. This statistic shows that slow response to a data breach can cause more loss to your organization in the form of loss of productivity, customer distrust and fines.

To deal proactively with a breach incident, it’s imperative to design an incident response plan. It provides guidance and allows you to be prepared in the event of a breach and respond quickly during all the phases of detecting containing, investigating, remediating and recovering.

In Australia, there were 33 data breaches resulting from ransomware in the first half of 2020, which was 20 more than the previous six months.

7. Information Security Expenditure

Expenditure on IT security-related products and services will predictively exceed $1 trillion in 2021. According to AustCyber Digital Census of 2020, Australians spent approximately $5.6 billion on cyber security. This figure is predicted to increase to $7.6 billion by the year 2024. Since 2017, the revenue of the local sector grew by $800 million.

As of now, there are more information security providers in Australia than ever before. The domestic sector has approximately 350 security providers.

Worldwide Security Spending by Segment, 2019-2020 (Millions of U.S. Dollars)


Information Security Expenditure is predicted to increase by 2024


8. Phishing Emails and Email Security

According to Verizon, the biggest type of social engineering attack in 2020 was phishing, accounting for more than 80 percent of all reported cyber incidents.

According to Scamwatch, in 2020, phishing was one of the most reported scams in Australia like previous years, but with larger numbers than in 2019. There were 44,084 reported phishing attacks, which were 75% more than 25,168 incidents reported in 2019.

Moreover, the most profitable method that scammers used was via emails and phone calls. Phone calls were the most popular delivery method in 2020, with a total of 103,153 attacks. Email attacks also increased from 40,277 in 2019 to 47,502 reported attacks in 2020.  Stolen money increased from $28.36 million to $34.28 million from 2019 to 2020 respectively.

Recently we wrote about Phishing – What is Phishing and how to recognise and avoid an attack.  Read further to understand how to detect phishing scams and the top things you can do to protect your business.

9. Malware Attacks

With more than 11,000 exploitable vulnerabilities found in used software and systems by mid-2019 – with 34 percent of them without any available patches – there was plenty of malware to exploit them. According to Kaspersky, about 20 per cent of users fell victim to some kind of malware attack. However, the attacks were not equally distributed, with the attackers preferring to attack richer targets. Malware Bytes reports that malware attacks dropped 2% on consumers, but businesses were the main targets with threats increasing at a rate of 13 percent.

The 2020 report of ACSC shows ransomware to be a prevalent threat all over the world. Most of these attacks occur after a malicious activity such as a phishing campaign is conducted. The report also states that ransomware across Australia will continue to be a threat due to its higher success rate. However, ACSC is against the practice of paying ransom to the hackers. According to them, paying a ransom will increase an organization’s vulnerability and make them more prone to future incidents. Additionally, paying the ransom does not guarantee that the damage will be undone.

Related:  Malware and how to protect your business and prevent an attack.

10. Online Payment Fraud

According to a new study by Juniper Research, Ecommerce losses due to online payment fraud will exceed $25 billion annually by 2024. The increased dependency on online shopping and the popularity of Ecommerce has made it an attractive target for cyber criminals. Hence, merchants must adopt measures such as multi-factor authentication along with secure payment gateways to ensure that all requirements are effectively implemented.

Wrapping up …

Looking at the data, it is evident that cyber criminals are an imminent threat to governments, businesses and consumers alike. Not only are these threats external, but also internal threats are on the increase too.  Threats such as a lack of asset management and network security, cybersecurity defences, employee cyber awareness and cyber security policies and procedures. Thankfully, following industry best practices, implementing managed cyber security solutions and conducting employee awareness training can help protect your business.

If you need any assistance preparing your business to be Cyber Ready – contact us today!

Related Stories

ACSC Essential Eight Maturity Model Changes

ACSC Essential Eight Maturity Model Changes

The Australian Cyber Security Centre has implemented a number of changes to the Essential Eight Maturity Model.

Celebrating a Year of Milestones at KMT: Reflecting on 2023

Celebrating a Year of Milestones at KMT: Reflecting on 2023

Step into the dynamic world of KMT as we reflect on a year filled with achievements and growth. From team milestones to industry recognition, each month brought new highlights that showcase our commitment to excellence.

Top 10 Managed Service Providers in Brisbane Future Proof Your Business with Technology

Top 10 Managed Service Providers in Brisbane: Future Proof Your Business with Technology

Top 10 Managed Service Providers in Brisbane: Discover cutting-edge IT solutions to elevate your business. Navigate the digital era with trusted technology partners. Future-proof your operations with Brisbane’s finest MSPs.

Want to be part of the crowd?