There is no doubt technology is rapidly changing how every aspect of the world works. But in our digitized lives, there is perhaps no other realm that has evolved more dramatically than the way we manage our money.
Data breach statistics show that cybercriminals know exactly how sensitive online banking data is in the 21st century. In this ever-expanding sea of data, new pirates set sail by the minute, and the need for better security becomes more and more urgent. This has become more evident in the past few years, with the number of cyberattacks skyrocketing.
To show you just how advanced cybercrime has become and how much it costs society, we’ve created this article by compiling the newest financial data breach facts and statistics. Use this information to help protect your personal finances and those of your business. And, just as importantly, spread the word about this serious threat.
Statistics on Data Breaches – Editor’s Choice
- In 47% of all financial data breaches, the victim is a bank.
- More than 76% of breaches are financially motivated.
- Some 65% of the top 100 banks in the USA fail web security testing.
- 92% of ATMs are vulnerable to hacks.
- A staggering 97% of all records stolen are from the United States.
1. eCommerce data breaches account for 80% of payment-card-related investigations.
When we look at the number of data breaches in 2018, it becomes evident just how heavily we now rely on digital finance. Consumers are increasingly shopping online, so much so that the same research from just four years earlier had the exact opposite result. Back in 2014, 80% of payment-card related investigations on data breaches were for point-of-sale merchants, while now that figure is now only 20%.
2. Around 76% of all data breaches are financially motivated.
It’s no surprise that money is the motivation behind the majority of hacks. The same Verizon research shows that 50% of all data breaches are perpetrated by organized crime groups. The danger is not only real, but the people behind these attacks are often experts in cybercrime.
3. The cost of cyberattacks is highest in the financial industry, reaching $18.3 million annually per company.
Data breach statistics from 2018 showed a massive increase in the number of cyberattacks, which is why the financial industry is spending record amounts on security measures. Successful attacks on banks and financial institutions are the most costly of all, not only because of the financial losses, but also because these breaches erode user trust.
4. In 2017, banks were the target of 47% of financial data breaches.
Banks remain the most targeted financial institutions of all, but data breach statistics from 2017 had already begun to show a big rise in attacks on cryptocurrency projects. The huge boom in blockchain popularity meant that in 2017, 21% of cyberattacks targeted crypto-related businesses. This shafted loan companies into third spot, with 11%.
5. Stolen cardholder data remains captured for an average of 127 days.
Data breach facts like this show just how long a single instance of cyber theft can cause problems for those affected. Having your data “captured” in this sense means that it is being recorded, gathered, and stored by an unauthorized source, so cardholders remains vulnerable for an average of six months after an attack. Organizations that fall victim to data breaches remain vulnerable for an average of 257 days.
6. 92% of ATMs are vulnerable to hacks.
A detailed report on security breach statistics by Positive Technologies in 2018 showed that ATMs remain vulnerable to a wide variety of attacks. For instance, 85% of ATMs are poorly secured against network attacks, including the spoofing of the processing center. Of the ATMs tested, 69% were vulnerable to black box attacks, while 76% allowed hackers to exit kiosk mode and gain access to the machine’s operating system.
7. Over 500 million users don’t realize their device is infected with crypto-mining software.
AdGuard released these data breach statistics in 2017, revealing that 220 websites with a total of 500 million visitors infected users’ computers with crypto-mining programs during a three-week period. Those sites made an average of $43,000 during that time. Considering the damage crypto-mining scripts can cause to computers, this was a significant issue for victims.
8. A staggering 97% of all records stolen are from the United States.
While it’s not surprising that the most powerful economy in the world is the main target of cyberattacks, it is still shocking how many of the world’s data breaches are directed at the United States. More than 59% of all breaches happen in the USA, and a staggering 97% of all stolen records are American.
9. The average total cost of a data breach amounts to $3.92 million.
A single data breach can cost the victim immensely. While the damage caused by successful cyberattacks varies from country to country, the average of almost $4 million is shockingly high. The country where the average data breach costs the most is the United States, with an average of $8.19 million per breach.
10. Global spending on cybersecurity is expected to surpass $6 trillion by 2021.
In 2015, the United States declared a national emergency to combat the very real threat of cyber crime. Since then, global spending on the cyber war has continued to rise. To put things in perspective, data breach statistics by year show that global spending on cybersecurity in 2015 amounted to $1 trillion. This means the costs of preventing such attacks have been rising by almost a trillion dollars each year since, with no signs of slowing down.
11. 66% of businesses that fall victim to data breaches aren’t confident they can recover.
A three-year-old report by IBM found that cybercrime was metastasizing as technology became more advanced and more readily available. Of the 2,400 IT and security professionals surveyed, 75% confirmed that they had no formal response plans in case of a cybersecurity incident. These data breach statistics from 2016 also point to an even more troubling trend, with two-thirds of businesses expressing doubt that their organization could ever recover from an attack.
12. The financial impact of ransomware attacks rose by 60% in 2018.
An Internet Society report on cyber incidents and data breaches in 2018 concluded that, while the overall number of data breaches and records stolen has fallen compared to last year, their financial impact has increased substantially. Losses from compromised business emails doubled in that same period, while cryptojacking incidents more than tripled. The report also found a constant increase in high-level breaches throughout the year.
13. 65% of the top 100 US banks failed web security testing in 2017.
These cyber breach statistics are cause for concern if you have money stored away in an American bank. Indeed, this study found the largest US banks have some of the worst-secured websites in the country. Considering how important banks are to the economy, it’s unacceptable that only 27% of them made the grade as being safe from breaches. What’s worse, that number marked a staggering 28% drop compared to the year before.
14. On average, 4,818 websites per month were compromised with formjacking code in 2018.
15. The United States suffered 1,244 attacks in 2018, leading to 446.5 million stolen records.
Statistics on recent data breaches from 2018 show a drop in the actual number of attacks in the United States compared to 2017, but a huge rise in the number of stolen records: almost 300 million. When you think that a decade ago only 35.7 million files were stolen annually, this increase represents a major problem for American government agencies and companies across all industries.
16. Experts predict spending on cybersecurity training for staff will reach $10 billion by 2027.
With more than four billion people predicted to be online by the end of 2020, simply trying to protect your business through software solutions and basic security measures won’t be nearly enough. Human error still plays a big role in most successful cyberattacks, and there is a growing need to spend more resources on training employees.
17. The Carbank gang committed the largest robbery of the century, using malware to steal $1 billion from 100 different banks in 30 different countries.
The biggest data breach theft in history, and one of the largest robberies of all time, was carried out using spear phishing emails. That was something completely unthinkable just a decade or two ago, but now represents a dangerous reality for all financial institutions. The attack by the Carbank gang lasted for more than two years. It was unprecedented in that it didn’t target individual users, but instead robbed the banks directly.
18. 60% of US citizens say they or their closest family members have fallen victim to fraud.
Research on data breaches from 2018 shows how widespread hacking has become, as more American citizens than ever face the threat of identity theft and fraud. The most common type of fraud in 2018 took the form of a letter, email, or call from someone impersonating the IRS, comprising 34% of all reported schemes. After that came the theft of credit card numbers at 28% and fraudulent email phishing scams at 26%.
19. Eight in 10 adult US citizens fear that businesses can’t secure their financial information.
Cybersecurity statistics from 2018 reveal a population that is losing faith in the ability of financial institutions and businesses to keep their personal data safe. Almost half of US citizens expect they will fall victim to a fraud that will cost them financially over the next year.
20. Around 80% of American adults have changed their behavior because of the threat of cyber breaches.
The number of high-profile data breaches that have affected hundreds of millions of people in recent years has changed the nation’s behaviour when it comes to financial cybersecurity. In this study, 56% of people surveyed claimed to self-monitor their accounts more often for fraudulent activity, while 43% said they now use cash and checks more often to minimize the chance of cybercrime.
This data breach report also shows other notable shifts in behavior regarding finances. There is an increased reliance on local stores instead of national chains, with 40% of people saying they now shop locally. Some 26% of people choose to reduce their social media presence purely to avoid potential fraud, while a fifth have signed up for fraud-detection and monitoring services.
21. Emotet malware now accounts for 16% of all financial Trojans.
This self-propagating virus that was designed to spread through spam emails in order to steal sensitive financial information was first discovered in 2014. By the year 2017, with its worm-like capabilities of evading-malware detection software, Emotet malware amounted to 4% of all financial Trojans. Not even two years later, it has increased its presence fourfold. Emotet can also spread Qakbot, which has climbed to seventh place on the list of Trojans (1.8%).
22. The number of cryptojacking URLs doubled during the last quarter of 2018.
(Help Net Security)
While some have previously attributed the rise in cryptojacking to the massive Bitcoin value boom during 2017, the actual data breach dataset tells a completely different tale. Cryptocurrencies are now worth much less than they were two years ago, but the number of cryptojackings is skyrocketing. One of the main reasons for the popularity of cryptojacking is that it leaves a smaller footprint and doesn’t require users to pay a ransom, like ransomware attacks do.
23. 67% of financial institutions reported an increase in cyberattacks in 2018.
Research on major data breaches performed by Carbon Black points to some alarming trends, with 26% of surveyed financial institutions admitting they had fallen victim to a destructive attack. Compared to the data at the beginning of 2018, this represented an astonishing 160% increase. What’s even worse, 79% of the corporate information security officers surveyed said attacks on financial institutions were becoming more and more sophisticated.
24. The FBI estimates that the amount paid to ransomware scammers has reached almost a $1 billion per year.
(The U.S. Department of Justice)
This report from the Department of Justice also noted that on a global scale, ransomware infects some 100,000 computers each day. As these ransom attacks continue to shift from private citizens to businesses and large corporations, the amount of money these scams make is also increasing. Cyber attack stats show that this trend will not slow down in the near future. At current rates, by the year 2021, one business will fall victim to a ransomware attack every 11 seconds.
25. The number of unfilled cybersecurity jobs will rise to 3.5 million in the next two years.
The sheer volume of cybercrime keeps growing at such a pace that successfully combating the threat may soon become an unattainable goal. To better illustrate how dire this threat has become, there were 209,000 US cybersecurity job openings in 2015, and even that number had risen 74% compared to 2010.
When looking at the threat posed by cyberattacks and data breaches in 2019, one cannot help but feel at least a bit worried for what the future has in store. Theft, extortion, and fraud is quickly spreading throughout the digital world, and it’s difficult to know exactly how we can prevent this from happening in the future. Despite this ever-worsening threat, companies seem unable to find the manpower and resources to successfully counter these threats.
The data breach statistics we’ve gathered all point to the finance sector as the most at-risk of all industries. Cybercriminals will continue to target banks and financial institutions first and foremost, and the consequences of major breaches in this field are terrifying, to say the least. Governments will do everything they can to reduce the threat by introducing new cybersecurity laws and guidelines. But at the end of the day, it’s up to you to invest time and money into keeping your data safe.
- Positive Technologies
- Cybersecurity Ventures
- Internet Society
- IBS Intelligence
- Cybersecurity Ventures
- Help Net Security
- Carbon Black
- The U.S. Department of Justice
- Cybersecurity Venture