First Quarter 2024 Cybersecurity Statistics

It’s only January, but already some interesting 2024 cybersecurity statistics are starting to emerge 

Adding solid statistics to funding requisitions and internal documentation is fundamental to the work of any CISO in 2024, though it’s early days for a lot of 2024 cybersecurity statistics and research. In creating comprehensive posts for our blog and supporting our other cybersecurity resources, however, we’ve already come across a lot of relevant 2024 cybersecurity indicators, making a post similar to last year’s ‘2023 Cybersecurity Statistics’ (many of which are still valid) already achievable.

Here are 30+ cybersecurity statistics showing what we can expect in 2024 if current trends continue. We will undoubtedly update this later in 2024 as more numbers cross our path, reliable 2024 cybersecurity statistics are published, and we conduct our own research, so please bookmark this page and come back in Q2, Q3, and Q4. 

2024 Cybersecurity Statistics and Predictions 

1. While ‘slightly’ lower than the projected growth rate, cybercrime is predicted to cost the world $9.5 trillion USD in 2024. [Cybersecurity Ventures] 
2. The global average cost of a data breach in 2023 was $4.45 million, a 15% increase over three years, highlighting the growing financial burden on organizations and security teams. [IBM] 
3. The overall damage from global cybercrime is expected to grow by 15% a year, reaching $10.5 trillion USD annually by 2025. [Forbes] 
4. Year on year, 75% of security professionals have noticed a steady increase in cyberattacks. [CFO] 
5. The average savings for organizations that use machine learning cybersecurity and automation is USD 1.76 million compared to organizations that don’t. [IBM] 
6. It’s expected that by 2026, at least 70% of corporate boards will have a member specializing in cybersecurity, emphasizing its growing significance in business planning. [Gartner] 
7. As remote working continues to be de rigueur and a factor in data breaches, the average cost per breach is $173,074 USD higher, further emphasizing the cybersecurity challenges in BYOD security and for in-house training in the dangers of phishing attacks. [IBM]
8. By 2026, 10% of large enterprises will initiate a comprehensive, mature, and measurable least privilege framework by implementing zero trust, up from less than 1% today. [Gartner] 
9. There are over 2,200 attacks each day, which equates to nearly one cyberattack every 39 seconds. [Security Magazine] 
10. Ranging from clicking on dangerous links to falling for email scams, 95% of all data breaches occur as a result of human error. [Engineering News] 
11. Two-thirds of the world’s adults believe companies have too much control over their personal data. [YouGov] 
12. In 2024, phishing continues to be the number one email attack method, accounting for 39.6% of all email threats. [KnowBe4] 
13. 45% of experts say cyber incidents are the most feared cause of business interruption, surpassing natural disasters or energy concerns. [Allianz] 
14. Globally, last year, 72.7% of all organizations fell prey to a ransomware attack. [Statista] 
15. US cybersecurity insurance premiums rose by 50% last year, reaching $7.2 billion in early 2024 for premiums collected from policies written by insurers, and the majority of underwriters believe cyber risks will grow ‘greatly’ in 2024. [Insurance Journal] 
16. A clear call for managing insider risk: 74% of recent breaches involved “the human factor,” which includes social engineering attacks, errors, or misuse. [Verizon] 
17. Ransomware costs are projected to reach around $265 billion USD annually by 2031, rising significantly from $20 billion in 2021. [Cybersecurity Ventures] 
18. 81% of the organizations surveyed faced ransomware attacks last year, and 48% paid the ransom. [SpyCloud] 
19. 80% of organizations said they plan to increase their spending on information security in 2024. [Gartner] 
20. The Asia-Pacific region is the most besieged by cyberattacks, representing 31% of all reported incidents, with Europe (28%) and North America (25%) next. [IBM] 
21. 54% of cyber security professionals believe that the impact of the skills shortage on their organization has worsened over the past two years. [TechTarget] 
22. 2024 will see record numbers of settlements and civil monetary penalties for breaches of HIPAA best practices. [HIPAA Journal] 
23. 6 in 10 American data breaches lead to C-level executives’ resignation or termination. [Shred-It] 
24. Only 20% of businesses avoided cyberattacks last year, making proactive cyber security measures crucial. [Forbes] 
25. In 2024, organizations are considering implementing zero trust micro segmentation more than any other cybersecurity solution. [IDG] 
26. An increasing list of exclusions could make cyber insurance coverage void, including lack of security protocols in place (43%), human error (38%), acts of war (33%), and failure to follow proper compliance procedures (33%). [Delinea]
27. Medical device security is becoming a growing concern, with an average of 6.2 cyber security vulnerabilities per device. [Cybersecurity Ventures] 
28. 8 in 10 security professionals say software supply chain attacks are a growing concern, with their organization’s cyber safety increasingly dependent on the security of their partners and suppliers. [SoSafe] 
29. 75% of employees will acquire, modify, or create technology outside of IT’s visibility by 2027 – increasing from 41% last year. [Gartner] 
30. More than half of all companies in 2024 have a cybersecurity skills shortage. [ESG] 
31. Organizations paying off ransomware have dropped to a new low, with only 29% of victims paying out to bad actors. [Coveware]
32. By 2026, organizations prioritizing their security investments based on a continuous threat exposure management program will realize a two-thirds reduction in breaches. [Gartner]

As we move past the first month of the year, these 2024 cybersecurity statistics will no doubt evolve and change, making for further sobering reading in the months to come. 

In response to increased chances of breaches, companies must prioritize robust cybersecurity measures and employee training, showing the statistical value to their boards for investment and dedicated cyber security budget for essential strategies, including regular security audits, zero trust models, multi-factor authentication, real-time application visibility and mapping, microsegmentation tools, and advanced threat detection and response.