Security Audit

The Staggering Cost of Cyberattacks: How Much Money do Businesses Actually Lose?

Updated on: June 14, 2023

The Staggering Cost of Cyberattacks: How Much Money do Businesses Actually Lose?

Global cybercrime is only going to continue increasing exponentially over the next three years. It comes as no surprise then that, with organizations constantly evolving and scaling their operations up, the cost of cyberattacks has also seen a surge from $10,000 in 2021 to $18,000 in 2022. 

According to past cybercrime statistics, which show annual growth, as well as an increase in nation-state-sponsored crimes and hostile gangs, the estimated damage cost for 2025 will be 10 times larger than it is today.

The cost of cybercrime extends to a larger diaspora than just its financial repercussions in the form of loss of productivity, business disruptions, and even reputational damage. Alongside this are the expenses incurred by the targeted organization after such an attack in terms of forensic investigations, security repairs, and even damage control. 

Cybercrime is a very real and present danger in today’s world

The costs of cybercrimes are seen to be continuously rising in the UK which faced a cyber attack with a cost of over $ 6.7 million while the U.S shows cyber attack costs of more than $25,000 for nearly 40% of all cyberattacks that took place. 

According to the FBI investigating cyber intrusions, every single American’s data has most likely been stolen and is now present on the dark web. The deep web is as the name suggests-much deeper and vaster than the surface web, with some estimates putting it as large as 5,000 times bigger. Because it’s relatively new and growing at an unprecedented rate, however, exact numbers are difficult to come by.

The FBI’s Internet Crime Report for 2021 indicates a 64% increase in potential losses from cyber crimes since 2018 to $6.9 billion. Phishing and its variants stood out as the principal causes of such attacks with a 34% increase to nearly 324,000 incidents that cost over $44.2 million. 

The dominance of email as a communication medium is undeniable, as evidenced by the staggering number of active email users globally. In 2022, Constant Contact reported that over 4.2 billion people were actively using email. This statistic speaks volumes about the widespread adoption and reliance on email in both personal and professional spheres. Looking ahead, the trend is set to continue, with projections indicating that by the end of 2026, the number of active email users will surpass 4.7 billion. As this number grows, it becomes imperative for individuals and organizations to prioritize cybersecurity measures to defend against the ever-evolving threat landscape and mitigate the potential cost of cyberattacks.

Business email compromise or BECs and its variant, email account compromise together raised nearly 20,000 complaints having an aggregated loss of over $ 2.4 billion. Another report by Mimecast saw that nearly 76% of collaboration tools like Slack, Microsoft Teams, or Zoom are susceptible to cyber-attacks. 

The World Economic Forum’s 2020 Global Risk Report suggests that cybercrime entities are joining forces and their likelihood of being caught is only 0.05 percent in the United States. This number is incredibly low, meaning that these types of criminals will continue to break laws with ease.

BECs and EACs nearly raised 20,000 complaints with a loss of $2.4 billion dollars.

The Surface of Cyber-attack

In 1963, The Tech formerly mentioned ‘computer hacking,’ and in the half-century since, hackers have taken advantage of our world’s rapidly growing technological advancements to leave us vulnerable.

Executive chairman of IBM mentioned in 2015 that data is a crucial commodity in the current world becoming a resource that mankind wields to gain a competitive edge like never before. If this is anything to go by, in lieu of relation, it would make cybercrimes one of the biggest threats to this increasingly blazing commodity to which every individual in the world contributes. 

According to Cybersecurity Ventures, by 2025 the world will store around 100 zettabytes of data on cloud servers. This will include cloud services operated by vendors, social media giants, government and privately owned clouds for critical infrastructures and private organizations, and more. Other storage on which data is stored are:

  • Utility infrastructures
  • Personal computing devices (PCs, laptops, tablets, smartphones)
  • IoT (Internet of Things) devices.

COVID-19 caused a large number of jobs to shift to work from home, thus directly contributing to the increase of cyber attack surfaces for many, many companies all around the world. 

7.5 billion new internet users

Internet usage is growing at an unprecedented rate with the numbers expected to reach 7.5 billion users by 2030. Cisco predicts that by 2023, there will be three times more networked devices on Earth than people. With the data being a hot commodity it has implications that could result in both good and bad scenarios for the current and future economy.  

Cost Of Ransomware

Ransomware has become a pandemic of epic proportions affecting a major part of the cyber world through laptops, desktops, phones other electronic devices, networks, cloud services, and more. In 2018 it was estimated that by 2022 a ransomware or phishing attack will occur every 11 seconds.

This type of malware prevents victims from accessing their own files and usually threatens to delete the data permanently unless a ransom is paid. Cybercriminals have made this their main method of attack because it is so profitable. In the highly ransomware-prone healthcare industry, 74% of ransomware attacks were aimed at hospitals, and 26% at secondary institutions like dental services and nursing homes. 

Cybersecurity Ventures in a study conducted, predicted the following cost for ransomware cyberattacks:

  • By 2017 the damage caused would cost around $5 billion. 
  • The estimated cost of ransomware attacks for 2018 at $8 billion. 
  • By 2019, the cost was projected at $11.5 billion. 
  • For 2021, $20 billion. 

This showed that the damage caused by ransomware would cost a jaw-dropping $20 billion globally by 2021, 57 times more than the $325 million in 2015. Other jaw-dropping statistics reflecting the cost of cyberattacks through ransomware include: 

  • The total ransomware demand for the period accounted for $16.48 million out of which healthcare providers paid only $ 640,000. 
  • $1.85 million was the average cost of a ransomware attack. 
  • The average ransom paid by mid-sized organizations is $170,404.
  • A study conducted showed that ransomware contributed as the number one cause of loss in almost 6000 cyber insurance claims with the average ransom increasing to $ 247,000 and the incident cost, $352,000. 
  • The average cost of a ransomware attack went down slightly, from USD 4.62 million in 2021 to USD 4.54 million in 2022.
  • The average ransomware cost of $4.54 million is slightly higher than the overall average total cost of a data breach, USD 4.35 million.

While ransomware is currently the fastest-growing and most damaging type of cybercrime, Mark Montgomery (executive director at U.S. Cyberspace Solarium Commission) believes that it will eventually cause senior executives to take the cyber threat more seriously.

Cost of Phishing Cyberattacks 

The cost of phishing attacks on companies has significantly risen through the years, with the $100 million loss faced by Facebook and Google in 2017 perhaps being one of the most infamous examples. Other such instances include: 

  • In 2020, IC3 received about 7,91,790 compliant with a recorded loss that exceeded 4.1 billion dollars. 
  • 2021 was one of the costliest years in terms of data breaches through phishing attacks in the last 17 years. 
  • The average BEC attacks requesting wire transfers increased from $71,000 to $106,000 from 2020 to 2021. 
  • It was also seen that nearly 24% of all BEC phishing scams in 2021 aimed to try and divert employee payroll deposits.
  • IBM’s Cost of Data Breach Report for 2021 found that phishing attacks were the second most expensive type of attack costing around $4.6 million.  
  • USA had the highest rate of costly data breaches in 2021 at $9.05 million according to IBM. 

Cybersecurity Spending

The spending on cybersecurity was expected to increase from a mere $3.5 million in 2004 to over $1 trillion in 2021 with the ever-growing efforts to protect against the growing rate of cybercrimes.

Healthcare’s attractiveness to cybercriminals is due in part to outdated IT systems, a lack of available cybersecurity staff and protocols relative to other industries, and the high value of data. 

The reality that healthcare organizations can usually tend to pay the ransoms in order to not have critical patient data locked up, just adds to this allure. The healthcare industry is expected to invest $125 billion in shoring up its security measures between 2020 and 2025.

Reports by Cisco show that 50% of large companies annually spend at least $1 million on cybersecurity. A forecast by Gartner predicted that the spending on cyber security would increase to $ 170.4 billion by 2022. 

Small Business

Rather than targeting big well-established and known companies prone to have high-end security facilities, scammers nowadays find small and medium-sized enterprises to be much easier targets. 

A major reason for such attacks being targeted at SMBs is that they lack the financial resources to mount up a considerable cybersecurity front, thus making them enticing targets for cyber attackers to take advantage of. 

Such upcoming companies may not have their cybersecurity roles filled or might not have the resources to fully place effective security measures.  

Scott Schober, author of “Cybersecurity Is Everybody’s Business,” states that 30 million small businesses in the U.S. need stronger security to protect against phishing attacks, malware spying, ransomware, identity theft, major breaches, and hackers who would compromise their systems.

Some statistics revolving around SMEs and cyberattacks against them include: 

  • Only 14% of SMEs have a cyber security plan in place. 
  • An average of $25,000 is lost by SMEs.
  • Besides phishing, other common cyber attacks on SMEs include credential theft and making use of stolen devices. 
40% of cyberattacks are at SMBs.

Around 43% of all cyberattacks target small-to-midsize businesses (SMBs), and 60 percent of those businesses go out of business within six months. Ransomware attacks have unfortunately become more frequent, and small businesses are having difficulty adapting.

5 Ways to Prevent Cyberattacks

  1. Updating Your Software and Systems Regularly is Key

Cybercriminals are successful in their attacks because they exploit vulnerabilities found in software or system updates that haven’t been installed yet. This provides them with access to your network before you even realize what’s happening, making preventative action too late.

  1. Conduct Regular Penetration Tests

A penetration test can find possible vulnerabilities in your system that might be abused by hackers. If you show and fix these weaknesses quickly, you can save yourself a lot of money—and the shame of experiencing a cyber-attack or data breach.

By conducting a penetration test, your organization can improve its security and make more informed business decisions at a fraction of the cost. They not only protect your website, but they also help you maintain the essential certifications (like PCI-DSS and HIPAA) that your business needs, thus promoting trust between you and your clients. 

  1. Firewalls

One of the best ways to protect your computer network from being hacked is to put a firewall in place. Firewalls block brute force attacks, which can prevent damage to your system before it happens. 

  1. Control System Access

Physical access to your computers can be just as dangerous as unprotected digital access. Somebody could walk into your office, plug in a USB key with infected files, and give themselves control over your entire network without you even knowing.

  1. Wifi Security

By hiding and securing your wifi networks, you are taking a preventative measure to keep all of your devices safe. As wireless technology becomes more sophisticated, there are more opportunities for someone to access your network without permission and do serious damage.

Concluding Thoughts

This article has shed let on the hemorrhaging cost of cyberattacks through multiple statistics on businesses of various sizes belonging to various sectors from attacks like phishing and ransomware.

With data breaches becoming an increasingly alarming issue, it is vital that everyone be aware of how to prevent such cyberattacks and stay as secure as possible.


What is the cost of cybersecurity testing?

Cybersecurity testing can cost up to $5000 USD based on its scope and the pentest provider.

What is the most common form of a cyberattack?

Malware is the most common type of cyberattack. Malware is any software created for malicious purposes, like spyware, ransomware, viruses, and worms. Usually, a person unknowingly lets this type of software enter their network by clicking on a harmful link or email attachment containing the malware. If successful in getting inside the system undetected, malware can do various types of damage to both files and devices:

1. Ransomware prevents access to important network components.
2. Installing this software may result in additional malware or harmful software being installed on your device.
3. Covertly transmits data from the hard drive to obtain information (spyware)
4. Disrupting certain components makes the system unusable.

What was the most expensive cyberattack in 2022?

The hackers were able to bypass two-factor authentication and access users’ wallets, which allowed them to steal approximately $18 million worth of bitcoin, $15 million worth of Ethereum, and other cryptocurrencies.

Nivedita James Palatty

Nivedita is a technical writer with Astra who has a deep love for knowledge and all things curious in nature. An avid reader at heart she found her calling writing about SEO, robotics, and currently cybersecurity.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany