560,000 new pieces of malware are detected daily and over 1 billion malware programs exist currently. The first half of 2022 alone saw 236.7 million ransomware attacks globally with an average cost of $4.54 million per incident.
Heading deeper into 2023, the threat of malware attacks continues to loom large over organizations worldwide and experts predict that the frequency of such attacks will only increase in the coming years. It’s clear that cybersecurity remains a critical concern for businesses of all sizes.
Top Malware Attack Statistics
- Every day, 560,000 new pieces of malware are detected.
- There are now over 1 billion malware programs in existence.
- Trojans account for 58% of all computer malware.
- Every minute, four companies fall victim to ransomware attacks.
- Nearly every second computer in China is infected with some form of malware.
- Iran has the highest mobile malware infection rate at 30.3%.
- Android devices are 50 times more likely to be infected with malware than iOS devices.
- Over the past decade, there has been an 87% increase in malware infections.
- The cost of cybercrime is predicted to reach $8 trillion in 2023.
- Open-source vulnerabilities are found in 84% of code bases.
Malware statistics 2023
Malware has become a major threat to the security of digital systems, with cybercriminals developing more sophisticated and diverse forms of attacks. The cyber-threat landscape has evolved rapidly, and the statistics surrounding malware paint a bleak picture of the situation.
How Many Malware Are Detected Every Day?
Every day, 560,000 new pieces of malware are detected, adding to the over 1 billion malware programs already in circulation. This sheer volume of malware makes it challenging for organizations to keep their systems secure, and many fall victim to ransomware attacks.
4 companies fall victim every minute to ransomware attacks
In fact, every minute, four companies fall victim to ransomware attacks, with Trojans accounting for 58% of all computer malware. These attacks can result in the loss of sensitive data, financial loss, and a damaged reputation.
50 websites containing malware are detected by Google every week
Even seemingly harmless activities such as browsing the internet can be risky, as Google detects 50 websites containing malware every week. Although this number may seem low, the actual sites that contain malware represent just 1.6% of this number, which still equates to around 50 sites per week.
China has the highest number of infected computers
The prevalence of malware is not uniform across countries, with China having the highest number of malware-infected computers. Nearly every second computer in China is infected by some form of malware, with a 47% malware infection rate that is the highest globally. Turkey and Taiwan follow with 42% and 39%, respectively.
Android OS is 50% more susceptible to malware infection
Mobile devices are also vulnerable to malware attacks, with Iran having the highest rate of mobile malware infections at 30.3%. Android devices are particularly susceptible, with 50 times more malware infections than iOS devices.
Cybercrime will cost $8 trillion in 2023
The alarming increase in malware infections over the last decade is a cause for concern, with an 87% increase in malware infections reported. This worrying trend is set to continue, with the cost of cybercrime predicted to hit $8 trillion in 2023.
Codebases contain serious security flaws
Open source vulnerabilities are found in 84% of code bases, making it critical for organizations to ensure the security of their software development practices. Failure to do so could result in significant security breaches and data loss.
SMBs are not safe from malware attacks
Small-medium-sized businesses in the UK are also vulnerable, with 65,000 daily attempts to hack their systems, and unfortunately, 4,500 of them are always successful. The scale and impact of ransomware attacks are also expected to grow significantly, with Forbes predicting that ransomware will cost the world up to $265 billion by 2031.
The statistics surrounding malware are a clear indication of the challenges that organizations and individuals face in securing their digital systems. However, by implementing robust security measures, staying vigilant, and adopting best practices, the risk of malware attacks can be mitigated.
Malware Statistics 2022
In its 2022 State of Cybersecurity Report, ISACA found that 69 percent of cybersecurity professionals believe their organization’s cybersecurity team is understaffed, up from 61 percent last year.
Being understaffed increases the risk of malware attacks
Understaffing among organizations, including businesses and government, could create a strain on existing staff and lead to an increased risk from malware threats. Almost half (47 percent) reported their organizations were “somewhat” understaffed, while 15 percent reported they were “significantly” understaffed. A further 34 percent reported that their organization is “appropriately” staffed, while just three percent reported being either “somewhat” or “significantly” overstaffed.
The average cost of a ransomware attack is $4.54 million
The average cost of a ransomware attack went down slightly, from USD 4.62 million in 2021 to USD 4.54 million in 2022. By 2031, statistics predict a ransomware attack every two seconds, and there were around 236.7 million ransomware attacks globally in the first half of 2022. Up to 10% of data breaches in 2022 were ransomware-related, making it the third most used cyberattack method and ransomware alone cost the world about $20 billion in 2022.
Phishing emails contribute to 91% of cyberattacks
Phishing attacks are also a major concern, with nearly 30% percent of phishing emails being opened, increasing the chances of opening or downloading from malicious links that contain ransomware or malware. Email is responsible for 91% of all cyber attacks.
There’s a cyber attack every 39 seconds
There are approximately 2,244 attacks that happen on the internet daily, with new attacks occurring every 39 seconds. Globally, 30,000 websites are hacked daily, and 300,000 new pieces of malware are created daily.
The healthcare industry has been the focal point of numerous attacks
The healthcare industry has also been significantly affected, with over 550 US healthcare organizations experiencing data breaches in 2022. Additionally, 53% of Canadian companies that experienced ransomware paid the hackers, and the most common type of ransomware is CryptoLocker, accounting for 52% of all ransomware attacks.
60% of companies have 500+ passwords that never expire
Insiders are also a significant risk factor, with over 60% of financial service companies having 1000+ sensitive files accessible to all employees, and approximately 60% of companies in the same field having 500+ passwords that never expire.
64% of companies were affected by ransomware
In 2022, 76% of organizations were targeted by a ransomware attack, out of which 64% were actually infected. Only 50% of these organizations managed to retrieve their data after paying the ransom, and a little over 66% of respondents reported having had multiple, isolated infections. These statistics highlight the growing threat of cyber attacks and the need for organizations to prioritize cybersecurity measures and staffing.
Malware Statistics 2021
According to the 2021 Cost of a Data Breach Report by IBM, the average total cost of a data breach was $4.24 million, and the average time to identify and contain a breach was 287 days.
In 2021, phishing attacks continued to be a major threat, with 88% of organizations experiencing at least one such attack, according to the 2021 Phishing Trends and Intelligence Report by PhishLabs. The report also found that Microsoft was the most frequently impersonated brand in phishing attacks, accounting for 43% of all phishing emails.
The SolarWinds attack was a watershed moment in 2021
The SolarWinds supply chain attack, which was discovered in late 2020 but continued to impact organizations in 2021, was one of the largest and most significant cyber attacks in history. The attack compromised the networks of numerous US government agencies, as well as private companies, by injecting malicious code into SolarWinds software updates.
The rise of ransomware was the most prominent in 2021
Ransomware attacks continued to increase in 2021, with the average ransom payment reaching $570,000, according to the 2021 Ransomware Threat Report by SonicWall. The report also found that the number of ransomware attacks increased by 62% compared to 2020.
The targeting of healthcare organizations was a notable phenomenon in 2021
In 2021, there was a significant increase in cyber attacks targeting healthcare organizations, with 82% of healthcare organizations experiencing a breach, according to the 2021 Data Breach Investigations Report by Verizon. The report also found that 61% of data breaches involved credentials, such as usernames and passwords, and that financially motivated attacks were the most common type of attack.
Malware Statistics 2020
According to the 2020 Data Breach Investigations Report by Verizon, 45% of data breaches involved hacking, 22% involved phishing, and 17% involved malware. The report also found that the healthcare sector was the most frequently targeted industry, accounting for 51% of all data breaches.
Covid-19 pandemic fed the cyber threat landscape
In 2020, the COVID-19 pandemic led to an increase in cyber attacks targeting remote workers and healthcare organizations, as well as scams related to COVID-19 relief funds and vaccines.
The cost of data breaches has been increasing ever since
The average cost of a data breach in 2020 was $3.86 million, according to the 2020 Cost of a Data Breach Report by IBM. The report also found that it took an average of 280 days to identify and contain a breach.
The average ransom payment was significantly lower in 2020
Ransomware attacks continued to be a significant threat in 2020, with the average ransom payment reaching $111,605, according to the 2020 Ransomware Report by Coveware. The report also found that the healthcare industry was the most frequently targeted industry for ransomware attacks.
The attack on Twitter was a notable event in the cybersecurity landscape in 2020
The Twitter hack in July 2020, in which several high-profile accounts were compromised and used to promote a Bitcoin scam, highlighted the potential for social engineering attacks to cause significant harm. The attack was attributed to a group of young hackers who used social engineering tactics to gain access to Twitter’s internal systems.
Malware Statistics by Industry
Malware attacks can have a devastating impact on any industry, but certain sectors are particularly vulnerable to these types of threats. Healthcare, finance, and retail are among the industries that have been hit hardest by malware attacks in recent years.
Healthcare industry malware stats
The healthcare industry, in particular, has been a prime target for cybercriminals due to the sensitive nature of patient data.
In 2022 alone, over 550 healthcare organizations in the United States experienced data breaches, with up to 10% of these breaches being ransomware-related. The consequences of such attacks can be dire, ranging from financial losses to compromised patient care.
Malware attacks in the finance industry
The finance industry has also been a major target for malware attacks. Financial service companies, in particular, are vulnerable to cyber threats due to the large volume of sensitive data they handle.
As of 2022, over 60% of financial service companies have 1000+ sensitive files accessible to all employees, and about 60% of companies in the field have 500+ passwords that never expire. Vulnerabilities in these areas can result in devastating breaches and significant financial losses.
Effects of malware attacks on the retail industry
The retail industry has also been a prime target for malware attacks, with many retailers falling victim to point-of-sale malware attacks. These attacks can compromise customers’ payment information, leading to significant financial losses and reputational damage.
It is clear that malware attacks pose a significant threat to these industries, highlighting the need for strong cybersecurity measures, including vulnerability assessments and penetration testing, to protect sensitive data and prevent devastating breaches.
Computer Virus Statistics
A virus is a malicious computer program that can replicate and insert its code into other programs to corrupt files, or delete data. Essentially it is a self-replicating malware that can enter a system through various sources.
38% of computer viruses are disguised as .doc files
Earlier, hackers mostly used .exe files to deliver payloads through email but it became quite predictable and email providers started filtering emails containing .exe files. So, now majority of hackers have started using .doc to deliver payload.
There has been a 62% rise in number of malware and virus variants since 2020
The pandemic and the ensuing changes in how business is done has created new attack vectors as well as new security regulations. To exploit the former and evade the latter hackers have focused more energy on developing new variants of malware and viruses.
The number of malware attacks increased year by year for the first time in 2022, since peaking in 2018.
The total number of reported malware attacks was 10.5 billion in 2018. Since then it had been decreasing to reach 5.4 billion in 2021. The number of 5.5 billion in 2022 marking a slight increase. It broke the decreasing trend nonetheless.
Mobile Malware Statistics
There were 200,000 new mobile banking trojans in 2022, up by 100% from 2021. The mobile security landscape has been worsening significantly. A lot of sensitive data is now accessed from mobile phones making it an alluring target for hackers.
Unwanted software and adware account for 50% of mobile malware deliveries
The number of mobile malware installers has actually gone down since 2020. It means that whereas there are more malware, the threat activity is getting lower.
More than 50 fake and malicious applications are found that impersonate ChatGPT
ChatGPT is all the rage and no wonder people are looking for ways to use it from mobile devices without tuning into a browser. The window of opportunity is being used well by malicious actors.
More than 5.6 million mobile malware, adware, and riskware attacks were thwarted in 2022
Improved threat intelligence has enhanced security against mobile malware over the last six years. The volume of mobile malware installers recorded is an eighth of what it was in 2016. However, a lack of alertness can still quite easily result in malware infection.
As the name suggests, a spyware is a program that allows a hacker to obtain covert information about a computer’s activity.
80% of all internet users have been affected by spyware
It’s pretty easy to get infected with spyware. All you need to do is click on a link, a pop-up, or an ad and the spyware is installed. Be ware that malicious code can be embedded as an ad even on legitimate websites.
93% of the components required for a spyware to work are already present in computers
This is what makes spyware even more dangerous. It takes minimum participation from the end user for a spyware to take effect.
How to avoid malware infection
- Keep your software up to date: Ensure that all your software and operating systems are regularly updated with the latest patches and security updates. This helps to fix any known vulnerabilities and weaknesses that attackers can exploit.
- Use antivirus software: Install and regularly update antivirus software on your devices. It can detect and remove any malicious programs that may have slipped through the cracks.
- Be cautious of emails and attachments: Avoid opening emails from unknown sources, and be wary of attachments or links that come with them. Always verify the authenticity of the sender before downloading or opening attachments.
- Use strong passwords: Use strong, unique passwords and enable two-factor authentication whenever possible. This makes it harder for attackers to gain access to your accounts and systems.
- Conduct regular vulnerability assessments and penetration testing: Regularly assess your systems and applications for vulnerabilities, and perform penetration testing to identify any potential weaknesses in your security defenses. This helps you stay ahead of attackers and fix any vulnerabilities before they can be exploited.
The cyber threat landscape is rapidly evolving, and the statistics from the past few years highlight the increasing risks faced by organizations globally.
With the rise of ransomware and phishing attacks, as well as the growing shortage of skilled cybersecurity professionals, it is crucial for businesses to prioritize their cybersecurity measures and invest in employee training and hiring to mitigate the risk of cyber attacks.
The statistics for 2023 suggest that the threat is only going to increase, and it is essential for businesses to stay vigilant and take proactive steps to protect their data and infrastructure.
What is the most common type of cyber attack?
According to the statistics, phishing is responsible for 91% of all cyber attacks, making it the most common type of attack.
How much does a ransomware attack cost on average?
The average cost of a ransomware attack is $4.54 million, which is slightly higher than the overall average total cost of a data breach, which is $4.35 million.
What can businesses do to protect themselves from cyber-attacks?
Organizations can take a number of steps to protect themselves against cyber attacks, including implementing regular vulnerability assessments and penetration testing. By identifying vulnerabilities and weaknesses in their systems and networks, organizations can take proactive measures to address these issues before they can be exploited by attackers.
How many computer viruses are there?
There are more than 1 billion malware out there. 13% of all malware infections come through viruses. There has been a 62% rise in the number of malware and virus variants since 2020
What percentage of malware is distributed by email?
Almost 92% of all malware is distributed through emails. Email is responsible for 91% of all cyber attacks with around 30% of them being opened by unsuspecting victims.
How much do computer viruses cost businesses annually?
Virus infections cost businesses $55 billion yearly. The total number of reported malware attacks was 10.5 billion in 2018. Since then it had been decreasing to reach 5.4 billion in 2021.