Cybersecurity insights and trends for 2024

Cybercriminals are constantly developing new and sophisticated methods to exploit vulnerabilities, posing threats to individuals, businesses, and governments. Examining the latest cybersecurity statistics and trends can equip us with the knowledge necessary to deal with these intricate challenges. 

The staggering cost of cybercrime

The global cost of cybercrime is projected to rise from $8 trillion in 2023 to $10.5 trillion by 2025. This figure translates to over $250,000 spent on cybercrime every second, this proves the urgent need for advanced and holistic cybersecurity measures. The United States alone faces the potential loss of over $10.2 billion from cyberattacks and fraud in 2022, as reported by the FBI.

Read also: Study shows the cost of data breaches at an all-time high 

Cybercrime incidents

While the number of individual victims of cybercrime decreased from 2022 to 2023, the total number of compromises increased by over 1,400. It is estimated that one cyberattack occurs every 39 seconds, with businesses expected to be targeted every 11 seconds by 2025. The cost of damage caused by these attacks amounts to approximately $16.4 billion per day or $190,000 per second globally.

Small businesses

Small and medium-sized businesses (SMBs) are particularly vulnerable to the effects of cybercrime. Nearly half of all experts cite cyber incidents as their primary concern for business interruptions, with the average cost of a single attack estimated at $384,598 in 2019. Worryingly, over 55% of SMBs lack a detailed policy on passwords and biometrics, leaving them exposed to compromised credentials.

Read more: Why hackers target small and midsize businesses 

Cybersecurity across industries

The impact of cybersecurity threats varies across different industries, with some sectors facing more challenges than others.

Healthcare

The healthcare industry has been hit particularly hard, with the average cost of a data breach reaching $10.93 million in 2023 – more than double the cross-industry average of $4.45 million. The number of individuals affected by data breaches in the sector rose by 60% in 2023, with cyberattacks accounting for almost 80% of these incidents.

Manufacturing

The manufacturing industry has emerged as the most targeted sector worldwide, with one-fifth of all cyber extortion campaigns targeting this segment. Backdoor attacks have been particularly prevalent, involved in 28% of these campaigns.

Finance and insurance

The financial services and insurance sectors face unique challenges. Businesses in this industry have more sensitive files exposed to employees than any other industry. This level of access to sensitive customer and employee data presents a risk, with nearly three-quarters of attacks leading to compromised client details.

Education

The education sector has also fallen victim to the rise of cybercrime, with K-12 schools emerging as a prime target. Ransomware attacks on this industry have cost an estimated $53 billion in downtime since 2018, with over 6.7 million records breached during this period.

Data breaches

Data breaches continue to be a concern, with the average cost of a data breach worldwide reaching $4.45 million in 2023. While the estimated number of individuals affected by data breaches decreased by 16% in 2023, the total number of data compromises increased by 78% to a record 3,205 incidents. The United States remains the global leader in data breach costs, with an average of $9.48 million per incident.

Phishing

Phishing attacks have emerged as the most commonly reported cybercrime incident, accounting for 16% of all data breaches according to IBM. The FBI's Internet Crime Report data shows that phishing was the number one most-reported incident in 2022, although it resulted in relatively low losses of only $52 million compared to other types of cybercrime, such as investment fraud, which led to losses of $3.3 billion.

Ransomware

Ransomware, the malicious software that holds data hostage, is projected to cost $265 billion globally by 2031 – over 10 times the cost in 2021. The average cost of a ransomware attack in 2023 was $5.13 million, a 13% increase from 2022. However, the involvement of law enforcement can reduce the average cost by around 9.6%.

Business email compromise (BEC) attacks

BEC attacks, designed to target businesses and acquire money or sensitive data, have seen an uptick in frequency, more than doubling in 2023. These attacks are particularly prevalent in the technology industry, followed by construction, advertising, marketing, finance, transportation, and media/entertainment sectors.

DDoS and botnet attacks

According to IBM data, distributed denial-of-service (DDoS) attacks, which overload servers with internet traffic to force downtime, have seen a 15% rise in application-layer attacks. These attacks can cost up to $2.5 million per incident, with almost seven in ten organizations experiencing between 20 and 50 DDoS attacks monthly.

Botnet attacks, which involve the hijacking of a network of connected devices to execute further malicious activities, have also been on the rise. Russia, the United States, and China have the highest number of blocked IP addresses associated with these attacks.

Social media scams

Social media scams have resulted in $2.7 billion in losses since 2021, more than any other method of fraud, including emails, texts, and phone calls. These scams often involve creating fake profiles to communicate with users and sending malicious links through spam messages. Online shopping, investment-related, and romance scams have been the most prevalent forms of social media-based fraud.

Read more: Learning to spot and avoid common health scams 

The cybersecurity industry

The global cybersecurity market is estimated to be valued at just over $180 billion in 2024, with a projected growth of nearly $315 billion by 2029. In the United States alone, the market is expected to exceed $108 billion in revenue by 2028.

Despite this growth, the cybersecurity workforce faces a skills gap, with an estimated four million additional workers needed to fill the workforce gap. Employees' concerns about skill gaps and the increasing complexity of threats, including the development of AI, have made the past five years the most challenging in terms of cybersecurity.

Cyber insurance

The global cyber insurance market is valued at $9.2 billion and is forecasted to reach $22.1 billion by 2025, indicating the increasing importance of this safeguard. As businesses navigate cybersecurity, cyber insurance coverage has become more necessary than ever.

Related: The role of cyber insurance in risk mitigation 

In the news

The U.S. Department of Health and Human Services (HHS) has announced a groundbreaking $50 million initiative for bolstering cybersecurity measures within hospitals. Dubbed the Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE) program, its primary objective is to fortify entire systems and networks of medical devices, ensuring scalable solutions to combat digital threats. Spearheaded by the Advanced Research Projects Agency for Health (ARPA-H), the initiative seeks proposals from the private sector to develop advanced vulnerability mitigation software platforms and automated detection systems. Additionally, it tries to create digital replicas of hospital equipment for emergency testing and deployment, along with customizable defenses tailored specifically for healthcare facilities. 

The announcement of the UPGRADE program coincides with a surge in cyber incidents targeting the healthcare sector. Recent attacks, including one on the nonprofit healthcare system Ascension, have prompted calls from White House officials and Congress for legislative action to address this escalating threat. The UPGRADE initiative represents a step towards achieving this goal, promising rapid and automated patch deployment to safeguard both hospital staff and patients alike.

FAQs

Why is cybersecurity important in healthcare?

Cybersecurity in healthcare protects sensitive patient information, ensures the availability of health services, and maintains the integrity of healthcare data. Healthcare organizations handle a vast amount of personal and medical information, making them attractive targets for cybercriminals. Effective cybersecurity measures help prevent data breaches, ransomware attacks, and other cyber threats, ensuring patient trust and compliance with regulations like HIPAA.

What is HIPAA, and how does it relate to cybersecurity in healthcare?

HIPAA (Health Insurance Portability and Accountability Act) is a US law that sets national standards for protecting sensitive patient information. HIPAA's security rule specifically addresses the technical and non-technical safeguards required to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI). Compliance with HIPAA requires healthcare organizations to implement cybersecurity measures, conduct regular risk assessments, and ensure ongoing protection against threats to ePHI.

What role do healthcare cybersecurity frameworks play in ensuring data protection?

Healthcare cybersecurity frameworks, such as the NIST Cybersecurity Framework and HITRUST CSF (Common Security Framework), provide guidelines and best practices for securing healthcare information systems. These frameworks help organizations assess their cybersecurity posture, identify areas for improvement, and implement controls to mitigate risks effectively. Adhering to established frameworks ensures that healthcare organizations maintain a detailed and standardized approach to cybersecurity, enhancing the protection of patient data and regulatory compliance.

Learn more: HIPAA Compliant Email: The Definitive Guide