101 Cybersecurity Statistics and Trends for 2024

Master of Science in Computer Science Program Page

In the ever-evolving cybersecurity landscape, staying informed with the latest statistics and trends is not just beneficial—it’s imperative. The year 2024 is shaping up to be pivotal, with threats becoming more sophisticated and industries worldwide grappling with a digital environment that’s more integral to operations than ever before. 

In this detailed guide, we delve into the 101 Cybersecurity Statistics and Trends for 2024, offering a comprehensive snapshot to help professionals, businesses, and academics understand cybersecurity’s current state and future directions. From workforce dynamics to emerging threats, our analysis is tailored to provide actionable insights and practical advice for navigating this complex landscape.

Global Cybersecurity Workforce Hits 4.7 Million

Global Cybersecurity Workforce Hits 4.7 Million

The cybersecurity sector is witnessing significant growth, with the global workforce estimated at 4.7 million professionals. This number reflects the increasing importance of cybersecurity in today’s digital age, as organizations worldwide prioritize the protection of their information systems against cyber threats.

What Does a Cyber Security Analyst Do?

A Cyber Security Analyst safeguards an organization’s computer networks and systems. Their main duties include monitoring security access, performing security assessments through vulnerability testing and risk analysis, and implementing security measures to protect sensitive information. They are also responsible for responding to and mitigating the effects of cyberattacks, such as viruses, malware, and other security breaches.

Cybersecurity analysts play a crucial role in preventing data breaches and cyber threats, ensuring that an organization’s information remains secure and confidential. They stay updated on the latest cybersecurity trends and threats, continuously adapting their strategies to protect against potential security vulnerabilities. Their role is essential in maintaining the integrity and confidentiality of company data, making them a vital part of any organization’s security team.

Facts about the Cybersecurity Industry

Fast Facts about the Cybersecurity Industry

The cybersecurity industry is a pivotal component of the modern digital landscape, marked by its dynamic growth and evolving challenges. In this section, we explore key statistics that shed light on the state of the industry, including workforce size, salary trends, and educational requirements, providing a foundational understanding of the sector’s current status and future outlook.

  1. Only 4% of organizations feel confident in their security to “users of connected devices and related technologies are protected against cyberattacks.”1
  2. The global cybersecurity workforce is estimated to be around 4.7 million people.2
  3. Median pay for information security analysts was $102,600 annually in 2021.3
  4. The lowest 10 percent earned less than $61,520, and the highest 10 percent earned more than $165,920.3
  5. Chief information security officers made an average annual salary of $170,980 as of July 2022.4
  6. Typical entry-level education is a bachelor’s degree.3
  7. The expected growth rate for tech jobs is nearly twice the national rate for all jobs over the next 10 years.5
  8. Information security analysts are projected to grow by 35% from 2021 to 2031, which is much faster than average.3
  9. 56,500 jobs are estimated to be added during 2021-2031.3
  10. Cybersecurity Ventures projects there will be 3.5 million unfilled cybersecurity positions in 2025 globally.6
  11. 93% of organizations expect to increase cybersecurity spending over the next year.7
woman in server room pointing at screen

Cybersecurity Threats

The threat landscape in cybersecurity is constantly changing, with new vulnerabilities emerging as quickly as old ones are mitigated. This section delves into the statistics surrounding the most prevalent cybersecurity threats of 2024, including cloud environment intrusions and the rise of malware-free attacks, offering a clear view of what organizations are up against.

  1. Cloud environment intrusions increased by 75% over the past year.8
  2. Cloud-conscious cases increased by 110% over the past year.8
  3. There has been a 76% increase in victims named on eCrime leak sites.8
  4. Malware-free activity (like phishing, social engineering, using trusted relationships, and other means) made up 75% of detected identity attacks in 2023.8
    1. This is up from 62% in 2021, and 40% in 2019.
  5. 84% of cloud-conscious intrusions by adversaries were conducted by likely eCrime actors, compared to 16% conducted by targeted intrusion actors.8
  6. In 2023, devices like edge gateway devices (equipment used to connect different networks together) were the most common way for attackers to first get into a network without being noticed.8
  7. Generative AI will probably be used for cyber activities in 2024.8
  8. Spam emails decreased 15% year-over-year.8
  9. 82% of chief information security officers (CISOs) would consider becoming a whistleblower if their organization was willfully ignoring security and compliance, thus putting the business at risk.7
  10. 84% of CISOs fear being personally liable for cybersecurity incidents.7
  11. 35% of CISOs are already using AI for security applications.7
    1. 61% will likely use AI in the next 12 months.
    2. 86% believe generative AI will alleviate security skills gaps and talent shortages.
  12. 39% of CISOs plan to train teams to better understand threats posed by generative AI.7
  13. Just over a third (35%) of CISOs say their boards allocate adequate cybersecurity budgets.7
  14.  4 in 5 CISOs saw an increase in the number of threats as the economy declined.7
  15. 31% of CISOs report that projects have been delayed or removed due to lack of funding.7

Malware

  1. In 2022, there were 5.4 billion malware attacks globally.9
  2. 4 in 10 malware attacks result in confidential data leakage.10
  3. Over 70% of malware attacks go after a specific target.10
  4. Threat actors carry out an average of 11.5 attacks per minute, according to Parachute.1
  5. The vast majority (92%) of malware was delivered by email.1
  6. In the first half of 2022, 2.8 billion malware attacks occurred.1
  7. The VBA Trojan was the most common malware variant in 2022.1
  8. Iran is the most-impacted country by mobile malware attacks.1
  9. The most common malware type used on individual targets is spyware.9
  10. The U.S. sees the most malware attacks annually (9 times more than #2, the UK).11
  11. 70% of organizations have users being served malware ads on their browsers.9
Despite New Technology, Ransomware Motivated Over 72% of Cybersecurity Attacks in 2023

Ransomware

  1. Despite new technology, ransomware motivated over 72% of cybersecurity attacks in 2023.1
  2. 83% of respondents paid the ransom in the wake of an attack.7
  3. Over half of respondents paid more than $100,000 in ransom.7
  4. 52% experienced a ransomware attack that significantly impacted business systems and operations.7
  5. 82% of data breaches included cloud-based data, with ransomware at the forefront.1
  6. The average ransom in 2023 was $1.54 million, almost double the 2022 figure.1
  7. Over 72% of businesses worldwide were affected by ransomware attacks as of 2023.1
  8. According to IBM, it takes an average of 49 days to identify a ransomware attack.1
  9. Ransomware-as-a-service (RaaS) is growing, with 67 active RaaS found in the first half of 2022.1
  10. Ransomware is down, from 21% in 2021 to 17% in 2023.12
  11. In just the first 6 months of 2023, ransomware extortion totaled $176 million more than in all of 2022.12

Phishing

  1. Phishing is still the most common email attack method (39.6% of all email threats).12
  2. 96% of phishing attacks are delivered via email.9
  3. 30% of small businesses consider phishing attacks to be the biggest cyber threat.9
  4. IBM reported in 2023 that phishing attacks cost businesses $4.9 million per attack. 1
  5. In just November 2022, Google blocked over 231 billion spam and phishing emails.1
  6. More 18-24-year-olds fell for phishing emails than other age groups in 2022.9
  7. 50% of people who fell for a phishing email claimed it was due to tiredness or distraction.9
  8. 85% of mobile phishing attacks happen outside of email – through messaging apps, social networks, or games.9
  9. The financial services industry had 5 times more phishing attempts than any other industry in 2022.9
  10. 682 different brands were the target of spoofing phishing attacks in the month of November 2023.9

Business Email Compromise (BEC)

  1. BEC accounts for 19% of data breaches.9
  2. BEC attacks caused $1.8 billion in damages in 2021.9
  3. In 2022, 34% of all attacks were launched as Business Email Compromise (BEC) attacks.1
  4. Gift card requests are the most common way to retrieve funds from an attack (68% of attacks).9
  5. 52% of people fell for phishing links because they believed they were from a senior executive.9
  6. 29% of companies have lost a client in 2022 due to a business email compromise.9
man in dark room lit up by computer screen looking to his left

Cybersecurity Degrees

Education plays a critical role in preparing the next generation of cybersecurity professionals. This section discusses the current trends and statistics surrounding cybersecurity education, from degree requirements to tuition costs, providing a clear picture of the academic landscape in this vital field.

  1. Information security analysts typically need a bachelor’s degree in computer and information technology or a related field, such as engineering or math.3
  2. Some workers enter the occupation with a high school diploma and relevant industry training and certifications 3
  3. A bachelor of science (BS) in cybersecurity requires around 120 credits, which full-time learners can complete in four years.13
  4. Public four-year universities charged their in-state students an average of $9,375 in tuition and fees for the 2020-21 academic year.13
    • Out-of-state students paid $32,825 for that same year.

Cybersecurity Demographics by Sex or Gender

  1. Over 75% of bachelor’s degrees in cybersecurity and cyber/computer forensics are earned by males.14
  2. 24% of bachelor’s degrees in cybersecurity and cyber/computer forensics are earned by females.14
  3. 65.6% of master’s degrees in cybersecurity and cyber/computer forensics are earned by males.14
  4. 34.4% of master’s degrees in cybersecurity and cyber/computer forensics are earned by males.14

Cybersecurity Demographics by Race or Ethnicity 

  1. The most common ethnicity of cyber security analysts is White (65.7%), followed by Asian (9.6%), Black or African American (9.2%) and Hispanic or Latino (9.0%).15
  2. Workplaces are quickly becoming more diverse.16
  3. Minorities made up 19% of cybersecurity workers age 60+ who were surveyed, but made up 49% of all cybersecurity employees under 30.16
  4. Women of color make up 22% of cybersecurity employees.16
  5. Diversity lags at the leadership level: Less than 25% of executives identified as non-white.16
man in server/network room working on server rack

Cybersecurity Industry Skills Gap

The gap between the demand for skilled cybersecurity professionals and the available talent pool is a significant challenge for the industry. This section delves into statistics, highlighting the skills gap, exploring the areas of highest need, and the implications for businesses and national security.

  1. Almost two-thirds of experts believe they are understaffed.17
  2. 20% say it takes more than 6 months to find qualified cybersecurity candidates for open roles.17
  3. The top skills gaps from ISACA’s State of Cybersecurity 2022 report are17:
    1. Soft skills – 54%
    2. Cloud computing knowledge – 52%
    3. Security controls experience – 34%
  4. 63% of companies have unfilled cybersecurity positions, up from 2021.17
  5. 60% of respondents report difficulties in retaining qualified cybersecurity professionals (up from 2021).17
  6. 45 percent of organizations surveyed have allowed staff from other areas of expertise to move into security roles.17

Earnings and Employment

Understanding the landscape of earnings and employment within the cybersecurity sector is essential for professionals and employers alike. This section provides an overview of job availability, salary ranges, and employment trends, offering valuable insights for career planning and organizational development.

  1. The 2020 ISC Workforce Study found that the U.S. is facing a shortage of skilled cybersecurity professionals, with an estimated 359,000 skilled workers needed to close the gap.2
  2. About 19,500 openings for information security analysts are projected each year, on average, over the decade.3 
  3. The number one priority for employers was prior hands-on cybersecurity experience.17
  4. The largest employers of information security analysts were as follows3:
    1. Computer systems design and related services – 27%
    2. Finance and insurance – 15%
    3. Information – 14%
    4. Management of companies and enterprises – 8%
    5. Administrative and support services – 5% 
  5. Most information security analysts work full time, and some work over 40 hours per week. Information security analysts sometimes may be on call after business hours in case of an emergency.3
  6. 59% of cybersecurity professionals cite “recruited by other companies” as their reason for leaving their current role.17
  7. 42% of respondents say their cybersecurity budgets are appropriately funded, the highest in 8 years.17
  8. Cybersecurity workers report higher job satisfaction at companies that offer flexible working, mental health support programs, and employee feedback systems.16
Couple leaving their home

Conclusion

The statistics and trends highlighted in this report paint a picture of a rapidly evolving cybersecurity landscape, marked by sophisticated threats, a growing skills gap, and significant opportunities for professionals. As we move further into 2024, it’s clear that staying informed and proactive in addressing cybersecurity challenges is more crucial than ever. 

By understanding these key trends and statistics, individuals and organizations can better prepare to navigate the complexities of the digital age, safeguarding their information and systems against the ever-present threat of cybercrime.

Sources

  1. https://www.getastra.com/blog/security-audit/cyber-security-statistics/
  2. https://www.isc2.org/Research
  3. https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
  4. https://www.payscale.com/research/US/Job=Chief_Information_Security_Officer/Salary
  5. https://www.cyberstates.org/index.html
  6. https://cybersecurityventures.com/jobs/
  7. https://www.splunk.com/en_us/campaigns/ciso-report.html
  8. https://www.crowdstrike.com/en-us/
  9. https://www.terranovasecurity.com/blog/cyber-security-statistics
  10. https://www.ptsecurity.com/ww-en/analytics/cybersecurity-threatscape-2022-q2/
  11. https://www.sonicwall.com/medialibrary/en/white-paper/2021-cyber-threat-report.pdf
  12. https://www.cobalt.io/blog/cybersecurity-statistics-2024
  13. https://nces.ed.gov/programs/digest/d21/tables/dt21_330.20.asp 
  14. https://nces.ed.gov/programs/digest/d21/tables/dt21_318.30.asp 
  15. https://www.zippia.com/cyber-security-analyst-jobs/demographics/
  16. https://www.wtwco.com/en-us/insights/2022/06/2022-global-benefits-attitude-survey

Recent Resources

Your passion. Our Programs.

Choose an Area of Study

Your passion. Our Programs.

Select a degree level

View Programs