This compilation of the latest Cybersecurity statistics for 2024 isn’t just another list of dry numbers; they tell a story about the challenges organizations face and the actions you can take to protect yourself and your business.
As threats to online safety are growing every day, let these eye-opening trends shape your approach to Cybersecurity this year (and the next).
Cybersecurity Posture
The 2024 Report on the Cybersecurity Posture of the United States, released by the Office of the National Cyber Director, is the first-of-its-kind report that discusses the overall cybersecurity posture in the U.S.
The report states that the federal government completed 92% of the initiatives outlined in the National Cybersecurity Strategy Implementation Plan (NCSIP) Version 1 by mid-2024.1
Based on the report, here’s the Cybersecurity landscape:
- 70% of surveyed organizations reported increased cyber threats since the previous year.1
- 65% of organizations indicated they had experienced a Ransomware attack in the past year.1
- Federal Cybersecurity funding increased by 15%, reaching a total of $20 billion for fiscal year 2024.1
- Private sector investment in Cybersecurity solutions rose by 25%, reflecting heightened awareness of cyber risks.1
Workforce Development
- Cybersecurity Workforce Shortage:
- The Cybersecurity workforce shortage remains critical, with an estimated gap of 700,000 positions in the U.S. alone.1
- Training & Upskilling:
- Initiatives to train and upskill workers resulted in a 30% increase in enrollment in Cybersecurity training programs.1
Public-Private Collaboration
- Increased Collaboration:
- Over 50% of organizations reported increased collaboration with federal agencies to enhance Cybersecurity measures.1
- Public-Private Partnerships:
- The establishment of new public-private partnerships aimed at sharing threat intelligence grew by 40%.1
Adoption Preferences:
- 88% of organizations prefer a platform approach over implementing individual point products for Cybersecurity.2
TL;DRThe U.S. federal government has completed 92% of its cybersecurity strategy, and federal funding for cybersecurity increased to $20 billion in 2024.The rise in cyber threats (70%) may be connected to the high rate of Ransomware attacks (65%), showing that targeted attacks are increasing.There’s a critical shortage of cybersecurity workers, with a gap of 700,000 positions, but enrollment in training programs grew by 30%. |
AI & Cybersecurity
According to reports, there’s an increase in sophisticated attacks, including novel phishing campaigns, automated malicious code creation, and advanced social engineering tactics driven by generative AI technologies.2
Integration Of AI
- 80% of respondents stated that AI technologies have been integrated into their Cybersecurity strategies.1
- Nearly all organizations (99%) are utilizing AI-powered tools as part of their Cybersecurity defense strategies.4
Perceptions Of AI’s Role
- 75% of Cybersecurity professionals believe AI is a double-edged sword, enhancing both defensive and offensive capabilities.1
- 63% of security professionals believe in AI’s potential to enhance security measures, especially in improving threat detection and response capabilities.3
- Only a small fraction (12%) of security professionals believe AI will completely replace their role. The majority believe it will help enhance their skill set (30%), support their role generally (28%), or replace large parts of their role (24%).3
- 96% of survey participants view AI-driven security solutions as essential for countering AI-powered threats, citing improvements in speed and efficiency for prevention, detection, response, and recovery.2
- 71% are confident that these AI-powered solutions can effectively detect and block AI-driven threats.2
- Only 15% of security stakeholders believe traditional (non-AI) solutions can detect and block AI-powered threats.2
C-Suite VS. Staff Familiarity
- C-suite executives demonstrate a notably higher (52%) self-reported familiarity with AI technologies than their staff (11%).3
Employee Confidence In Identifying Deepfakes
- More than 70% of respondents are confident that their employees can identify deepfakes targeting organizational leadership.4
Impact Of AI Threats
- 74% of respondents report significant impacts from AI-powered cyber threats on their organizations.2
- 89% believe that AI-powered threats will continue to be a major challenge for the foreseeable future.2
Preparedness & Risk Mitigation
- 60% of participants feel their organizations are inadequately prepared to defend against AI-powered threats.2
- 54% of hands-on practitioners agree that their organizations have taken steps to mitigate AI-related risks, indicating a gap in perception between executives and practitioners.2
- 79% of IT security executives believe their organizations have taken steps to reduce risks associated with using AI.2
Vendor Communication
- 31% of respondents express a need for Cybersecurity vendors to clarify what types of AI are being used in their solutions and the rationale behind it.2
Shadow AI
- The rise of “shadow AI,” where employees use generative AI tools without organizational oversight, poses risks such as inadvertent exposure of sensitive information.2
Impact By Region
- In the Asia-Pacific region, 84% report feeling the impact of AI-powered threats, while only 71% in Latin America share this sentiment.2
Future Outlook
- 2024 is set to be a revolutionary year for AI implementation in the security sector. Over half of organizations (55%) are planning to implement generative AI solutions this year.3
- In the next year, 84% of organizations plan to use three or more Cloud Service Providers (CSPs).4
- 93% of respondents anticipate that AI-powered tools will create cyber risks for their organizations in the coming year.4
TL;DR99% of organizations are using AI-powered tools in their cybersecurity strategies, but 75% of professionals see AI as both a defense and a risk.60% of people feel unprepared.79% of executives think their companies have taken steps to lower risks.There is a growing concern about “shadow AI,” where employees use generative AI tools without oversight, leading to potential security risks.There’s a big difference in confidence:71% think AI tools can find and stop threats.Only 15% believe that traditional tools can handle AI-powered attacks.There are overlapping findings about how AI is seen in Cybersecurity, especially when comparing how prepared people feel to the actions being taken. |
Identity-Related Breaches
Identity-related breaches happen when someone steals your personal information, like passwords or Social Security numbers, to impersonate you or anyone in your organization. This can lead to unauthorized access to your accounts and financial loss.
Incidents
- 93% of organizations experienced two or more identity-related breaches in the past year.4
Machine Identities As A Risk
- Machine identities are identified as the #1 cause of identity growth and are considered the riskiest type of identity by respondents.4
- 50% of organizations expect the number of identities to grow 3x in the next 12 months, with an average expected growth of 2.4x.4
Privileged User Definition
- 61% of organizations define a privileged user as only human, while 38% include both human and machine identities with sensitive access.4
Impact Of Phishing & Vishing Attacks
- Nine out of 10 organizations have fallen victim to successful identity-related breaches due to phishing or vishing attacks.4
- 963,994 phishing attacks were recorded in Q1 2024, the lowest quarterly total since Q4 2021.5
- This represents a decline from 1,624,144 attacks in Q1 2023.5
Targeting Of Social Media Platforms
- 37.4% of all phishing attacks targeted social media platforms.5
Phishing In The Banking Sector
- Phishing attacks against the banking sector dropped to 9.8%, continuing a downward trend.5
Wire Transfer Requests In BEC Attacks
- The average wire transfer amount requested in BEC attacks was $84,059, a nearly 50% increase from the previous quarter.5
Phone-Based Fraud
- There was a 30% increase in phone-based fraud (vishing and smishing) detection compared to the previous quarter.5
TL;DRMachine identities are seen as the biggest risk, with identity growth expected to triple in the next year.Identity-related breaches from phishing and vishing (nine out of 10 organizations) are closely tied to the number of phishing attacks, showing that the risk remains high even though phishing attacks have dropped from Q1 2023 to Q1 2024.Phishing is shifting towards social media (37.4%) and away from the banking sector (9.8%), meaning attackers are targeting different areas.Business Email Compromise (BEC) is leading to bigger financial losses, with a 50% increase in average wire transfer amounts, causing more serious financial blows for companies. |
Ransomware Incidents
Ransomware incidents occur when cybercriminals lock your files or computer and demand money to unlock them. If you don’t pay the ransom, you might lose access to your important data.
Prevalence Of Ransomware Attacks
- 59% of organizations experienced a Ransomware attack in the last year.6
- 70% of these attacks resulted in data encryption.6
- Ransom payments increased by five times over the past 12 months.6
Attack Origins
- 32% of Ransomware attacks began with an unpatched vulnerability.6
Ransomware Trends
- Overall Victim Count:
- A total of 1,048 Ransomware victims were reported in Q1 2024, marking a 22% decrease from Q4 2023’s 1,309 cases.7
- Most Targeted Countries:
- The U.S. was the most targeted country, accounting for 50.8% of all Ransomware cases (523 cases).7
- Most Targeted Sectors:
- The business services sector was the most targeted, comprising 23.5% of cases.7
TL;DRUnpatched vulnerabilities caused 32% of Ransomware attacks, showing that old, outdated systems are a big target for hackers.Ransom payments increased by 5 times in the past year, even though the number of victims went down by 22%. This means fewer organizations are being attacked, but those that are face more serious consequences.Emerging Trends:Data encryption happens in 70% of attacks, making it a major issue.The U.S. and the business services sector are the biggest targets, showing that certain places and industries are at higher risk for Ransomware. |
Bad Bot Traffic Attacks
Bad bot traffic attacks happen when automated programs, or “bots,” are used to perform harmful tasks online, like scraping data, taking over accounts, or spamming websites. These bots can disrupt your business, steal sensitive information, or cause system slowdowns.
Bad Bot Share Of Internet Traffic
- Bad bots constituted nearly 49.6% of all Internet traffic in 2023.8
Types of Bad Bots
- Simple Bad Bots:
- Simple bad bots increased from 33.4% in 2022 to 39.6% in 2023.8
- Evasive Bad Bots:
- Evasive bad bots (with advanced and moderate sophistication) made up 60.5% of all bad bot traffic.8
Automated Threats & APIs
- Automated threats accounted for 30% of attacks on Application Programming Interfaces (APIs).8
- Bad bots exploiting business logic vulnerabilities contributed to 17% of those API attacks.8
Industry-Specific Impact
- The gaming industry was most affected by bad bot traffic, with bad bots generating 57.2% of its total traffic.8
TL;DRThe increase in simple bad bots (39.6%) along with more advanced evasive bad bots (60.5%) shows that bots range from basic to highly sophisticated.Bad bots are a big part of API attacks, making up 17% of automated threats by exploiting weak spots in business logic.The gaming industry is heavily targeted, with bad bots making up 57.2% of its traffic, showing a specific focus on this sector.API weaknesses are a big problem, with 30% of attacks coming from automated threats, which is a growing worry for companies that use APIs. |
Cybersecurity For Small Business
The FDIC warns that Cyberattacks are happening more often and becoming more complex, affecting not only big corporations but also small businesses. Many small businesses do not have strong Cybersecurity measures, which can cause serious problems in their operations.9
Top Cyber Threat Concerns
- 60% of small businesses consider Cybersecurity threats (including phishing, malware, and Ransomware) as their top concern.10
- 54% of small businesses view the loss of data or a data breach as their primary concern regarding Cybersecurity.10
- Malware was identified as a major threat, with 45% of small businesses expressing concern over possible malware attacks.11
Cyber Resilience Decline
- The number of organizations maintaining minimum viable cyber resilience has decreased by 30%, with small and medium-sized enterprises (SMEs) disproportionately affected.12
Lack of Preparedness
- More than twice as many SMEs reported lacking the necessary cyber resilience compared to larger organizations.12
Insurance Coverage
- Only 25% of small organizations carry cyber insurance, which shows a considerable gap in risk management strategies.12
For more statistics and findings on how small businesses cope and struggle with Cyberattacks, check out our, Why Cybersecurity Is A Must-Have For Small Businesses. |
In Summary
In 2024, cyber threats are more advanced than ever, with many organizations facing identity-related breaches and AI-powered attacks. Most organizations are struggling to keep up with these threats, and many feel unprepared to defend against them.
That’s where 2Secure team can help. We can protect your information by identifying potential breaches before hackers can exploit them and gain access to your sensitive data. With expert solutions and advanced security measures, you can stay one step ahead and keep your business impenetrable.
____________________________________________________________________________
Source:
- 2024 REPORT ON THE CYBERSECURITY POSTURE OF THE UNITED STATES OFFICE OF THE NATIONAL CYBER DIRECTOR EXECUTIVE OFFICE OF THE PRESIDENT. (2024). https://www.whitehouse.gov/wp-content/uploads/2024/05/2024-Report-on-the-Cybersecurity-Posture-of-the-United-States.pdf
- STATE OF AI CYBER SECURITY Industry Perspectives on the Growing Role of AI in Cyber Security. (n.d.). https://cdn.prod.website-files.com/626ff19cdd07d1258d49238d/66144e940b1a942566846d00_State%20of%20AI%20Cyber%20Security%202024%20(1).pdf
- State of AI and Security Survey Report | CSA. (n.d.). Cloudsecurityalliance.org. https://cloudsecurityalliance.org/artifacts/the-state-of-ai-and-security-survey-report
- Report: 93% Of Organizations Had Two or More Identity-Related Breaches in the Past Year. (n.d.). CyberArk. https://www.cyberark.com/press/report-93-of-organizations-had-two-or-more-identity-related-breaches-in-the-past-year/
- Phishing E-mail Reports and Phishing Site Trends 4 Brand-Domain Pairs Measurement 5 Brands & Legitimate Entities Hijacked by E-mail Phishing Attacks 6 Use of Domain Names for Phishing 7-9 Phishing and Identity Theft in Brazil 10-11 Most Targeted Industry Sectors 12 APWG Phishing Trends Report Contributors 13. (2024). https://docs.apwg.org/reports/apwg_trends_report_q1_2024.pdf
- Ransomware Report: Sophos State of Ransomware Report 2021. (n.d.). SOPHOS. https://www.sophos.com/en-us/content/state-of-ransomware
- Q1 RANSOMWARE REPORT. (2024). https://e.cyberint.com/hubfs/RANSOMWARE_Q1_2024_Cyberint_Report.pdf
- 2024 Bad Bot Report. (n.d.). Resource Library. https://www.imperva.com/resources/resource-library/reports/2024-bad-bot-report/
- 2024 Report on Cybersecurity and Resilience. (n.d.). https://www.fdic.gov/system/files/2024-08/2024-cybersecurity-financial-system-resilience-report.pdf
- Swanek, T. (2024, April 2). Small Businesses Think Cyberattacks Are Biggest Threat. Uschamber.com. https://www.uschamber.com/small-business/new-survey-finds-small-businesses-think-cyberattacks-are-biggest-threat
- Business attitudes to cyber security Managing the risks that come with the digital age. (2024). https://static.aviva.io/content/dam/document-library/broker/avivacyberreport2024.pdf
- Global Cybersecurity Outlook 2024 J A N U A R Y 2 0 2 4 In collaboration with Accenture. (2024). https://www3.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2024.pdf