As cybercriminals continue to refine their methods, blending traditional strategies with new technologies, the financial toll on individuals and organizations has reached alarming levels. Businesses are also grappling with mounting cybercrime costs from ransomware and DDoS attacks, which can inflict hundreds of thousands of dollars in damage within minutes.

These statistics highlight a growing concern: as cybercrime costs rise and threats become more complex and widespread, they impact organizations of all sizes.

Experian | 2024 Identity and Fraud Report | August 2024

According to the FTC, consumers reported losing more than $10 billion to fraud in 2023 alone, representing a 14% increase over the previous year and the highest dollar amount ever reported.

Zayo | DDoS Insights Q1 & Q2, 2024 | August 2024

An average DDoS attack now lasts 45 minutes—an 18% increase from last year—costing unprotected organizations approximately $270,000 per attack at an average rate of $6,000 per minute.

Resilience | Mid-Year Cyber Risk Report | August 2024

Ransomware remained the leading cause of loss since January 2023, with 64% of ransomware-related claims resulting in a loss. The financial severity of claims related to ransomware attacks increased 411% from 2022 to 2023.

Of all claims received since January 2023, 35% were the result of a vendor data breach or ransom attack exploiting a third-party vendor—including notable vulnerabilities associated with Ivanti software—and in 2024 that number is already 40%, and expected to grow.

Manufacturing rose from 15.2% of all claims in 2023 to 41.7% of all claims in 2024; while construction rose from 6.1% of 2023 claims to 25.0% of 2024 claims.

Zscaler | Zscaler ThreatLabz 2024 Ransomware Report | August 2024

The findings from the report uncovered a record-breaking ransom payment of $75 million to the Dark Angels ransomware group, which is nearly double the highest publicly known ransomware payout.

Fortinet | 2024 Global Cybersecurity Skills Gap Report | July 2024

More than 50% of respondents indicated that breaches cost their organizations more than $1 million in lost revenue, fines, and other expenses last year—up from 48% in the 2023 report and 38% from the previous year.

Hack The Box | Building a firewall against cybersecurity burnout | June 2024

Cybersecurity and infosecurity professionals say that work-related stress, fatigue, and burnout are making them less productive, including taking extended sick leave – costing US enterprises almost $626 million in lost productivity every year.

Veeam | 2024 Ransomware Trends Report | June 2024

For the third year in a row, 81% of organizations surveyed paid the ransom to end an attack and recover data.

Despite only a minority of organizations possessing a policy to pay, 81% opted to do so. Interestingly, 65% paid with insurance and another 21% had insurance but chose to pay without making a claim.

The ransoms paid averages to be only 32% of the overall financial impact to an organization post-attack.

At-Bay | 2024 InsurSec Report | May 2024

Likely driven by more businesses successfully restoring from backups in the wake of an attack, the average cost of a direct ransomware attack decreased by 24% in 2023, to $370,000.

The average ransom demand by attackers exceeded $1.26 million in 2023, though the average amount paid came in at $282,000, 77% lower than the initial demand on average.

Encryption and exfiltration events saw the highest median ransom paid ($195,000) over encryption-only incidents ($66,000) or exfiltration-only incidents ($110,000).

IDC | Enterprise Resilience: IT Skilling Strategies, 2024 | May 2024

IDC predicts that by 2026, more than 90% of organizations worldwide will feel the pain of the IT skills crisis, amounting to some $5.5 trillion in losses caused by product delays, impaired competitiveness, and loss of business.

Sophos | Data for the State of Ransomware 2024 | May 2024

Organizations that paid the ransom reported an average payment of $2 million, up from $400,000 in 2023.

Excluding ransoms, the survey found the average cost of recovery reached $2.73 million, an increase of almost $1 million since the $1.82 million that Sophos reported in 2023.

The report also found that 63% of ransom demands were for $1 million or more, with 30% of demands for over $5 million, suggesting ransomware operators are seeking huge payoffs.

Coalition | 2024 Cyber Claims Report | April 2024

As ransomware payments hit $1 billion globally, Coalition ransomware severity dropped by 54%.

Overall claims frequency increased 13% year-over-year (YoY), and overall claims severity increased 10% YoY, resulting in an average loss of $100,000.

Ransomware frequency was up 15% YoY, and severity was up 28%, to an average loss of more than $263,000.

Cisco | 2024 Cisco Cybersecurity Readiness Index | April 2023

The cost of being unprepared can be substantial, as 54% of respondents said they experienced a cybersecurity incident in the last 12 months, and 52% of those affected said it cost them at least $300,000.

McAfee | 2024 Tax Scams Study | March 2024

Of the people who clicked on fraudulent links from supposed tax services, 68% lost money. Among those, 29% lost more than $2,500, and 17% lost more than $10,000.

Moreover, 76% lost money after clicking links in cryptocurrency tax-related messages, with 26% losing more than $2,500 and 16% losing more than $10,000.

Cayosoft | Is Active Directory Forest Recovery Taken Serious Enough? | February 2024

When asked about the labor cost of downtime, 70% of respondents across all company sizes said they risk losing at least $100,000 per day (just over $200 per minute) of downtime.

However, a calculation of labor cost, based on an average salary of $75,000 per employee and 250 8-hour workdays per year, demonstrates a significant disconnect between the perceived cost of AD downtime and reality.

An enterprise with 15,000+ employees risks losing $4.5 million in labor costs per day ($9,375 per minute) of AD downtime. A mid-size company with 5,000+ employees risks losing $1.5 million per day ($3,125 per minute). An SMB with up to 1,000 employees risks losing up to $300,000 per day ($625 per minute).

Trustpair | Fraud in the Cyber Era: 2024 Fraud Trends and Insights | February 2024