Cyberattacks 2021: Phishing, Ransomware & Data Breach Statistics From the Last Year

The year 2021 was a busy year for cybersecurity experts and IT professionals as businesses worldwide faced a barrage of cyberattacks. In fact, the last year has been a record-breaking year for cyberattacks. The number, intensity and variety of these attacks is expected to increase in 2022 as cybercriminals continue to devise new strategies to launch sophisticated attacks.

In this blog, we’ll take a closer look at some alarming 2021 cybersecurity statistics and how you can better protect your business against phishing, ransomware and data breaches in 2022 and beyond.

How many cyberattacks took place in 2021?

With a majority of the global workforce working away from the secure confines of a corporate network, 2021 was one of the most active years for cyberattacks. According to Check Point Research, cyberattacks increased 50% year-over-year, with each organization facing 925 cyberattacks per week globally. As per the statistics, businesses witnessed 50% more attacks per week in 2021 compared to 2020. The Log4J vulnerability was one of the major contributors to the significant rise in malicious activities last year.

It is estimated that on average 30,000 websites are hacked every day. In fact, a company falls victim to a cyberattack every 39 seconds and more than 60% of organizations globally have experienced at least one form of cyberattack.

How costly were cyberattacks in 2021?

According to the Ponemon Institute and IBM’s Cost of a Data Breach Report 2021, the average total cost of a data breach increased from $3.86 million to $4.24 million in 2021. The report indicates a 10% year-over-year increase in average total cost, which is the highest ever recorded in the 17-year history of the report. Customer Personally Identifiable Information (PII) was the costliest record type with an average cost of $161 per lost or stolen record.

The findings from the report showed that the overall increase in average total cost was due to slower response time as a result of remote working. Organizations with more than 50% of their workforce working remotely took nearly 316 days to locate and contain the breach, compared to the regular average of 287 days. As per the report, data breaches with longer response time (more than 200 days) cost $4.87 million on average while for breaches with less than 200 days response time cost $3.61 million on average. The report also indicated that businesses could save up to 30% if they could contain a breach within 200 days.

What were the most common cyberattacks in 2021?

The number of cyberattacks are growing rapidly and becoming more dangerous than ever before. Threat actors are constantly evolving and so are their tactics. Around 300,000 new pieces of malware are created daily to target individuals and organizations. From exploiting human error to launching sophisticated assaults capable of bypassing even the strongest security systems, cyberattacks can come in various forms.

The five most common cyberattacks that wreaked havoc in 2021 included phishing, ransomware, malware, data breach and Distributed Denial of Service (DDoS).

Phishing statistics

Social engineering attacks, such as phishing, are the most prevalent and dangerous types of cyberattacks since they are deceptive and tricky. According to Verizon’s 2021 Data Breach Investigations Report, 85% of breaches involved the human element. Let’s take a look at some important phishing statistics to understand the extent and severity of these attacks.

How common was phishing in 2021?

Phishing attacks are responsible for more than 80% of reported security incidents. According to CISCO’s 2021 Cybersecurity Threat Trends report, about 90% of data breaches occur due to phishing. Spear phishing is the most common type of phishing attack, comprising 65% of all phishing attacks. The 2021 Tessian research revealed that employees receive an average of 14 malicious emails every year. And according to ESET’s 2021 research, email-based attacks increased 7.3% between May and August 2021.

How much does phishing cost annually?

IBM’s 2021 Cost of a Data Breach Report found phishing to be the second most expensive attack vector while business email compromise (BEC) took first place, costing businesses an average of $5.01 million. A breach caused due to phishing costs organizations an average of $4.65 million.

What percentage of ransomware comes from phishing?

More than 90% of cyberattacks infiltrate an organization via email. According to the FBI, there has been a 400% increase year-over-year in phishing attacks.

Ransomware statistics

Ransomware is a constantly evolving threat and no organization, big or small, is safe from this growing menace. Let’s take a closer look at the number of ransomware attacks in 2021, their frequency and the financial impact they have on businesses.

How many ransomware attacks took place in 2021?

Security provider SonicWall reported nearly 500 million attacks through September 2021, with a staggering 1,748 attempted attacks per organization. This is equivalent to a business facing 9.7 ransomware attempts every day. The firm’s 2021 Cyber Threat Report also found a staggering 48% increase in global ransomware attacks, with the U.K. witnessing a 233% surge and the U.S. a 127% increase in the number of ransomware attacks. Research conducted by PwC found that more than 60% of technology executives expect this to increase over the next 12 months.

According to Blackfog’s 2021 State of Ransomware Report, government agencies were the top targets for cybercriminals, followed by education, healthcare, services, technology, manufacturing and retail.

How much did ransomware cost in 2021?

According to IBM’s 2021 Cost of a Data Breach Report, the total average cost of a ransomware attack was $4.62 million — more expensive than the average cost of a data breach, which was $4.24 million.

As per Sophos State of Ransomware 2021, the average ransom paid by mid-sized organizations was $170,404 while the average cost of resolving a ransomware attack was $1.85 million. This cost includes downtime, people time, device cost, network cost, lost opportunity, ransom paid, etc. As per the US Treasury Department, the average amount of reported ransomware transactions per month in 2021 was $102.3 million.

Ransomware attacks aren’t showing any signs of slowing down and the costs associated with such attacks are expected to increase in 2022. Leading research and publishing firm Cybersecurity Ventures, estimates ransomware costs to reach $265 billion by 2031.

Data breach statistics

The year 2021 was a year of cybersecurity incidents involving thousands of ransomware attacks, cryptocurrency theft, supply chain attacks and data loss events. Here are some startling data breach statistics that you should be aware of in 2022.

How many data breaches took place in 2021?

According to the Identity Theft Resource Center’s (ITRC) data breach analysis, there were 1,291 data breaches through September 2021. This number indicates a 17% increase in data breaches in comparison to breaches in 2020, which was 1,108. The report also found a steep increase in the number of data compromise victims (281 million) during the first nine months of 2021.

While cybersecurity incidents are growing at an alarming rate, about 95% of cybersecurity breaches are due to human error. Businesses lose 4 million files on a daily basis, which is equivalent to 44 files every second. And most businesses take an average of 280 days to find and contain a data breach.

How much did a data breach cost in 2021?

As per IBM’s report, the average total cost of a breach in 2021 was $4.24 million. This represented a 9.8% increase in the average total cost of a data breach — the highest margin recorded in seven years. The report found that the cost of a data breach has increased by 11.9% since 2015.

The average per-record cost of a data breach also increased significantly in 2021. According to the report, the average per-record cost of a breach was $161 in 2021, compared to an average cost of $146 in 2020. This represents a 10.3% increase from 2020 to 2021.

Secure your data with Spanning Backup

Cybersecurity experts have warned that cyberattacks and data breach incidents could persist in the coming years as cybercriminals will look to exploit vulnerabilities and launch sophisticated attacks. Therefore, having a reliable backup solution to protect your critical workloads is more important than ever before.

Spanning Backup for Microsoft 365, Google Workspace and Salesforce provides end-to-end data protection. Its powerful yet easy-to-use capabilities for administrators and end users empower them to find and restore data effortlessly. This helps save time and enhance productivity. Spanning Backup is trusted by more than 2.2 million users worldwide. With Spanning by your side, you can rest easy knowing your valuable data is fully backed up and recoverable at all times.

Learn More about Spanning Backup


Want to get started?
Start backing up Microsoft 365, Google Workspace and Saleforce.

Request a Demo