Malware Statistics

The earliest forms of malware have been around for decades. And, unfortunately, malware is still a major problem in the US and across the globe today.

Malware attacks target individuals, businesses, and devices in every category.

While the motivations of malware attacks may vary, there’s one common denominator for all of them—you don’t want malware anywhere near your devices or networks.

After conducting extensive research on malware and cybercrime, I’ve identified the most relevant malware statistics to date. You can use this guide to educate yourself on malware and see the malware trends in the coming years.

What is Malware?

The term “malware” is a combination of two words—malicious + software.

By definition, any piece of software that’s intentionally made to disrupt a device or network can fall into the malware category. Malware can be used to gain unauthorized access to a system, steal information, spread infections, and more.

Trojans, worms, spyware, adware, ransomware, rootkits, bots, and viruses are just a handful of malware types. For example, a “Trojan horse” is designed to look like legitimate and trustworthy software. But once installed on a device, a Trojan can execute malicious functions.

Top 45+ Malware Statistics

Now that you understand what malware is and how it works, I want to quickly share some of the most jaw-dropping malware statistics I uncovered during my research:

  1. 450,000 new types of malware are detected every day.
  2. There is more than 1.3+ billion total malware in existence.
  3. Malware variants are rising by 62% each year.
  4. 7% of all websites are infected by malware.
  5. Google detects 50 new websites infected by malware every week.
  6. Total global malware damage is projected to eclipse $6 trillion within a year.
  7. 37+ million records were stolen in 2015 when Anthem servers were infected by malware.
  8. The global cost of malware is expected to reach $10.5 trillion by 2025.
  9. 24,000+ malicious mobile apps are blocked every day.
  10. Malware attacks on IoT devices rose by 700% during the COVID-19 pandemic.

As we continue through this guide, you’ll see more eye-opening malware statistics in every category.

Business Malware Statistics

Companies of all sizes across every industry need to prioritize cybersecurity. But as you’ll quickly learn, many organizations aren’t prepared to fight against malware attacks or cybercrime. The following malware statistics are eye-opening to many business professionals, executives, and decision-makers:

11. 66% of small businesses in the US experience malware issues every day.

About two-thirds of small companies in the US have to deal with malware on a daily basis. Some of these issues can cause significantly more harm than others.

12. 47% of malware attacks in the US target small businesses.

If you think your company is too small to fall victim to cybercrime, think again. Nearly half of all malware attacks in the United States are aimed at small businesses. That’s because hackers and cybercriminals know that these companies have vulnerabilities in IT security.

13. 73% of small businesses are not prepared for malware attacks.

This piggybacks off of our last point. Nearly three in four small businesses are unprepared for malware. They don’t have proper malware protection systems in place, and they don’t have any security protocols detailing what to do in the event of an attack or malicious file detected.

14. 28% of small businesses don’t have antivirus software to protect their networks and servers.

An alarming 28% of small businesses aren’t even using antivirus software to protect their systems. While antivirus solutions aren’t immune to malware, they at least offer some level of minimum protection against basic malware threats.

15. 49% of malware attacks on businesses originate via email.

On average, business professionals send and receive more than 120 emails per day. So it should come as no surprise to see hackers deploying malware through this medium.

An employee can inadvertently open a suspicious email and download a malicious file.

16. Just 12% of small businesses in the US are prepared to deal with cybercrime.

Roughly one in ten small businesses in the United States say they’re prepared to deal with cybercrime. While this is obviously a step in the right direction, it means that the remaining 88% are unprepared to deal with malware and other forms of cybercrime.

17. 60% of small companies go out of business within six months of a malware attack.

Malware can do more than just slow down a computer and make it difficult to get work done.

Shockingly, 60% of small businesses will close within six months of a cyber attack. The lack of preparedness against malware makes it tough for these companies to recover from attacks.

18. 85% of small businesses in the United States need to purchase or upgrade malware security software.

The vast majority of small businesses need to either buy or upgrade software designed to prevent malware.

Purchasing malware security software is just the first step. But if you’re not upgrading the software to the newest version, you aren’t protecting your business from the latest threats. As you’ll see throughout this guide, malware is constantly evolving. So outdated software won’t protect you from newer and more sophisticated attacks.

19. 74% of organizations saw malware issues that spread from one employee to another.

In most business scenarios, malware isn’t contained to just one device or employee. Roughly three out of four times, malware spreads from one person to another.

So if one person has malware on their device, there’s a good chance other employees will be infected as well.

Costs of Malware

Protecting against malware attacks and recovering from them is expensive. But it’s definitely more expensive to deal with malware attacks after the fact, as opposed to investing in appropriate cybersecurity solutions to prevent malware in the first place.

20. The average cost of a malware attack on a business is $2.5 million.

According to a recent study on cybercrime, a single malware attack on a business costs more than two million dollars. This factors in the time it takes to identify the problem, as well as resolve it.

It takes businesses an average of 50 days to resolve malware-related problems.

21. Malware security spending is expected to eclipse $1.75 trillion.

Global cybersecurity spending continues to hit all-time highs year after year. From 2021 to 2025, it’s estimated that malware security spending will cumulatively reach $1.75 trillion worldwide.

22. Malware security breaches in the US cost $225 per affected record.

Malware attacks on records prove to be the most costly.

In the United States, the average cost is about $225 per record. This may not seem like a huge number, but think about how expensive this gets for businesses with thousands or millions of records.

The average cost of a stolen record is a bit lower worldwide, at roughly $140 per record.

23. $6.3 million in costs are incurred per every 50,000 records breached by malware.

For every 50,000 records affected by malware, there are more than $6 million costs incurred. This number reflects both business and consumer costs globally.

Global Malware Trends

Now let’s take a closer look at how malware impacts people and businesses worldwide. Some of these malware statistics are trending in a direction that you may find surprising.

24. There were 5.6 billion malware attacks carried out worldwide in 2020.

In 2020, there were more than 5.6 billion malware attacks identified across the globe.

This is obviously a significant number. But when you look at the trends, you’ll see that the yearly number of malware attacks is actually decreasing over the past few years:

There were 9.9 billion malware attacks in 2019 and 10.5 billion attacks in 2018.

As you can see from the graph, 2020 actually had the fewest malware attacks worldwide in a five-year period.

25. China hosts 16.69% of all malware queries on the DNSFilter network.

Certain countries and regions are known for hosting malicious content on the web. A recent study found that more than 16% of all malware queries on the DNSFilter network came from China.

26. Computers in China have a 47% malware infection rate

As we saw from the previous statistic, China is a hotspot in terms of malware origination. But it also has the highest malware infection rate worldwide, at 47%.

27. Turkey has a 42% malware infection rate.

Behind China, Turkey ranks second worldwide in malware infection rate by device. As we’ll discuss later on, residents of Turkey are also the target of a specific type of malware attack.

28. Taiwan has a 39% malware infection rate.

Taiwan ranks number three on the list of malware infection rates by country. There are new types of malware infections reported every day in Taiwan.

Consumer Malware Statistics

Aside from businesses, the average person is also at risk for malware attacks. The following statistics take a closer look at how malware affects individuals in their day-to-day lives:

29. 67% of consumer records in the United States are at risk of a data breach from malware.

Roughly two-thirds of all consumer records in the US are at risk of a data breach. This includes records stored on computers, mobile devices, and in the cloud.

The data accounts for consumer records that are stored at the user level, as well as those stored by organizations.

30. 75% of users infected with malware have updated endpoint protection.

Endpoint protection and antivirus software are popular ways to fight malware. But as the data shows, this alone still isn’t 100% effective against malware attacks.

Newer types of malware and more sophisticated attacks are breaching endpoint protection systems. That’s why it’s so important to keep your endpoint security software up-to-date.

31. More than 10% of users worldwide experienced at least one malware attack during a Kaspersky study.

According to Kaspersky, over 10% of global internet users have experienced at least one malware attack.

The data is based on a study of malicious web-based attacks between November 2019 and December 2020.

32. 47% of free antivirus solutions for Android cannot effectively detect malware.

Android users that have free antivirus software installed on their devices are not immune from malware. A recent study suggests that nearly half of these free tools cannot properly detect and protect against malware.

33. There were more than 38,000 mobile banking Trojans detected last year.

Lots of malware is financially motivated. One way for cybercriminals to access sensitive banking information is by releasing a Trojan horse.

1.2% of mobile banking users in Turkey have been impacted by a mobile banking Trojan. This echoes a statistic we discussed earlier—Turkey ranks second in the world for malware infection rate.

Malware Statistics by Device

What devices are most susceptible to malware? Where does malware come from? Are certain file types and software more dangerous than others?

The following malware statistics will shed some light on those questions:

34. Half of PCs infected with malware get infected again within one year.

If you get malware on your computer, there’s a 50% chance you’ll get infected again within the next year.

This is largely due to the fact that devices infected with malware are not properly secured. Simply removing malware from an infected device isn’t enough to prevent you from getting it again down the road.

35. There are over 800,000+ malware installation devices detected on mobile devices across the globe.

According to Statista, there were 886,105 malware installation devices detected on mobile devices in Q2 of 2021. This is a big number, but not quite as large as we’ve seen in the past.

For example, there were more than 3.6+ million mobile malware installations in Q2 of 2016. So this number is actually trending downward.

36. 38% of all malware is disguised as a Microsoft Word document.

Malware is commonly disguised as a file type that you use on a regular basis. This increases the chances that a user will click and open a file, allowing a malicious action.

More than one-third of all malware looks like a Word document.

37. 92% of malware comes from email.

Furthermore, malware has to come from somewhere. It doesn’t just magically appear on a device. The vast majority of all malware comes from an email.

So whether it be at work or for personal use, always be careful when emails come from unknown senders. It’s also common for malicious emails to come disguised as reputable addresses.

38. Trojans account for 58% of computer malware.

Trojans account for the largest amount of malware found on computers. Nearly six in ten pieces of computer malware fall into the Trojan horse category.

39. Viruses account for 13% of all computer malware.

It’s a common misconception that all malware is a virus. In fact, just 13% of computer malware falls into this category.

That’s because most malware is financially motivated. Simply infecting a system for the sake of destruction isn’t very beneficial to the hacker or cybercriminal who releases the malware.

40. 53% of viruses spread through .exe files.

More than half of all computer viruses spread through “executable” files, better known by the .exe format. These files are most commonly used on Windows machines to install new software or run existing software on a computer.

41. 6% of malware comes from websites and apps.

Just 6% of all malware originates from a website or mobile app. As previously mentioned, the majority of malware comes from emails.

With that said, you still need to be cautious when browsing online or using mobile apps. Only visit sites and install apps from trusted sources.

42. 25% of malware attacks target non-standard ports.

We’re seeing an increase in malware attacks targeting non-standard ports. This means that the service is not running on its default settings.

The majority of malware attacks still target standard ports, like HTTP.

43. IoT malware is up 66% year-over-year.

Computers, smartphones, and tablets aren’t the only types of devices vulnerable to malware attacks. Malware on IoT (internet of things) is growing at a 66% yearly rate.

IoT devices include smart appliances, fitness trackers, cameras, security systems, and more.

44. There were nearly 57 million malware attacks on IoT devices in 2020.

Sticking with the IoT theme, there were roughly 57 million attacks on various IoT devices in 2020. As the IoT industry continues to grow, we can expect to see this number trend upward in the coming years.

45. 30% of computers in the United States are infected with malware.

About one in every three computers in the US is infected with malware. Even as some malware statistics are declining, this is still an alarming percentage.

Every company that uses Google Workspace should be using Nira.
Bryan Wise
Bryan Wise,
CIO of GitLab

Incredible companies use Nira