Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)
Managed WAF Start at $99

35 Security Stats Businesses Should Not Miss

Posted DateFebruary 25, 2016
Posted Time 4   min Read

Digital analytics is the core of businesses today. What one says is just an opinion if not backed by concrete data. Isn’t it the same with web application security too? Every security professional needs some substantial figures behind the belief that app sec is going to be the most crucial vector for public-facing websites. Here are some key stats that your company should not be missing.

Data Breaches

1. 30,000 websites are hacked daily, which means that around 10 million sites are hacked in a year.

2. 32,323 public Indian websites were hacked in 2014 with 14% Y-o-Y increase.

3. 155.GOV and.NIC domains were hacked last year.

4. 1,000,000,000 (a billion) personal records were stolen globally last year.

5. Around 75% of the data breaches happen at the application layer.

6. According to CIOs, financial loss, reputation damaged, and disruption of the business are key damages that they faced immediately after the breach.

7. Illicit financial gains are the motive behind 58% of the cyber-attacks.

8. Sensitive data is also alluring hackers. Major Indian song portals and taxi-for-hire websites were hacked for credit card and user information.

9. Last year, it was reported that 90% of mobile banking applications were vulnerable to attack.

Key takeaways: Unless companies operate their business in a vacuum, they cannot overlook the risk of hacking. This risk is real and getting graver with more money being pumped into the online economy. Information Technology research giant Gartner has already predicted that increasing adoption of cloud and mobile will drive the security market, which is estimated to $76.9 billion by this year and $170 billion by 2020.


10. 156 million phishing emails are sent every day. The figure crosses 56 billion in a year.

11. 16 million emails manage to pass the spam filters successfully every day.

12. Around 800, 000 links in these spam emails are clicked on a daily basis.

13. Phishing causes companies an estimated loss of $28.1 billion.

14. There is an acute lack of awareness of phishing attacks in employees across the world. Such an attack is even more dangerous when employees are using their official user rights in the network.

15. Advanced phishing attacks also use social engineering to extract user information through social networking.

16. One phishing attack is carried out every minute.

17. Is it easy to identify phishing emails? The survey shows that 97% of the internet population cannot differentiate a sophisticated phishing mail.

Key takeaways: Modern phishing is not just a risk for customers and users but also businesses at large. Phishing is increasingly being used to launch sophisticated Cross-Site Scripting attacks to steal sensitive information.

OWASP Top 10

18. SQL Injection was discovered 15 years ago but it is still the most dangerous vulnerability. It even tops the OWASP Top 10 list.

19. Around 97% of all the data breaches across the world happen due to SQL Injection.

20. Cross-Site Scripting, on the other hand, is the easiest way to compromise sites.

21. 91% of the websites detected with ‘Critical’ vulnerabilities tested by Indusface Web Application Scanning had SQL Injection vulnerability.

Key takeaways: OWASP vulnerability detection and protection is the first step toward securing web and mobile applications. It is unfortunate that even some of the major online brand names overlook app security and compliance.


22. Malware exists in computers of around 40% of computer users.

23. There are more than 400, 000, 000 types of malware today.

24. 80, 000, 000 types of malware have been identified recently.

25. Malware is the top reason behind sites getting blacklisted by search engines and site index portals.

26. 97% of all types of mobile malware affects Android devices solely.

Key takeaways: Malware like a virus, worms, adware, and Trojan horses affects web and mobile applications at large. Data breach, blacklisting, DDoS, and loss of business reputation are some of the severe security risks that companies face if malware is not prevented. Regular scanning for malware detection is critical.

Distributed Denial of Services

27. DDoS attacks cost banks up to $100, 000 per hour.

28. 20% of such attacks last for days and even months.

29. A lot of attackers also use DDoS as a diversion for other kinds of application attacks.

30. 87% of the attacked companies were hit more than once.

31. Attacks within the bandwidth of 1-5 GB have increased by 150%.

32. Competitors launch DDoS attacks to disrupt business on high sale volume days.

33. Companies need around 10 employees to mitigate DDoS.

34. It is impossible to detect and prevent all types of DDoS attacks unless traffic to the application is monitored continuously.

35. The estimated cost of a successful DDoS attack for a company is anywhere between $5,000 and $19,999 an hour.

Key takeaways: With intrusion prevention systems and network firewalls failing to detect application distributed denial of services, companies should look into 24 × 7 DDoS monitoring and mitigation solutions like manage web application firewalls.

Don’t know if your website is secure? Get it tested for free here

Research Sources:

  • Indusface research, reports, white papers, and case studies
  • Forbes
  • The Dark Reading
  • KPMG
  • Government of Canada

Stay tuned for more relevant and interesting security updates. Follow Indusface on FacebookTwitter, and LinkedIn

web application security banner

Spread the love

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

US Bank Data Breach
1.5 Million Customers Impacted By US Bank Data Breach – Possible Lessons Learned

Flagstar Bank, recently confirmed a data breach that exposed the sensitive details of 1.5 million customers. Read more.

Spread the love

Read More
Data Protection Tips
3 Data Protection Tips to Prevent Data Loss

The data breach trend seems to be increasing. More and more companies are being targeted by the day, and it seems as though no company is immune to this type.

Spread the love

Read More
Serialization Attacks and How to Prevent Them
What are Serialization Attacks and How to Prevent Them?

Serialization and deserialization are powerful tools but need to be securely executed to ensure they aren’t counterproductive. Explore here.

Spread the love

Read More


Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Know More Take Free Trial


Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!