Key Global Cyber Trends 2014-2024

Center AnalysisStrategic Cybersecurity
Written By Derek Loughrey

Introduction

This analysis is a continuation of our Key Global Cyber Trends series. It encompasses data from the CISSM/GoTech Cyber Events Dataset, which continually collects publicly reported events from 2014 to the present day to create a centralized, well-structured, open-source dataset for research and to help inform strategic decision-making. This report highlights key patterns in cyberattacks, including the dominance of criminal actors, the growing exploitation of vulnerable industries such as healthcare, and the geopolitical dimensions of cyber warfare, particularly in the context of Russia's ongoing invasion of Ukraine.

Global Trends

Since the last Cyber Trend Analysis, 2023 has continued the upward trend of total cyberattacks since 2014. Interestingly, as of June 2024, we have seen only 545 total attacks, which indicates a slowdown in cyber activity as compared to 2023 levels. However, this could change once full data for 2024 has been collected. Each event type increased from 2022 to 2023, with the exception of disruptive attacks, which saw a dramatic 64% decrease likely because a reduction in the number of sabotage and other types of attacks attributed to Russo-Ukrainian war.

Public administration continues to carry the largest percentage of total attacks across industries at 18% of the share with 2,649 events. This reflects a high-risk, highly vulnerable industry that is targeted by actors with varying motives. Healthcare and Social Assistance follow at 13% with 1,865. Information is also heavily targeted at 10% with 1,441 events and Finance and Education follow closely behind accounting for 9.54% (or 1,340 events) and 9.42% (or 1,323 events), respectively.

Attacks by Event Type

A deeper dive into the distribution of event types shows an interesting trend within the top 5 most targeted industries. Public administration is nearly split between disruptive (1,253) and exploitive (1,041) attacks, with disruptive attacks occurring slightly more. Healthcare and Social Assistance are largely targeted by exploitive (1,070) attacks, consistent with their susceptibility to financially motivated ransomware attacks. Finance is also targeted more by actors seeking to steal money and information resulting in exploitative (855) attacks. The information and education sectors are also split nearly equally, with exploitive attacks occurring slightly more.

Attacks on Industries by Actor Type

Criminal actors dominate the number of attacks across all industries, often accounting for over 70% of total attacks. Hacktivists are particularly active in industries that are either the target of protest itself like mining, quarrying, & oil,and public administration or that can amplify the severity of an attack such as the transportation and warehousing sector. Nation-states account for a smaller proportion of attacks but tend to target high-value critical infrastructure industries with more sophisticated tools and often more disruptive second-order effects. Terrorist actors make up the smallest proportion, with most of their activity being in information. Hobbyists show the most activity in the arts, entertainment, and recreation sectors, reflecting a low-stakes targeting pattern.

Attacks by Motive

There has been a continued trend since last year where financial gain is the largest driving factor for every industry, which coincides with the large number of criminal actors across all industries. Some of the industries most targeted for financial gain are Health Care and Social Assistance, Accommodation and Food, and Retail, accounting for 80% of their total attacks. The protest motive was the second most frequent motive and had the largest percentage in the industries where we saw a large Hacktivist activity, such as mining, quarrying, & oil, transportation and warehousing, public admin, and agriculture.

Geopolitical Considerations

The United States is still by far the most targeted country based on this data, with 6,779 total attacks. The second most targeted is the United Kingdom, which has had 756 attacks (9 times less than the US). Followed by Italy (413), Ukraine (407), and Russia (389). Russia remains the leading country of origin for cyberattacks, accounting for 1,847 events, reflecting a permissive operating environment with more actors and a higher level of attribution. China (171), North Korea (160), United States (142), and Ukraine (133) are also relatively active operating environments for different actors.

War on Ukraine (Somewhat) Deep Dive

Interestingly, based on the 2014-2022 cyber trend analysis, which showed Ukraine with 158 total attacks, Ukraine has been targeted by more attacks in the past two years than in the previous 8 years. This can be explained by the full-scale invasion of Ukraine in February 2022 and Russia’s heavy use of cyberwarfare in conjunction with the invasion.

There was a total of 198 cyberattacks originating in Russia targeting Ukraine between 2022 and 2024, with the majority (139) occurring in 2022 alone. Taking a closer look, we find that most of those attacks in 2022 were hacktivists (110), four times more than nation-state-sponsored attacks (28). This reflects both Ukraine’s inferior cyber resources and reliance on hacktivist organizations as well as Russia’s use of hacktivist groups to extend its cyber power in both coordinated and uncoordinated ways. For example, there is some evidence that Russian nation-state actors are propping up hacktivist groups to support its cyber operations. Additionally, it is likely that many nation-state actors are more likely to avoid detection because of their intent and sophistication. Moreover, there are groups like the “Anonymous Russia” hacktivist collective based out of Russia that target pro-Russian entities. The majority of the attacks between 2022 and 2024 are disruptive in nature, with most of them being external denial of service attacks.

Conclusion and Takeaways

While 2023 marked a peak in the total number of cyber incidents, preliminary data for 2024 suggests a potential decline in volume and a notable decrease in disruptive attacks between 2022 and 2023. Criminal actors with financial motives are dominating the landscape, with hacktivists and nation-states playing a more targeted role in specific sectors relevant to geopolitical hotspots. Public administration, healthcare, and information industries are disproportionately targeted over other sectors due to their significance and exploitability. The large increase in cyberattacks on Ukraine since Russia’s invasion in 2022 suggests a growing intersection of offensive cyber and global conflict, highlighting an area we should pay close attention to as geopolitical tensions rise. It is vital that we continue to collect and analyze this data to inform our future strategies and mitigate risks in an increasingly interconnected world.

 

If you’d like to take a closer look at the graphs and maps included in this center analysis, check out the public Tableau workbook by clicking the button below.

Derek Loughrey

Graduate Assistant at the Center for Governance of Technology and Systems and Masters of Public Policy candidate in the School of Public Policy at the University of Maryland studying Cyber policy.

https://www.linkedin.com/in/derekjloughrey/
Next

The Rise of AI-Driven Cyber Threats: Are We Prepared?