Cybersecurity Definition

What Is Cybersecurity?

Cybersecurity refers to measures taken to protect Internet-connected devices, networks, and data from unauthorized access and criminal use. Additionally, cybersecurity ensures the confidentiality, integrity, and availability of data over its entire life cycle.

Cybersecurity applies to both software and hardware, as well as information on the Internet. It can protect everything from personal information to complex government systems.

Key Takeaways

  • Cybersecurity refers to the measures taken to protect devices, networks, and data from unauthorized access and criminal use.
  • Cybersecurity can span various protection measures, such as preventing cybercriminals from hacking into computers and other connected devices and stealing sensitive information.
  • Password protection and encryption are types of cybersecurity measures.
  • Common types of cyberattacks include phishing, malware, eavesdropping attacks, and denial-of-service (DoS) attacks.

Understanding Cybersecurity

Cybersecurity measures include preventing, detecting, and responding to cyberattacks. Any information stored on an Internet-connected device, computer system, or network can be hacked. With the proper measures in place, this can be prevented. Given that the world is more reliant on computers than ever before, cybersecurity has become essential.

Cybersecurity ranges from simple to complex. As a basic preventative measure, most devices come equipped with password protection to prevent hacking. Updating software is another straightforward way to prevent cyberattacks.

If a system is attacked or at risk of an attack, specific measures might be taken depending on the type of attack. Encryption, for example, is one way to prevent attacks, and certain antivirus software can detect suspicious activity online and block most software attacks.

In order to ensure that a system is secure, it's essential to understand the risks and vulnerabilities inherent to that specific device or network and whether or not hackers can exploit those vulnerabilities.

Cybersecurity measures must constantly adjust to new technologies and developments to stay one step ahead, as hackers adapt their methods to new forms of cybersecurity and render previous measures ineffective.

Types of Cyberattacks

Cyberattacks can have wide-ranging effects on individuals, businesses, and government organizations, including monetary loss, identity theft, and reputational damage. They are classified by the method of attack. Though there are many types of cyberattacks, some of the most common include:


Phishing occurs when an email or text appears to be sent from a reputable source. The goal of phishing is to trick the recipient into sharing sensitive information like credit card details and login credentials or to install malware on the victim's machine. Phishing is one of the most common attacks on consumers.


Malware is malicious software intended to cause damage to a computer or network. Types of malware include viruses, worms, spyware, and ransomware. Malware can find its way onto computers when a user clicks a link or email attachment that installs malicious software.

When inside the system, malware can block access to key components of the network (ransomware), covertly obtain information by transmitting data from the hard drive (spyware), disrupt components, and render the system inoperable.

Eavesdropping Attacks

An eavesdropping attack (aka a man-in-the-middle attack) is when a hacker intercepts, deletes, or modifies data as it is transmitted over a network by a computer, smartphone, or another connected device. Cybercriminals take advantage of unsecured network communications to access data as a user sends or receives it.

Eavesdropping often occurs when a user connects to a network that is not secured or encrypted and sends sensitive business data to a colleague. Eavesdropping attacks can be hard to spot because, unlike some other cyberattacks, the presence of a listening device may not affect the device or network's performance.

Denial-of-Service Attacks

Denial-of-service (DoS) attacks target devices, information systems, and other network resources to prevent legitimate users from accessing services and resources. This is typically accomplished by flooding the server and host with traffic to the point that it becomes inoperable or crashes. DoS attacks are system-on-system attacks, meaning they originate from a single location and target a single system.

Distributed Denial-of-Service Attacks

Distributed denial-of-service (DDoS) attacks are similar, but the attack comes from multiple remote machines (zombies or bots). These attacks can be deployed much faster—and with more traffic—than DoS attacks, so they are typically harder to detect than DoS attacks.


The number of people who fell victim to phishing scams in 2021, according to the FBI. This is up from 241,342 in 2020, for a 34% year-over-year increase. The Internet Crime Complaint Center, or IC3, received an average of 552,000 complaints per year over the last 5 years, representing losses of $6.9 billion in 2021 alone.

Common Targets of Cyberattacks

Though any individual system is at some level of cyberattack risk, larger entities such as businesses and government systems are often the targets of these attacks because they store a lot of valuable information.

The Department of Homeland Security, for example, uses high-tech cybersecurity measures to protect sensitive government information from other countries, nation-states, and individual hackers.

Cybercrime is on the rise as criminals try to benefit from vulnerable business systems. Many attackers are looking for ransom. The average ransomware payment climbed to a record $570,000 in the first half of 2021, according to a report from cybersecurity firm Palo Alto Networks.

Any financial system that stores credit card information from its users is at high risk because hackers can directly steal money from people by accessing these accounts. Large businesses are often attacked because they store personal information about their extensive network of employees.

The industries with the most cyberattacks between November 2020 and October 2021 by basic web application attacks are finance (226 incidents), healthcare (173 incidents), professional (164 incidents), public administration (158 incidents), and information (144 incidents).

What Is the Difference Between DoS and DDoS?

Both types of attacks overload a server or web application to interrupt services for legitimate users. A DoS (denial-of-service) attack comes from a single location, so it's easier to detect its origin and sever the connection. DDoS (distributed denial-of-service) attacks originate from multiple locations. They are faster to deploy and can send much larger amounts of traffic simultaneously, so they are harder to detect and shut down.

What Is Cybersecurity?

Cybersecurity is the practice of protecting Internet-connected systems, devices, networks, and data from unauthorized access and criminal use. 

Is Cybersecurity a Good Career?

Due to ongoing and increasing cybersecurity threats, the industry has a very promising career outlook. There are not enough skilled people to fill cybersecurity jobs, so professionals are likely to find jobs easily. On Oct. 28, 2021, Microsoft announced plans to cut the cybersecurity workforce shortage in half by 2025 by partnering with community colleges across the U.S. and providing free resources to help end the shortage.

Article Sources
Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.
  1. Department of Homeland Security. “Cybersecurity.”

  2. Cisco. "What Is a Cyberattack?"

  3. Federal Trade Commission. "Phishing."

  4. Fortinet. "Eavesdropping."

  5. Panda Security. "What Is a Man-in-the-Middle (MITM) Attack? Definition and Prevention."

  6. Fortinet. "DoS vs. DDoS."

  7. FBI Internet Crime Complaint Center. "Internet Crime Report 2021," Pages 7-8.

  8. U.S. Department of Homeland Security. "Cybersecurity."

  9. Palo Alto Networks. "Extortion Payments Hit New Records as Ransomware Crisis Intensifies."

  10. Statista. "Global Industry Sectors Most Targeted By Basic Web Application Attacks From November 2020 to October 2021."

  11. Microsoft. "American Faces a Cybersecurity Skills Crisis: Microsoft Launches National Campaign To Help Community Colleges Expand the Cybersecurity Workforce."

Open a New Bank Account
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.