Cybercriminals are pilfering a staggering volume of data and money from companies around the world. The damage from hacks costs businesses $400 billion a year, according to British insurance company Lloyd’s.

Even worse, a significant portion of cybercrime goes undetected or unreported, a World Economic Forum (WEF) report finds. Companies often prefer to say nothing than to open themselves up to legal action, trouble with regulators, and damage to their reputation.

Overall, the newly released Cybersecurity Market Report from Cybersecurity Ventures, a Menlo Park, California-based market research firm, paints a grim picture in which every business is at risk of being hacked. (The news is better for the cybersecurity industry, which not surprisingly is experiencing explosive growth.) The Q3 report aggregates data from noteworthy reports; research by security and IT analysts; and emerging trends in employment, IPOs, and M&A deals. Below, check out some of the most eye-opening facts and figures about the state of cybersecurity.

Companies are spending big bucks.

Global spending on cybersecurity is floating around $77 billion this year, market research firm Gartner estimates. By 2020, companies around the world are expected to spend around $170 billion–a growth rate of nearly 10 percent in the next five years.

The big data and analytics market is expected to reach $125 billion by the end of 2015, according to research firm IDC. Global revenues for companies that offer digital forensics will total $2.7 billion this year and are estimated to reach $4.7 billion in 2020, ABI Research finds.

Hackers steal billions of dollars.

Cybercriminals do not steal just data. They also stole up to $1 billion from 100 different financial institutions across the U.S., Germany, Russia, Ukraine, and China over the past two years, security firm Kaspersky Lab reports. According to the FBI’s Internet Crime Complaint Center, ransomware–malicious programs that infect a computer or network and hold data hostage until a ransom is paid–has cost companies $18 million in the past 15 months.

Smartphones and apps can bring down a company.

Your employees and their personal smartphones are two of the weakest links in your security protocol. Last year, 16 million mobile devices worldwide were infected by malware, according to Alcatel-Lucent’s Motive Security Labs. Hackers go after smartphones as an entry point; from an infected smartphone, they can jump into a network and wage denial-of-service attacks or commit corporate espionage.

Third-party applications are a major culprit. According to the U.S. Department of Homeland Security, about 90 percent of security breaches originate from defects in software. Apps typically have poor security because developers rush to bring them to market before properly implementing security protocols.

The rise of cyber insurance.

With all the risks of attacks, the demand for cybersecurity insurance has increased by 21 percent across all industries in 2014, according to BITS, the technology policy division of the Financial Services Roundtable. According to Lloyd’s, the insurance industry sold $2.5 billion worth of protections against hacks last year, up from less than $1 billion two years ago.