Cybersecurity is a common topic among consumers and businesses alike.
As we continue to spend more of our lives in the digital world, we’re all looking for ways to keep ourselves, and our data secure. Unfortunately, while digital transformation unlocks countless opportunities for better communication, innovation, and productivity, it also paves the way for new forms of cybersecurity attacks.
The consistent effort to secure the digital environment has driven an ever-growing cybersecurity market. By 2028, experts predict the industry will be worth around $372.04 billion. Already, the space stood at a value of around $179.96 billion as of late 2021.
These cybersecurity statistics will tell you everything you need to know about the landscape.
Gartner found responding security issues is one of the biggest challenges companies faced in 2020. The overall average security spend for 2020 sat at around $123 billion, with many organizations investing in things like automated security checking and intelligent systems.
In 2020, RiskBased Security found that data breaches exposed around 36 billion records, just in the first half of the year. That’s double the number of records exposed throughout the whole of 2019. The study also found that around 43.6% of the companies reporting data breaches in 2020 omitted the number of records exposed, indicating a higher degree of loss.
We often assume that bad technology is the cause for cybersecurity problems, but around 95% of security breaches actually come from human error, according to Cybint solutions. The best first-step for any security strategy may therefore be properly training teams to stay secure.
Accenture found that in the years from 2019 to 2024, the total losses experienced by cyber crime could add up to around $5.2 trillion. Notably, Accenture also found that malware is currently the attack type that costs the most to overcome. The price of dealing with malware has increased by 11%, while the cost of malicious insider attacks from within the business has risen by 15%.
An Iomart study revealed that around 479 data records were either stolen or lost every second during 2019. This accounts for around $71,823 lost per second, or an average of $6,205,479,452 lost per day, according to the company’s calculation of information value.
A data breach can also cause a company to lose value in terms of stock and reputation. The average company would experience a value drop of around 7.27% after a cybercrime issue. This could lead to millions in loss for larger businesses.
Gartner’s review of information security spending in 2019 found that worldwide investment in security services is increasing. In 2020, around 50% of spending for cyber issues was dedicated to security services designed to help companies overcome common vulnerabilities.
Accenture’s 2019 Cost of Cybercrime Study found that the most expensive component of any cybersecurity issue is information loss, equating to around $5.9 million. The report also found that people-based attacks are currently increasing the most today, with Malware increasing by 11%, and web-based attacks seeing an increase of 13%.
Varonis found most American citizens don’t know what to do if they’re hit with a data breach. Around 64% said they wouldn’t know what to do if data was stolen, and another 64% have never even checked to see whether they’ve been victim to an attack.
According to the Ponemon institute, it takes up to 280 days on average for companies to find the source of a data breach after a cybersecurity issue. The number of days on average can vary depending on the industry. For instance, retail workers often find the source of a breach within 197 days.
The Varonis team found that the average employee has access to around 11 million files at work. Around 17% of all sensitive files are also accessible to all employees, and 15% of companies leave more than a million files available for any staff member. Even worse, the same Varonis study found that 60% of companies have over 500 accounts with non-expiring passwords.
Verizon notes that around 93% of all malware arrives on our computers via email, and phishing is currently the number one form of social engineering attack. Phishing accounts for around 80% of all reported incidents today. Of course, there are plenty of other sources of vulnerability today’s companies aren’t prepared for. Around 11,000 exploitable issues are listed by the CVE database today, and 34% had no patches available at the end of 2019.
Despite a rising number of cybersecurity attacks, around 18% of SMBs in 2019 said they consider cybersecurity investment and protection to be their lowest priority. A further 66% of respondents said they consider a cyberattack to be an unlikely issue for their business, even though 67% of SMBs were hit by an attack in 2019.
Studies show that the most common form of cybercrime in 2020 was malware (34%), followed closely by Phishing (25%), and unauthorized access to specific pieces of personal information (20%). The report also found that social security numbers are being stolen at an increasing rate, with breaches increasing by 500% between 2016 and 2019.
In 2020, the pandemic prompted healthcare to take the top spot as the most targeted industry for cybercrime and attacks. 341 reports were reported during Q3 of 2020 in healthcare, followed by 306 in Information, 274 in finance and insurance, and 259 in public administration.
The cost of ransomware in cybercrime is increasing, particularly following the pandemic. According to Fintech News, Coronavirus has led to a 238% increase on attacks on banks. What’s more ransomware attacks 148% in March, with the average price of a ransomware payment raising by 33% in 2020 to $111,605.
The more connected a country is, the more likely they are to face ransomware attacks. The US is the current leader in ransomware attacks, accounting for 18.2% of all breaches worldwide. Symantec has also found a rapid increase in the number of ransomware variants appearing each month.
Cisco’s annual internet report for 2018 to 2023 notes that DDoS attacks are growing increasingly prevalent in the digital world. The report indicates there will be around 15.4 million DDoS attacks happening worldwide by 2023. Cisco also believes that new risks will emerge in the form of 5G, networked devices, and public Wi-Fi hotspots. Year over year, the number of DDoS attacks has increased by around 39%.
Working together on a report into cybercrime, Google and the FBI Internet Crime Complaint center revealed a huge increase in attacks since the start of the pandemic. The number of complaints rose from around 1000 issues per day, to between 3,000 and 4,000 in the pandemic. Google also reported a massive increase in COVID-19 related phishing attacks.
According to Verizon, 2020 saw around 157,525 collected incident reports and 108.069 breaches. More than 100,000 of the breaches reported involved compromised credentials of individual users cloud data and bank account details. The most significant rise in incidents appeared to happen in the Accommodation industry, followed by administration, agriculture, construction, education, entertainment, finance, and healthcare.
Many of the major issues with cybersecurity that arose from the pandemic came from criminals taking advantage of vulnerable people during lockdowns. Online shopping scams were particularly common, with 23,296 cases as of August 2020. However, Americans were also found to have lost around $97.39 million to COVID-19 stimulus check scams during 2020 too.
IBM’s research into global cybersecurity and data breaches found that the cost of a data breach has increased with the arrival of remote work. On average, the cost to a company for a single data breach can range to around $137,000. This might have something to do with the findings from other pandemic studies. For instance, 47% of employees cited distraction as the primary reason for falling for phishing scams at home.
Research into the cybersecurity risks of remote work indicate that hybrid and distance workers could represent a significant problem for teams. Around 20% of companies say they dealt with security issues as a result of remote working activities. 24% said they had to pay to deal with a malware attack or cybersecurity breach following lockdown orders, and 18% admitted cybersecurity wasn’t a priority for their remote employees.
While all companies from any industry can face the threat of cyber criminals, healthcare is particularly at risk. During 2020, Healthcare breaches per month accelerated at an incredible rate. According to the HIPAA journal, around 95 breaches of 500 or more records were recorded during September, an increase of 156.75% compared to August.
The average cost of a data breach in financial services is around $5.84 million. In 2020, financial services also boasted the lowest average time to identify and contain data issues, however. The average company in this sector will take around 233 days to detect and contain an issue. Unfortunately, there are still a lot of risk factors. For instance, 64% of financial services companies have over 1000 sensitive files open to access for any employee.
Many companies believe that it’s only the big brands targeted by criminals in cybersecurity events. However, smaller companies have the highest targeted malicious email (phishing) rate according to Symantec. Around 1 in every 323 emails are malicious.
Bigger companies are also dealing with significant levels of risk. Around 50% of large companies with more than 10,000 employees are spending more than $1 million each year on security. Cisco also found that around 43% of these employees were spending between $250,000 and $999,999 per year.
A report by IBM into data breaches caused by cybersecurity problems found the US is the most expensive country for data breaches. US companies spends around $8.46 million on average to respond to data breaches. The second more expensive region was the Middle East, at around $6.52 million. Of all industries in the US with data breach costs to consider, healthcare was the one most likely to lead to expensive outcomes.
Cybercrime will always be a central concern for businesses in the digital world. As companies continue to rely more on access to the right technology for innovation and growth, the potential for cybercrime issues continues to increase. Being aware of the numbers could mean you can make better decisions about your cyber protection strategy.