Most Noticeable Facts About Cybersecurity
1. PwC's 2022 Global Digital Trust Insights shows that more organizations (66%) are expecting cyber budget growth compared to previous years. Of these companies, over a third project double-digit cyber spending growth.
2. Cybersecurity Ventures estimates that an increase in cybercrime and the need for digitized businesses and consumers to guard against such crimes will drive up expenditure on cybersecurity products and services to $1.75 trillion between 2021 and 2025.
3. Deloitte performed a 2021 survey to find the greatest challenges for CISOs and CIOs. Over 40% responded that transformation and hybrid IT were the most difficult parts of cybersecurity management.
4. In August 2021, Google announced its commitment to strengthening cybersecurity with a pledge of $10 billion by 2025. This investment will focus on advancing open-source security, zero-trust programs, and the software supply chain.
5. In June 2022, the US House Appropriations Committee released spending bills for 2023 that allocate $15.6 billion to federal cybersecurity efforts.
6. According to data from Fortune Business Insights, the global cyber insurance market will expand at a CAGR of 25.3% between 2021 and 2028. It's expected to reach $36.85 billion in 2028.
7. According to Sophos' State of Ransomware 2022 report, only 4% of businesses that pay the ransom when held hostage by ransomware actually retrieve all their stolen data.
8. A 2022 IBM security report revealed a surge in various cyberattacks between 2020-2021. Notably, those caused by exploiting vulnerabilities have increased by 33%.
9. Between 2020 and 2021, the average data breach cost rose almost 10%, reaching $4.24 million. This is the highest growth rate seen in the past seven years, according to IBM’s Cost of a Data Breach 2021 report.
10. The Javelin Strategy and Research's 2021 Identity Fraud Study revealed that identity fraud losses reached $56 billion in 2020, with $13 billion lost from traditional identity fraud and $43 billion lost from identity fraud scams
11. Accenture’s State of Cybersecurity Resilience 2021 report revealed that companies experienced 31% more attacks in 2021 compared to the previous year. On average, organizations experienced 270 cyberattacks.
12. According to the Thirdway Cyber Enforcement Initiative, many cybercrime victims do not report their cases, lowering the estimated enforcement rate from 0.3% to about 0.05%.
Cybersecurity Statistics by Attack Type
- IBM's X-Force found that ransomware attacks were the most common cyberattack in 2021. They accounted for 21% of attacks, down two percent from 2020.
- IBM also reported that REvil (first used in 2018) and Ryuk (first appeared in 2019) are the most common and longest-running ransomware attack types. They account for 37% and 13% of ransomware attacks, respectively.
- Virustotal’s 2021 Ransomware Activity Report states that over 130 ransomware strains have been detected between 2020-2021.
- Beyond Trust predicts ransomware attacks will become more personalized in 2022. Organizations should also expect the attacks to involve company insiders and different types of assets, including IoT devices.
- Cybersecurity Ventures reports exponential growth in ransomware damage costs. It estimated the global damage to be $20 billion in 2021, over 57 times the 2015 costs. This number is expected to rise to $265 billion by 2031.
- According to Ironscales’ State of Cybersecurity Survey, phishing emails have become more frequent. Since the start of the pandemic in 2020, 81% of global organizations have reported more email phishing attacks.
- From 2020-2021, phishing attacks more than tripled. They reached a record-high of over 316,000 in December 2021, according to APWG’s 2021 Phishing Trends Report.
- Data from the UK's Cyber Security Breaches Survey shows that phishing is the most common cyberattack on UK organizations.
- A Google Project Zero researcher reports 18 zero-day vulnerabilities during the first half of 2022. Fifty percent of these are simply new versions of formerly patched vulnerabilities.
- Mandiant Threat Intelligence reported a significant increase in yearly zero-days exploited. The 2021 total reached 80 zero-days, 2.5 times the number of zero-days exploited in 2019.
- Cisco data estimates that distributed denial-of-service (DDoS) attacks will grow to 15.4 million by 2023, more than double the 7.9 million in 2018.
- DDoS attacks became more prevalent in 2020, with the NETSCOUT Threat Intelligence report seeing 4.83 million attacks in the first half of the year. That equates to 26,000 attacks per day and 18 per minute.
- More than four-fifths of data breaches in 2020 (86%) were financially motivated, according to Verizon’s 2020 Data Breach Investigations Report (DBIR).
- Security threats against industrial control systems (ICS) and operational technology (OT) more than tripled in 2020, according to Dragos Inc.’s Year in Review report.
- McKinsey insight finds 70% of security executives believe their budget will decrease in 2021, which will limit and reduce their spending on compliance, governance, and risk tools.
- Organizations must defend their networks, systems, and users against several major cybersecurity threats. For example, Verizon’s 2020 DBIR found that 70% of breaches were caused by outsiders, 45% involved hacking, 86% were financially motivated, 17% involved some form of malware, and 22% featured phishing or social engineering.
The Biggest Data Breaches in History
Major hacking events have seen organizations suffer costly losses of data, customer details, financial records, and personal information.
- An attack against internet giant Yahoo! in 2013 resulted in the loss of data from more than 3 billion accounts.
- The data breach of hotel firm Marriott-Starwood resulted in the loss or compromise of information belonging to more than 500 million consumers.
- A major data breach saw the details of 412 million FriendFinder users stolen in 2016, while a hack of Under Armor’s MyFitnessPal app in 2018 affected 150 million users.
- Approximately 143 million consumers were affected by an attack on Equifax in 2017, which ended up costing the business more than $4 billion. The organization was found liable for the breach and fined $425 million by the Federal Trade Commission.
- One of the most damaging attacks in history was the WannaCry ransomware attack, which first appeared in 2017. The virus infected more than 230,000 machines in 150 countries, causing damage of at least $4 billion.
- State-sponsored cyberattacks pose a major threat to organizations. Symantec data found that 19 people from China, 18 from Russia, 11 Iranians, and a North Korean had been indicted by the United States for state-sponsored activities and espionage.
Cybersecurity Statistics by Industry Type
Healthcare Industry Cyber attacks
- According to Sophos’ The State of Ransomware in Healthcare 2022, 66% of healthcare organizations experienced ransomware attacks in 2021, a 94% increase from the previous year.
- Sophos' report further revealed that the healthcare industry experienced the biggest influx of cyberattacks, regarding both volume (69%) and complexity (67%).
Banking Industry Cyber attacks
Education Industry Cyber attacks
- According to Sophos' The State of Ransomware in Education 2022 report, education organizations are less likely to have cyber insurance against ransomware. Only 78% of education organizations have coverage, compared to the 83% global average.
- The Sophos report further revealed that education organizations have seen a decrease in the amount of data restored after paying the ransom. The average in 2021 was 62% for lower education and 61% for higher education, both lower than the 2020 average of 68%. Only 2% of lower education and 2% of higher education organizations fully recovered their stolen data in 2021.
How Fortinet Can Help
There are several quick steps that users can take to protect themselves from the rising tide of cybersecurity threats. These include:
- Use strong passwords: Weak passwords and login credentials are one of the most common reasons for a cyberattack occurring. Users must ensure their passwords are as strong as possible and are never used for multiple accounts or services. Using a password manager can help people use strong passwords without having to remember them.
- Ensure software is always updated: Vulnerabilities in software are another key weakness that leads to data breaches. Organizations and users have to make sure all software is set to update automatically to prevent vulnerabilities being exposed.
- Avoid clicking weblinks: Malicious links are a popular tactic with cyber criminals. Remove the risk by never clicking a link in an email and only visit trusted websites.
- Use a VPN: Secure virtual private networks (VPNs) like the Fortinet FortiClient allow users to hide their Internet Protocol (IP) address and browse the internet with an encrypted connection. This protects them from hackers and helps them avoid the risks outlined in the cybersecurity statistics listed above.
Don't put your business reputation at stake! Get a Cyber Threat Assessment Report.