60% of small companies go out of business within six months of falling victim to a data breach or cyber-attack. (Cybercrime Magazine)
82% of breaches in the DBIR14 involved the human element. (Verizon 2022)
96% of companies have been target of an email-related phishing attempt. (Mimecast)
41% of surveyed executives do not think their security initiatives have kept up with digital transformation. (Forbes)
44% of the executives surveyed said that their growing use of partners and suppliers exposes them to significant security risks. (Forbes)
30% of surveyed executives said their budgets are not sufficient to ensure proper cybersecurity, while several pointed out that the criminals are better funded. (Forbes)
68% of business leaders feel their cybersecurity risks are increasing. (Accenture)
Only 50% on U.S. businesses have a cybersecurity plan in place. (Forbes)
11% of organizations hit by a phishing attack in 2021 were fined. (Proof Point)
CEOs are targeted by phishing attacks 57 times per year on average. (ZD Net)
On average, only five of companies’ folders are properly protected. (Varonis)
25% of small businesses spent less than $500 on their monthly cybersecurity plan pre-COVID. 26% of users are now investing more heavily in cybersecurity with a monthly budget of $500-$1,499. (Upcity)
43% of small businesses overall noted that they have never experienced a cybersecurity attack. (Upcity)
33% of businesses that have been operating for 3-5 years have been victims of a cybersecurity attack Pre-COVID. (Upcity)
78% of IT leaders say the C-Suite is the most likely to be targeted by phishing attacks.(Forbes)
Statistics for Cybersecurity Insurance
42% of companies with cyber insurance did not have all losses covered by insurance in 2022. (Deloitte).
Cyber insurance premiums increased by an average of 28% in the first quarter of 2022 compared with the fourth quarter of 2021. (CNBC)
Ransomware payments are at an all-time high, possibly due to a larger number of victims paying up. This itself may be because around 90% of organizations hit had ransomware insurance. (Coveware A Q4 2021 report)
Cybersecurity workforce
There are over 700,000 cybersecurity job openings in the United States. Cybersecurity analysts are currently the most in-demand job within the industry. (Cyber Seek)
Only 23% of companies provide cyber awareness trainings to their employees on an ongoing basis, but 87% offer it at least once a quarter. (Mimecast)
Nearly 40 % of breaches featured phishing, around 11 % involved malware, and about 22 % involved hacking in 2022. (Verizon)
More than 6 months are taken to find qualified cybersecurity candidates for open positions. (ISACA)
32% of companies lost C-level talent as a direct result of a ransomware incident. (Deloitte)
Cyber fatigue, or apathy to proactively defending against cyberattacks, affects as much as 42% of companies. (Cisco)
Human error statistics
32% of companies lost C-level talent as a direct result of a ransomware incident. (Deloitte)
Only 53% of employees can correctly define phishing. (Proof Point)
In 86% of organizations, at least one person has clicked a phishing link. (CISCO)
Enterprises with Zero Trust deployed reduced the average cost of a breach by $950,000 compared to those without it. (IBM)
Of those, 32% have not changed their cybersecurity plan since the pandemic forced remote and hybrid operations. (Forbes)
An estimated 300 billion passwords are used by humans and machines worldwide. (Cybersecurity Media)
The top malicious email attachment types are .doc and .dot which make up 37 percent; the next highest is .exe at 19.5 percent. (Symantec)
Data Breach Statistics
Colonial Pipeline paid $4.5 million in ransom to restore its compromised systems. (Security Intelligence)
Average cost of a data breach in the United States is $9.44M. (IBM 2022)
Global average total cost of a data breach is $4.35M. (IBM 2022)
Critical sectors that caused data breach are Failure (25%), Human error (22%), Third-party business partners (17%), Destructive attacks (16%), Ransomware (12%), Other malicious attacks (8%). (Cost of a Data Breach Report, IBM 2022)
T-mobile data breach cost the company $350 million in 2022. (Tech.co)
Toyota’s 300,000 customers who had used its T-Connect telematics service had had their email addresses and customer control numbers compromised. (Tech.co)
2.2 million customers of Woolworths subsidiary MyDeal, an Australian retail marketplace, has been impacted by a data breach. (Tech.co)
57 million users were impacted by Uber by enormous data breach in 2022. (Tech.co)
Approximately 70% of breaches were financially motivated, while less than five % were motivated by espionage, in 2021. (Verizon)
192 days is the average number of days an organization takes to identify a breach. (Deloitte)
4,751basic web application attack incidents, with 1,273 confirmed data disclosure in 2022. (Verizon 2022)
25% of all data breaches involve phishing. (Verizon)
43% of all breaches are insider threats, either intentional or unintentional. (Check Point)
There were 1,862 recorded data breaches in 2021, surpassing the 2017 record of 1,506 breaches. (CNET)
2,249 social engineering incidents with 1,063 confirmed data disclosure in 2022. (Verizon 2022)
From 2.249 social engineering incidents 89% of actor motives were financial. (Verizon 2022)
DDoS statistics
Most DDoS assaults (94.95% ) lasted lower than 4 hours, whereas the longest assault continued for 549 hours (almost 23 days) in 2022 Q1. (10 Guards)
64% of DDos assaults had been UDP flood in 2022. (10 Guards)
Within the USA 53% of command and management servers had been positioned by DDoS in 2022. (10 Guards)
The biggest variety of DDoS-attacks (16.35% ) come on Sundays. (10 Guards).
34% of DDoS assaults had been directed at targets positioned within the USA, which comprised 45.02% of all targets in 2022. (10 Guards).
Among the largest DDoS attacks was a 1.5 TBps (terabytes per second) incident in June 2021, representing a 169% increase in attack bandwidth over the largest attack in the first half of 2020. (Techtarget)
The total number of DDoS attacks will be 15.4 million by 2023. (Cisco)
Social engineering statistics
98% of cyber-attacks involve some form of social engineering. (Purplesec).
The average organization is targeted by 700+ social engineering attacks annually. (ZD Net)
On average, social engineering attacks cost companies $130,000 through money theft or data destruction. (Security Info Watch)
IT pros are targeted 40 times annually on average. (ZD Net)
69% of public administration breaches involve social engineering. (Verizon)
Smishing attacks increase with 74% of organizations encountering the approach in 2021. (Proof Point)
Social media attacks rise, with 74% of organizations targeted in 2021. (Proof Point)
Just 27% of companies practice social engineering awareness training. (Get App)
The average organization is targeted by 700+ social engineering attacks annually. (ZD Net)
Up to 90% of malicious data breaches involve social engineering. (KnowBe4)
Phishing statistics
Google delisted over 2.1 million phishing sites in 2020. (Google)
84% of phishing sites have SSL certificates. (APWG)
86% of organizations faced bulk phishing in 2021. (Proof Point)
In the United States, 83% of organizations fell victim to a phishing attack in 2021. (Proof Point)
Facebook is the most impersonated website, representing 14% of phishing pages. (PR Newswire]
Yet Amazon is the most impersonated in emails, representing 17.7% of phishing emails. (Tech Radar)
95% of enterprise network attacks that succeed relied on spear phishing to gain entry. (Security Intelligence)
The most common causes of cyber-attacks are malware (22%) and phishing (20%). (Forbes)
In 2021, nearly 40 % of breaches featured phishing, around 11 % involved malware, and about 22 % involved hacking. (Verizon)
Zero Trust Statistics
79% of critical infrastructure organizations did not deploy a Zero Trust architecture. (Securityboulevard)
41 % of respondents from a global survey report that they have plans to adopt a Zero Trust strategy and are in the early phases of doing so in 2022. In general, 80 % of respondents have plans of adopting Zero Trust in the future or have already adopted it. (Statista)
Zero Trust can reduce the cost of a data breach by roughly $1.76 million. (IBM)
Zero Trust market is projected to reach $52 billion by 2026. (CNBC)
55% of respondents have a Zero Trust initiative in place, and 42% say they will implement one in the near future in 2022. (Okta)
Only 24% of respondents had a Zero Trust initiative in place, and 65% had plans to implement one in the next 12-18 months in 2021. (Okta)
Zero Trust security market will grow from $19.6 billion in 2020 to $51.6 billion by 2026. (CNBC)
Global spending on Zero Trust security software and solutions is projected to grow from $27.4 billion in 2022 to $60.7 billion by 2027, attaining a CAGR of 17.3%. (Marketsandmarkets)
End-user spending on Zero Trust network access (ZTNA) systems and solutions globally is projected to grow from $819.1 million in 2022 to $2.01 billion in 2026, attaining a compound annual growth rate of 19.6%. (Gartner)
Zero Trust security market is growing at a CAGR of 17.3%, increasing from $22.9 billion in 2021 to $59.8 billion by 2027. (ERM)
The average cost of a data breach for an enterprise without a Zero Trust framework is $5.1 million, compared to $4.15 million for the enterprises that have one. (IBM)
The 20.5% reduction in breach costs accelerates as an enterprise gains more experience and matures with its Zero Trust initiative. (IBM)
The global Zero Trust security market size is expected to grow from an estimated value of USD 27.4 Billion in 2022 to USD 60.7 Billion by 2027, at a Compound Annual Growth Rate (CAGR) of 17.3% from 2022 to 2027. (Researchandmarkets)
96% of security decision-makers state that Zero Trust is critical to their organization’s success. (Microsoft)
90% of surveyed the security decision-makers are familiar with Zero Trust and 76% are in the process of implementation. (Microsoft)
81% of surveyed organizations have already begun the move toward a hybrid workplace with Zero Trust adoption. (Microsoft)
Biggest Cyberattacks
In March Samsung admitted that Lapsus$ hacking group 200 gigabytes of confidential data, including source code for various technologies and algorithms for biometric unlock operations. (Techcruch)
Hackers stole $8,156 from the Reidville Fire District’s payroll accounts. (Firefighternation)
San Francisco 49ers reported a data breach with the Office of the Maine Attorney General after the organization experienced a security incident involving its corporate IT network. According to the 49ers, the breach resulted in the names and social security numbers of 20,930 individuals being compromised, On September 1, 2022. (jdsupra)
Starbucks Singapore hit by data breach involving customers’ names, emails and mobile numbers, total 330,000credentials. (channelnewsasia).
Revolut caught out by phishing scam with over 50,144 credentials. (channelnewsasia)
Health insurer Medibank revealed that almost 4 millions of their customers’ data had been exposed to a hacker in October 2022. (electric.ai)
GiveSendGo site has been hijacked, 90,000 donors were compromised. (electric.ai)
Last Pass, a password management provider used by over 30 million people, announced that a third-party had been able to infiltrate their network by accessing a compromised developer account on August 25th, 2022. (electric.ai).
Crypto.com. was attacked on January 17, 2022. The assault targeted 483 users’ wallets and stole approximately $18 million worth of bitcoin and $15 million worth of Ethereum, plus other cryptocurrencies. (electric.ai)
Global attacks increased by 28% in the third quarter of 2022 compared to same period in 2021. The average weekly attacks per organization worldwide reached over 1,130. (Checkpoint)
The most attacked industry in the third quarter of the year was the education/research sector, with an average of 2,148 attacks per organization every week, an increase of 18% compared to third quarter of 2021. (Checkpoint).
The healthcare sector was the most targeted industry for ransomware during the third quarter of 2022, with one in 42 organizations impacted by ransomware, a 5% increase YoY. (Checkpoint)
Nearly 80% of nation-state attacks specifically target government agencies, non-government organizations (NGOs), and think tanks. (Microsoft)
Cybercrime cost U.S. businesses more than $6.9 billion in 2021, and only 43% of businesses feel financially prepared to face a cyber-attack in 2022”. (Forbes)
Attackers exploited a flaw in the Wormhole bridge to grab what was then about $321 million worth of Wormhole's Ethereum variant in February 2022. (Wired)
Attackers targeted the stable coin protocol Beanstalk, granting themselves a “flash loan” to steal about $182 million worth of cryptocurrency at the time in April 2022. (Wired)
The worldwide information security market is forecast to reach $366.1 billion in 2028. (Fortune Business Insights)
120. Approximately 70 % of breaches in 2021 were financially motivated, while less than 5% were motivated by espionage. (Verizon)
Ransomware Statistics
The average ransomware attack costs organizations $4.54 million. (Security Inteligence)
104% increase in the average ransom payment amount from Q4 2019 in 2022. (Deloitte)
FBI identified 2000+ ransomware attacks from January to July. (Techtarget)
22% of respondents noted that malware was the cause. 51% stated that their websites were down for 8-24 hours after the attack. (Upcity)
3,700 reported instances of ransomware in 2021. Overall, $49 million was lost. However, this only accounts for the US, and many such incidents go completely unreported. (FBI report)
Only 38% of state and local government employees are trained in ransomware prevention. In fact, 65% of executives have been asked by hackers to assist them as of 2022. (IBM, Hitachi-ID)
Nearly a quarter of ransomware attacks target the manufacturing industry. 17% of attacks target professional services. 13% of ransomware attacks specifically target government organizations. (Security Intelligence)
3 out of 4 organizations have fallen victim to a ransomware attack, up 61% in two years. 64% of affected companies paid the ransom, but nearly 40% weren’t able to recover their data. (Mimecast)
When faced with a ransomware attack, 64% of companies paid the ransom, yet nearly 4 out of 10 of them failed to recover their data. (Mimecast)
Attackers will increasingly use IoT devices to target users with ransomware. (RSA Security)
14 US critical sectors have been subjected to intense ransomware attacks. (Techtarget)
It takes a company 22 days on average to recover after a ransomware attack. (Techtarget)
20% of organizations and institutions have experienced ransomware attacks after switching to remote working. (Techtarget)
The average ransom demand in the first half of 2021 amounted to $5.3 million — a 518% increase compared to 2020. The average ransom payment has also increased by 82% since 2020, reaching a whopping $570,000 in the first half of 2021 alone. (Average ransomware magazine)
Ransomware attacks experienced annually by organizations have been on the rise since 2018, peaking at 68.5% in 2021. (Statista)
127 new ransomware families were discovered in 2020, up 34% since 2019. (Statista)
The total cost of a ransomware breach was an average of $4.62 million in 2021, not including a ransom. (IBM)
14 US critical sectors have been subjected to intense ransomware attacks. (Techtarget)
Cybersecurity Predictions
US government will focus on cybersecurity training to combat increasingly common ransomware attacks. (SC Media)
Cybersecurity Ventures predicts ransomware will cost $10.5 trillion annually by 2025, and that an attack will take place every 2 seconds by 2031. (Cybersecurity Ventures)
Security predicts a widespread shift to businesses adopting zero trust models. (Security)
McAfee expects ransomware as a service to continue to grow, with more competition due to new groups entering the scene. It also cites the lack of one specific communications board as a reason why no group can maintain credibility for long. (McAfee)
Check Point predicts an increase in the number of supply-chain attacks. (Check Point)
Attackers will increasingly use IoT devices to target users with ransomware. (RSA Security)
The worldwide information security market is forecast to reach $366.1 billion in 2028. (Fortune Business Insights)
Other
54 % of companies say their IT departments are not sophisticated enough to handle advanced cyberattacks. (Sophos)
61% of respondents in the healthcare industry suffered a cyberattack on their cloud infrastructure within the last 12 months, compared to 53% for other verticals. (scmagazine)
