In today's digital age, it's more important than ever to prioritise the security of your company's data and systems. Unfortunately, cyber attacks are on the rise and can have serious consequences for businesses of all sizes.
That is why it's crucial to stay informed about the latest trends and statistics in the world of cyber security.
We've compiled a range of statistics that highlight the importance of cyber security for businesses. From the financial impact of a data breach to the prevalence of cyber attacks, these statistics paint a clear picture of the risks that businesses face today and the importance of taking proactive measures to protect against them.
Whether you're a small business owner or a large corporation, these statistics provide awareness and valuable insights on why it is important to improve your company's cyber security posture.
Stay informed, stay vigilant, and keep your business safe in the digital age.
---
Data
By 2025, humanity's collective data will reach 175 zettabytes -- the number 175 followed by 21 zeros (TechTarget)
Cyber Crime – Opportunities arising from COVID-19 and Remote Working
Remote work and lockdowns are driving a 50% increase in worldwide internet traffic, leading to new cybercrime opportunities. (World Bank - World Development Report 2021)
53% of adults agree that remote work has made it much easier for hackers and cybercriminals to take advantage of people. (Norton, 2021)
About one in five consumers fell victim to scams in the last year, with 4% clicking a fraudulent COVID-19 contact-tracing link and another 4% paying a fee to receive COVID-19 relief money, and 3% paying to get an illegitimate COVID-19 vaccine. (Norton, 2021)
Since COVID-19, the FBI has reported a 300% increase in cyberattacks. (The Hill, 2020)
The COVID-19 pandemic has been connected to a 238% surge in cyberattacks against banks. (Carbon Black, 2020)
One-quarter of all employees have noticed an increase in fraudulent emails, spam, and phishing attempts in their corporate email since the beginning of the COVID-19.
(Deloitte, 2021)
Cyber Crime – Prevalence
More than half of all consumers have experienced a cybercrime, with around one in three falling victim in the past year alone.
(Norton, 2021)
Cyber Crime – Projected Growth Global cybercrime costs are expected to grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025. (Cybersecurity Ventures, 2020)
Over 50% of all cyberattacks target small- to medium-sized enterprises. 60% of SMBs that suffer from hacking or a data breach fold within six months
(Cybersecurity Ventures, 2021)
The cost of cybercrime is predicted to hit $10.5 trillion by 2025
(Cisco/Cybersecurity Ventures 2022 Cybersecurity Almanac)
Cyber Crime – Costs
By 2021, global cybercrime rates involving damages will amount to $6 trillion per year, $500 billion per month, $115.4 billion per week, $16.4 billion per day, $684.9 million per hour, $11.4 million per minute, and $190,000 per second. (Cybersecurity Ventures, 2020)
A single attack -- be it a data breach, malware, ransomware or DDoS attack -- costs companies of all sizes an average of $200,000, and many affected companies go out of business within six months of the attack (Hiscox)
Victims of compromised personal and business email accounts experienced a loss of $1.86 billion in 2021.
(FBI, 2020)
The average cost of a ransomware attack was $1.85 million in 2020, doubling the year before at $761,106.
(Sophos, 2021)
Remote work has increased the average cost of a data breach by $137,000. (IBM)
https://www.ibm.com/security/data-breach
The average cost of a financial services data breach is $5.85 million, among the highest of any industry.
(Varonis, 2021)
Cyber Crime – Response Time
Globally, those who experienced cybercrime in the past year spent an average of 6.7 hours resolving it for an estimated 2.7 billion hours lost in total. (Norton, 2021)
On average, it takes financial services organizations 233 days to find and fix a data breach (Varonis, 2021)
The average time to identify a breach in 2021 was 212 days The average lifecycle of a breach in 2021 was 286 days from identification to containment (IBM, 2022)
Companies need 280 days on average to repond to a cyberattack
(WEF Global Cybersecurity Outlook 2022)
Cyber Security – Growing Obsolesce
Cybersecurity measures in place by businesses, governments and individuals are increasingly being rendered obsolete by the growing sophistication of cybercriminals
(WEF Global Risks Report 2022)
Cyber Crime – Targets and Types
Over 75% of targeted cyberattacks start with an email. (RoundRobin, 2020)
Spam
Spam was the most popular type of threat leveraging COVID-19, with 65.7% of COVID-19 related threats being spam email. (ENISA, 2020) https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/etl-review-folder/etl-2020-spam
Password
91% of people know the risks of reusing passwords across their online accounts, but 66% do it anyway. (LastPass, 2020)
Ransomware
The first half of 2021 saw a 102% increase in cybercrime involving ransomware compared to the beginning of 2020.
(Check Point, 2021)
The cost of ransomware damage in 2021 ($20 billion) is 57 times more than the cost in 2015
Ransomware damage worldwide is expected to reach $21 billion by 2021 (Cybersecurity Ventures, 2021)
The average ransomware payment skyrocketed 518 percent in 2021 to $570,000. (GRC World Forums, 2021)
The average cost of a ransomware recovery is nearly $2 million (Sophos, 2021)
The average cost of a ransomware recovery is $4.54M (IBM, 2022)
Malware
94% of malware is delivered via email. (CSO Online)
94% of malware is delivered by email (Verizon)
The average cost of a malware attack on a company is $2.6 million (Accenture)
Data Breaches
Data breaches exposed 22 billion records in 2021 (RiskBased Security)
36% of data breaches involves phishing and 10% involves ransomware
Social engineering is the most successful means to a data breach
Phishing is one of the top causes of data breaches, followed by the use of stolen credentials and ransomware
85% of data breaches involve a human element.
Data breaches are most commonly financially motivated
Credentials are one of the most sought-after data types in data breaches, followed by personal information
(Verizon 2022 Data Breach Investigations Report)
20% of data breaches were caused at least initially by compromised credentials
It takes an average of 287 days for security teams to identify and contain a data breach
(IBM & Ponemon Institute - Cost of a Data Breach 2021 Report)
The average cost of a data breach was $4.24 million in 2021, the highest average on record.
Stolen or compromised credentials were not only the most common cause of a data breach, but at 327 days, took the longest time to identify. This attack vector ended up costing USD 150,000 more than the average cost of a data breach
In 2022, it took an average of 277 days—about 9 months—to identify and contain a breach. Shortening the time it takes to identify and contain a data breach to 200 days or less can result in average savings of $1.12M
A data breach can cost a company an average of $1.59 million in lost business
(IBM)
Personal data was involved in 45% of breaches in 2021
(Verizon)
DDoS
The frequency of DDoS attacks grew 11% in the first half of 2021 compared with the first half of 2020, reaching 5.4 million attacks (Netscout's 2021 Threat Intelligence Report)
A growing DDoS trend in 2021 was the rise of ransom or extortion DDoS attacks (Cloudflare)
Identity Theft 55 million consumers were victims of identity theft in the past year. (Norton, 2021)
More than half a million Zoom user accounts were compromised and sold on the dark web. (CPO Magazine)
Stalkerware
86% of adults are unaware of stalkerware or have only heard the name, meaning only 14% are familiar with stalkerware or creepware. (Norton, 2021)
Cryptocurrency
There has been a rise in ransomware campaigns requiring payment in cryptocurrency — a 35% increase from late 2020 to early 2021. (Norton, 2021)
In 2020, the FBI received 19,369 business email compromise or email account compromise internet crime complaints, an increasing number of which related to the use of identity theft and funds being converted to cryptocurrency. (FBI, 2020) Crypto criminals stole $1.9 billion in 2020, down from $4.5 billion in 2019. (Finaria, 2021)
$76 billion of illegal activity per year involves Bitcoin. (SSRN, 2018)
Bitcoin accounts for 98% of cryptocurrency ransomware payments. (Coveware, 2019)
Cyber Security Training and People – the Greatest Vulnerability / Exposure and the Weakest Link?
By 2027, global spending on cybersecurity training will reach $10 billion
(Cybersecurity Ventures)
47% of organizations have had at least one employee download a malicious app. (Checkpoint, 2021)
Every employee has access to nearly 11 million files Nearly two-thirds of companies have 1,000+ sensitive files open to every employee About 60% of companies have 500+ passwords that never expire (Varonis)
Cyber Security Professionals – Its Demand and Talent Crunch
There is a global shortage of cybersecurity professionals of 2.72 million (ISC)2 Cybersecurity Workforce Study, 2021) There was a 350% growth in open cybersecurity positions from 2013 to 2021
(Cybercrime Magazine) The cybersecurity unemployment rate is near 0% and is projected to remain there for the foreseeable future. 40% of IT leaders say cybersecurity jobs are the most difficult to fill
(CSO Online)
61% of organisations feel they are understaffed in terms of cybersecurity professionals. 50% of respondents said applicants were not sufficiently qualified for security positions (ISACA State of Cybersecurity 2021 Part 1)
59% of cybersecurity professionals feel the demands of their job limit them from keeping up with cybersecurity skills. 70% of cybersecurity professionals claim their organization is impacted by the cybersecurity skills shortage. (ISSA & ESG)
Organisation – Cyber Security a Priority 75% of risk manager experts consider cybersecurity to be a top priority (McKinsey & Company)
84% of respondents share that cyber resilience is considered a business priority in their organization n with support and direction from leadership, but a significantly smaller proportion (68%) see cyber resilience as a major part of their overall risk management. Due to this misalignment, many security leaders still express that they are not consulted in business decisions which results in less secure decisions and security issues. This gap between leaders can leave firms vulnerable to attacks as a direct result of incongruous security priorities and policies. (WEF Global Cybersecurity Outlook 2022)
Organisation – Cyber Security Mandates and Compliance 66% of companies say that compliance mandates are driving spending (CSO Online - Top Cybersecurity Statistics, Trends and Facts, 2021) 78% of companies expect annual increases in regulatory compliance requirements. (Thomson Reuters - Challenges and Indicators for Change, 2021) GDPR fines totalled $1.2 billion in 2021
(CNBC, 2022)
Organisation – Behavorial
Organisations are conducting more application security testing scans than ever before In 2021, most firms were scanning applications approximately three times a week -- up from three times a year in 2010 (Veracode State of Software Security v12 Report)
Average Breach Cost Savings at organisations with an IR team that tested their plan versus those who did not (IBM, 2022)
Over 90% of respondents report receiving actionable insights from external information-sharing groups and/or partners. (WEF Global Cybersecurity Outlook 2022)
Organisation – Sentiment 82% of surveyed organisations are concerned their company is vulnerable to a cyber attack. The report also found that 49% of organisations lack the expertise and tools for adequate incident response (VMWare State of Incident Response Report, 2021)
54% of companies say their IT departments are not sophisticated enough to handle advanced cyber attacks pandemic-but-still-grappling
(Sophos)
59% of all respondents would find it challenging to respond to a cybersecurity incident due to the shortage of skills within their team (WEF Global Cybersecurity Outlook, 2022)
Individual – Behavioural
13% of consumers use a VPN to protect their online privacy
27% of consumers have stopped using public Wi-Fi to protect their online privacy
(Norton Cyber Safety Insights Report Global Results, 2021)
41% of people don't think their accounts are valuable enough to be worth a hacker's time. (LastPass, 2020)
Individual – Sentiments
58% of adults are more worried than ever about being a victim of cybercrime
53% of adults admit they don't know how to protect themselves from cybercrime
8% of consumers have never considered their identity could be stolen
83% of consumers want to do more to protect their privacy, but 47% don't know how
63% of consumers are very worried their identity will be stolen
(Norton Cyber Safety Insights Report Global Results, 2021)