Cyber attackers are smart, capable, and only becoming more so as time goes on. With increased vulnerability from public health fears and shuffled work settings, individuals and companies have suffered a great deal of attacks in the last couple years. And that’s on top of what was already a teeming problem. Some of the numbers may alarm you, especially if you haven’t been paying close attention to cybersecurity. Here are ten cybersecurity stats that you should be aware of.
Cyber crimes have gone up 300% since Covid-19 began.
The FBI’s Internet Crime Complaint Center (IC3) reported that cybersecurity complaints went from around 1,000 a day at the beginning of the pandemic to 3,000-4,000 daily as of late spring this year. By summer it had documented over 12,000 scams that were directly related to Covid-19, such as those that lured individuals to malicious links by promising health information. In other cases hackers have taken advantage of displaced attention, workplace reorganizing, and general social unrest to launch other kinds of attacks, sometimes even to the extent of warfare.
Up to 95% of breaches could be prevented with user awareness.
Several sources (like this one) attribute 90-95% of successful cyber attacks to human user error. Things like inadvertent opening of malicious files, using weak or old passwords, or even intentional misconduct on the part of employees end up becoming big vulnerabilities. That’s why cyber literacy training and insider risk management are important in protecting an organization.
Only 5% of companies’ folders are protected properly.
Conversely and along the same lines, only a small 5% of folders are actually protected as they should be. As Varonis puts it, “Your files called. They want their privacy back.” In a risk assessment of 54 billion files, they found all kinds of sensitive files that weren’t private. Just think how much stronger organizations’ files and networks would be by addressing employee awareness and folder protection!
The average cost of a data breach is $3.9 million.
Ouch—that’s a big number. And this is just for small- to medium-sized businesses (SMBs). For larger, publicly traded companies, that number goes up to $116 million. For many companies, this ends up financially crippling, not to mention the damage to reputation and productivity. A company’s share prices also fall after a breach and can trend lower for a while. Comparitech found that share prices were an average of 8.6% lower a year after a breach and an average of 15.6% lower after three years.
The industries most vulnerable to attack are government, technology, retail, and healthcare.
In terms of industries, the healthcare industry suffers the highest average data breach costs at $7.13 million. But even more frequently targeted are government, technology, and retail industries. What these industries share is a large amount of personal indentifying information, so they’re a popular aim for cyber attackers.
The average life cycle of a breach is 280 days.
An IBM report showed that last year, it took companies an average of 207 days just to identify a breach. The life cycle until containment averaged 280 days. That’s over nine months of finding and recovering from an attack that can be so financially disabling and disruptive to work. Sounds like it’s worth it to take every effort to prevent it from happening in the first place.
1 in every 323 emails at small companies is a phishing email.
According to a Symantec report last year, 1 in 4,200 emails in the first quarter of 2020 were phishing emails. That might not sound like bad odds, but think of how many emails you have in your various email inboxes. And if you’re in a smaller organization of less than 250 employees, your rate of malicious emails goes up to 1 in 323. This makes small businesses and organizations, including some nonprofits, the most highly targeted places for email attacks.
1 in 13 web requests leads to malware.
Another report of Symantec’s found 1 in 13 web requests leading to malware. It also found increasing malware variants that were out there. In their report, they stated that this problem was exacerbated by older operating systems that couldn’t protect from newer threats. Mobile malware variants were particularly troublesome.
Supply chain attacks increased by 78% in 2019.
Supply chain attacks, which penetrate a network through a trusted vendor who becomes compromised, have been steadily increasing over the past several years. In 2019, Symantec reported a sharper increase of 78%. With the SolarWinds hack affecting governments and enterprises around the world last year, supply chain attacks have only become an even more troubling concern.
There are about 4 million unfilled cybersecurity jobs in the world.
One positive result of these otherwise alarming numbers is that there are lots of jobs to be filled. 70% of cybersecurity professionals feel that their organization has a shortage of cybersecurity, and cybersecurity positions grew 350% from 2013 to 2021. Today there are around 4 million unfilled cybersecurity jobs worldwide and the occupation’s unemployment rate is 0%. Great news if you’re a cybersecurity professional looking for work. (And if you are, we want to hear from you!)
Cybersecurity Stats Have Real Impacts
All of these numbers can be dizzying—but not as dizzying (and catastrophic) as it is to have your organization breached. The stats we’re faced with are only getting worse, which reflects the importance of cybersecurity and a Zero Trust approach. For help cementing your organization’s security with the best tools and guidance, reach out to us today.