Cybersecurity Statistics

28.10.2022

Cybersecurity Statistics

Numerous cybersecurity issues daily pose serious threats to businesses. Nowadays, it is also quite difficult to understand the risks even in theory. Often people simply have no idea what are the modern cyber risks. There is also quite widespread opinion of cyber threats like it was many years ago. However, modern cybersecurity is not limited with the firewalls, antiviruses and external hackers. The cybersecurity landscape is extremely complicated and evolves permanently.  In order to understand the risks better it is vital to stay up to date on the latest trends, facts and statistics.

The cybersecurity landscape is constantly changing, but it is clear that cyber threats are becoming more sophisticated and they occur more frequently. Here is a summary of some of the most interesting and alarming cybersecurity statistics for 2022:

• 85% of cybersecurity breaches are caused by human error. (Verizon)
• 94% of all malware is delivered via email. (CSO Online)
• Ransomware attacks happen every 10 seconds. (InfoSecurity Group)
• 71% of all cyberattacks are financially motivated (followed by intellectual property theft and then espionage). (Verizon)
• The annual global cost of cybercrime is estimated at $10.5 trillion by 2025. (Cybersecurity Ventures)

Annual global cost of cybercrime estimated to reach $10.5 trillion by 2025. Analysts at Cybersecurity Ventures predict that the costs associated with cybercrime will grow by 15% annually over the next five years. They reach this conclusion by evaluating historical financial data from cyberattacks and the future threat environment. Intellectual property theft, stolen money and data destruction are just some of the costs included in this forecast $10.5 trillion figure.

Find out how to prevent cybercrimes and internet threats.

Another issue that poses serious risks to cybersecurity is ransomware. Ransomware is a type of malware that infects a user's computer and restricts access to the device or its data. In order to get the data decryption key users are forced to pay a ransom (often in cryptocurrency, as it is difficult to track). Ransomware is one of the most dangerous types of information security threats because it allows cybercriminals to block access to computer files until a ransom is paid and it is also a very popular extortion technique. New technology allows hackers to bypass computer defenses and encrypt data in more sophisticated ways. Cybercriminals can hit a target hard and fast, demanding ever-higher ransom payments. In the past, an organization's antivirus software detected threats and prevented suspicious files from causing major damage. Today, IT professionals must worry about advanced, persistent threats that allow hackers to enter backdoors and remain undetected on networks for months. The statistics are quite alarming too. According to Sophos, 49% of respondents in retail, despite making backups, reported paying the ransom to get the data back. According to Cybersecurity Ventures, by the year 2031 global ransomware damage costs predicted to exceed $265 billion. 

Phishing schemes have always been popular among hackers, for instance, according to Cobalt, in 2020 66% of businesses experienced some form of phishing. Phishing is the number one tactic hackers use to get the data they need to launch major attacks. When phishing is targeted at a specific individual or company, the method is known as spear phishing. These types of cyberattacks continue to grow in popularity.

Data breaches and data leaks are also extremely dangerous and, unfortunately, widely-spread information security threats. Recently, we have faced numerous data breach and data leak incidents. The result of such incidents is disclosure of some data – often, some sensitive or personal data. The data exposed enables intruders to perform targeted attacks on both enterprises and individuals. For instance, exposure of customers’ personal data enables fraudsters to implement precise social engineering attacks. It should be noted, that  many organization tend to hide the fact of data breach or data leak occurrence, what makes it more difficult for organizations and users to get ready to a situation, when an attack takes place. However, even after being notified of a data breach, many users do not understand, what they should do. For instance, according to Varonis data, 64% of Americans don't know what to do next after being notified of a data breach. Few user understand clearly, how to check if the data is exposed, protect their data by changing passwords and blocking credit cards, and monitor their credit reports and bank statements for suspicious activity.

Risky apps also continue to pose a serious threat. Of course users love to install new apps on mobile devices to make lives more convenient, productive and fun. However, many apps, available in the Google Play Store is not safe. Using these apps can lead to financial losses, identity and data theft. Recently, this fraud scheme was actively exploited by the fraudsters and amount of malicious applications, which can be downloaded even in the official Play Market increased.

Below you can find some more illustrative statistics:

• According to the University of Maryland there is an average of 2,244 cyberattacks per day, which is one every 36 seconds.
• A study by the Australian Government's Australian Cyber Security Center (ACSC) found that between July 2019 and June 2020, 59,806 cybercrimes were reported (reported crimes, not hacks), which is an average of 164 cybercrimes per day, or about every 10 minutes. (cisomag)
• According to the Cybint Solutions 43% of cyber-attacks targeted small business in 2020. Many other researches confirm that in 2022 up to 50% of cyber-attacks target small business. While many researchers tend to focus on cyberattacks on Fortune 500 companies and high-profile government agencies, hackers are finding that many small businesses have not invested enough in cybersecurity and are looking for opportunities to exploit SMBs vulnerabilities for financial gain or other profitable options. Security experts are ringing alarm bells for SMBs to shore up their data security measures. While statistics point to the vulnerabilities of SMB network security, the warnings seem to fall on deaf ears. A recent study shows that one-third of SMBs use some sort of free consumer cybersecurity tools to protect their systems. One in five use no tool at all. Nearly half of SMBs have no defense plans.
• According to CNBC, historic 2020 Twitter hack exposed accounts of some prominent people. Hackers compromised 130 accounts, including Elon Musk's one. They proceeded to send messages to the followers of the accounts asking them to send them bitcoin. Surprisingly, they received about $120,000 in Bitcoin before abandoning the scam. Twitter invited blockchain consultants from Elliptic to investigate the transactions. The social media giant concluded that the hack was initiated by an insider.
• As it was stated by the Comparitech, in the long term, breached companies underperformed the market. After a one year term, share price fell -8.6% on average. Cyber security breaches reduce the value of publicly traded companies by an estimated 8.
• One of the world's largest security firms admitted being the victim of a sophisticated hack in 2020. The hack of IT security firm FireEye was quite shocking. FireEye consults with government agencies to improve the security of networks that store and transmit data related to U.S. national interests. In 2020, brazen hackers breached the company's security systems and stole tools FireEye uses to test government networks.
• According to KnowBe4, about 30% of education workers failed a phishing test. The 2020 Phishing Report by Industry published by KnowBe4 found that individuals who worked in the education industry were not adequately trained to recognize and handle phishing schemes when they encountered them. According to the report, education employees were the most likely to fall victim to phishing and social engineering tactics out of all other workers in other industries except healthcare. The good news is that training works for them. After proper employee training, phishing test failures dropped from 30% to 5%.

Cybersecurity statistics: summary

Cybersecurity is a very serious issue, and it's only getting more and more serious. As phishing attempts, malware, identity theft, and huge data breaches increase daily, the world is seeing an epidemic that can only be solved through global action.

The cybersecurity landscape is changing, the information security threats are becoming more sophisticated and more serious.

Human factor ransomware Risk management