When it comes to cybersecurity, knowledge is power. Understanding what threats exist, where trends are headed, and how cybercrime could affect your organization is all critical to building up your defenses and improving your security posture.
For example, the cybercrime industry is now a $1.5 trillion industry — has your organization contributed to that total? Is your organization concerned about cyber attacks? It should be as cyber attacks are the number one most concerning risk to global commerce. Do you think your organization is prepared if a threat occurs? On average it took organizations 277 days to identify and contain a breach in 2022. That’s a lot of (costly) downtime.
Let’s explore other statistics that every organization should consider when it comes to cybersecurity and the rising threat of cyber attacks.
50 Cybersecurity Stats to Know
What Causes Data Breaches?
1. 81% of breaches being caused by those external to the organization. (8)
2. 19% of data breaches are caused by internal errors. (8)
3. 77% of data breaches are financially motivated. (1)
4. 58% of data breaches target personal data. (1)
5. Roughly 4 in 5 breaches can be attributed to organized crime. (1)
6. Error continues to be a dominant trend and is responsible for 14% of breaches. (2)
7. 81% see vulnerabilities and misconfigurations as the biggest weakness within their infrastructure. (2)
Methods of Attack
8. Human element involved in 95 percent of all breaches. (8)
9. Compromised credentials were the most common attack vector exploited, followed by phishing and vulnerabilities. (1)
10. Supply chain was involved in 61% of incidents this year. (1)
11. Business Email Compromise (BEC) cases, 80% of the impacted organizations did not have multi-factor authentication (“MFA”) in place. (3)
12. Stolen or compromised credentials were not only the most common cause of a data breach, but at 327 days, took the longest time to identify. (4)
13. There’s been a 435% increase in ransomware attacks since 2020. (8)
14. 700M ransomware attacks in 2021 (1)
15. $40M USD paid as the largest ransom to date (1)
16. The median ransom demand across all ransomware incidents Tetra Defense responded to was USD$450,000 (3)
17. Microsoft Exchange (ProxyShell) and VMWare Horizon (Log4J) remain the top two external exploits being leveraged to deploy ransomware. (3)
18. Lockbit is rising as the dominant threat actor group in ransomware, accounting for more publicly disclosed ransomware incidents than the next three leading threat actor groups (BlackCat, Conti, and Quantum).
19. Extortion demands have more than doubled in 2022. (6)
20. 64% of organizations list phishing as their primary vector of concern. (2)
21. 48% of organizations identify a need to learn more about phishing mitigation. (2)
22. 90% of incidents analyzed by Arctic Wolf include a targeted employee attack. (2)
23. Organizations spent $170B in 2022 on security products and services. (2)
24. Venture capital funding for cybersecurity surpassed $20B in 2021 (2)
25. Cost is the #1 factor organizations consider when establishing a security program. (2)
26. Gartner predicts 45% of IT spend will be cloud outsourced by 2024. (2)
27. 25% of small businesses spent less than $500 on their monthly cybersecurity plan Pre-COVID. 26% of users are now investing more heavily in cybersecurity with a monthly budget of $500-$1,499.
28. 19% of companies have invested in Cloud Security Posture Management (CSPM) (2)
29. 28% of organizations list cloud security as their top infrastructure concern. (2)
30. 22% of organizations have plans to expand cloud security within the year. (2)
31. 47% of incidents investigated by Arctic Wolf include the cloud. (2)
Rising Data Breach Costs
32. $9.44M is the average cost of a data breach in the United States. (4)
34. $4.35M is the global average total cost of a data breach. (4)
35. The cost of a breach in the healthcare industry went up 42% since 2020.
Cybersecurity Staffing Issues
36. 76% of organizations cannot achieve their security goals due to staffing concerns (2)
37. 56% of organizations distribute security responsibilities to their IT staff (2)
38. 70% of customer environments include latent threats (2)
39. 65% of cybersecurity employees are actively considering new positions (2)
40. 53% of companies are either currently using a service provider or will adopt one within a year (2)
41. It’s estimated that there will be 3.5 million unfilled cybersecurity positions globally by 2025. That’s approximately the same as in 2021. (6)
42. Overall, cyber-related claims seen by corporate insurer Allianz Global Corporate & Specialty increased from almost 500 in 2018 to more than 1,100 in 2020. (6)
43. By 2025, 50% of organizations will be using MDR services for threat monitoring, detection, and response functions that offer threat containment and mitigation capabilities. (5)
44. 80% of threats can be prevented by implementing the top five CIS controls. (2)
45. Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover five billion citizens and more than 70% of global GDP. (5)
46. 60% of organizations will embrace Zero Trust as a starting point for security by 2025. More than half will fail to realize the benefits (5)
47. 42% of respondents have revised their cybersecurity plan since the COVID-19 pandemic.
48. The cyber insurance market is expected to be worth $20 billion by (6)
49. Most companies have business continuity plans, but less than 40% test them. (6)
50. By 2025, 60% of EDR solutions will include data from multiple security control sources, such as identity, cloud access security brokers (CASBs) and data loss prevention (DLP). (5)