The damage related to cybercrime is projected to hit $6 trillion annually by 2021, according to Cybersecurity Ventures. To give you a better view of the current state of overall security, we’ve collected 29 vital statistics about data breaches, hacking, industry-specific statistics, as well as spending and costs.
The Big Five
- Worldwide spending on cybersecurity is going to reach $133.7 billion in 2022. (Gartner)
- 68% of business leaders feel their cybersecurity risks are increasing.
- Data breaches exposed 4.1 billion records in the first half of 2019. (RiskBased)
- 71% of breaches were financially motivated and 25% were motivated by espionage. (Verizon)
- 52% of breaches featured hacking, 28% involved malware and 32–33% included phishing or social engineering, respectively. (Verizon)
Largest Data Breaches Statistics
Some organizations experienced a data breach during 2019. It put their business: reputation, customers and partners at high risk. To keep your organization out of this experience, it’s important to understand the most common causes of data breaches.
8 Most Common Causes of Data Breach
- Weak and Stolen Credentials, a.k.a. Passwords
- Back Doors, Application Vulnerabilities
- Malware
- Social Engineering
- Too Many Permissions
- Insider Threats
- Improper Configuration and User Error
The growth of large-scale breaches represents us a growing trend of security violations both in numbers and their severity. Data breaches expose sensitive information that often leaves users at risk for identity theft, ruin companies’ reputations and leave the company liable for compliance violations.
- Security breaches have increased by 11% since 2018 and 67% since 2014. (Ponemon Institute)
- Hackers attack every 39 seconds, on average 2,244 times a day. (University of Maryland)
- The average time to identify a breach in 2019 was 7 months. (IBM)
- The average lifecycle of a breach lasted almost 11 months (from the breach to containment). (IBM)
- The average cost of a data breach is $3.92 million as of 2019. (Security Intelligence)
- In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers and forced to pay them $100,000. (Bloomberg)
- Even though the Equifax breach was in 2017, the company is still paying off the $4 billion in total.
Reducing an enterprise’s Cyber Risk requires a holistic approach:
- Knowing your organization’s Status of tools
- Knowing the Status of critical security controls
- Being aware of enterprise coverage status
- Being alert in cases of deviation from normal behaviour
As holistic cybersecurity management and awareness solution, Cyber Observer provides you with real-time insights on your current cybersecurity line-of-defense status behaviour. Empowered with comprehensive awareness, you can easily identify weaknesses, reduce mean-time-to-detect and improve the ability to prevent and detect cyber-attacks.
Cyber Crime by Attack Type
It’s critical to have a general view of metrics surrounding cybersecurity issues in terms of their type and origins as there are many and they vary greatly. Mostly, cyberattacks include:
- Malware attack
- DoS and DDoS
- MitM
- Phishing and spear-phishing attacks
- Drive-by attack
- Password attack
- SQL injection attack
- XSS
Cybercrime attack type statistics:
- 34% of data breaches involved internal actors. (Verizon)
- 69% of organizations don’t believe the threats they’re seeing can be blocked by their anti-virus software. (Ponemon Institute)
- The average cost of a ransomware attack on businesses is $133,000. (SafeAtLast)
- 92% of malware is delivered by email. (CSO Online)
- Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations. The United States ranks highest with 18.2% of all ransomware attacks. (Symantec)
Industry-Specific Cyber Stats
Finance and Healthcare are the most popular targets among hackers. Sadly, in general, no one is safe nowadays. Additionally, SMBs were widely targeted in 2019 due to the perception that they possess fewer security capabilities in place.
- 43% of breach victims were small and medium businesses. (Verizon)
- 15% of breaches involved Healthcare organizations, 10% in the Financial industry and 16% in the Public Sector. (Verizon)
- The banking industry incurred the most cybercrime costs in 2018 at $18.3 million (Ponemon Institute)
- The estimated losses in 2019 for the healthcare industry are $25 billion. (SafeAtLast)
- Supply chain attacks are up 78% in 2019. (Symantec)
Security Spending and Costs
Cybersecurity budgeting has been increasing steadily as more decision-makers are realizing the value and importance of cybersecurity investments. According to the Cyber Security mid-year snapshot’19 report, Cybersecurity budgets have increased by almost 60%.
- By the end of 2020, security services are expected to account for 50% of cybersecurity budgets. (Gartner).
- The average cost of a malware attack on a company is $2.6 million. (Accenture)
- $3.9 million is the average cost of a data breach. (IBM)
- The average cost in time of a malware attack is 50 days. (Accenture)
- The most expensive component of a cyber-attack is information loss at $5.9 million. (Accenture)
- Including turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill, the cost of lost business globally was highest for U.S. companies at $4.13 million per company. (Ponemon Institute)
- 50% of large enterprises (with over 10,000 employees) are spending $1 million or more annually on security, with 43% spending $250,00
To improve and raise your Cybersecurity posture and awareness you don’t need to invest endlessly in new security tools. The truth is that 80% of data breaches can be prevented with basic actions, such as vulnerability assessments, patching, and proper configurations (read more about Cyber Observer’s Continuous Tools Status here)
Although the reality is challenging, and a future is not promising to be better in terms of cybersecurity threats and malicious attacks, we are here to address your challenges and to help you realize your cybersecurity status, its capabilities and provide you recommendations for improving overall cybersecurity.
This feature was originally published in Cybercrime Magazine.
