Whether you’re an ordinary person, a small business owner or you work for a large company, keeping up with the latest cybersecurity statistics is a must.
After all, we live in a world where we’re increasingly reliant on technology – and the impact of cybersecurity exploits is growing just as rapidly.
As we’ve already entered the second half of the year, it’s essential to understand our current reality and the potential implications these statistics have for the future.
Unfortunately, we often have to read through dozens, if not hundreds, of reports just to get the tip of the iceberg.
This is why we put together this informal report on cybersecurity statistics for 2021.
By combing through and condensing professional evaluations, reports, and even media coverage for you, our goal is to help you develop a deeper understanding of what threats we face and will face in 2021 and beyond.
And with that solid foundation in place, you’ll be in a better position to build stronger cybersecurity defenses for yourself and your business.
Overview of Cybersecurity Statistics for 2021
As published in The Global Risks Report 2021 by the World Economic Forum (WEF), the latest Global Risks Perception Survey identifies cybersecurity failure as the 4th most critical perceived threat to the world.
Part of the reason is that, in response to the COVID-19 pandemic, companies were forced to embrace the remote-work model, with employees working from home.
This was primarily made possible thanks to cloud-based platforms, the ever-expanding array of IoT (Internet of Things) devices, and 5G helping increase the connectivity of devices as a whole.
As a result, cybersecurity – and cybersecurity awareness – is arguably more important than ever. Especially as 1 in 6 workers are expected to continue working from home after the pandemic ends and only 12% want to go back to working in an office full-time.
This, together with the cybersecurity statistics you’ll discover below, means you can expect to see:
- IoT devices becoming increasingly vulnerable to cyber attacks
- Cybercriminals continuing to target remote workers
- Cloud-based platforms suffering increased breaches and attempted breaches
The Difficulties of Compiling Meaningful Cybersecurity Statistics
Compiling meaningful cybersecurity statistics is an endeavor fraught with difficulties.
For one, there’s the sheer number of reports involved, as mentioned in our introduction. Part of the reason is that there are so many cyber-attacks happening:
- Cyber-attacks happen every 39 seconds on average.
- It takes an average of 280 days to detect and contain a data breach; and
- 315 days on average to detect and contain data breaches caused by a cyber-attack.
- Only 54% of companies who suffer a ransomware attack did or would notify law enforcement.
And with the updated Ransomware Advisory from the US Department of Treasury’s Office of Assets Control (OFAC) making paying the ransom fees illegal, that number can be expected to decrease.
This means we can never be sure the statistics at hand are accurate. And that only makes them more alarming.
Impact and Severity of Cybersecurity Breaches
Cybersecurity breaches have a massive impact on the affected company and its clients.
The severity of this impact can differ significantly, mainly depending on the type of attack used, the preventative cybersecurity in place, and the means for identifying and responding to breaches.
One of the most significant ways to measure the impact of a breach is by the costs involved, specifically in losses incurred by a breached company.
These costs include:
- Business disruption and revenue loss caused by lost data and system downtime as a result of the breach, including during internal efforts to restore their systems
- Revenue loss caused by damaged reputation and losing clients as a result of the breach
- Potential reparations and (in some cases) lawsuits
- In the case of ransomware, payment of the ransom
Attempting to minimize expenses caused by reputation damage and potential lawsuits is one of the potential reasons CSO gives for companies failing to report cybersecurity breaches.
Costs of Cybersecurity Breaches
- The global average cost of a data breach is $3.86 million, up from $2.6 million in 2019 .
- The average cost of a mega-breach (50 million+ records) is $392 million.
- For the past 10 years, the healthcare industry suffers the highest average data breach costs at $7.13 million.
- The average cost per record of customer PII (Personally Identifiable Information) is $175 and accounts for approximately $5.9 million of the total cost of a data breach.
- Lost business in the aftermath of a data breach accounts for an average loss of $1.52 million.
- The average cost of a data breach in the healthcare industry for 2020 is $7.13 million.
- The average cost of a data breach in the financial industry for 2020 is $5.85 million.
- 57% of managed service providers (MSPs) lose 11% to 20% of their customers.
- 13% of businesses, in general, lose more than 50% of their customers.
- An estimated average of $170,000 in ransom fees is demanded per incident.
- An average drop in stock value of 7.27%.
- Share values hit their lowest approximately 110 market days after the breach.
- After 1 year, share prices have dropped an average of 8.6%; after 2 years, 11.3%; and after 3 years, 15.6%.
Cybersecurity Ventures offers some alarming predictions for the growing costs of cybersecurity breaches:
- Global annual cybercrime costs will reach or exceed $6 trillion by 2021, up from $3 trillion in 2015.
- Ransomware will claim a new victim every 5 seconds in 2021, with global damage costs of $20 billion.
- Global annual cybercrime costs will reach or exceed 10.5 trillion by 2025.
Companies are naturally more willing to spend money on preventative and responsive measures through cybersecurity budgeting with so much to lose.
Here’s a look at that expenditure:
- The average spending on cybersecurity per full-time employee increased from $2,337 in 2019 to $2,691 in 2020.
- Cybersecurity spending reached around $40.8 billion in 2019, with an estimated forecast of over $54 billion for 2021.
- 50% of companies with more than 10,000 employees spend $1 million or more on cybersecurity each year; 43% spend between $250,000 and $999,999; and 7% spend less than $250,000 a year.
- Total Information Security & Risk Management spending will exceed $150 billion in 2021.
- The Gartner 2021 CIO Agenda Survey also reveals that “61% of respondents are increasing investment in cyber/information security” for 2021.
- Total information security spending will reach $170.4 billion in 2022.
- $30.9 billion will be spent on AI-based cybersecurity solutions by 2025.
Cybersecurity expenditure will also include measures for identifying and containing a breach:
- Successfully containing a data breach in less than 200 days yields average savings of $1.12 million compared to taking more than 200 days to do so.
And on a related note:
- 35 million cybersecurity jobs will go unfilled globally in 2021.
Cybersecurity Statistics by Cybercrime Type
There are many types of cybercrimes.
Understanding what they are and how they affect their targets is crucial to developing an adequate cybersecurity plan as an individual and as a business.
Social Engineering Attacks
Social engineering is a form of cyberattack that focuses on the psychological manipulation of people rather than technology.
The aim is to manipulate the target into revealing confidential information and/or to take actions that will result in such information being revealed to the attacker.
One of the most common forms of social engineering attacks is phishing, when an attacker sends a fraudulent message (usually by email, but also by SMS or even phone call) to manipulate the target, usually to click a malicious link.
Take a look at these phishing statistics to give yourself a better idea of the dangers involved:
- 21% of current or former employees use social engineering against their past/present employers for financial gain, revenge, out of curiosity, or for fun.
- 99% (or more) of attacks observed require human action, including interacting with phishing links (etc.) or interacting with malicious files on the system.
- $17,700 total losses per minute due to phishing.
- 2019 saw a 640% increase in phishing attempts compared to 2018.
- 27% of phishing sites in 2019 used HTTPS to trick targets into thinking the site was safe.
- 48% of the Ponemon Institute study’s respondents suffered phishing/social engineering attacks.
- 83% of UK businesses and 91% of large UK firms report phishing attacks as the source of a data breach.
- 57% of organizations surveyed suffered a successful phishing attack in 2020.
- 74% of organizations in the US were successfully breached by a phishing attack in 2020.
- US organizations suffer successful phishing attacks at a rate 30% higher than the global average.
- 35% of the US organizations that were successfully breached by a phishing attack in 2020 suffer immediate financial loss as a result – nearly double the international average.
- 25% of all data breaches for 2020 involved phishing.
- Phishing accounts for 1 in every 4,200 emails sent in the first quarter of 2020.
- The UN Disarmament Chief says there was “a 600% increase in malicious emails during the current crisis” in March 2020.
- Symantec’s Threat Landscape Trends – Q3 2020 reports the number of phishing attempts their Intrusion Prevention System (IPS) blocked was 97% higher than in Q1 2020, for a total of approximately 1.4 million.
- 29% of workers worldwide and 33% of workers in the US admit to clicking on at least one phishing link in 2020.
- Ongoing cybersecurity training over 4 to 6 months can reduce phishing click-through rates by 65%.
- 60% of participating IT professionals consider new employees to be the most susceptible to social engineering attacks.
- 7 new phishing URLs are put up every minute.
- A social engineering incident frequency of 3,841 with 1,767 confirmed data leaks.
- 95% of social engineering attacks are financially motivated vs. 5% related to (corporate and other) espionage.
- Phishing is now present in 36% of all data breaches.
Sensitive Files Are Too Accessible to Employees
- Confidentiality – protecting sensitive data from unauthorized access, including access by employees who do not require access to that data as part of their function within the company.
- Integrity – protecting data from unauthorized deletion or modification, including the ability to reverse deletion or modification made in error by an authorized person.
- Accessibility – making data securely but readily accessible to parties who require access as part of their function within the company or as the data owner.
- The 2019 Global Data Risk Report reveals:
- 53% of companies surveyed found more than 1,000 sensitive files were accessible to all employees.
- 17% of all sensitive files were accessible to all employees.
- 53% of the sensitive data stored was stale, with 95% of companies surveyed finding more than 100,000 files with stale data.
- 58% of companies surveyed discovered more than 1,000 stale user accounts that were still enabled and had access to data.
- Healthcare, Pharmaceutical & Biotech:
- The average healthcare worker has access to 31,000 sensitive files on their first day of work.
- More than 50% of organizations in the industries surveyed have more than 1,000 sensitive files accessible to all employees.
- 57% of organizations surveyed have between 1,000 and 10,000 stale user accounts that are still enabled and have access to data.
- 22% have more than 10,000 stale user accounts that are still enabled and have access to data.
- Financial Services:
- Nearly two-thirds of the companies surveyed have 1,000 or more sensitive files that are accessible to all employees.
- 25% of companies that give global access to all employees have 1,000 to 10,000 sensitive files accessible.
- 39.29% of companies whose employees all have global access have more than 10,000 sensitive files accessible to all employees.
- On average, 70% of all sensitive data stored by the companies surveyed is stale.
- 25% of companies surveyed have between 1,000 and 10,000 stale user accounts that are still enabled and have access to data.
- 39.29% have over 10,000 stale user accounts that are still enabled and have access to data.
- 65% of employers let their employees use unmanaged personal devices to access company data and applications.
- 84% of companies surveyed for the 2020 Remote Workforce Security Report plan to keep remote work as the norm even after COVID-19 restrictions are lifted.
- Remote workers will be cybercriminals’ main target throughout 2021.
Network Security Vulnerabilities
Network security vulnerabilities are flaws or weaknesses in a company or individual’s computer system(s). Cyber-attacks that target these vulnerabilities seek to exploit them.
It’s generally much harder to discover and exploit network security vulnerabilities directly than to use social engineering to gain access to the system and discover vulnerabilities.
In fact, looking back at ProofPoint’s Human Factor Report 2019:
- Less than 1% of the attacks observed made use of system vulnerabilities.
It’s important to specify that the above statistic represents direct attacks only. As we saw in the previous section, social engineering attacks like phishing often lead to network security vulnerabilities being exploited.
For this reason, social engineering is also considered a form of network security vulnerability. While we’ve already looked at many social engineering-related cybersecurity statistics in the previous section, there will be more shared here as appropriate.
Types of Network Security Vulnerabilities
As mentioned, social engineering is the most pervasive type of network security vulnerability. It’s often used to plant or otherwise exploit the other main types, which include:
- Outdated software
- Operating systems, firewalls, or other cybersecurity tools that have been misconfigured
Malware, or “malicious software,” includes:
- Adware – malware that delivers ads to you and often tracks your online behavior to deliver targeted ads;
- Computer viruses – a form of malware designed to replicate itself by spreading its code to other programs installed on the device and to other computers on the same network;
- Cryptojacking – a form of malware that is embedded in the device’s system (or a script embedded into the browser) and uses the device’s resources (typically the CPU and/or GPU) to mine cryptocurrencies for the attacker;
- Fileless malware – a variant of malware that exists exclusively in RAM (Random Access Memory), does not rely on files or leave a footprint, and is more challenging to detect and remove than other malware;
- Hybrid attacks – hybrid attacks aren’t solely malware-based, and some might not even use malware at all. Instead, these attacks combine two different attack methods – for example, hybrid malware might combine adware with a Trojan;
- Ransomware – a form of malware that encrypts data to deny the targeted user or organization access and holds the data at ransom. In some cases, ransomware only seeks to deny access to the data, but in others, the attacker will also threaten to publish/leak the data if the ransom isn’t paid;
- Spyware – a type of malware that records device usage, including online behavior, downloads, installed software, credentials, payment information, and communications, which is then sent to the attacker;
- Trojans – also called a Trojan Horse or Trojan Virus, Trojans are malware disguised as legitimate software to trick users into installing them. Once installed, the Trojan will damage or steal data on the device and/or disrupt the network;
- Worms – a form of virus that doesn’t need to attach itself to any programs (similar to fileless malware) and spreads to other devices on the same network.
- 67% of malware attacks were file-based in 2019 and forecast 65% for 2020 and 59% for 2021.
- 33% of malware attacks were fileless in 2019, with estimates of 35% for 2020 and 41% for 2021.
- Email is responsible for 94% of malware delivery.
- 25% of malicious URLs (phishing or malware-infected) identified in 2018 to 2019 were hosted on otherwise non-malicious websites.
- 61.22% of all websites identified to host malware in 2019 were based in the US.
- 85% of identified malware threats on Windows systems are found in one of four directories: %appdata%, %cache%, %temp%, and %windir%.
- 93.6% of all malware observed in 2019 was polymorphic, i.e., able to constantly modify its code to evade detection.
- A 125% increase in malware targeting (the now no-longer supported) Windows 7 from 2018 to 2019.
- Systems still running Windows 7 are nearly 300% more likely to be infected by malware than systems running Windows 10.
- 90.82 million malware targeting Windows systems developed in 2020 alone.
- A massive spike in new malware targeting MacOS systems, from 58,190 in 2019 to 673,530 in 2020.
- 3.12 million new malware targeting Android devices in 2020.
- Adware accounted for 57.26% of all new mobile malware worldwide in 2020.
- Over 111 million instances of malware on Windows devices (consumer and business combined) were detected by Malwarebytes in 2020.
- Over 75 million instances of malware were detected on macOS devices (consumer and business combined) detected by Malwarebytes in 2020.
- Adware was the top consumer malware type in 2020, with over 31.5 million instances detected by Malwarebytes.
- Trojans were the top business malware type in 2020, with over 6.1 million instances detected by Malwarebytes.
- 46% of organizations had their network security and data compromised or potentially compromised due to malware infecting at least one employee’s mobile phone.
- 38.92% of malware infections are on Windows/PCs (up from 35.82% the previous year).
- 32.72% are on IoT devices (up from 16.17%).
- 26.64% are on Android devices (down from 47.15%).
- 1.72% are on iOS devices (up from >1%).
- 5.6 billion malware attacks (excluding cryptojacking, ransomware, and IoT/Internet of Things) were recorded for 2020, 43% less than in 2019.
- 3.8 billion malware attacks were distributed through malicious URLs with HTTPS encryption in 2020, 4% higher than in 2019.
- A total of 1.83 million new malware targeting Android devices have been identified by the AT-TEST Institute for 2021 as of July 13.
- Verizon’s DBIR 2020 reveals that 17% of all data breaches involve malware.
- The UK government’s Cyber Security Breaches Survey 2021 reveals:
- Only 9% of the country’s businesses report malware (excluding ransomware) as the source of a data breach.
- 16% of the country’s charity organizations report malware (excluding ransomware) as the source of a data breach.
- The 3 top malicious email attachments delivering malware are:
- Windows executable files (.exe) – 68%
- Script files (most commonly .JS, .VBS, .SCPT, .PHP, and .ASP) – 16%
- Office Documents (.doc, .docx, .dot, .xlsx, .xml, etc) – 8%
- The AV-TEST Institute:
- Registers an average of over 350,000 newly identified malware and potentially unwanted applications (PUA, also PUP – potentially unwanted program) every day.
- Has identified a total of 1,244.47 million malware versions as of 13 July 2021.
- Has identified 100.81 million new malware from January to June 2021(an average of 16.8 million new variants per month).
- Ransomware attacks against businesses in 2016 happened every 40 seconds on average.
- Infected employees are locked out of their files for:
- At least 1 day – 96%
- At least 2 days – 72%
- At least 3 days – 61%
- At least 5 days – 32%
- At least 10 days – 17%
- Symantec’s Internet Security Threat Report 24:
- 81% of ransomware attacks targeted enterprises rather than individuals in 2018.
- China ranked highest for the number of ransomware attacks detected (16.9% in 2018).
- The US ranked third-highest at 13% of total global ransomware attacks seen in 2018, down from first place with 18.2% the previous year.
- The State of Ransomware 2020 reveals that:
- 51% of surveyed companies suffered a ransomware attack in 2019.
- 73% of targeted companies had their data encrypted.
- 24% of ransomware attacks were detected and stopped before data could be encrypted.
- 94% of the companies whose data was encrypted got it back:
- 56% restored data back-ups and did not pay the ransom;
- 12% used other means to restore lost data and did not pay the ransom;
- 26% paid the ransom to get their data back.
- 1% of surveyed companies paid the ransom but were unable to restore encrypted data.
- The average cost of rectifying the impacts of a ransomware attack is $732,520 for companies that do not pay the ransom.
- The average cost of rectifying the impacts of a ransomware attack is $1,448,458 for companies that do pay the ransom.
- Only 64% of companies surveyed have cybersecurity insurance that covers ransomware.
- 94% of ransoms paid by companies with ransomware insurance are reimbursed by the insurance company.
- 59% of ransomware attacks where data was encrypted include data stored in public cloud storage, including Google Drive, DropBox, etc.
- Datto reports [Ransomware and the Cost of Downtime Infographic] that:
- The average cost of downtime caused by ransomware attacks for 2020 is $274,200.
- Downtime caused by ransomware attacks in 2020 can cost nearly 50x more than the ransom.
- Cybersecurity Ventures predicts:
- The rate of ransomware attacks could increase to every 11 seconds in 2021.
- Global ransomware damage costs to reach $20 billion in 2021.
- 304.6 million ransomware attacks were recorded for 2020 according to the 2021 Sonic Wall Cyber Threat Report, 62% more than in 2019.
- According to The Chainalysis 2021 Crypto Crime Report:
- 7% of all crime-related cryptocurrency transactions are ransomware payments (crime-related transactions account for 0.34% of all cryptocurrency transactions) in 2020.
- Blockchain analysis shows nearly $350 million in cryptocurrency was paid in total ransomware fees for 2020, a 311% increase over 2019.
- The FY20 Microsoft Digital Defense Report [PDF] reveals:
- 88% of ransomware infections take less than 4 hours to infiltrate a target system.
- Some ransomware attacks progress from initial entry to full encryption in less than 45 minutes.
- According to the UK government’s Cyber Security Breaches Survey 2021:
- 7% of UK businesses report ransomware attacks as the source of a data breach.
- 6% of large UK firms report ransomware attacks as the source of a data breach.
- Arcserv’s The 2020 Data Attack Surface Report [PDF] and/or Ransomware’s Stunning Impact on Customer Loyalty and Purchasing Behavior both report:
- 25% of surveyed consumers in France, Germany, North America, and the UK say they will abandon a company, product, or service after a single service disruption, transaction failure, or instance of data being inaccessible due to a ransomware attack.
- Nearly 50% say they would quit their banking or security service provider immediately after a ransomware attack.
- 59% of the survey participants say they will likely avoid doing business with a company that has suffered a cyber-attack (including ransomware attacks).
- More than 66% say they would switch to a competitor if a company cannot restore its systems within 3 days after a cyber-attack (including ransomware attacks).
- More than 22% say they would switch to a competitor if they can’t access their data or make a transaction through a company within 24 hours following a cyber-attack (including ransomware attacks).
- Cybereason’s 2021 Ransomware: The True Cost to Business [PDF] reveals:
- 80% of companies that pay the ransom following a ransomware attack experience another attack.
- 66% of companies report significant revenue loss after a ransomware attack.
- 53% of companies that suffer a ransomware attack report their brand reputation is negatively impacted.
- 46% of companies that regain data after paying the ransom fee find some or all of the data is corrupted.
- 42% of cybersecurity insurance plans do not cover all losses caused by a ransomware attack.
- 32% of companies hit by ransomware lose top leadership due to dismal or resignation.
- 29% of ransomware attacks led the affected company to eliminate jobs due to financial losses.
- 25% of ransomware attacks forced the affected company to close their business for a period of time.
- The Coveware Quarterly Ransomware Report Q1 2021 reveals:
- The average ransomware payment in the first quarter of 2021 was $220,298 (+43% compared to Q4 2020).
- The median ransomware payment in the first quarter of 2021 was $78,398 (+59% from Q4 2020).
- 77% of ransomware attacks in the first quarter of 2021 included threats to leak the stolen data (+10% compared to Q4 2020).
- Nearly 50% of ransomware attacks in the first quarter of 2021 are the result of Remote Desktop Protocol (RDP) connections being compromised.
- Approximately 31% of ransomware attacks in the first quarter of 2021 are the result of a successful email phishing attack.
- 100% of successful ransomware attacks against companies with 25,001 to 50,000 employees in the first quarter of 2021 are the result of a successful email phishing attack.
- Software vulnerabilities (excluding RDP compromises) account for the majority of successful ransomware attacks against companies with more than 50,000 employees in the first quarter of 2021.
- 24.9% of all successful ransomware attacks in the first quarter of 2021 targeted the Professional Services industry, followed by the Healthcare industry (11.6%) and Public Sector (11.6%).
- The average downtime for a company hit by a ransomware attack in the first quarter of 2021 is 23 days (+10% compared to Q4 2020).
IoT Cybersecurity Statistics
- Altman Vilandrie & Co.’s 2017 IoT Security Survey [PDF] reveals:
- 46% of companies using IoT devices experienced an IoT-related cybersecurity breach between 2015 and 2017.
- 2% of respondents didn’t know whether they had experienced an IoT-related cybersecurity breach during the same period.
- Companies participating in the survey that had not experienced an IoT-related cybersecurity breach were spending 65% more of their budget on IoT security than those that had experienced at least one breach.
- 46% of companies using IoT devices experienced an IoT-related cybersecurity breach between 2015 and 2017.
- According to Symantec’s Internet Security Threat Report 24 [PDF]:
- Symantec’s IoT honeypot recorded an average of 5,233 cyber-attacks against IoT devices in 2018 (total recorded: 57,553).
- 75.2% of the cyber-attacks targeted routers.
- 15.2 of the cyber-attacks targeted IoT cameras.
- 24% of cyber-attacks against IoT devices originated in China.
- 10% of cyber-attacks against IoT devices originated in the US.
- 61% of businesses surveyed reported IoT cybersecurity incidents.
- Symantec’s IoT honeypot recorded an average of 5,233 cyber-attacks against IoT devices in 2018 (total recorded: 57,553).
- F-Secure’s Attack Landscape H1 2019 [PDF] reports cyber-attacks against IoT devices increased by 300% in 2019.
- IoT Analytics forecasts 30.9 billion connected IoT devices by 2025.
- IHS Technology’s IoT Platforms: Enabling the Internet of Things Whitepaper [PDF] forecasts:
- 35.82 billion IoT devices by 2021.
- 75.44 billion IoT devices by 2025.
- Juniper Research’s The Internet of Things: Consumer, Industrial & Public Services 2016-2012 forecasts there will be over 46 billion connected IoT devices by 2021.
- 127 new IoT devices are connected to the internet every second as of January 2020, according to Security Today.
- The Cisco Annual Internet Report (2018 – 2023) [PDF] forecasts:
- A global average of 13.6 IoT devices per household by 2022.
- A global average of 3.6 IoT devices per person by 2023.
- 50% of all global devices and connections will be Machine-To-Machine (M2M) by 2023.
- 48% of all M2M connections will be from IoT devices by 2023.
- 74% of IoT devices will belong to consumers and 26% to businesses by 2023.
- The 2020 Endpoint and IoT Zero Trust Security Report reveals:
- 72% of companies surveyed report an increase in endpoint and IoT cybersecurity incidents between 2019 and 2020.
- 56% of companies surveyed anticipate a successful breach due to an endpoint or IoT cyberattack in 2020 to 2021.
- On the impact to victims of an endpoint or IoT cybersecurity breach:
- 55% report loss of user productivity;
- 45% report loss of IT productivity;
- 42% report system downtime.
- The Comcast 2020 Xfinity Cyber Health Report [PDF] reveals that:
- The xFi Advanced Security Service blocked an average of 104 cyber threats per household each month from January to August 2020.
- 6 billion total cyber threats blocked by the service from January to August 2020.
- The service recorded a 12% increase in cyber threats blocked during the beginning of the COVID-19 pandemic.
- The average Xfinitiy customer owns 12 IoT devices, and some own as many as 33.
- 61% of survey participants planned to buy at least one IoT device for their home over the 2020 holiday season.
- 95% of survey participants severely underestimate the number of cyber threats they face each month.
- 28% believe they faced no cyber threats at all.
- 64% of survey participants admit to online behaviors that make them vulnerable to cyber-attacks.
- Survey participants severely underestimate the cybersecurity risks associated with most IoT devices (excluding laptops, computers, smartphones, and tablets).
- 56.9 million IoT attacks were recorded for 2020 according to the 2021 Sonic Wall Cyber Threat Report, 66% more than in 2019.
- The CipherTrace Anti-Money Laundering Report 2018 Q4 reports $1.7 billion in cryptocurrency was stolen in 2018, including through cryptojacking.
- BleepingComputer references an unidentified Check Point research paper that reports cryptominers infected approximately 10X more companies than ransomware in 2018.
- RiskIQ’s The Anatomy of an Attack Surface: 5 Ways Hackers Are Cashing In [PDF] reports that in 2018:
- 50,000+ websites were discovered running the CoinHive cryptomining service from 2017 to 2018.
- An average of 495 new cryptojacking hosts was discovered every week over a 26-week period.
- 67% to 82% of cryptojacking infected sites went undetected by the NoCoin anti-cryptomining browser extension for Chrome in 2018, according to RWTH Aachen University’s Digging Into Browser-Based Crypto Mining [PDF]
- 20% of companies were hit by cryptomining attacks every week in early 2019, according to an unidentified Check Point research paper referenced by ComputerWeekly.
- 21% of companies surveyed worldwide were affected by cryptojacking in 2019, compared to 42% in 2018, according to the Check Point Cyber Attack Trends: 2020 Mid-Year Report [PDF].
- 81.9 million cryptojacking attacks were recorded for 2020 according to the 2021 Sonic Wall Cyber Threat Report, 28% more than in 2019.
- More than 98% of cryptojacking-related mining URLs have stopped mining as of June 2020, most likely due to the CoinHive cryptomining service no longer functioning, according to CoinPolice: Detecting Hidden Cryptojacking Attacks With Neural Networks [PDF].
Kaseya Ransomware Attack
The Kaseya software developer, which provides its Software as a Service (Saas) to tens of thousands of companies globally, was hit by a ransomware attack on Friday 02 July 2021.
As the attack was so recent (at the time of writing), the following related statistics might not reflect the full scope:
- 7 Common Vulnerabilities and Exposures (CVE) in Kaseya’s Virtual System Administrator (VSA) in April 2021 by the Dutch Institute for Vulnerability Disclosure (DIVD).
- Only 4 of the vulnerabilities were patched by Kaseya before the attack:
- CVE-2021-30117: SQL Injection Vulnerability (patched in VSA 9.5.6)
- CVE-2021-30118: Remote Code Execution Vulnerability (patched in VSA 9.5.5)
- CVE-2021-30121: Local File Inclusion Vulnerability (patched in VSA 9.5.6)
- CVE-2021-30201: XML External Entity Vulnerability (patched in VSA 9.5.6)
- The remaining 3 vulnerabilities were patched in VSA 9.5.7a, released on July 11:
- CVE-2021-30116: Credentials Leak and Business Logic Flaw
- CVE-2021-30119: Cross-Site Scripting Vulnerabilities
- CVE-2021-30120: Two-Factor Authentication Bypass
- It’s believed all 3 vulnerabilities were exploited in the attack, but this hasn’t been confirmed yet.
- On July 4, REvil – a Russian-based cybercriminal organization – claimed responsibility for the attack in a post on their Dark Web site, “Happy Blog.”
- REvil initially asked for $70 million in the Monero cryptocurrency as a ransom fee to publish a tool that would allow all affected companies to recover their data.
- On July 5, a security researcher for Krebs Stamos Group, Jack Cable, Tweeted a screenshot of an exchange with REvil where the group offered the universal decryptor at a discounted price: $50 million.
- Cable added in a sub-Tweet that REvil was also accepting payment in Bitcoin in addition to Monero.
- On July 5, Kaseya published a YouTube video with CEO Fred Voccola, who confirmed about 50 of the company’s direct customers were immediately affected by the ransomware attack.
- On July 6, The New York Times published an article stating that between 800 and 1,500 Kaseya customers worldwide were compromised in total.
- On July 6, Malwarebytes announced in a Tweet that they had detected a phishing campaign attempting to take advantage of Kaseya customers. The emails included a “SecurityUpdates.exe” file to install Cobalt Strike, a threat emulation software that exploits network security vulnerabilities.
- According to a rolling advisory by Kaseya:
- 60% of the company’s SaaS customers were able to go live again on July 11.
- 100% of the company’s SaaS customers were able to go live again on July 12.
Who’s Behind Most Cyber-Attacks?
- Approximately 79% of all data breaches result from External factors.
- 55% of External factors are identified as organized cybercriminal groups, for example: REvil (responsible for the Kaseya ransomware attack covered in the previous section).
- Approximately 20% of all data breaches result from Internal factors, i.e., company employees.
- An unspecified percentage of Internal factors engage in deliberate actions resulting in a breach, for example: privilege abuse.
- Internal factors also refer to human error, though these cases are usually tied to External factors taking advantage of human error, for example: through social engineering.
- Approximately 1% of all data breaches result from either Multiple attackers or the company’s Partners (whether breaches caused by Partners include accidental as well as intentional is not made clear in the report).
How Often Are Cybercriminals Caught?
- In 2014, CBS Minnesota published an article quoting Mark Lanterman (then-CTO of Computer Forensic Services) as estimating that less than 1% of cybercriminals are caught.
- In August 2018, Malwarebytes published an article claiming 5% of all cybercriminals are apprehended, but the source was not properly linked, and the claim remains unverified.
- In October 2018, a Third Way think tank estimated that only 0.3% (or 3 in every 1,000) of all cybercrimes reported lead to an arrest.
- Due to a large number of cybercrimes not being reported, it’s estimated that less than 0.05% (or less than 5 in every 10,000) cybercrimes that happen lead to an arrest.
- RPC reports that in the UK, over 17,900 cybercrimes were reported in 2018, but only 65 resulted in prosecutions (less than 1%).
How to Reduce the Risk of Becoming a Cybersecurity Statistic
With cybercrime having such a huge impact on our lives as individuals and businesses, you must do everything you can to prevent becoming a statistic.
Here are some key examples:
1. Educate Staff on Cybersecurity
All the best systems and tools in the world aren’t enough. Remember: 99% or more of attacks observed require human action, making human error the biggest threat to your cybersecurity plans.
Throughout the rest of these tips, I’ll cover those systems and tools. Ensure everyone understands what they are, why they’re essential, and how they work.
It’s equally important to review and possibly amend your company’s internet usage policies, as well as separate personal and work devices wherever possible.
If necessary, consider hiring a team to do basic cybersecurity training with your staff.
Remember Webroot’s findings that regular, ongoing cybersecurity training over 4 to 6 months can reduce phishing click-through rates by 65%!
2. Assess Risk to Determine Your Threat Model
Threat modeling is the practice of evaluating all assets to identify:
- What needs to be protected
- What vulnerabilities (or potential vulnerabilities) exist, such as the absence of appropriate safeguards
- A list of protections and policy updates that are necessary to reduce the risk of those vulnerabilities being exploited
Understanding your threat model is vital to putting together the proper cybersecurity defense.
Once you understand your threat model, organize the list of identified solutions by priority. This way, you can implement identified solutions for the most severe vulnerabilities first.
If your business doesn’t have an IT team with cybersecurity professionals, the US Department of Homeland Security offers risk assessment services, including:
- Cyber Resilience Review (CRR)
- A suite of National Cybersecurity Assessments and Technical Services (NCATS) –
- Cyber Hygiene: Vulnerability Scanning
- Phishing Campaign Assessment (PCA)
- Risk and Vulnerability Assessment (RVA)
- Validated Architectural Design Review (VADR)
It’s important to understand that threat modeling – together with penetration testing for testing your network security resilience – is not a once-off activity.
You need to review your threat model regularly, especially when new systems are deployed.
3. Limit Access to Data
POLP, or the Practice Of Least Priority, is an overlooked but vital cybersecurity practice.
The statistics on how accessible company data is to employees – and even to ghost accounts – together with the statistics on how pervasive phishing attacks show exactly why limiting access to data is so vital.
POLP works to protect the CIA triad of cybersecurity (Confidentiality, Integrity, Accessibility) by only allowing employees enough access to data and systems necessary to fulfill their role within the company.
This is even more important with employees working from home, especially if you haven’t issued work-only devices for them to use.
You can read more about POLP’s best practices in this guide by Data Insider.
One of the most important things you should do regularly is create backups of your data.
Ideally, you should create:
- Hardware backups on encrypted removable drives – one copy gets safely stored on-premises and a second copy stored in a secure, off-site location;
- Cloud-based backups that are encrypted and stored in an encrypted cloud environment.
(More on data encryption and encrypted cloud storage in the next section!)
If possible, set up your system so that cloud-based backups can be created and synced with your cloud storage automatically at least once a week. For hard copy backups, you can do the double copy every two weeks if preferred.
Don’t forget to regularly test your existing backups to ensure you can restore your systems from them if need be. Keep at least three versions, so if a vulnerability (like malware) gets discovered, you can roll back to an older backup.
5. Defending All Devices – Tools & Updates
All devices used to access company data need to be adequately defended against cyber-attacks. This includes any personal devices used during remote work or as part of a BYOD (Bring Your Own Device) policy.
There are dozens of tools and practices you can use to help with this. Here are a few examples and suggestions:
- A strong, reliable antivirus and anti-malware software that includes ransomware protection – I recommend Malwarebytes;
- A reliable VPN (Virtual Private Network) for businesses to obfuscate IP addresses and encrypt data-in-transit – I recommend NordVPN Teams;
- Start using a hardened Firefox browser, modified for better privacy and cybersecurity – you’ll find a partial guide, including recommended browser extensions, in our article here;
Alternative for Remote Workers – Brave Browser
- However, having the right tools isn’t enough. You also need to ensure that devices are kept updated, including their operating system (OS) and all applications installed.
Updates should be set to run automatically. Make sure to run an antivirus scan after every update.
- Encrypt devices and the data stored on them, including removable drives used to store backups – I recommend NordLocker, which allows you to encrypt files and sync them with encrypted cloud storage;
- A good firewall is a must for protecting your network at the office, and remote workers should be using one as well – at the very least, use the firewall that comes with your device’s OS or use a business solution like Firewalla, which offers outgoing traffic control as well;
- Use encrypted communications at all times, especially for online conference calls – for email, I recommend using OpenPGP, and for all other communications, I recommend Signal.
- For private individuals, consider using a tool like SimpleLogin for email masking to create different email aliases for different accounts. You can also use TempMail to generate a temporary address for accounts you don’t anticipate needing to keep or for test accounts before signing up properly.
- For online card payments, consider using Virtual Cards, which hide your real card details. Many banks now allow you to create Virtual Cards from your online banking profile, or you can use a service like Privacy.com. Virtual Cards can be single-use, online account specific, and even have spending limits.
6. Passwords, Password Managers, and 2FA
Forget anything and everything you think you know about passwords.
The traditional approach – of using 10 to 14 randomly generated letters, numbers, and special characters – isn’t enough.
Besides, they’re harder to remember and often lead to people writing them on easily accessible scraps of paper or saving them in a text file on their computers. Together with reusing passwords for multiple accounts, either practice renders them useless.
Instead, encourage your employees to follow the cybersecurity best-practice of passphrases, ideally with 7 to 10 randomly generated words. You can use a site like Rempe Diceware.
Every account an individual has should have a unique password.
To properly keep track of them all, employees should use a secure password manager that allows them to store all passwords in an encrypted database that can only be accessed with a master password – ideally, the strongest one.
While offline password managers like KeePassXC are the first-choice for cybersecurity professionals, they require high levels of discipline to properly maintain. For most, a cloud-based password manager such as NordLocker will work best.
Finally, implement Two-Factor Authentication (2FA) for all accounts. The Google Authenticator app for Android and Apple is easy to set up and use and will generate unique 2FA codes with a strict time limit.
Avoid using SMS-based One Time Pins (OTP) as a 2FA method, as they’re easy to intercept as well as prone to social engineering.
7. Update Everything, Always
Software updates aren’t always cosmetic, but they almost always include vital cybersecurity patches for vulnerabilities discovered in the previous version.
All systems should be set up for automatic updates if possible, so they can be run in the background without interfering with workflow and without giving users the temptation to ignore.
The only exception should be for computer operating systems, and only because both Windows and Mac require a system restart. Linux has the solid upper hand here, as most distributions can be updated in the background without interrupting workflow.
Encourage workers to allow their operating systems to update during their lunch breaks or as soon as they finish work for the day to avoid delays.
8. Regularly Monitor for Leaks & Develop a Data Breach Response Plan
Prevention is only one part of cybersecurity preparedness. You also need to constantly monitor for data leaks of any kind and have a plan in place for a data breach response.
Depending on your budget as an individual or business, two tools I recommend are:
- Detection of Data Leaks and Threat Intelligence by HTTPCS Cybervigilance
- CyberResearch TPRM [Third-Party Risk Management] and Vendor Data Leak Detection by UpGuard
To see if your number, email address, or password has been leaked, you can also use HaveIBeenPwned.com. Don’t forget – if a password was leaked, immediately change it and update your password manager.
Additionally, if you’re using a service like SimpleLogin to create unique email aliases for each online account, consider changing the alias for the leaked account and deleting the old alias if you’re unable or unwilling to delete the online account.
Finally, the Federal Trade Commission (FTC) put together a Data Breach Response Guide for Business that I encourage all readers, including individuals, to read.
A PDF version is available on the page for you to download and circulate.
Cybersecurity Statistics – Conclusion
While there are hundreds of additional cybersecurity statistics out there, many are either outdated or unverified. For this reason, I decided to leave them out rather than risk giving you false information.
Even so, the 200+ cybersecurity statistics in this guide paint a scary picture that can easily overwhelm you.
But together with the cybersecurity tips I included to help you avoid becoming a statistic, I believe it shouldn’t scare you off. Instead, let it help you better understand the risks and prepare yourself accordingly.
If you find this guide helpful, please consider sharing it online to help others understand cybersecurity better!
- The Global Risks Report 2021
- How Much Will Remote Work Continue After the Pandemic?
- Moving beyond remote: Workplace transformation in the wake of Covid-19
- Study: Hackers Attack Every 39 Seconds
- Cost of a Data Breach Report 2020
- Ransomware Research Data Summary by SentileOne
- Ninth Annual Cost of Cybercrime Study
- The 2021 Data Risk Report for Healthcare, Pharmaceutical & Biotech by Varonis
- 2021 Data Disk Report for Financial Services by Varonis
- 2020 Ransomware Resiliency Report by NinjaRMM
- The average ransomware demand is now $170K. Here’s how we can fight back
- How data breaches affect stock market share prices
- Hackerpocalypse: A Cybercrime Revelation
- Global Cybercrime Damages Predicted To Reach $6 Trillion Annually By 2021
- Cybercrime To Cost The World $10.5 Trillion Annually By 2025
- Reshaping the cybersecurity landscape
- Spending on cybersecurity worldwide from 2017 to 2021 (COVID-19 adjusted)
- Cisco Cybersecurity Reports
- Gartner Forecasts Worldwide Security and Risk Management Spending to Exceed $150 Billion in 2021
- Forecast Analysis: Information Security, Worldwide, 2Q18 Update
- Gartner Survey of Nearly 2,000 CIOs Reveals Top Performing Enterprises are Prioritizing Digital Innovation During the Pandemic
- Forecast Analysis: Information Security, Worldwide, 2Q18 Update
- Artificial Intelligence (AI) in Cyber Security Market – Global Industry Analysis
- PwC’s 18th Annual Global CEO Survey 2015
- ProofPoint’s Human Factor Report 2019
- RiskIQ’s The Evil Internet Minute 2019
- 2020 Webroot Threat Report
- Cybersecurity in the Remote Work Era Global Risk Report of October 2020 by the Ponemon Institute
- UK government’s Cyber Security Breaches Survey 2021
- ProofPoint’s 2021 State of the Phish report
- Verizon’s 2020 Data Breach Investigations Report
- Symantec’s Threat Landscape Trends – Q1 2020
- The Latest: UN warns cybercrime on rise during pandemic
- Symantec’s Threat Landscape Trends – Q3 2020
- Webroot’s MSPs Benefit From Security Awareness Training Infographic
- RiskIQ’s The Evil Internet Minute 2021
- Verizon Data Breach Investigations Report (DBIR) 2021
- The 2019 Global Data Risk Report by Varonis
- The 2021 Data Risk Report for Healthcare, Pharmaceutical & Biotech
- The 2021 Data Disk Report for Financial Services
- 2020 Remote Workforce Security Report
- Seven cybersecurity predictions for 2021
- The Ponemon Institute’s Third Annual Study on the State of Endpoint Security
- Verizon’s Data Breach Incident Report 2019
- The AT-TEST Institute
- Distribution of new mobile malware worldwide in 2020, by type
- Malwarebytes’ 2021 State of Malware Report
- Check Point’s Cyber Security Report 2021
- Nokia Threat Intelligence Report 2020