Cybersecurity vulnerabilities are flaws in your data and security system that open you to cyber threats. These vulnerabilities continue to grow annually, costing businesses and individuals millions while jeopardizing their systems.
An in-depth study shows patterns and trends common to cyberattacks and their impact on multiple industries. Based on these statistics, you can also find predictions on what to expect in the coming years.
7 Key Cybersecurity Vulnerability Statistics (Editor’s Pick)
- 47% of US small businesses fell victim to cyberattacks in 2021-2022.
- There were 23,964 tracked cybersecurity vulnerabilities in 2022.
- Over 4 in 10 cyberattacks in 2021 were zero-day attacks.
- 69% of security respondents in 2021 claimed a lack of urgency in fixing vulnerabilities.
- In 2021, 50% of websites were vulnerable to at least one exploitable cybersecurity vulnerability.
- The worst cybersecurity vulnerability attack of 2021 was the CVE-2021-44228.
- In 2021, 25.4% of small bank employees were likely to fail a phishing test.
Infographic
General Cybersecurity Vulnerability Statistics
1. There was a 21% increase in cybersecurity vulnerabilities from 2021-2022.
This amounted to about 65,000 vulnerabilities in 2022 alone, with 8,000 discovered in Q1 of 2022.
2. In 2021, 54% of businesses claimed cyberattacks were too sophisticated for their in-house IT team to handle.
Likewise, 7% of the surveyed respondents who were victims of ransomware in the year were held to ransom despite not having their data encrypted.
3. 47% of US small businesses fell victim to cyberattacks in 2021-2022.
67% of these businesses have experienced multiple data breaches.
4. 10% of internet-facing web application vulnerabilities were considered high risk in 2021.
If the target typically processed online payments, the risk increased to 15%.
5. The exploitation of new vulnerabilities increased in 2021.
168 published vulnerabilities were exploited in 2021, 24% more than the newly published and exploited vulnerabilities in 2020.
6. There were 23,964 tracked cybersecurity vulnerabilities in 2022.
This is a significant increase compared to 21,518 in 2021.
Cybersecurity Vulnerability Statistics by Attack Type
7. DDoS attack frequency will increase in 2023.
There will be up to 15.4 million DDoS attacks worldwide. This is a significant increase from 7.9 million in 2018.
8. About 58% of supply chain attacks in 2021 were to gain access to data.
The attacks targeted customer data, including personal information and intellectual property. Approximately 16% of the attacks were carried out to gain access to people, and 8% to access financial resources.
9. Over 4 in 10 cyberattacks in 2021 were zero-day attacks.
Furthermore, zero-day malware increased by 3% to 67.2% in Q3 2021.
Likewise, there were 83 zero-day attacks in 2021, a 55% increase from 2020.
10. Server security misconfigurations were the most commonly found cybersecurity vulnerability in 2021.
Server security misconfigurations accounted for 38% of cybersecurity vulnerabilities, followed by cross-site scripting (13%), broken access control (11%), sensitive data exposure (10%), and authentication and sessions (8%).
11. Network server breaches accounted for 56.6% of healthcare data breaches in 2022.
While emails accounted for 22.9%, EMR came third (11.7%).
12. Human elements played a huge role in 82% of data breaches in 2021.
This included stolen credentials, phishing, misuse of data, and human error.
13. In 2021, 25.4% of small bank employees were likely to fail a phishing test.
This was for banks with fewer than 250 employees. Banks with 250 to 999 employees had a phishing-proneness rate of 27.3%, while large banking organizations with over 1,000 employees fared worse (43.5%).
Cybersecurity Vulnerability Statistics by Industry
14. The leading cause of SaaS misconfigurations was a need for more visibility and access control.
63% of surveyed CISOs in 2021 suffered a cybersecurity breach due to poor SaaS configurations.
15. In 2021, 79% of security teams found it challenging to monitor cybersecurity vulnerabilities consistently.
About 66% struggled to maintain high-quality security standards, and 69% struggled to monitor and respond to security incidents.
Cybersecurity Vulnerability Statistics by Impact
16. 69% of security respondents in 2021 claimed a lack of urgency in fixing vulnerabilities.
While 63% had problems repeating themselves in subsequent code releases, all due to a development team talent shortage.
17. 96% of security teams in 2021 were slower to fix critical vulnerabilities due to development collaboration issues.
In contrast, 80% of developers claimed the lack of collaboration with security teams compromised the quality of their codes.
18. From Q4 2021 to early 2022, 82% of UK businesses had the latest anti-malware protection.
38% had a policy for vulnerability patch management, 34% had used security monitoring tools, 17% had taken a cybersecurity vulnerability audit, and 13% had used threat intelligence.
Cybersecurity Vulnerability Statistics by Security Type
19. 20% of respondents surveyed in 2022 had no Zero Trust strategy.
30% of these respondents mentioned that their companies already have a working Zero Trust strategy.
20. In 2021, 50% of websites were vulnerable to at least one exploitable cybersecurity vulnerability.
On top of that, malicious web application requests increased by 88%, more than double the previous year.
21. The worst cybersecurity vulnerability attack of 2021 was the CVE-2021-44228.
This attack impacted the open-source logging library, Apache Log4j, on 10th December 2021.
Avoid Data Breaches
The cybersecurity industry is growing annually, as are the vulnerabilities.
As an organization, you need a standard cybersecurity program to prevent you from falling victim to increasing cybercrimes. You have to take steps to protect your company from data breaches to avoid potential legal implications.
One good step is to use the best VPNs against hackers, and while at it, grab a reliable antivirus tool for added security.
- https://www.cobalt.io/blog/cybersecurity-statistics-2023
- https://www.statista.com/chart/28878/expected-cost-of-cybercrime-until-2027/
- https://www.adaptive-shield.com/2022-saas-security-survey-report
- https://legaljobs.io/blog/malware-statistics/
- https://www.electric.ai/blog/cybersecurity-statistics
- https://www.varonis.com/blog/cybersecurity-statistics
- https://purplesec.us/resources/cyber-security-statistics/#Cloud
- https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html
- https://www.sophos.com/en-us/press/press-releases/2021/04/ransomware-recovery-cost-reaches-nearly-dollar-2-million-more-than-doubling-in-a-year
- https://connect.comptia.org/blog/cyber-security-stats-facts
- https://www.accenture.com/content/dam/accenture/final/a-com-migration/custom/us-en/invest-cyber-resilience/pdf/Accenture-State-Of-Cybersecurity-2021.pdf#zoom=40
- https://www.ibm.com/downloads/cas/DB4GL8YM
- https://www.ibm.com/reports/threat-intelligence
- https://demo.cobalt.io/hubfs/State_of_Pentesting_2022.pdf