Previous years had shown the continuous rise of various digital threats. Cybersecurity professionals are not standing still for these threats and try to address them properly. In some sense, 2020 was special—the coronavirus pandemic and the global shift to remote working became significant factors affecting the cybersecurity landscape. How exactly? Let’s find out from the latest cybersecurity statistics.
Table of Contents
Cybersecurity Statistics 2021
By the end of the year, worldwide spending on cybersecurity is going to reach $123 billion. Despite this impressive number, the industry still has the potential to grow even further in order to address various cyber threats. Also, the lack of appropriate security measures is widely observed. For example, 43% of SMBs don’t have any cybersecurity plans in place.
The facts below represent key cyber threats and their impact in 2020. We hope they will allow you to understand the modern cybersecurity landscape and its challenges better.
Data Breach Statistics
Experiencing a data breach leads companies to many undesirable consequences—financial and reputational damages, disruption of business continuity, compliance violations, and others. Here are some of the most recent statistics related to data breaches (according to IBM’s Cost of Data Breach Report 2020).
- Attacks on supply chain attacks rose by 42% in Q1 2021 in the US. It affected approximately 7M people. According to the Identity Theft Resource Center (ITRC), 137 organizations reported being hit by supply chain cyber-attacks at 27 different third-party vendors.
- The average cost of a data breach is $3.86 million, which is 1,5% lower than in 2019
- The average cost of a breach for organizations with incident response teams and plans is $3.29 million. For organizations without teams or plans, the damages are higher—$5.29 million
- The average cost per customer PII (Personally Identifiable Information) record is $175
- The main reasons behind malicious breaches are compromised credentials, cloud misconfiguration (both 19%), and vulnerability in third-party software (16%).
Ransomware: The Growing Menace
Ransomware has been a significant threat for individual users and organizations alike for a long time. The recent statistical information shows that this type of malware is on the rise.
- According to US Treasury, $5.2 billion in BitCoin transactions is due to ransomware payments.
- FinCEN identified 68 different ransomware strains active in H1 2021 based on SARs. REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos were the most common.
- The average ransom payment increased by 82% from $312K in 2020 to $570K in the first half of 2021
- A new ransomware attack occurs, approximately, every 11 seconds.
- The average sum that hackers demand to release locked data continues to increase, reaching $111,605. This is a tremendous growth compared to $6,733 in 2018 and $36,295 in 2019. In other words, the average ransom demand has grown more than 16 times in less than two years. Ryuk and Sodinokibi are enterprise-targeting ransomware strains responsible for this surge.
- The average ransom payment reached $233,817 in Q3 2020, which is 31% higher than in the previous quarter.
- The average downtime cost of a ransomware attack reached as high as $283,800 compared to $141,000 in the previous year.
Criminals have taken advantage of the panic caused by coronavirus to intensify phishing attacks and spread malware. Let’s take a look at this year’s statistics to evaluate the extent of the phishing threat.
- Phishing rose 220% compared to the previous year
- 42,8% of malicious attachments in phishing messages were Microsoft Office documents
- Most often, phishing attacks target SaaS companies (34.7%)
- Gmail blocks more than 100 million phishing emails each day
Related: Phishing Prevention Measures
Insider Threats: A Danger From Within
Careless or malicious human behavior patterns often referred to as insider threats, can be a reason behind data breaches and other security incidents. This type of threat has increased by 47% in the past two years.
According to a report by the European Union Agency for Cybersecurity, the average annual cost of cybersecurity incidents caused by an insider is €11,45 million (approximately $13,71 million). Here are some stats to highlight the danger of insider attacks (source: 2020 Insider Threat Report).
- In 38% of cases, loss of critical data, and operational disruption were consequences of insider attacks. 24% of attacks resulted in brand damage
- 54% of respondents name customer data as the most vulnerable to insider attacks. Intellectual property is the second-most vulnerable information (47%), and financial data is the third (46%). Other vulnerable information includes employee (43%), company (36%), and sales & marketing data (29%)
- 81% of organizations find it difficult to assess the full impact of insider attacks
- 88% of respondents recognize the importance of unified security for apps, devices, and other systems
Related: Insider Threats Mitigation
Facts speak for themselves—the danger from various cyber threats continues to grow. The danger can come from both inside and outside of an organization. Insider threats can lead to a data breach as sure as a cyber attack organized by hackers. To face the challenges of the modern cybersecurity landscape, SMBs and large organizations alike need to use a multi-layered approach to protect their data from loss and damage. Creating a cybersecurity policy is a great way to structure your security, data protection, and incident response measures.
Read next: Creating a cybersecurity policy template