Cyber attacks continue to increase in number and brutality – 2019 was only a sign of the future. Here is your list of the 122 most relevant industry sectors in cyber security, cyber attacks and privacy breaches, with statistics for 2020 and beyond.
Last year Hashed Out published the first comprehensive list of cyber security statistics for its readers. The article was so popular that we wanted to make it an annual project that we publish every year with updated cybersecurity statistics. This way, you will know immediately where to go to meet all your cyber security data needs.
This year, we wanted to increase the rates and increase the number of statistics reported on cyber security from 80 to 122. Since we are using the most recent information – most data comes from the reports of 2019 and 2020, from research and from news reports – it was a fairly important event. But we are happy to provide you with as much relevant and useful information as possible from many global sources and from leading companies.
So what are the figures and sources for our list of the 122 best cyber security statistics for 2020 (and beyond)?
Let’s go make hash.
Cyber security statistics: Our selection from the 122 best statistics for 2020 (to date)
Before we start, I’d like to say one more thing. When looking at a list of cyber security statistics, it is always important to keep this in mind:
- Data will vary depending on the source, and
- Not all cyber incidents and cyber crime are reported.
Different organizations use different classifications and methods to report what can be described as an incident in cyberspace or a data breach. In addition, research is usually based on data from internal business systems, data from tracking customers or information from victims of cybercrime, or responses to surveys from people working in specific sectors. And since it can take weeks, months, even years – if ever – to detect certain violations or cyber attacks, this means that the actual numbers may be higher (or lower) than the reported numbers.
These are just some of the reasons why you often see different information from one company to another. In this sense, here are your best statistics on cyber security for the year 2020:
Cyber security statistics: General industrial and economic outlook
1. Business mail/e-mail compromise A fraud compromise costs $26 billion.
Damn it. A terrible number! But before we move on to the next set of statistics, let’s take a closer look at these troubling cyber security statistics to put them in their context.
Although the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) reported $26.2 billion in domestic and foreign damages between June 2016 and July 2019, we need to take a break.
Make no mistake, this figure is even more disturbing than the scenarios described in the children’s poems. But it’s important to note that it doesn’t cost $26 billion a year. The cost estimate is based on data provided by the United Kingdom3 and international law enforcement agencies for a period of three years. We just want to make sure you understand the context.
What, then, was the annual calculation of the corrected losses of the CLB/CAB complaints? More than $1.7 billion has been earmarked for this purpose. The British report3 on cybercrime in 2019 indicates that the number of complaints is estimated at 20 million dollars, compared to 23,775.
2. In 2019, more than $3.5 billion was spent worldwide in the fight against cybercrime.
Okay, let’s look at the total cost of cybercrime for the year. A study of the same FBI report on IC3 cybercrime for the year 2019 shows that more than $3.5 billion was lost to cybercrime in 2019 alone. According to the IC3 report, a total of 467,351 incidents were reported by companies and individuals during this period, including the most common forms of crime with the greatest losses:
- CLB/CAE fraud (more than USD 1.7 billion)
- trust/confidence fraud (over USD 475 million), and
- Counterfeiting (over $300 million).
It is important to note that these cyber security statistics only include the number of reported attacks and losses. This means that cybersecurity statistics do not contain attacks and victims that resulted in non-registered attacks. And since victims often do not report cases of fraud involving relationships of trust and love, this means that the numbers are likely to be seriously underestimated.
3. In the first. In the first quarter of 2020, Apple, Netflix and Yahoo accounted for 25% of all brands in circulation in phishing attacks.
Apple is one of the most popular brands with consumers because of the popularity of the iPhone, Apple watches, lightweight marketing and other useful consumer technologies. But Apple is also the brand most often represented by cybercriminals in general, according to a Check Point study in the first quarter of this year. On four. In the third quarter of 2019 it went from the previous seventh place to first place with 10% of all phishing attempts. Netflix ranks second with 9% of all phishing attempts, while Yahoo ranks third with another 6%.
4. 57% of the respondents used third-party cyber security analyses in 2019.
Cyber security assessment is a crucial element in increasing and improving the effectiveness of cyber defence. More than half of the 1,100 respondents to Experian’s seventh annual data production survey reported that they regularly performed cyber security analyses by third parties in 2019. Although this may not seem like much, it should be borne in mind that, according to them, this figure has risen by around 9% over the past two years.
5. 73% of respondents control access and physical security
This puts us in fifth place on the list of our cybersecurity statistics. While it is essential that organisations focus on digital security measures, this does not mean that they can ignore or forget physical security. In the same Experian Injury Preparedness Survey, almost three-quarters of respondents indicated that they regularly check for physical security and access to confidential information.
Although most respondents say they are relieved to be able to study and follow these things, the figure should ideally be 100%. After all, everyone should strive to regularly monitor physical security and access within their organisation to ensure that their data and systems are not compromised.
6. The profitability of the IoT platform is expected to reach $66 billion by 2020.
Let’s switch places. Revenues from IoT platforms will increase by 20% this year, Juniper Research predicts in its report ivd ~ The Internet of Transformation 2020. Interestingly, the research company predicts that the Kovid 19 pandemic will play a role in expanding the implementation of ETI in the healthcare sector.
7. Online payment fraud will cost at least $25 billion a year by 2024.
Oh, uh… These are particularly distressing statistics about cyber security, if they are accurate. According to another report by Juniper Research Online Payment Fraud, the predictions of sellers of e-commerce losses due to online payment fraud are not positive: New threats, segment analysis and market forecasts for 2020-2024. They expect these losses to exceed $25 billion over the next four years, with a growth rate of 52%.
8. 73% of large organisations believe that strong cyber security contributes to business success.
73% of the key organizations surveyed by AT&T strongly agree that their organization’s position on security is the reason their overall business success is much more likely. But what is a leading organization? AT&T defines this term in its report Links between Security Maturity and Business Opportunities 2020 as organizations that embed strong cybersecurity in their business, IT and organizational culture and tend to go further in the NIST cybersecurity framework than the next or emerging organizations. These are also the organisations that are among the top 20% of respondents according to the survey results.
9. Leading organisations are 4.3 times more effective in prioritising cyber security incidents.
The ability to prioritize cyber security threats and vulnerabilities based on their impact on the business is a core competence for any organization. I mean, if they want to stay in business and stuff. AT&T’s Security Maturity and Business Solutions Survey shows that leading organizations identify themselves more than four times more effectively in this respect.
Cyber security statistics: Which organisations invest in cyber security?
Cyber security is an important area in which organisations and companies need to invest. In addition to the human firewall, it is your systems and cybersecurity infrastructure that keep the line (or door, for Game of Thrones fans) between your organization’s confidential data and the cybercriminals who want it.
What does this line of defense mean for many organizations? In our next section on cyber security statistics, we will look at the figures that governments, organisations and businesses are willing to spend on strengthening their cyber security – and the savings that can be achieved through these efforts:
10. Global spending on information technology is expected to reach $3.9 trillion by 2020.
According to Gartner’s latest survey, global IT spending will grow by 3.4% in 2019 to reach nearly $4 trillion by the end of that year. In which sector do you anticipate the strongest growth? The report shows that the software will experience astonishing growth, estimated at 10.5%.
How the effects of the coronavirus (KOVID-19) will play a role in the actual impact of a possible cost estimate in the course of the year is of course a matter of guesswork. Time will tell.
11. The U.S. president’s budget provides $18.8 billion to finance cyber security for the fiscal year 2021.
According to the U.S. government’s draft budget for the fiscal year 2021, Trump policy plans to allocate nearly $18.8 billion to federal cyber security programs and initiatives. The budget document earmarks more than USD 1.1 billion for the Department of Homeland Security (DHS) cyber security efforts.
As was the case last year, the analytical outlook for the 2021 budget obviously states that not all information related to cyberspace is included in the document. What for? Due to the sensitive nature of certain activities, this amount does not represent the total e-budget. In fact, it is a standard declaration for the protection of national security.
12. Expenditure on information security is expected to exceed USD 151 billion by 2023.
According to the bi-annual Global Security Spending Guidelines of the International Data Corporation (IDC), global spending on security products and services is expected to rise to $151.2 billion by 2023. This figure is based on an estimated compound annual growth rate (CAGR) of 9.4% over this period. This is more than their estimated expenditure of $ 106.6 billion in 2019.
The report shows that the banking sector, the manufacturing industry and the federal/central government are expected to be the world’s largest customers for security tools and solutions over the forecast period.
13. The market for deceptive technologies is estimated at $2.48 billion in 2025.
The Mordor Intelligence study predicts a CAGR of 13.3% for the fraudulent technology sector over the next five years. Cheating technology, used to detect and prevent Advanced Persistent Threats (APT), often combines Artificial Intelligence (AI) and Machine Learning (ML) to make them more dynamic.
Historically, the National Institute of Standards and Technology (NIST) has kept its distance. But last year, in a special edition of NIST 800-160 v2 and a design of NIST SP 800-171B, they began to recommend the use of deceptive techniques and technologies.
(Note from the author: I know it’s a bit off topic, but can we, Lord of the Rings fans, take a moment to recognize the name of this research association)
14. Expected growth of the cyber security market for COVID-19 to 6.2% per year.
Although the cyber security market is expected to continue to grow, growth is now expected to slow down. An analysis of the global cyber security market by ResearchAndMarkets.com indicates that the market is expected to grow at an annual rate of 6.2% until 2023 due to the economic impact of the coronavirus pandemic. Yeah, this virus really kills all the plans.
15. Efforts to prevent cyber security can save up to $1.4 million per attack.
Here’s great news from the Ponemon Institute and Deep Instinct: Initiatives to prevent cyber attacks can bring significant benefits to organizations. Their research has shown that up to 82% of cybersecurity life cycle costs (prevention, detection, containment, recovery and rehabilitation) can be saved. For example, if you could prevent a cyber attack that would cost your company a good million dollars, the saving would be 820,000 dollars (prevention cost: 1,000,000-180,000 dollars = 820,000 dollars saving).
So what’s the downside? Read on.
16. 76% of safety prosecutors focused on detection and deterrence rather than prevention.
For example, while studies by the Ponemon Institute and Deep Instinct show that prevention can save many mules, only 24% of the cyber security professionals surveyed actually focus on prevention. What for? Because they see deterrence as more responsible than prevention. As a result, most cybersecurity budgets focus on the other four phases of the cybersecurity lifecycle.
17. 93% of organizations have protected their API gateway or plan to do so.
According to the CyberEdge 2020 Cyberthreat Defense (CDR) report, cybersecurity using an application programming interface (API) is of growing importance for nine out of ten users surveyed. 63.1% of respondents said they already use the Gateway/Application Programming Interface (API), while nearly 30% said they plan to receive it in the next 12 months.
18. 60% of IT professionals believe in cyber security There is no budget.
The perception of cyber security budgets certainly varies from one organisation to another. Recent data from ISACA’s global report, The State of Cyber Security in 2020, shows that 41 percent of respondents consider their organization’s budget to be somewhat underfunded, while another 19 percent say it is significantly underfunded. In addition, 34 percent said that they considered the budget to be adequately funded, while 3 percent thought the budget was slightly overfunded.
This is one of those cybersecurity statistics that we hope our readers will really take to heart… Don’t be stingy. Put your budget where it’s needed. We know there are other budget issues, but if your company is seriously affected by data breaches or cyber attacks, your reputation (and your company as a whole) may not be able to withstand the consequences. So don’t wait for things to go wrong before making the right budget decision.
19. 69 per cent of experts believe that an increase in spending on cyber security is unacceptable.
60% of Accenture’s third annual State of Cyber Security report indicates that they have invested more in cybersecurity technologies such as network security, threat detection and security monitoring over the past two years. However, almost seven out of ten respondents say that the cost of this investment to stay ahead of cyber threats is not sustainable in the long run.
Cyber security statistics: Status of industry in relation to employment
Recruitment and employment are important areas for almost all industries, and cyber security and information technology are no different. So here are some basic statistics on cyber security employment and customer loyalty that you should look at:
20. 82% of the CISOS report consider that they are exhausted as professionals.
Symantec (now Broadcom), in collaboration with cybersecurity researcher Dr Chris Brauer and Goldsmiths of the University of London, says her research on more than 3,000 security decision-makers in the UK, Germany and France shows that four out of five security organisations feel significantly overwhelmed. In addition, 65% of respondents said they felt doomed to fail, while 64% of respondents said they would leave their jobs.
21. 62 percent of the groups of cyber security organisations are understaffed and 57 percent have vacancies.
Global studies by ISACA show that many organisations put too many vacancies on the table when it comes to recruiting and retaining cyber security staff. ISACA’s State of Cybersecurity in 2020 report indicates that 62 percent of respondents indicate that their organisation’s cybersecurity team is somewhat or very understaffed, while 57 percent indicate that some cybersecurity positions in their teams remain vacant.
22. 72% of IT professionals believe that their human resources department does not understand the need to recruit in the area of cyber security.
Although Human Resources may believe that they conduct a thorough screening of cyber security candidates, nearly three-quarters of the IT professionals interviewed by ISACA do not agree. ISACA data on the state of cyber security in 2020 shows that IT professionals believe that staff sometimes (37%), rarely (30%) or never (5%) understand their needs.
23. 85% of IT professionals report having at least one certificate.
How many IT-related certificates do you have? What about your employees? According to Global Knowledge, eight out of ten IT professionals report having at least one sector-specific certification. This means that four out of five jobseekers have at least one certificate when looking for work, even though many professionals have multiple certificates.
I wonder what certificates are required for the recruitment of executives? Take a look at the ideas of industry experts.
24. In the United States, a 62 percent increase in personnel is required to meet the demand for cyber security.
You may have seen the headlines and other articles in the cybersecurity statistics indicating that unemployment in the cybersecurity sector fluctuates around 0%. Research carried out by the SAI2 in 2019 also shows that significant employment growth is needed to close the existing gap of almost 500,000 people if the industry is to meet the needs of the US economy. But the United States is still in a better position than those responsible for global cyber security. The SAI2 estimates that the number of people working in cyber security needs to be increased by 145% to meet the needs of the global economy.
25. IT security The role of the architect/engineer is the most important factor in the shortage of IT personnel.
While there are many areas where cyber security skills are lacking, a CyberEdge study conducted as part of the Cyber Threat 2020 report shows that there are three areas where organizations have the greatest skills shortages:
- Architects/engineers for information security (34%),
- IT security administrators (33.3%), and
- Analysts by risk/fraud (31.8%).
26. Cybercriminals hunt down job-seekers at an average cost of $3,000 per victim.
Although these specific cyber security statistics apply to all applicants, we found it appropriate to include them in this article as well. The FBI IC3 reports that victims have reported financial losses and damage to creditworthiness as a result of fictitious fraudulent employment. According to their January press release:
Although there has been recruitment fraud for many years, the increasing use of fake websites by cybercriminals to collect PII and steal money shows an increased degree of complexity. Criminals often lend credibility to their schemes by promoting them to legitimate employers and employment agencies so that they can target victims regardless of their qualifications and income.
Cyber security statistics: Key statistics and trends on cyber attacks and data penetration
In this section of the Cyber Security Statistics list, we look at some of the most important cyber attack and data breach statistics that we think may be of interest to you. This section does not address the financial costs of individual events and crimes during cyber attacks – these figures will be discussed later in two sections with statistics on major cyber attacks per year (2020 and 2019).
27. In April 2020, Americans face a 29% drop in US robot calls due to the COWID 19 pandemic.
Oh, here’s the advantage! According to YouMail, in April 2020 the Americans received almost 30% less robot impacts – just 2.86 billion (although I claim that’s one too many). This is probably due to the fact that international call centres in some countries are closed because of the virus. This fall in the volume of calls followed a 30% drop in March and a drop of almost 45% in February, in stark contrast to the record number of 5.7 billion calls that would have been made in October 2019.
28. Seven million: Number of data lost per day
Varonis reports that every day about 7 million records are compromised, and 56 records per second. This means that an average of approximately 2,555,000,000 (2.55 billion) cases are detected each year (365 days), based on the number of violations per day.
29. SonicWall reports that in 2019 the volume of phishing decreased by 42%.
Surprising statistics from SonicWall’s Cyber Threat 2020 report show that the total number of phishing attacks has dropped significantly over the past year. This is partly because the fishermen are measured, pragmatic and patient in the way they choose and deal with their victims. In principle, they are less dependent on spraying and urination and make their attacks more targeted and therefore more effective.
30. In 2019, 8.4 million DDoS attacks were observed.
According to the NETSCOUT Threat Intelligence Report, more than 23,000 DDoS attacks took place daily last year: Conclusions for the second half of 2019. Netscout researchers estimate that this corresponds to approximately 16 attacks per minute in 2019. It’s an attack literally every 3.75 seconds! According to the report, cybercriminals have used seven new or increasingly used attack vectors to launch distributed denial of service attacks.
31. A deep fraud: The problem is $250 million by 2020…
This is probably one of the most disturbing items on our list of cybersecurity statistics. As part of its 2020 Cyber Security Projections, Forrester Research predicts that the cost of serious fraud will cost the world more than $250 million this year.
If you’re unfamiliar with Deepfake technology, crooks use artificial intelligence (AI) and natural language technologies to produce seemingly real human video and audio clips. If this technology can be used for such positive things as restaurant reservations (even if we are so lazy that we need a computer to do it?), the question is, when will cybercriminals get their hands on it?
For a deep fake, killer actors use these generated characters to imitate people and perform phishing attacks and other scams. Imagine them using identity theft tactics now. So you might get a call from someone who looks like your boss and uses his or her phone number, and you might not be any wiser.
Hopefully, these scams do not pose a major threat because of the amount of resources needed to prepare for one of these attacks, but unfortunately, we are already beginning to understand the implications of this technology. The Deepfake scam already proved itself when the CEO of an unnamed British energy company lost $243,000 last year due to such a scam.
32. BEC Cloud Email Fraud costs U.S. companies $2.1 billion.
In April, the FBI’s IC3 team reported that it had received numerous complaints between January 2014 and October 2019 regarding BES-related fraud against U.S. companies using two cloud-based postal services. Unfortunately, these attacks have resulted in actual losses of more than $2.1 billion for the organisations involved.
But what exactly falls into the category of cloud-based email services? IC3 stated that these :
Hosting subscription services that enable users to do business with tools such as email, shared calendars, online file storage and instant messaging.
33. 279 : The average number of days needed to identify and store data on offences
It is no secret that the sooner you can catch a data breach, the less financial impact it will have on your business. However, this is not very reassuring, as research by the Ponemon Institute and IBM in their report The cost of information impact in 2019 shows that the average time to identify a threat in 2019 was 206 days and the average time to contain the threat was 73 days. This means that the cost of the nearly 280 days required to detect and locate an offense can add up.
34. SEGS was unable to stop 99.5% of major email attacks.
The next topic on our list of cyber security statistics relates to counterfeiting. Ironscales reports that almost all of the more than 100,000 verified spoofing attacks they have investigated in the past two years have been carried out by Secure Mail Gateways (SEG). The same iron scale study also showed that the two most common types of fictitious attacks used to circumvent the GIS are imitations of exact sender names (73,5 %) and imitations of similar sender names (24 %).
This is just one of many items in this growing list of cyber security statistics that emphasize the importance of training your employees to work in cyberspace. Technology cannot always protect against all threats. So your employees need to understand how to identify these threats themselves by carefully analyzing emails before accepting links or attachments.
35. Cyber fraud and abuse In the first quarter of 2020, 445 million attacks were reported.
With the security confusion in the three-country circus surrounding the global pandemic COWID 19, cybercriminals are spending the day in the field at the expense of individuals and organizations. In the report Fraud and Abuse in the 2nd quarter of 2020, Arkose Labs reports a 20% increase in the number of cases of cyber fraud following a viral infection. According to their research, as many as 445 million cyber attacks have been discovered since the beginning of 2020.
As the end of the virus situation is not yet in sight, these numbers will most likely continue to rise.
36. The number of cases of fraudulent KOVID 19 e-mails increased by more than 650% in March 2020.
I know you’re tired of hearing KOVID-19, a.k.a. Coronavirus. However, it is important to highlight the role that the pandemic has played in the cyber security sector. This puts us in 36th place on our list of cyber security statistics. In March, Barracuda Networks reported a 667% increase in the use of COWID-19 spear phishing emails between March 1 and 23. Mars.
37. 50.55 : Average number of days it takes to fix vulnerabilities in critical web applications.
According to Edgescan’s 2020 Vulnerability Statistics Report, in 2019 organizations reported that it took almost eight weeks to resolve critical risk vulnerabilities for publicly available web applications and 49.26 days for network-wide critical risk vulnerabilities. Although 50 days is a long time, it has even dropped by 18 days since 2018.
38. The number of attacks on games and computer platforms increased by 39% at the beginning of 2020.
Times are changing and cybercriminals are adapting their behaviour and attack techniques accordingly. According to a report by Akrose Labs, fraud and abuse occurred in the second quarter of 2009. In the second quarter of 2020, more and more people will spend more time communicating online due to the coronavirus, both personally and professionally. In this context, they saw an increase in cyber attacks targeting specific sectors – retail and travel (26%), games (23%) and technology platforms (16%).
39. Gift vouchers are in 4. In the second quarter of 2019, 62% of the total number of repurchase options will be available.
Cybercriminals are always looking for the easiest or most effective ways to deceive people, and the same can be said of their approach to receiving payments. At this point in our list of cyber security statistics, Agari’s report on trends in online fraud and identity fraud in the first quarter of 2020 shows that almost two-thirds of business email attacks (BEC) in the fourth quarter of 2020 are likely to be linked to BEC. In the first quarter of 2019, expenditure related to victims’ requests for payment by gift cards. The second most commonly used payment method was direct bank transfer (bank transfer), which was the most widely used payment method with 22%.
Cybercriminals love gift vouchers for many reasons. One of them is that this form of digital money does not follow the same anti-fraud standards as its credit and debit card counterparts. Another reason is that they can unpack and sell gift cards that they fraudulently purchase for profit on online file sharing sites. These cards are also easier to sell and use in legitimate stores – most store employees won’t think twice about whether someone is using a gift card, but they can ask for identification if they use a credit card for a large purchase.
40. The average cost of a bank transfer in case of BES fraud exceeds $55,000.
Although it is not the most common payment method, bank transfer requests are by far the most advantageous for BES cyber criminals. Agari’s report on trends in e-fraud and identity theft for the first quarter of 2009 is based on the following In the first quarter of 2020 it was reported that although the average amount requested for gift cards was USD 1,627, the average amount that beneficiaries had to pay by bank transfer was close to USD 55,395. This means that CLB fraudsters charge 3,3005 % more per individual bank transfer than per individual payment with a gift voucher!
One of the reasons why they are so profitable is that CLB fraudsters target large organisations and companies that regularly make large bank transfers as part of their daily activities. You can think twice when you ask him to buy a $50,000 gift certificate, but you don’t hit the arm when you ask him to make a bank transfer of that size to the seller, because you’re used to doing it as part of a normal business expense.
41. 44% of non-leading organisations report at least 500,000 customer registrations.
Accenture’s third annual report on cybersecurity divides the organisations investigated into two groups: Managers and non-managers. The first includes organisations with cybersecurity programmes covering 85% of the organisations; the second includes organisations with cybersecurity programmes covering just over half of the organisations.
In this context, 44% of these non-leading organizations reported that more than 500,000 customer files were identified last year. This contrasts sharply with those regarded as leaders, only 15% of whom report the same level of exposure to client data.
Cyber security statistics: A By number See victim file and compromise data
42. The accuracy of the Figaro database configuration is 7.4 billion records.
Security researcher Anourag Sen and his team have discovered a huge data leak at Le Figaro, the most important French news site. Dormant computers report that 8 TB of data stored on Pony Telecom’s Elasticsearch server contained several PII users of the site, including
- Full names
- Addresses :
- email addresses
- IP addresses
- Passwords (plain text, chopped with DM5)
Some public data, such as first and last names and e-mail addresses, belonged to the staff and correspondents of Le Figaro. The investigators say that new and existing accounts opened between February and April 2020 are included in these files. Sacre bleu!
43. 91 million Tokopedia accounts and passwords for sale on the black web
As part of this violation, a cybersecurity company revealed information to paging computers, according to which the hacker sold cached accounts and passwords to 91 million Tokopedia users. The cost? It’s a lousy $5,000. The article reports that although only a small subset of the fields in the PostgreSQL database actually contains sensitive data:
The most serious of the open data was the user’s email address, full name, date of birth and passwords hash. Some of the opened accounts also carried the International Mobile Subscriber Directory Number (MSISDN).
44. With access to aptoid data, more than 20 million customer files are made public.
Aptoide, a third party Android app store, reported an infringement on its database in April 2020 that led to the discovery of more than 20 million customer records. The company informs that the database does not contain any personal data of an Aptoide user, with the exception of the e-mail address used for registration and the encrypted password.
Oh, that’s comforting… Only your username and passwords are disclosed. As a large percentage of users report the re-use of passwords and credentials to log into multiple accounts, this should be a concern for many of the users concerned.
45. More than 15 billion records discovered in 2019 as a result of data errors.
Last year was again the worst year in history for data breach activities and risk-based security reporting in QuickView 2019 on data breaches. This is to be expected as the company reports that more than 15.1 billion records have been found as a result of 7,098 violations.
While the number of offences increased only slightly, even compared to 2018, the number of cases opened rose by 284 per cent compared to 2018 and by 91 per cent compared to the same data for 2017.
46. 9.2 million suspicious emails in 2019.
While this doesn’t look as bad as some of the numbers you’ve seen so far in this list of cyber security statistics, it’s important to note that this figure only represents the suspicious emails reported by Proofpoint’s end users in 2019. That’s 67% more than last year. Again, it is only end-users who are connected to a company’s customers. But at least it gives an impression of what is happening in the sector as a whole.
47. 425 GB of sensitive data leaked due to the uncertainty of the financial company’s database.
More than half a million secret and confidential financial and legal documents have been disclosed in the 425 GB treasury, ZDNet reports. The data that the vpnMentor research team finds comes from an open database linked to MCA Wizard, an application developed by Argus Capital Funding and Advantage Capital Funding. According to the ZDNet report, the AWS S3 container lacked basic security measures such as encryption, authentication measures or access authorisations.
48. 10.6 million MGM resorts attacked in 2019.
In February 2020, ZDNet reported that, according to MGM Resorts, 10,683,188 former clients had access to personal information (PII) via a cloud server by 2019. Most of the information shown includes the names and telephone numbers of the guests.
According to the ZDNet report:
In addition to information for tourists and frequent travelers, the files disclosed include personal information and contact details of celebrities, technology company executives, journalists, government officials, and employees of some of the world’s largest technology companies.
49. A Brazilian biometric company recorded 81.5 million records, including fingerprints, on an unsecured server.
The use of biometrics is often regarded as one of the most secure forms of authentication in terms of security. Biometrics includes various identification factors and technologies such as retinal scanning, facial recognition software and fingerprints. But security researcher Anurag Sen and his team discovered 16 GB of data on an unsecured server, Elasticsearch, which belongs to Antheus Tecnologia, a Brazilian provider of biometric solutions. The database contained 76,000 fingerprints, e-mails and phone numbers of company employees.
According to a CNet report, Antheus Tecnologia stated that there was no sensitive data on the server and that the fingerprints did not come from the clients, but were in fact public data from the development team and NIST.
50. The Federal Loan Program of the SBA provides access to the data of nearly 8,000 business applicants.
As if many small businesses were already in trouble because of the coronavirus situation, it turned out that the source of the data leakage was the location of the Federal Government’s Economic Injury Loan (ELI) program. In March, the Small Business Association (SBA), which manages the application process, sent letters to the applicants concerned to inform them that their ROE and financial and insurance information may have been disclosed.
How is that possible? This is a bug in a web application. By simply pressing the back button during the first round of the credit application procedure, the online application displays the information entered by the previous applicants.
It is not yet clear who saw who’s information and whether the leak was used by the attackers. Time will tell.
51. The personal information of 6.5 million Israeli voters was disclosed through the promotion of the application.
According to the Hague press organisation, the personal data of 6,453,254 Israeli voters were lost as a result of a fake election application called Voter. The information leak contained essential information:
- Full names
- Identity card numbers (similar to U.S. social security numbers).
- Such as
- Telephone numbers
- Other unspecified personal data
According to the New York Times, the vulnerability of the software made it possible not only to view but also download the entire electoral register. With a total population estimated at around 8.6 million according to the latest United Nations data, this is the majority of the country’s population.
52. More than 530,000 compromised boost accounts sold (or received) online
Unprotected zoom encryption has been a hot topic. But most people were interested in the fact that more than half a million zoom accounts were sold through the black web and hacker forums for only $0.0020 per account, according to Bleeping Computer.
Accounts were obtained through account stuffing attacks when attackers attempted to log into the zoom system using accounts that had been released when old data was leaked. The Sleeping Computer Company reports that it has been notified of a breach by investigators from Cyble, the cyber security research agency.
53. 160,000 Nintendo user accounts compromised by outdated network accounts
We’ve already said that cyber attacks against the gaming industry are on the rise. Here’s one of these. Nintendo, a Japanese gambling company, has reported unauthorised access to approximately 160,000 accounts through Nintendo Network IDs (NNIDs). Compromised information includes aliases, dates of birth, country/region and e-mail addresses. At that time, however, there would have been no breach of access to credit card data.
Cyber security statistics: Costs of best cyberattacks and data breaches in 2020 (current)
54. Hackers demand a $42 million ransom for the A-Lister law firm’s records.
Page six reports that a New York entertainment law firm, used by celebrities around the world, has become the target of ransom attacks. The attackers, a group of hackers called REvil, first demanded $21 million from Grubman, Shire, Meiselas & Sacks to prevent them from caching 756GB of confidential documents, emails and contracts from famous customers of the companies they stole. The article states that hackers’ ransom demands have since doubled to $42 million.
This is reflected in a statement from the law firm on page 6:
Despite our significant investment in modern technological security, foreign cyber-terrorists have hacked into our network and are demanding a ransom of $42 million. We work directly with federal law enforcement and continue to work around the clock with the best experts in the world to address this situation.
It remains to be seen whether they will decide to pay – something a law firm is not willing to do. You just have to look at the situation to see how it develops.
55. Three BPP attacks cost the Puerto Rican government $4 million.
According to the Associated Press report, the Puerto Rican government lost a total of more than $4 million in January 2020 after three separate email attacks that threatened companies. A total of $1.5 million was spent on the Puerto Rican Industrial Development Corporation alone and another $1.5 million on the Puerto Rican Industrial Development Corporation. The Puerto Rico Tourism Corporation received $1,000 in damages, both of which are government agencies.
56. Tank investor Barbara Corcoran lost almost $400,000 because of the BEIC scam.
In February 2020, a cyber criminal decided to go after real estate magnate and commercial investor Barbara Corcoran. According to People magazine, she was the victim of a successful business e-mail scam (BEC) that cost her $388,700.11. The attack, which was then traced to a Chinese IP address, took place when the perpetrator, posing as Corcoran’s assistant, sent an e-mail to Corcoran’s accountant asking for money to be transferred to a bank account to pay for the repair of the property.
Fortunately for Corcoran, USA Today reports that the money has now been returned. How did the attack happen? In an American article Corcoran says
The detail that no one has learned is that my assistant’s email address was written in a letter with an error, making it a fake email address created by crooks.
57. Americans have lost $24.44 million to coronavirus scams (so far).
As if the song itself isn’t so bad – don’t forget that this is probably just the beginning. The Federal Trade Commission (FTC) reports between 1 and 5 January. May 2020: 36,238 complaints were registered and the total amount of losses was nearly $25 million. The states with the highest number of complaints were California (4,010), Florida (2,515), New York (2,220), Texas (2,196) and Massachusetts (1,515).
Cyber security statistics: Costs of fraud, cyber attacks and data leaks in 2019.
58. $3.92 million is the average total cost of realization of the data.
Although this study has been running since 2019, the Ponemon Institute and IBM are reporting on it. The cost of accessing the data for 2019 remains an excellent source for obtaining a continuous estimate of the costs associated with data leakage. Their figures correspond to an average total cost of $3.92 million. The cost for a single data breach is $150.
Their report also showed that an offense with a life expectancy of less than 200 days would cost $1.2 million. That’s less than a violation with a lifespan of more than 200 days.
59. $37 million – This is the amount that the Toyota subsidiary lost in August 2019 in a BPP fraud.
2019 was not the best year for Toyota and its cybersecurity subsidiaries. Evidence reports that Toyota Boshoku, a subsidiary of car giant Toyota, lost tens of millions of dollars in a fraud involving the CLB.
This is stated in a press release from Toyota Boschoku Corporation:
a recent case of fraudulent payment orders from a malicious third party […] has resulted in financial losses in our European subsidiary.
60. Nikkei America lost $29 million in an EAC attack in September 2019.
Nikkei America, an American subsidiary of the Japanese media group, was the target of an e-mail. Nikkei, Incorporated. (Japan) stated that an employee of his US subsidiary had made a bank transfer on the basis of instructions received by e-mail from a person claiming to be the company’s managing director.
Although the official statement indicated that they would take immediate steps to receive and repay the funds transferred, there has been no follow-up action to indicate whether their efforts have been successful.
61. The Texas school district lost $2.3 million in a phishing scam.
It seems that the cyber criminal has decided to try his hand at education with this next item on our list of cybersecurity statistics. The Manor Independent School District reported on Twitter that it lost about $2.3 million in a phishing scam, CNN reported. The attack, which involved three fraudulent operations, took place in November 2019, but was not reported until January 2020.
62. Erie, Colorado, loses $1.01 million because of a CLB fraudster posing as a construction company.
Unfortunately, cybercriminals are very creative and always find new ways to make things happen. In this specific situation, the fraudster posed as a local construction company that completed the work on the Erie Parkway Bridge, reports the Denver Post. The author has submitted an online application via the city’s website, requesting electronic payment for the work carried out in the future. Two payments totalling over $1 million were then electronically transferred to the cybercriminal’s account, where they were then transferred to another location.
The security intelligence service also reports that, despite the existence of guidelines in the city, the official who accepted the new form of payment information did not follow them.
63. A Chinese venture capital company loses $1 million as a result of seed capital fraud.
The Chinese venture capital company that made the deal with the Israeli start-up lost $1 million due to a carefully targeted phishing campaign using a combination of BEC tactics, eponymous domains and MitM attacks, reports Check Point. In order to communicate with both groups, the attacker not only used fake e-mails that pretended to be real contacts on both sides, but also registered two fake domains that looked almost identical to the organizations’ websites.
The entire attack involved a total of 32 messages – almost three dozen messages – between the attacker and two companies!
Cyber security statistics: Investigate the types of threats that can affect your business
Cybercriminals are always looking for new and advanced ways to intimidate their targets. Sometimes he just puts a new lipstick on the pig and applies new tactics to old scams. But whatever tactics are used, we as a company, authorities and consumers must inform ourselves and our employees about these threats.
Next, we have identified a number of categories or areas in our list of cyber security statistics that you should look for if you are working to strengthen your cyber security:
Problems of staff complacency or cooperation
64. 63% of development organisations ignore more than 25% of safety events and warnings.
The AT&T report The Relationship Between Security Maturity and Business Enabler shows that more than two-thirds of large organizations ignore more than 25% of their security warnings and events because it is too impractical to invest in each warning. More than half (52%) of the following organisations and 27% of the leading organisations say the same.
65. 77.4 percent of respondents pointed to the poor relationship between their IT and security teams.
Cooperation is essential to make the organisation’s cyber security programmes and initiatives as effective as possible. But it’s not all sunshine and rainbows when it comes to collaboration between IT and security teams, according to VMWare Carbon Black’s March 2020 Cyber Security Outlook report. A study by Forrester Consulting showed that more than three-quarters of the respondents found the relationship between the two groups sour.
66. 55% of organisations consider that cooperation should be a top priority.
In any case, the good news is that most organisations understand that cooperation is the key to improving overall cyber security. Data from VMWare Carbon Black’s Cyber Security Outlook report shows that more than half of those surveyed say they want to make collaboration between IT departments and security teams a top priority for next year.
Poor visibility and asset management
67. 74% of organisations do not know how many digital keys and certificates they have.
Nearly three-quarters of respondents to the KeyFactor Public Key Infrastructure Survey 2020 and the Ponemon Institute say that their organisation does not know how many digital keys and certificates they actually own or use. What for? Because they don’t have enough knowledge about managing PKI certificates. This includes the use of X.509 digital certificates, such as SSL/TLS certificates.
So, if you don’t know how many certificates you have – let alone where to find them or when they expire – how can you manage them or update them before they expire? Simply put: It can’t be.
Manage digital certificates as a pattern
14 Certification of good management practices to ensure performance, safety and full compliance with your company’s requirements
68. 64% of specialists do not know all the endpoints of their organisation and web applications.
What a disturbing thought. What if more than two thirds of your own employees have no idea how many web applications or access points there are in your organisation? This is the case for most of the experts interviewed in the Edgescan statistical report on vulnerability in 2020. The worst thing is of course that 68% of the respondents seem to think that their level of awareness is average in the sector.
69. 90% of the malware analyzed has behavior that bypasses protection.
Just when you thought the problem of malware and blackmail couldn’t get any worse, VMWare Carbon Black appears with data about the attacker’s behavior, digging a little deeper into the wound. Their report, which contains data on attacks using the MITRE ATT&CK™ framework, indicates that nine out of the ten malware samples they analyzed detected a security circumvention. This suggests that cybercriminals are becoming increasingly secretive and are actively trying to bypass outdated security solutions. This behaviour was observed in 95% of the ransom samples.
70. 48% malware demo software and hidden Windows tactics to protect against circumvention
Software packaging, the method of compressing or encrypting an executable file (according to MITRE), was the most commonly observed malware circumvention behavior observed by VMWare Carbon Black when analyzing the behavior of large malware in 2019. This category accounts for 26% of the samples, while hidden windows account for 22%.
71. Counterfeit attacks up 400% in 4 months
In January 2020, Barracuda researchers reported a sharp increase in attacks on people in the domains by listening to conversations. The company reported that by July 2019 it had detected about 500 such attacks per week, but by November 2019 the number had quadrupled to more than 2,000 per week.
Their research shows that this jump means that there were more than 2,000 attacks in July 2019 alone and more than 8,500 in November 2019. (The figures in the source article are not very clear about the way the data is presented in his article, so I went directly to Barracuda for clarification).
Visibility and violent processes
72. Forty-six percent of experts consider third party access and visibility as an obstacle to the implementation of IT security measures.
Almost half of the experts who responded to Experian’s seventh annual data preparation survey said the lack of security processes for third parties accessing our data severely hampers their ability to respond to data breaches. In addition, 60% also stated that insufficient visibility of end-user access to sensitive and confidential information is one of the main obstacles.
HTTPS and phishing websites
73. A new fishing spot is broadcast every 20 seconds.
As if one phishing website is no longer enough, Wandera reports in its Mobile Threat Landscape Report 2020 that a new phishing website is launched every 20 seconds. These are three new websites per minute, specially designed to victimize users and steal their information!
74. 74% of phishing sites are served by HTTPS.
The fact that you are connected to the website via an encrypted connection does not mean that your data is safe. Just like – if not more – it is important that you know which website or organization you are connecting to! Based on data from PhishLabs, the Q4 2019 Anti-Phishing Working Group (APWG) reports that nearly three-quarters of phishing sites now use encrypted connections via SSL/TLS.
75. 60% of the websites use HTTPS as a standard protocol.
We are pleased to announce that the use of HTTPS is increasing. W3Tech’s usage statistics show that from the 8th quarter of 2010 May 2020 almost two thirds of the websites are using the standard HTTP protocol. This figure has risen from just over 50% in May 2019. However, the tricky thing is that some of these sites refer to malicious sites. This is why it is important to establish an organisational identity on your website using an SSL/TLS certificate, so that visitors can determine whether your website is legal or false.
Insider threats (intentional or negligent)
76. Cyber incidents related to threats from within have increased by 47% since 2018.
It is no secret that people are often the weakest link in your security protection – but new research from the Ponemon Institute confirms this statement. In their global report The Cost of Insider Threats in 2020, commissioned by ObserveIT and IBM, they point out that insider threats are growing rapidly – nearly 50% in the past two years. In addition, their study shows that the average annual cost of these security threats increased by 31 percent to $11.45 million over the same period.
77. The costs of preventing and investigating internal threats will increase by 60 percent from 2017.
The Ponemon Institute report The cost of insider threats 2020 (sponsored by ObserveIT and IBM) also shows that organizations are spending far more money on detecting and investigating insider threats. In particular, the cost of insider threats to the financial services industry has risen by more than 20% to USD 14.5 million since 2018.
78. Threats and insider attacks are at the top of the list of the most serious computer security problems.
When it comes to assessing the level of functional security in their organizations, respondents to the CyberEdge Group 2020 Cyberthreat Defense Report found that the biggest issues are related to employee concerns. They see the difficulty of identifying unauthorized insiders and insider threats as their biggest problem. The result is a lack of safety awareness among users. This may be due to a lack of internal resources that they can use for both training and supervision of their staff.
79. Data breaches caused by human error cost companies an average of $3.5 million.
It is no secret that humans are considered the greatest vulnerability of cyber security organizations. The data contained in the report on distribution expenditure for 2019 prepared by the Ponemon Institute and IBM do not give cause for concern in this respect. Many of the cyber security statistics they share in their research still emphasise this concern. Indeed, their research shows that the human factor leads to data leaks costing an average of $3.5 million.
Although this amount is higher than the estimated cost of system downtime (average $3.24 million), it is at least lower than the average cost of malicious and criminal attacks, which amount to $4.45 million.
80. 90% of working adults use equipment that their employer has lost for non-working activities.
Nine out of ten working adults report using equipment provided by the employer for personal use, according to the Proofpoint User Risk Report 2020. About half of the respondents indicated that they also had access to these devices and their friends and family members.
Protection of IoT
81. 83 billion IoT compounds to be produced by 2024.
New data from Juniper Research indicate that the total number of IoT connections will reach 83 billion in 2024. This means an increase of 130% over the next four years, compared to 35 billion connections in 2020. The industrial sector, encompassing agriculture, manufacturing and retail, is expected to account for more than 70% of these links over this period.
82. SonicWall has only seen a 5% increase in IoT malware in 2019.
In their report on cyber threats in 2020, SonicWall Capture Labs researchers report only a modest increase (5%) in IoT malware (equivalent to approximately 34 million attacks), but SonicWall Capture Labs researchers believe that this does not mean you can give up your protection. In fact, you should be prepared to increase the likelihood of such attacks.
For more statistics on IoT based cyber security, see our article 20 Amazing statistics on IoT you don’t know yet.
83. This unique fishing campaign received more than 128,000 emails with a fake ReCaptcha.
As mentioned earlier, cybercriminals continue to try to make pigs out of new lipstick. In this case, Barracuda researchers are reporting an increasing number of phishing emails using malicious reCaptcha to block detection. An email phishing campaign the company analyzed contained more than 128,000 emails that used this technique to confuse Microsoft’s fake login pages.
According to the article, reCaptcha walls prevent automated URL analysis systems from accessing the actual content of phishing sites. In fact, cybercriminals do not allow email security systems to detect malicious websites.
84. 65% of users use the same password for multiple accounts.
With so many public service announcements warning of the dangers of password re-use and the availability of key managers, we are very pleased that the number is still so high. According to an Internet security survey conducted by Google and Harris Poll in February 2019, 52 percent of users report with the same password for all accounts and 13 percent report with the same password for all accounts.
85. 24% of survey participants use a password manager.
The same Google/Harris survey conducted in February 2019 also showed that less than a quarter of the respondents reported using a password manager. Surprisingly, the people who trust password managers the most are those who are 50 years of age or older.
86. 94% of malware is sent by e-mail.
According to Verizon’s Data Violation Investigation Report 2019 (DBIR 2019), almost 9 out of 10 malware cases are sent via email. Of this type of malware, 45% are office documents.
87. 86% Malware email attacks
The bad news is that almost 9 out of 10 email attacks do not use malware, making them more likely to go through your email security system. The bad news is that this means that attackers use different tactics to carry out their attacks. The data from FireEye suggest that attackers are more likely to use a booby trap and various impostor-like attacks to achieve their goal.
88. 37.9% User Phishing Error Tests
Data from KnowBe’s Phishing Industry Assessment Report4 shows that nearly 38% of untrained end-users are exposed to phishing attacks and will fail phishing tests. This growth represents a significant leap from their 2019 report of 8.3%.
Any good news?
Yes, we do. KnowBe4 data on the percentage of phishing (APP) suggests that computer-based training and simulated phishing tests can help improve these indicators:
And after a year of monthly phishing simulations and regular training, PPPs continue to fall to just 4.7%. In all sectors, the average improvement is 87% between the basic examination and 12 months of training and examination.
89. More than 3900 unique users were killed in a phishing attack on a mobile bank over a period of 7 months.
The latest data from the Observatory show that a phishing attack on mobile phones alone resulted in almost 4,000 victims, targeted at users of mobile banking via SMS. Threateners have sent phishing links to fake websites and posed as well-known banks in North America to access their confidential information and login credentials. Their research shows the scale of the attacks in the world, with the United States being the most affected.
The source of the image: Notebook
90. 87% of successful phishing attacks use methods other than e-mail.
As you can see from our list of cybersecurity statistics, phishing is not only done via email. In the Mobile Threat Report 2020, Wandera indicates that almost nine out of ten successful phishing attacks do not rely on email and often use other attack methods. That is why it is important to inform users about the dangers of phishing emails, but the training should not be limited to emails alone. Also inform them about the dangers of phishing (voice phishing), smileying (SMS phishing) and other methods of phishing attacks.
If you want to know more about phishing statistics, don’t forget to read our article Fishing Statistics: The last 29 fisheries data for 2020.
91. The cost of the ransom raids exceeded $7.5 billion in 2019.
Last year, according to an Emsisoft report entitled The State of Ransomware in the United States, $7.9 billion was spent on ransom attacks by healthcare providers, various government agencies and educational institutions in the United States: Report and Statistics 2019.
92. 85% of MSP takeovers as a common threat to SMEs
Data from Datto’s Global Channel Ransom Status Report shows that Managed Service Providers (MSPs) have identified ransom money as a major malicious threat to small and medium-sized enterprises (SMEs) – four out of five.
93. 20% of the GSR report has been the victim of one or more ransom attacks.
Datto’s report on the global ransom situation in the chain also indicates that one in five small and medium-sized companies indicate that their organisations have been attacked for ransom demands.
94. 10% increase in the number of ransom programmes discovered in 2019, despite a decrease in the number of new ransom families.
According to Trend Micro, the discovery of new ransom families fell 57% in 2019. But despite the decrease in the number of new families, the computer security company reported a 10% increase in the number of children in the same period. This means that cybercriminals try to carry out more attacks with fewer forms of ransom.
95. Naming software Increase in average downtime to 16.2 days in Q4 Q1 2019.
Simplicity is an expensive and disappointing experience for any organization, regardless of size. But its effects go far beyond money and time – it also has a big impact on your reputation and the trust that users and consumers place in you. According to Coveware’s fourth quarter report on the ransom market, downtime due to ransom requirements averaged 16.2 days in the last quarter of 2019 – a significant increase from the previous quarter’s average of 12.1 days.
You can find more statistics on purchased programs in our article Statistics on purchased programs, which you can’t resist reading.
96. Attacks on web applications increased by 52% in 2019.
In its 2020 Cyber Threats report, SonicWall Cyber Threats, SonicWall Capture Labs reported that the number of web application attacks has more than doubled each year. The most significant increase in attacks occurred after May, bringing the total number of attacks on web applications to over 40 million. The main methods of attack are SQL injections, incorrect authentication and session management, cross-site scripting (XSS), and so on.
97. SQL injection is responsible for 42% of all critical Internet-related vulnerabilities.
SQL injection, like other injection attacks, injects data into input fields to influence the execution of predefined commands. In this case, however, it concerns the use of SQL commands. In the statistical report Vulnerability 2020, Edgescan reports that SQL injections accounted for 42% (one in five) of the most common critical vulnerabilities in web applications accessing the Internet last year.
Cyber security statistics: Breakdown of statistics on cyber attacks by sector
We know that while it is interesting to read statistics on cyber security in general, it is much more useful to read statistics specific to your sector. That’s why we’ve collected cybersecurity statistics that can help you understand the types of threats or situations your organization faces – and others who like them.
98. Forecast of three areas that will account for 30% of security expenditure by 2023.
The first part of this part of our list of cybersecurity statistics covers several areas. A study by IDC’s Worldwide Semiannual Security Spending Guide shows that nearly 30% of global security spending between 2019 and 2023 is expected to come from the banking and discrete manufacturing sectors, as well as federal/central government.
99. The average cost of health care is $6.45 million.
The Ponemon Institute and IBM’s Data Breach Cost Report 2019 show that the healthcare sector is the most expensive in terms of average total cost per violation. In addition, they had the longest data breach lifecycle – the time it took to detect and locate the breach – 329 days.
100. 700 carers, 110 governments and institutions who were victims of ransom in 2019.
Trend Micro data shows that health authorities and governments are interested in combating ransom threats. Last year, more than 700 healthcare providers were affected by ransom attacks, and these and other cyber attacks lead to life-threatening situations for patients in hospitals. At the same time, the company reports that at least 110 U.S. states, municipalities and authorities have been victims of ransom payments.
But why are these organizations exposed to such a risk? It often comes down to the fact that
- Insufficient safety and hygiene awareness,
- Dependence on outdated and obsolete systems.
One would think that after the WannaCry attack in 2017, which damaged health organizations and government agencies around the world, such organizations would be more proactive in updating their operating systems and addressing vulnerabilities. But I think some lessons are harder to learn than others…
101. Early 2020. There has been a 32% increase in buy-out actions against energy/municipal organisations.
Data from VMWare’s Carbon Black Cyber Security Report 2020 shows that while 2019 was a year of high-profile attacks on healthcare professionals (764) and state and local governments and institutions (113), the first three months of 2020 saw a significant increase in attacks on the other vertical sector: Energy/municipal services.
According to the report:
The apparent increase in the energy/utility sector and government suggests that as geopolitical tensions increase, so do the attacks on these sectors, which often serve as critical infrastructure and provide essential services to large segments of the population.
102. In the fourth quarter of 2019, SaaS/website represented almost 31% of the worst affected fishing sectors.
It is no secret that cybercriminals like to have access to e-mail. In a sense, it is therefore logical that an unwelcome honour to be the first phishing target sector should be sent to SaaS/Webmail, according to APWG’s Q4 2019 Phishing Activity Trend Report. They are followed by the payments sector (19.8%) and financial institutions (19.4%).
103. Lateral damage: Satellite communications experience 295% increase in DDoS attacks
Sharing IP space with other organizations is boring, and I have to say that by the end of 2019 no one will have a better understanding than the satellite telecommunications industry. According to NetScout’s 2H 2019 Threat Report, the frequency of DDoS attacks on satellite communications increased by almost 300% in the second half of the year. What for? They attribute this increase to DDoS attacks, which did little harm to financial institutions in Europe and Asia during this period.
According to the report:
By sharing large blocks of networks with organizations that did not have their own IP space, the providers of satellite services were confronted with significant collateral damage as a result of these attacks.
Cyber security statistics: Information technology compliance and risk management statistics and data protection
Managing and limiting risks is important for any organisation that wants to distance itself from them. This includes compliance with safety and data protection rules – compliance with these rules is not mandatory. While not all privacy and coding laws and regulations apply to every organization or company, it is important that you and your employees know which ones apply.
For example, if you work with proprietary medical or health information, you should familiarize yourself with HIPAA. If your company processes payments with payment cards, you must be familiar with the requirements of the PCI DSS standard. Not to mention the RVP, the CCAC, the NYDFS… . . .the list goes on and on as more and more countries and states adopt new laws and regulations.
This memorandum contains a number of statistics that apply to cyber security and that we believe may be important in this area:
104. 52% of legal and compliance officers are concerned about the cyber security risks associated with COVID-19.
We know you may be tired of hearing the coronavirus, but these are strange times. Many companies are moving – even temporarily – to remote locations because of the current coronavirus situation. Gartner’s responses to a survey of 145 Chief Compliance Officers reveal that business leaders are concerned about the increasing risks associated with third-party cybersecurity as more and more companies need to enable their employees to work remotely. Their challenges range from the use of unprotected networks to threats to corruption, fraud and privacy.
105. More than 40% of PET scanners are expected to use AI by 2023.
According to another Gartner study, Artificial Intelligence (AI) will play a greater role in data protection technologies over the next three years. Given the progress made in Artificial Intelligence (AI), the increasingly stringent data protection and security laws and regulations in recent years, and the increasing dependence of the cyber security industry on AI, this seems the logical next step in terms of compliance and risk management.
106. 67% of respondents in the business survey described data visibility as the biggest problem.
The handling of sensitive data is often a problem for companies of all sizes. According to the Ponemon Institute’s Global Encryption Trends Survey 2020, more than two-thirds of respondents said their organization’s biggest problem is finding confidential information. 31% of respondents believe that identifying and classifying data to be encrypted is another important issue.
107. Only 36.7% of global organizations report full compliance with PCI DSS.
This is an alarming trend, but it needs to be known, which is why we have included it in our list of cyber security statistics. Just over a third of the organizations surveyed said they actively support their PCI DSS (Payment Card Industry Data Security Standards) programs by 2018, according to the Verizon 2019 Payment Security Report (PSR). This is a significant decrease from the 55.4% that reported 100% compliance at the interim validation in 2016!
108. Data protection compliance programmes: 20% extended, 0% optimised
The Verizon 2019 Payment Security Report indicates that of the 55 organizations surveyed for PSR 2018, only one in five believed that the PCI Data Protection Program (DPCP) had improved. Worst of all, none of them felt that the level of maturity of their programs had been optimized.
While it is unfortunate that so few organizations have DPCP programs that are considered advanced, it is even worse that many organizations do not even bother to measure the maturity level of their PCI (payment card industry) security programs!
109. 48% of companies report that they have and are implementing a consistent coding strategy.
The Ponemon Institute’s Global Encryption Trends 2020 study, commissioned by nCipher and Entrust Datacard, found that nearly half of the respondents said their organization adopted and consistently implemented an encryption plan across all business units. Only 39% of respondents indicated that they had a limited plan applicable to certain types of data and applications. The first represents an 11% increase compared to the fiscal year 2015, while the second represents a 6% decrease compared to the same period.
Another 13 percent say they generally don’t have an encryption plan or strategy. This is a fairly stable figure since it has been communicated for the financial year 2016.
110. 58% of companies use the cloud for sensitive or confidential data.
According to the same Ponemon Institute’s Global Encryption Trend Study 2020, more than half of respondents said their companies use cloud technology to transfer or store data, whether encrypted or secured with a security mechanism. This figure is 2% lower than the figure of 60% of the previous year.
Cyber security statistics: Location-based cybersecurity statistics
So what are the most important cybersecurity statistics if you are more interested in data broken down by country or region? Yeah, we’ve got you and this cybersecurity information covered:
111. $8.19 million: The average cost of a data breach in the United States.
The U.S. has the highest average cost of data breaches, according to the Ponemon Institute and the IBM 2019 report. It’s not exactly the note we’re hoping for, but it’s not necessarily unexpected.
112. 44% of users in the US report using password managers
Many cyber security experts spread the idea of password managers. According to Proofpoint’s report User Risk 2020, the use of password managers in the United States is much higher than in other countries. Globally, only 23% of respondents reported using a password manager.
113. In the period from 1. to 4. In the second quarter of 2019, the number of phishing attacks in Brazil increased by 275.5%.
In Brazil, South America’s largest economy, there were 24,251 phishing attacks in 2019, according to Axur. This goes back to the fourth century. In the second quarter of 2019, APWG will put the spotlight on trends in the fishing industry. The lowest number of phishing attacks was recorded in the first quarter of 2019 – only 3,220. However, they reported 8,872 such attacks in the fourth quarter of 2019. This means an increase of almost 276% from the first to the fourth quarter!
114. 35.7% of e-mail URLs in Brazil are malicious.
Brazil also ranks first in other phishing news when it comes to the highest percentage of malicious links in emails. According to the Broadcom 2019 Internet Security Threats Report (formerly Symantec ISTR), more than one third of all emails contain malicious links. They are followed by Mexico (29.7%), Norway (12.8%) and Sweden (12.4%).
115. 42% of cyber attacks in Colombia were carried out from malicious websites.
Malicious websites pose a threat to organizations, governments and users all over the world. But one in five people in Colombia interviewed said their organization had suffered cyber attacks last year with the same attack vector, according to the Sophos Impossible Cyber Security Puzzle report.
Mexico and Central America
116. Nearly 94% of organizations in Mexico have been compromised in the past 12 months.
Thanks to these shocking statistics on cyber security, Mexico is at the top of the list of organisations that have survived at least one successful cyber attack in the past year. The CyberEdge report on the ECN for 2020 shows that the country is at the top of the list. 93.9% of the surveyed organizations said that their organization had endured at least one successful attack.
117. Nearly 25% of cyber attacks in Mexico are due to the use of external media equipment.
Several countries tend to show greater vulnerability to one attack vector than to another. According to Sophos in The Impossible Puzzle of Cybersecurity, one in four attacks in Mexico last year was due to the use of external media devices such as USB sticks. It is therefore important to train employees to use only devices provided by the Company and to ensure compliance with Company policies regarding the use of computers.
118. In Saudi Arabia one of the 118 letters is bad.
Saudi Arabia seems to be the world leader in malicious email, according to Broadcom’s ISTR 2019. They are followed by Israel (1 in 122), Austria (1 in 128) and South Africa (1 in 131).
119. 52.68% of Iranian users are infected with mobile malware.
Malware for mobile phones is a growing problem in many countries, as evidenced by various lists of cyber security statistics. However, according to Comparitech, more than half of the users exposed to cyber attacks in the third quarter of 2019 were infected with mobile malware.
120. 110,000 Daily report on boat infections in German computer systems
Between 1 June 2018 and 31. In May 2019, BSI received daily reports of 100,000 boat infections affecting German computer systems, according to the German Information Security 2019 and the AV-Test Institute. Data from the Federal Office for Information Security (BSI). But the report highlights something even more worrying:
More than half of the attacks currently take place on compromised cloud servers or servers that are legally rented but then abused. As a result, nowadays almost all cloud service providers are used at least once by attackers to carry out DDoS attacks.
121. The German institute registers more than 350,000 new PAUs and malware every day.
Here is another dose of malware-related cyber security statistics that will make you happy. From the fourth. In May, the AV-TEST Institute reports that it registers more than 350,000 new potentially unwanted applications (PAU) and malware every day. Yes, they register a lot of new PAU and malware every day.
122. Denmark is the country with the fewest users infected with malware (3.15%).
Finally, our last item on this list of cyber security statistics. On the basis of seven specific criteria, Denmark is recognised by Comparitech as the safest country in the world in the field of cyber security. According to the Committee’s report for the third quarter. In the second quarter of 2019, the number of cyber attacks fell from fourth place in the 2019 report. Compare with Great Britain (7.69%), the United States (9.075) and France (15.09%).
While there are many other compelling statistics about cybersecurity, we simply cannot collect and publish them all. Time is short and frankly, current cyber security statistics are constantly changing as new data becomes available. But don’t forget to sign up and keep an eye on our blog, because many aspects of the statistics we’ve covered – and other statistics we haven’t touched yet – will be covered in Hashed Out blogs in the future. Stay with us.
Completion of the list of cybersecurity statistics 2020
Yeah, it was too much. But we hope that this list of cybersecurity statistics will provide you with a lot of useful information on all aspects of cybersecurity.
Looking at the data presented here, it is easy to see that cybercriminals pose a direct threat to businesses, government agencies and consumers. But it also shows that the biggest threats exist within our own organizations – and I’m not just talking about internal threats. No, I’m talking about… :
- Lack of understanding of network security and asset management.
- Lack of adequate cybersecurity safeguards, staff or resources.
- Staff e-Awareness is insufficient.
- Absence of company policies and processes related to cyberspace or their implementation.
Fortunately, there are things you can do to protect your organization from many of these growing threats. Follow industry best practices, use technology and advocacy from reputable vendors, and conduct internal or external cyber-awareness training to reduce employee ignorance and apathy. Do you have any other current cybersecurity statistics you would like to share with me and your fellow readers? I want to see them! Make sure you include them in the comment section below.
*** This is the syndicated blog of the Security Bloggers Network of Hashed Out of The SSL Store™, written by Casey Crane. The original message can be found at the following address: https://www.thesslstore.com/blog/cyber-security-statistics/.cyber security ppt 2019,cybersecurity statistics 2020,cyber crime statistics 2019,cyber attack trends,average cost of cyber attack,cyber attacks statistics 2018,cyber insurance claims statistics,cyber crime statistics 2018