The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G, and especially from greater tactical cooperation among hacker groups and state actors. The recent Solar Winds attack, among others, highlighted both the threat and sophistication of those realities.
The following informational links are compiled from recent statistics pulled from a variety of articles and blogs. As we head deeper into 2021, it is worth exploring these statistics and their potential cybersecurity implications in our changing digital landscape.
To make the information more useable, I have broken down the cybersecurity statistics in several categories, including Top Resources for Cybersecurity Stats, The State of Cybersecurity Readiness, Types of Cyber-threats, The Economics of Cybersecurity, and Data at Risk.
There are many other categories of cybersecurity that do need a deeper dive, including perspectives on The Cloud, Internet of Things, Open Source, Deep Fakes, the lack of qualified Cyber workers, and stats on many other types of cyber-attacks. The resources below help cover those various categories.
Top Resources for Cybersecurity Stats:
If you are interested in seeing comprehensive and timely updates on cybersecurity statistics, I highly recommend you bookmark these aggregation sites:
300+ Terrifying Cybercrime and Cybersecurity Statistics & Trends (2021 EDITION) 300+ Terrifying Cybercrime & Cybersecurity Statistics [2021 EDITION] (comparitech.com)·
134 Cybersecurity Statistics and Trends for 2021 134 Cybersecurity Statistics and Trends for 2021 | Varonis
2019/2020 Cybersecurity Almanac: 100 Facts, Figures, Predictions and Statistics (cybersecurityventures.com)
The State of Cybersecurity Readiness:
Despite all the warnings and high-profile breaches, that state of readiness for most when it comes to cybersecurity is dismal. The need for better cyber-hygiene is evident from using stronger passwords, patching software, employing multi-factor authentication and many other important security steps. The reality is reflected in the stats below.
78% Lack Confidence in Their Company’s Cybersecurity Posture 78% Lack Confidence in Their Company’s Cybersecurity Posture, Prompting 91% to Increase 2021 Budgets (yahoo.com)
On average, only 5% of companies’ folders are properly protected. 2019 Global Data Risk Report | Varonis
Cyber Attacks More Likely to Bring Down F-35 Jets Than Missiles “In our ever-increasing digitalized world of cybersecurity, threats keep growing.Take the F-35 fighter jet, for instance. It’s been called the “flying computer” thanks to its myriad new contraptions that include AI-like sensor fusion, 360-degree camera views, improved data links, a database of threat information at-the-ready, and a highly advanced computerized logistics systems.” Cyber Attacks More Likely to Bring Down an F-35 Than Missiles | IE (interestingengineering.com)
Nearly 80% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges, according to a new IDG Research Services survey commissioned by Insight Enterprises “Just 57% conducted a data security risk assessment in 2020.” 78% Lack Confidence in Their Company’s Cybersecurity Posture, Prompting 91% to Increase 2021 Budgets (yahoo.com)
Data breaches have lasting financial effects on hospitals, report suggests “More than 90 percent of all healthcare organizations reported at least one security breach in the last three years. Data breaches have lasting financial effects on hospitals, report suggests (beckershospitalreview.com)
Identity theft spikes amid pandemic “The US Federal Trade Commission received 1.4 million reports of identity theft last year, double the number from 2019” Identity theft spikes amid pandemic | WeLiveSecurity
The Economics of Cybersecurity “Cost of breaches have been consistently rising in the last few years. The new vulnerabilities that emerged from shifting to a remote workforce greatly expanded the cyber-attack surface and added many vulnerabilities for hackers to exploit from home offices. Also, automated attacks by hackers and the ability to convert cryptocurrencies via ransomware has added to the cost of cybercrime.”
Cybercrime To Cost The World $10.5 Trillion Annually By 2025 Cybercrime To Cost The World $10.5 Trillion Annually By 2025 (cybersecurityventures.com)
Evil Internet Minute 2019 “Every minute, $2,900,000 is lost to cybercrime and top companies pay $25 per minute due to cyber security breaches” The Evil Internet Minute 2019 | RiskIQ
The average cost of a data breach is $3.86 million as of 2020 Data Breach Costs: Calculating the Losses for Security and IT Pros (dice.com)
Cybersecurity Market Forecasted To Be Worth $403B by 2027 “Over a 5-year period, the cybersecurity market is forecasted to experience a compound annual growth rate (CAGR) of 12.5%. Cybersecurity Market Forecasted To Be Worth $403B by 2027 – CE Pro
Types of Cyber-Threats:
Phishing still ranks as a “go to” by most hackers because it is easy to do and it often works. The malware just keeps on coming…
Malware increased by 358% in 2020 “A research study conducted by Deep Instinct reports on the hundreds of millions of attempted cyberattacks that occurred every day throughout 2020 showing malware increased by 358% overall and ransomware increased by 435% as compared with 2019.”Malware increased by 358% in 2020 – Help Net Security
Check Point Software´s Security Report Reveals Extent of Global Cyber Pandemic, and Shows How Organizations Can Develop Immunity in 2021 “The world faces over 100,000 malicious websites and 10,000 malicious files daily. 87% of organizations have experienced an attempted exploit of an already-known, existing vulnerability” Check Point Software´s Security Report Reveals Extent of Global Cyber Pandemic, and Shows How Organizations Can Develop Immunity in 2021 Nasdaq:CHKP (globenewswire.com)
Phishing attacks account for more than 80% of reported security incidents. Top cybersecurity facts, figures and statistics | CSO Online
Google has registered 2,145,013 phishing sites as of Jan 17, 2021. “This is up from 1,690,000 on Jan 19, 2020 (up 27% over 12 months)”. Phishing Statistics (Updated 2021) | 50+ Important Phishing Stats | Tessian
Ransomware Victim Every 10 Seconds in 2020 One Ransomware Victim Every 10 Seconds in 2020 – Infosecurity Magazine (infosecurity-magazine.com)
Terrifying Statistics: 1 in 5 Americans Victim of Ransomware “According to data gathered by Anomali and The Harris Poll, ransomware attacks 1 in 5 Americans. The survey was based on responses from more than 2,000 American citizens.” Terrifying Statistics: 1 in 5 Americans Victim of Ransomware (sensorstechforum.com)
Attackers disrupting COVID-19 efforts and critical supply chains “Cyberattacks evolved in 2020 as threat actors sought to profit from the unprecedented socioeconomic, business and political challenges brought on by the COVID-19 pandemic, IBM Security reveals.” Attackers disrupting COVID-19 efforts and critical supply chains – Help Net Security Cybercriminals are quick to find ways to get around strengthened security “next gen” supply chain attacks grew 420% in just 12 months” State of the Software Supply Chain 2020 Report | Download (sonatype.com)
Ransomware, Phishing Will Remain Primary Risks in 2021 “Attackers have doubled down on ransomware and phishing — with some tweaks — while deepfakes and disinformation will become more major threats in the future, according to a trio of threat reports.” Ransomware, Phishing Will Remain Primary Risks in 2021 (darkreading.com)
Netscout Threat Intelligence saw 4.83 million DDoS attacks in 1H 2020. “This is roughly 26,000 attacks a day or 18 attacks per minute.” NETSCOUT Threat Intelligence Report Findings from 1H 2020
Dragos: ICS security threats grew threefold in 2020 “A new report highlights the challenges facing ICS vendors today, including practices that are geared toward traditional IT and not designed for ICS security.” Dragos: ICS security threats grew threefold in 2020 (techtarget.com)
12-top-cybersecurity-threats-against-organisations-2019-statistics-e1556643214683.jpg (980×585) (comparitech.com)
The Data at Risk:
Cybercrime To Cost The World $10.5 Trillion Annually By 2025 “The world will store 200 zettabytes of data by 2025, according to Cybersecurity Ventures. This includes data stored on private and public IT infrastructures, on utility infrastructures, on private and public cloud data centers, on personal computing devices — PCs, laptops, tablets, and smartphones — and on IoT (Internet-of-Things) devices.” Cybercrime To Cost The World $10.5 Trillion Annually By 2025 (cybersecurityventures.com)
The number of Internet connected devices is expected to increase from 31 billion in 2020 to 35 billion in 2021 and 75 billion in 2025. Security Today’s The IoT Rundown for 2020
Cybersecurity statistics do have a heuristic value in that they can point to gaps, growing threats, and alert to trends. The challenge is adapting the data into a functional and agile risk management strategy to be able to better protect ourselves. The alarming cybersecurity statistics for 2021 are a call to take the risk management mission more seriously.
Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and evangelist for Cybersecurity and Emerging Technologies. LinkedIn named Chuck as one of “The Top 5 Tech Experts to Follow on LinkedIn.” Chuck was named as a 2020 top leader and influencer in “Who’s Who in Cybersecurity” by Onalytica. He was named by Thompson Reuters as a “Top 50 Global Influencer in Risk, Compliance,” and by IFSEC as the “#2 Global Cybersecurity Influencer.” He was named by The Potomac Officers Club and Executive Mosaic and GovCon as at “One of The Top Five Executives to Watch in GovCon Cybersecurity. Chuck is a two-time Presidential appointee who was an original member of the Department of Homeland Security. Chuck has been a featured speaker at numerous conferences and events including presenting before the G20 country meeting on energy cybersecurity.
Chuck is on the Faculty of Georgetown University where he teaches in the Graduate Applied Intelligence and Cybersecurity Programs. In addition to his FORBES Contributor role, Chuck is also a Cybersecurity Expert for “The Network” at the Washington Post, and a Visiting Editor at Homeland Security Today.