By: Media Sonar
Cybersecurity threats are far more frequent, diverse, and severe than anyone could have anticipated a few decades ago. It’s crucial that all organizations implement measures that better safeguard company and customer information to mitigate financial losses and brand damage. Here are ten cybersecurity statistics that show how drastically the cyber threat landscape has changed.
1. 61% of SMBs experienced a cyberattack during the last year.
Cyberattacks are expensive, brand-damaging events that can derail an SMB. Within six months of an attack, 60% of SMBs go out of business. SMBs often underestimate their security risks and assume attackers are inclined to go after enterprises. However, today’s threat actors emphasize the ease of the opportunity more than the potential value and perceive SMBs to have fewer defenses than their enterprise counterparts.
2. Globally, one ransomware attack occurs every 10 seconds.
Ransomware has evolved and expanded dramatically, with threat actors targeting a new organization every 10 seconds. Research suggests that the next several years will be even worse, with a ransomware attack happening every 2 seconds by 2031 – costing victims $265 billion (USD) annually.
3. The annual global cost of cybercrime is estimated to be $10.5 trillion by 2025.
Source: Cybersecurity Ventures
Global cybercrime costs are rising and, if measured as a country, would be the world’s third-largest economy after the United States and China. With a growth rate of 15% year over year from 2020, Cybersecurity Ventures predicts that global cybercrime costs will reach $10.5 trillion annually by 2025, up from $3 trillion in 2015.
4. 90% of security professionals assume their organization has already been breached or will be soon.
Source: Media Sonar Technologies
In today’s hyper-connected world, security teams are no longer wondering if an attack is on the way but instead asking themselves when it happened, how it happened, what the impacts are, and what they can do about them. Get your copy of Media Sonar’s report: “Will Every Organization Be Breached?” for more statistics and insights on how organizations are managing data breaches.
5. Phishing is the most common threat vector and was involved in 36% of data breaches.
Over the years, cybercriminals have always looked for new ways to successfully gain access to an organization’s network and carry out an attack and phishing proves to be one of the most common and viable attack vectors. Growing in both sophistication and frequency, phishing is and will continue to be one of the biggest priorities for organizations.
6. Most hackers need less than 5 hours to break into enterprise networks
Source: CSO Online
As the sophistication of threat actors improves, so does the speed at which they operate. A study involving 300 ethical hackers found that 57% of adversaries can identify an exploitable exposure in 10 hours, with 64% being able to collect and potentially exfiltrate information within 5 hours.
7. There will be 3.5 million unfilled cybersecurity jobs by 2025.
Source: Cybersecurity Ventures
After tracking unfilled cybersecurity jobs over eight years, Cybersecurity Ventures has uncovered that the number of open positions grew by 350% between 2013 and 2021 (from 1 million to 3.4 million). While the cybersecurity skills gap is leveling off, it is still predicted that there will be the same number of openings in 2025.
8. On average, only 65% of the encrypted data is restored after organizations pay the ransom.
Source: Sophos (PDF)
When giving ransom demands, attackers fail to say that even if you pay, it is unlikely that you will get back all of your data. On average, organizations that paid the ransom only recovered 65% of the encrypted files – leaving over one-third of their data inaccessible.
9. 82% of data breaches involve a human element.
The human element remains one of the organizations’ most prominent and constant threats. Cybersecurity programs must recognize that humans are both the target and the solution and invest resources into strengthening the human element.
10. The average time it takes to identify and contain a breach is 277 days.
Unsurprisingly, the financial impacts are higher the longer a breach goes undetected. Organizations that reduced the time it took to mitigate a data breach from 277 days to 200 days or less saved $1.12 million.
The cybersecurity threat landscape continues to grow year after year and all organizations are at risk regardless of size, industry, or geographic location. Organizations that do not want to become a statistic must reduce their attack surface by implementing more effective technology and strengthening the human element.