Alarming Cybersecurity Statistics That Will Keep You up at Night
While cybersecurity experts may have a clearer picture of just how much of a problem cyberattacks have recently been, pretty much everyone else seems oblivious to the cybercrime plague we are living in. These cybersecurity statistics are meant to be a wake-up call and help you understand just what security teams in most enterprises face on an everyday basis. Read on to get more information on cyberattacks and details on the negative impact they have on organizations.
Top 10 Cybersecurity Statistics and Facts
Globally, there were 6,019,888 DDoS attacks in the first half of 2022.
Individually, organizations faced an average of 270 cyberattack attempts per year in 2021.
The most common malware attack type in 2021 was ransomware, accounting for 33% of intrusions.
The average cost of a ransomware attack in 2022, excluding the cost of the ransom, is $4.54 million.
SMEs with between 11 and 100 employees were targeted in 39.4% of the ransomware attacks in Q2 of 2022.
The average ransomware payment in Q2 of 2022 was $228,115.
The average total cost of a data breach in 2022 is at an all-time high, at $4.35 million.
The average cost of a data breach in the USA, at $9.44 million, is the highest in the world.
On average, organizations with fully deployed security AI and automation identify and contain data breaches in 249 days.
A total of 2,323 US local governments, schools, and health organizations were impacted by ransomware in 2021.
Cyberattack Statistics
Individually, organizations faced an average of 270 cyberattack attempts per year in 2021.
Compared to the 206 cyberattack attempts in 2020, the average number of cyberattacks per company has increased by 31%. Naturally, in this period, the average number of successful cyberattacks has also increased from 22 to 29. The largest percentage, or 44%, of the successful breaches in 2020 were indirect attacks. The third-party risk trend continued in 2021, and the percentage of indirect attacks accounting for successful breaches increased even further to 61%.
(Accenture)
The most common malware attack type in 2021 was ransomware, accounting for 33% of the intrusions.
Hacking statistics from 2021 additionally reveal that backdoor attacks were responsible for 30% of the intrusions, while droppers and launchers for 12%. Moreover, 10% of the attacks were performed by using info stealers, and the remaining 15% by using other means of gaining unauthorized access. Additionally, data shows that the USA is the top region impacted by ransomware and extortion, with 45% of the ransomware attacks aimed at it. The second region on the list is Italy, with a considerably smaller intrusion volume of 10%.
(Accenture)
Globally, there were 6,019,888 DDoS attacks in the first half of 2022.
According to the most recent global cyberattack statistics, the number of DDoS attacks decreased by 2% compared to the second half of 2021. However, the largest DDoS attack in H1 of 2022 used a bandwidth of 957.9 Gbps, which is 57% higher than the largest attack in H2 of 2021. Furthermore, data reveals that an average of 4,508 daily DDoS attacks were happening in the USA in H1 of 2022. In comparison, the average number of DDoS attacks per day in Canada is over ten times smaller at 425.
(Net Scout)
57% of the DDoS attacks in North America lasted between five and 15 minutes.
Furthermore, cybersecurity data indicates that 14% of the attacks had a duration of between 15 and 30, while 13% were shorter than five minutes. Additionally, there is a notable increase of 59%, in the number of TCP SYN floods, compared to their number from H2 of 2021. The previous year, there were 173,263 attacks of this type, while in H1 of 2022, they were the most common DDoS attack vector in the NAMER region, with 274,977. Finally, wired telecommunications carriers remained the most targeted organizations of DDoS attacks for this region, even though the share of attacks they suffered decreased by 14%, from 469,090 to 401,773.
(Net Scout)
Statistics on Data Breaches
83% of the companies breached between March 2021 and March 2022 say this isn’t the first data breach they suffered.
A similar percentage of 79% of breached critical infrastructure organizations didn’t deploy a zero trust architecture. The latest stats further reveal that 45% of the data breaches occurring in this period were cloud-based, while 19% of data breaches started when a partner company was compromised. As a result of these breaches, 60% of the affected companies say they had to increase their prices, which ultimately affected their customers.
(IBM)
The average total cost of a data breach in 2022 is at an all-time high, at $4.35 million.
Statistics on cyberattacks from previous years show that the average cost of a data breach increased by 2.6% from 2021, when it was $4.24 million, and by 12.7% from 2020, when it was $3.86 million, on average. The total average cost of a data breach jumps to $4.82 million for organizations with critical infrastructure. Furthermore, data reveals that organizations with fully deployed security AI and automation lose 65.2% less money on a data breach than those that don’t.
(IBM)
The average cost of data breaches in hybrid cloud environments is 27.6% lower than the one in public cloud environments.
Cybercrime statistics reveal that the average cost of a data breach in a hybrid cloud environment is $3.80 million. In comparison, the average cost increases to $4.24 million for private cloud environments and $5.02 million for breaches in public cloud environments. Additionally, the average cost of a data breach is close to $1 million higher if remote working is a factor in the cause of the breach. On average, remote work-related breaches cost $4.99 million, while the remaining breaches cost $4.02 million.
(IBM)
The average cost of a data breach in the USA, at $9.44 million, is the highest in the world.
Cybersecurity stats show that the average cost of a data breach in the Middle East is the second-highest, at $7.46 million, while in Canada, it is $5.64 million, or the third-highest globally. By industry, the cost of a data breach in healthcare is by far the most expensive, at $10.10 million on average. In the financial sector, the average cost of a data breach is $5.97 million, and in pharmaceuticals, it is $5.01 million.
(IBM)
Statistics on Ransomware
The average cost of a ransomware attack in 2022, excluding the cost of the ransom, is $4.54 million.
In comparison, the average cost of a ransomware attack, without the cost of ransom, was $4.62 million in 2021, indicating a slight decrease. However, in 2021, only 7.8% of data breaches were ransomware, while in 2022, the percentage jumped to 11%. Stolen or compromised credentials were the most common primary vector, accounting for 19% of the data breaches in 2022, while phishing attacks were the second most common cause of a breach, with 16%.
(IBM)
SMEs with between 11 and 100 employees were targeted for 39.4% of the ransomware attacks in Q2 of 2022.
Malware statistics indicate that SMEs remain the main target for ransomware in 2022, though a significant portion of slightly larger enterprises were attacked as well. Namely, 32.5% of the victims were organizations with between 101 and 1000 employees, while 13.8% of the attacked companies employed 1001 to 10,000 workers. Furthermore, 9.4% of the victims were microenterprises with up to ten employees, 2.5% were large enterprises with between 10,001 and 25,000 employees, and organizations with between 50,001 to 100,000 employees were the target of 1.3% of the ransomware attacks.
(Coveware)
21.9% of the ransomware attacks in Q2 of 2022 were aimed at companies that provide professional services.
Data on recent cyberattacks reveals that most ransomware actors are industry agnostic and attack any company they believe to be profitable. However, organizations from certain sectors more commonly find themselves on the short end of the stick. Besides professional services, 14.4% of the victim companies were from the public sector, while healthcare organizations were targeted in 10% of the attacks. Furthermore, companies that provide software services were affected in 9.4%, and companies from the materials industry were targeted in 8.1% of the attacks in Q2 of 2022.
(Coveware)
The average ransomware payment in Q2 of 2022 was $228,115.
Statistics on ransomware show an 8% increase in the average amount of ransom paid to cyber attackers in the second compared to the first quarter of 2022. On the other hand, the median amount of ransomware paid has decreased by 51% in the same period, and it currently stands at $36,360. Data further reveals that in most attacks, or 86% of the cases, cybercriminals threaten companies with leaking exfiltrated data. The most commonly observed ransomware variants for this quarter are BlackCat, involved in 16.9%, and Lockbit 2.0, involved in 13.1% of the attacks.
(Coveware)
Cybersecurity Facts
On average, organizations with fully deployed security AI and automation identify and contain data breaches in 249 days.
The average time for companies that don’t rely on such security tech to protect themselves is 74 days longer, or 323 days. Data also shows that the percentage of organizations that deploy security AI and automation in 2022 is 70%, while only two years before, in 2020, it was 59%. Finally, the average cost of a data breach for companies that rely on AI and automation to protect themselves is $3.15 million, while it is $6.20 million, or almost double for those that are not protected in this way.
(IBM)
82% of companies increased their cybersecurity budgets in 2021.
Facts about cybersecurity show that 85% of CISOs agree that they develop their cybersecurity strategy with business objectives in mind, though 78% say that they don’t know how and when a cybersecurity incident will affect their organizations. Furthermore, 81% describe cybersecurity as a constant battle against attackers and say that its cost is unsustainable. As a result, the largest percentage of organizations, or 57%, only increased their cybersecurity budget by between 1% and 9% this year. Additionally, 22% increased it by between 10% and 24%, while only 3% of organizations increased their budgets by more than 25%.
(Accenture)
A total of 2,323 US local governments, schools, and health organizations were impacted by ransomware in 2021.
More precisely, cybersecurity statistics show that 77 public offices were victims of ransomware that year in the USA, and at least 36 of these incidents involved data breaches. According to the average ransomware cost of $8.1 million for that year, the total cost of the incidents was estimated at $623,700,000. Regarding the education sector, 62 school districts and 26 college and university campuses were attacked, which resulted in learning disruption in 1,043 schools. Finally, the attack on 68 healthcare providers resulted in a negative impact on the work of 1,203 healthcare organizations, including hospitals and multi-hospital health systems.
(Emsisoft)
An average of 29,000 phishing and scamming pages were detected daily in 2021.
Social engineering statistics further reveal that the total number of fraudulent websites detected in 2021 was 10,654,526 and 53% higher than the total of 6,953,982 or 2020. This puts the monthly average of detected phishing websites at 887,877. Furthermore, the largest number, or 639,139, of the phishing websites were aimed at the technology industry, while 396,599 targeted the retail sector. Microsoft was by far the most phished brand, with 259,947 scam websites posing as it. Finally, .com was the most popular top-level domain for fake sites, with an 18.86% share, and Cloudflare was the most popular hosting provider, with 1,111,818 phishing websites using its services.
(Bolster)
FAQs on Cybersecurity Statistics
What percentage of cyberattacks are caused by human error?
How often do cyberattacks occur?
How many cyberattacks happen per day?
What is the most common way hackers find information?
The Summary
As per the cybersecurity data above, hackers keep raising the bar and continue to reach new heights of illicit activities yearly. Given that they are mainly motivated by financial gain, we shouldn’t expect them to slow down on their own any time soon. To end the article on an optimistic note, cybersecurity solutions can counter the vast majority of attacks or, at the very least, considerably mitigate the damages. As hackers always try to improve their methods, cybersecurity teams need support to match their efforts, and thankfully, stats revea that more and more organizations finally realize the danger of risks and increase their cybersecurity budgets.
Sources:
