Home » Articles » Cybersecurity By the Numbers

Cybersecurity By the Numbers

In recent years, cybersecurity has been a considerable concern for middle market companies. Threats are far more frequent, diverse, and severe than anyone could have anticipated. It’s crucial that all organizations implement cyber defense measures that better safeguard company and customer information to mitigate financial losses and brand damage. From lingering threats related to the COVID-19 pandemic, to geopolitical conflicts and economic uncertainty underscored by the war in Ukraine, bad actors in cyberspace could come from a variety of angles on any given day.

Here are 12 cybersecurity statistics that show how drastically the cyber threat landscape has changed.

1. 22% of middle market companies experienced a data breach last year. 

Source: RSM

According to a recent RSM report, 22 percent of middle market companies experienced a data breach in the last year. Cyberattacks are expensive, brand-damaging events that can derail an SMB. SMBs often underestimate their security risks and assume attackers are inclined to go after enterprises. However, today’s threat actors emphasize the ease of the opportunity more than the potential value and perceive SMBs to have fewer defenses than their enterprise counterparts.

2. 45% of companies experienced a social engineering attempt in the past year.

Source: RSM

Forty-five percent of U.S. respondents had outside parties attempt to manipulate employees by pretending to be trusted third parties or company executives, with 27% of those companies ultimately suffering successful social engineering attacks. Over the years, cybercriminals have always looked for new ways to successfully gain access to an organization’s network and carry out an attack and social engineering proves to be a viable attack vector. Growing in both sophistication and frequency, social engineering is and will continue to be an important priority for organizations.

3. 90% of companies believe data residing in the cloud is more secure.

Source: RSM

Over the past few years, the majority of middle market companies who have leveraged the cloud to strengthen their cyberdefenses are seeing results. Among middle market executives who reported moving data to the cloud for security concerns, 90 percent believe the data residing in the cloud is more secure.

4. 67% of companies saw an increase in their cyber security policy premium in the past year.

Given the current risk landscape, it’s not surprising that most middle market companies have seen rising cyber insurance costs. In this year’s survey, two-thirds (67 percent) of respondents reported increased policy premiums compared with their prior period, with only 2 percent seeing a decrease.

Source: RSM

5. 40% of midsized companies outsourced IT services last year.

In order to obtain cost-effective expertise and keep current with rapidly changing technology and cyber threats, 40 percent of midsized companies outsourced IT services in 2022.

Source: RSM

6. Ransomware attacks remain one of the primary threats to medium sized businesses.

Source RSM  

23 percent of companies experienced a ransomware attack or demand in 2022. If successful, a ransomware attack can require significant effort, and cost companies over 1 million dollars and 30 days to remediate while simultaneously stifling business productivity. 

7. Globally, one ransomware attack occurs every 10 seconds.

Source: Check Point 

Ransomware has evolved and expanded dramatically, with threat actors targeting a new organization every 10 seconds. Research suggests that the next several years will be even worse, with a ransomware attack happening every 2 seconds by 2031 – costing victims $265 billion (USD) annually. 

8. On average, only 65% of the encrypted data is restored after organizations pay the ransom.

Source: Sophos (PDF) 

When giving ransom demands, attackers fail to say that even if you pay, it is unlikely that you will get back all of your data. On average, organizations that paid the ransom only recovered 65 percent of the encrypted files – leaving over one-third of their data inaccessible.

9. Most hackers need less than 5 hours to break into enterprise networks.

Source: CSO Online 

As the sophistication of threat actors improves, so does the speed at which they operate. A study involving 300 ethical hackers found that 57 percent of adversaries can identify an exploitable exposure in 10 hours, with 64 percent being able to collect and potentially exfiltrate information within 5 hours.

10. The average time it takes to identify and contain a breach is 277 days.

Source: IBM 

Unsurprisingly, the financial impacts are higher the longer a breach goes undetected. Organizations that reduced the time it took to mitigate a data breach from 277 days to 200 days or less saved $1.12 million. 

11. 90% of security professionals assume their organization has already been breached or will be in the near future.

Source: Media Sonar Technologies 

In today’s hyper-connected world, security teams are no longer wondering if an attack is on the way but instead asking themselves when it happened, how it happened, what the impacts are, and what they can do about them.   

12. There will be 3.5 million unfilled cybersecurity jobs by 2025.

Source: Cybersecurity Ventures 

After tracking unfilled cybersecurity jobs over eight years, Cybersecurity Ventures has uncovered that the number of unfilled cybersecurity jobs grew by 350 percent between 2013 and 2021, from one million positions to 3.5 million. While the cybersecurity skills gap is leveling off, it is still predicted that there will be the same number of openings in 2025.  

Moving Forward

The cybersecurity threat landscape continues to grow year after year and all organizations are at risk regardless of size, industry, or geographic location. Organizations that do not want to become a statistic must reduce their attack surface by implementing more effective technology and strengthening the human element.