Cybersecurity threats are far more frequent, diverse, and severe than anyone could have anticipated a few decades ago. It’s crucial that all organizations implement measures that better safeguard company and customer information to mitigate financial losses and brand damage. Here are ten cybersecurity statistics that show how drastically the cyber threat landscape has changed.
1. 46% of breaches take place at small businesses.
Cyberattacks are expensive, brand-damaging events that can derail an SMB. SMBs often underestimate their security risks and assume attackers are inclined to go after enterprises. However, today’s threat actors emphasize the ease of the opportunity more than the potential value and perceive SMBs to have fewer defenses than their enterprise counterparts.
2. Phishing is the most common cyber threat and was involved in 36% of data breaches.
Over the years, cybercriminals have always looked for new ways to successfully gain access to an organization’s network and carry out an attack and phishing proves to be one of the most common and viable attack vectors. Growing in both sophistication and frequency, phishing is and will continue to be one of the biggest priorities for organizations.
3. 82% of data breaches involve a human element.
The human element of cybersecurity continues to be a significant opportunity and challenge. Effective cybersecurity programs recognize that humans are both the target and the solution and invest resources into strengthening the human element of their program.
4. Ransomware attacks remain one of the primary threats to medium sized businesses.
23 percent of companies experienced a ransomware attack or demand in 2022. If successful, a ransomware attack can require significant effort and cost companies over 1 million dollars and 30 days to remediate while simultaneously stifling business productivity.
5. Globally, one ransomware attack occurs every 10 seconds.
Source: Check Point
Ransomware has evolved and expanded dramatically, with threat actors targeting a new organization every 10 seconds. Research suggests that the next several years will be even worse, with a ransomware attack happening every 2 seconds by 2031 – costing victims $265 billion (USD) annually.
6. On average, only 65% of the encrypted data is restored after organizations pay the ransom.
Source: Sophos (PDF)
When giving ransom demands, attackers fail to say that even if you pay, it is unlikely that you will get back all of your data. On average, organizations that paid the ransom only recovered 65% of the encrypted files – leaving over one-third of their data inaccessible.
7. Most hackers need less than 5 hours to break into enterprise networks.
Source: CSO Online
As the sophistication of threat actors improves, so does the speed at which they operate. A study involving 300 ethical hackers found that 57% of adversaries can identify an exploitable exposure in 10 hours, with 64% being able to collect and potentially exfiltrate information within 5 hours.
8. The average time it takes to identify and contain a breach is 277 days.
Unsurprisingly, the financial impacts are higher the longer a breach goes undetected. Organizations that reduced the time it took to mitigate a data breach from 277 days to 200 days or less saved $1.12 million.
9. 90% of security professionals assume their organization has already been breached or will be in the near future.
Source: Media Sonar Technologies
In today’s hyper-connected world, security teams are no longer wondering if an attack is on the way but instead asking themselves when it happened, how it happened, what the impacts are, and what they can do about them.
10. There will be 3.5 million unfilled cybersecurity jobs by 2025.
Source: Cybersecurity Ventures
After tracking unfilled cybersecurity jobs over eight years, Cybersecurity Ventures has uncovered that the number of unfilled cybersecurity jobs grew by 350% between 2013 and 2021, from one million positions to 3.5 million. While the cybersecurity skills gap is leveling off, it is still predicted that there will be the same number of openings in 2025.
The cybersecurity threat landscape continues to grow year after year and all organizations are at risk regardless of size, industry, or geographic location. Organizations that do not want to become a statistic must reduce their attack surface by implementing more effective technology and strengthening the human element.