(Varonis, May 2018) Cybersecurity issues pose an ongoing challenge for nearly every organisation. Varonis have identified that the trend shows a large increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.
Additionally, recent research suggests that most companies have unprotected data and poor cybersecurity practices in place, making them vulnerable to data lass.
Varonis compiled 60 cybersecurity statistics to provide a better idea of the current state of overall security, and describe some of the devastating effects of a significant compromise.
Data Breaches – the Numbers
The increasing amount of large-scale, well-publicised breaches suggests that not only are the number of security breaches going up — they’re increasing in severity, as well.
- In 2016, 3 billion Yahoo accounts were hacked in one of the biggest breaches of all time. (Oath.com)
- In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers. (Uber)
- In 2017, 412 million user accounts were stolen from Friendfinder’s sites. (LeakedSource)
- In 2017, 147.9 million consumers were affected by the Equifax Breach. (Equifax)
- According to 2017 statistics, there are over 130 large-scale, targeted breaches in the U.S. per year, and that number is growing by 27 percent per year. (Accenture)
- Thirty-one percent of organizations have experienced cyber attacks on operational technology infrastructure. (Cisco)
- 100,000 groups in at least 150 countries and more than 400,000 machines were infected by the Wannacry virus in 2017, at a total cost of around $4 billion. (Malware Tech Blog)
- Attacks involving cryptojacking increased by 8,500 percent in 2017. (Symantec)
- In 2017, 5.4 billion attacks by the WannaCry virus were blocked. (Symantec)Click To Tweet
- There are around 24,000 malicious mobile apps blocked every day. (Symantec)
- In 2017, the average number of breached records by country was 24,089. The nation with the most breaches annually was India with over 33k files; the US had 28.5k. (Ponemon Institute’s 2017 Cost of Data Breach Study)
- In 2018, Under Armor reported that its “My Fitness Pal” was hacked, affecting 150 million users. (Under Armor)
- Between January 1, 2005 and April 18, 2018 there have been 8,854 recorded breaches. (ID Theft Resource Center)
The costs associated with cybercrime can be crippling to organisations who have not included cybersecurity as part of their regular budget.
- In 2017, cyber crime costs accelerated with organizations spending nearly 23 percent more than 2016 — on average about $11.7 million. (Accenture)
- The average cost of a malware attack on a company is $2.4 million. (Accenture)
- The average cost in time of a malware attack is 50 days. (Accenture)
- From 2016 to 2017 there was an 22.7 percentage increase in cybersecurity costs. (Accenture)
- The average global cost of cyber crime increased by over 27 percent in 2017. (Accenture)
- The most expensive component of a cyber attack is information loss, which represents 43 percent of costs. (Accenture)
- Ransomware damage costs exceed $5 billion in 2017, 15 times the cost in 2015. (CSO Online)
- The Equifax breach cost the company over $4 billion in total. (Time Magazine)
- The average cost per lost or stolen records per individual is $141 — but that cost varies per country. Breaches are most expensive in the United States ($225) and Canada ($190). (Ponemon Institute’s 2017 Cost of Data Breach Study)
- In companies with over 50k compromised records, the average cost of a data breach is $6.3 million. (Ponemon Institute’s 2017 Cost of Data Breach Study)
- Including turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill the cost of lost business globally was highest for U.S. companies at $4.13 million per company. (Ponemon Institute’s 2017 Cost of Data Breach Study)
- Damage related to cybercrime is projected to hit $6 trillion annually by 2021. (Cybersecurity Ventures)
Other Cybersecurity Facts and Figures
It’s crucial to have a grasp on the general landscape of metrics surrounding cybersecurity issues, including what the most common types of attacks are and where they come from.
- Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations. The United States ranks highest with 18.2 percent of all ransomware attacks. (Symantec)
- Trojan horse virus Ramnit largely affected the financial sector in 2017, accounting for 53 percent of attacks. (Cisco)
- Most malicious domains, about 60 percent, are associated with spam campaigns. (Cisco)
- Seventy-four percent of companies have over 1,000 stale sensitive files. (Varonis)
- Malware and web-based attacks are the two most costly attack types — companies spent an average of US $2.4 million in defense. (Accenture)
- The financial services industry takes in the highest cost from cyber crime at an average of $18.3m per company surveyed. (Accenture)
- Microsoft Office formats such as Word, PowerPoint and Excel make up the most prevalent group of malicious file extensions at 38 percent of the total. (Cisco)
- About 20 percent of malicious domains are very new and used around 1 week after they are registered. (Cisco)
- Over 20 percent of cyber attacks in 2017 came from China, 11 percent from the US and 6 percent from the Russian Federation. (Symantec)
- The app categories with most cybersecurity issues are lifestyle apps, which account for 27 percent of malicious apps. Music and audio apps account for 20 percent. (Symantec)
- The information that apps most often leak are phone numbers (63 percent) and device location (37 percent). (Symantec)
- In 2017, spear-phishing emails were the most widely used infection vector, employed by 71 percent of those groups that staged cyber attacks. (Symantec)
- Between 2015 and 2017, the U.S. was the country most affected by targeted cyber attacks with 303 known large-scale attacks. (Symantec)
- In 2017, overall malware variants were up by 88 percent. (Symantec)
- Among the top 10 malware detections were Heur.AdvML.C 23,335,068 27.5 2 Heur.AdvML.B 10,408,782 12.3 3 and JS.Downloader 2,645,965 3.1 (Symantec)
- By 2020, the estimated number of passwords used by humans and machines worldwide will grow to 300 billion. (Cybersecurity Media)
As new threats constantly emerge, the risks posed by poor security practices are more dangerous than ever.
- 21 percent of all files are not protected in any way. (Varonis)
- 41 percent of companies have over 1,000 sensitive files including credit card numbers and health records left unprotected. (Varonis)
- 70 percent of organizations say that they believe their security risk increased significantly in 2017. (Ponemon Institute’s 2017 Cost of Data Breach Study)
- 69 percent of organizations don’t believe the threats they’re seeing can be blocked by their anti-virus software. (Ponemon Institute’s 2017 Cost of Data Breach Study)
- Nearly half of the security risk that organizations face stems from having multiple security vendors and products. (Cisco)
- 7 out of 10 organizations say their security risk increased significantly in 2017. (Ponemon Institute’s 2017 Cost of Data Breach Study)
- 65 percent of companies have over 500 users who never are never prompted to change their passwords. (Varonis)
- Ransomware attacks are growing more than 350 percent annually. (Cisco)
- IoT attacks were up 600 percent in 2017. (Symantec)
- The industry with the highest number of attacks by ransomware is the healthcare industry. Attacks will quadruple by 2020. (CSO Online)
- 61 percent of breach victims in 2017 were businesses with under 1,000 employees. (Verizon)
- Ransomware damage costs will rise to $11.5 billion in 2019 and a business will fall victim to a ransomware attack every 14 seconds at that time. (Cybersecurity Ventures)
- Variants of mobile malware increased by 54 percent in 2017. (Symantec)Click To Tweet
- Today, 1 in 13 web requests lead to malware (Up 3 percent from 2016). (Symantec)
- 2017 represented an 80 percent increase in new malware on Mac computers. (Symantec)
- In 2017 there was a 13 percent overall increase in reported system vulnerabilities. (Symantec)
- 2017 brought a 29 percent Increase in industrial control system–related vulnerabilities. (Symantec)
- By 2020, we expect IT analysts covering cybersecurity will be predicting five-year spending forecasts (to 2025) at well over $1 trillion. (Cybersecurity Ventures)
- The United States and the Middle East spend the most on post-data breach response. Costs in the U.S. were $1.56 million and $1.43 million in the Middle East. (Ponemon Institute’s 2017 Cost of Data Breach Study)
There’s no question that the situation with cybercrime a challenge for many. But by assessing your organisation’s cybersecurity risk, making organisational changes as required, and improving overall security behaviour, it is possible to protect against most data breaches.
The time to change the culture toward improved cybersecurity is now.