Critical Cybersecurity Statistics You Must Know
by Robert Bond
We just posted a 24-page report packed with dozens of remarkable statistics about the IT security industry. We are providing a summary of the top 10 most interesting statistics here in this blog post; however, we encourage you to download the full report to see all 80 of the stunning facts about our cybersecurity industry on our resource page.
To start with, the cybercrime business has grown significantly over the past 3 years and now is estimated to be worth over $1.5 trillion in profits each year globally. The overall value of the cybersecurity market or the market that provides cybersecurity defense products and solutions is estimated to reach approximately $300 billion by 2024, according to a 2019 report by Global Market Insights, Inc. You will find that the spending estimates range significantly across research firms however, IT security spending in 2004 was $3.5 billion so you can see, no matter where in the hundreds of billions we land in 2024, the spending increases have been astronomical.
Interestingly, however, despite the overall increase in spending and despite the rising number of data breaches, Juniper Research’s Cybercrime & the Internet of Threats 2018 report anticipates cybersecurity spending will only increase by a little over 9% on average per company annually.
The 10 Cybersecurity Statistics that Made the Headlines
Now that we covered the cybercrime cost and spending forecasts, we chose 10 of the most interesting cybersecurity facts in our report and here they are:
- Security breaches increased by 67% – Over the past five years, security breaches have increased by 67%, according to Accenture’s global survey. In addition, over the past year, security breaches are up over 11% according to the Ninth Annual Cost of Cybercrime global study by Accenture.
- Ransomware attacks occur every 14 seconds – Mind you, ransomware as a malware family only reared its ugly head with consistency over the past 3.5 years, however, the frequency in which Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack this year in its 2019 Official Annual Cybercrime Report (ACR) is every 14 seconds. The company also estimates that number will increase to every 11 seconds by 2021. Further, the Cybersecurity Ventures annual cybercrime report indicates that the ransomware related payment and cleanup costs will reach $11.5 billion annually this year and $20 billion per year by 2021. The pace of this year-over-year increase in anticipated damages will now make ransomware the fastest-growing type of cybercrime this year.
- 23% of Americans are cybercrime victims – This is significant! Nearly one-quarter of surveyed Americans reported they or someone they know were victimized by cybercrime in 2018, according to Gallup’s annual crime survey. In addition, 60% of Americans exposed to fraud schemes. Again, like the Gallup poll, for those Americans who were victims of fraud schemes or knew victims of fraud schemes 60% percent of Americans report they or an immediate family member have succumbed to a scheme to defraud them, according to research from The Harris Poll and the American Institute of CPAs (AICPA).
- IoT devices typically attacked within 5 minutes – Because of the amount of malware searching networks for unsecured IoT devices, five minutes is the average amount of time it takes for an IoT device to be attacked once plugged into the Internet, according to a report from NETSCOUT. Unsurprisingly, China accounted for more than 50% of the DDoS attacks that result from the malware turning IoT devices into bots in Q4 2018. However, the overall percentage of distributed denial of service attacks that originated in China in Q4 2018 fell to 50.43% from 77.67%, according to Kaspersky’s DDoS Q4 Report.
- Email is responsible for spreading 92% of all malware – Again, phishing, spear phishing, and whaling contributes for almost all of the spread of malware. CSO Online estimates that email is the primary method of malware delivery whether the e-mail uses malicious links or files. However, Office files constitute 48% of malicious email attachments according to Symantec’s ISTR 2019 report.“.Doc” or “.dot” files represented 37% of malicious email attachments.
- The U.S. is the target of 86% phishing attacks – Overall, the US is by far the largest victim of Cybercrime and Phish Labs reports that 86% of all the world’s phishing attacks are targeted to American victims. Phishing and pretexting where the attackers pretend they are a legitimate institution that needs personal information, represent 98 and 93% of social incidents and breaches according to Verizon’s 2018 Data Breach Incident Report (DBIR).
- 49.6 days between breach discovery and public reporting – The average number of days between when a data breach was discovered and reported to the public through a press release or delivered by a news agency has improved but is still nearly 50 days in 2018, according to a report from Risk Based Security (RBS).
- 46% of websites have high cybersecurity vulnerabilities – The vast majority of breaches take advantage of known vulnerabilities because in 2018 there were over 15,000 known vulnerabilities. Acunetix’s Web Application Vulnerability Report 2019 reports that websites have 46% high and 87% medium-security vulnerabilities. Many vulnerabilities lead to Formjacking which compromised 4,818 websites monthly in 2018. according to Symantec’s ISTR 2019 report.
- Outdated and unpatched software constitutes 22% of security issues – According to BulletProof’s 2019 report, 22% of the high and critical-risk issues reported consisted of missing patches, out-of-date or no longer supported software. 68% don’t have a disaster recovery plan in place and more than two-thirds of small business owners (SMB’s) lack a disaster recovery (DR) plan, according to a study by Nationwide. The company also reports that 71% of small business owners do not purchase business interruption insurance.
- Only 2% of IT budget is used for security – ZDNet reports that only 2% of companies’ IT expenditure last year was used on security measures. 70% of employees don’t understand cybersecurity The percentage of U.S. employees who lack a basic understanding of cybersecurity best practices is estimated to be 70%.
Cybersecurity is the most interesting industry and topic on the planet because of the growth in attacks, defensive strategies and the role it plays in both international politics and corporate interests. Download the full report on our Resources page to view the dozens of statistics that paint the full picture of the most interesting and influential trends in Cybersecurity.
March 29, 2020
March 20, 2020
March 17, 2020