Even as the risk of cyberattacks keeps growing, most companies in Europe, Asia and the United States are still not ready and aware of the risk. This was highlighted in a recent study commissioned by the European Economic and Social Committee. Small and medium-sized companies (SMEs) are the most exposed, as they more often than not, cannot afford the investment that is required to protect themselves in the cybersecurity landscape. The level of investment in cybersecurity overall is insufficient. Most SMEs never realize the importance until after falling victim of a security breach.
The risk is more common than imagined. According to the Global State of Information Security Survey, four out of five companies have experienced at least one cybersecurity incident over the past year. Finance, healthcare, retail, business services and information technology remain the sectors that are most often targeted by cyber-criminals. Almost 70% of European companies do not understand the extent of their exposure to cyber risks.
Cybercrimes have accounted for trillions of dollars in losses, based by a research by Juniper the amount in 2019 was $2 trillion. Thus, with such vulnerabilities revolving online, companies are investing heavily in cybersecurity and training employees, particularly regarding online scams and ransomware attacks.
Furthermore, it is estimated that by 2027, global spending on cyber security will reach approximately $10 billion.
The following are some very interesting cybersecurity and cybercriminal facts and figures:
Half of all Cyberattacks are targeted at small businesses
Small business owners often do not pay attention to cyber security, thinking they are not even worth being attacked, and this is what makes them the perfect target.
Hackers may gain access to their data and steal consumer information, which may include personal details, credit card numbers, and social security numbers. According to Juniper research, small businesses make up to 13% of the entire cybersecurity market, surprisingly small businesses invest less than $500 in cyber security. Cybint reports that almost 60% of companies have experienced cyberattacks such as DDoS attacks, phishing, and social engineering attacks.
$76 billion of illegal activities involves bitcoin
Bitcoins have created an amazing system of digital currencies providing anonymity, safety, quick transfer, and freedom from artificially regularized currency rates by governments. Unfortunately, most of the illegal activities involve the use of Bitcoins due to the anonymity it offers. The University of Sydney in Australia published a study that states the $76 billion amount almost equals the entire illegal markets for drugs in the U.S and Europe.
Only 10% of cybercrimes are reported in the U.S each year
The United States, often regarded as the hub of technology, has greatly undercounted the rate of reported cybercrimes. This is because they are often difficult to prove. In other cases, for instance where ransomware is involved, it becomes very difficult to get professional help as the criminal might put up personal or embarrassing photos of you on the screen or cause reputational harm if any personal information lands in the hand of the hacker.
According to the unit chief at FBI’s Internet Crime Complaint Center (IC3), the total number of cybercrimes reported only represent 10-12% of the actual number.
Staggering $300 billion cyber security market
A 2019 press release by Global Market Insights indicated that It is anticipated by the year 2024 that the cyber security market will be a $300 billion industry. In fact, it seems that the amount will be much more than that as technology advances exponentially.
Ransomware attacks every 14 seconds
According to 12news.com, every 15 seconds, someone around the world joins a social media site. The 2019 Official Annual Cybercrime Report (ACR) predicts that businesses will fall for ransomware attacks every 14 seconds. So, by the time you raise your wrist to look at the time and lower it back, somewhere in the world a ransomware attack has already taken place.
Malicious emails to public organizations
Symantec’s ISTR 2019 report states that small and medium businesses receive one malicious email per 302 emails. The number might seem quite small, but considering the nature of work at such places, it is very likely for employees to fall into the trap.
Largest DDoS attack: 1.7 TBps
NETSCOUT Threat Intelligence Report featured the largest DDoS attack on record. The attack was a 1.7 terabytes per second reflection targeted at a U.S company.
It takes 5 minutes to hack an IoT device
In the report, NETSCOUT also disclosed that on average an IoT device could be attacked easily within the first five minutes of connecting to the internet! Other notable statistics are – $6,000,000,000,000 — That’s $6 trillion, the estimated annual cost of cybercrime losses and damage by 2021. [CybersecurityVentures.com]
Cybersecurity Facts 2019
- 67,481 — The number of U.S.-based cyber security jobs listed during a recent search for “cyber security” positions on Monster.com.
- 59% of companies in the US/UK reported third-party data breaches but only 35% rate their third-party risk management as highly efficient. (AON)
- Data breaches increased by 160% from 2006 to 2019 (Bluefin)
- By 2020, the number of passwords used by humans and machines worldwide is estimated to grow to 300 billion. (SC Media)
- 43 percent of cyberattacks are aimed at small businesses. (Small Business Trends)
- 90% of hackers cover their tracks by using encryption. (Vanson Bourne)
- It takes most companies over six months, or around 197 days to detect a data breach. (ZD Net)
- Windows is the most targeted platform by hackers; Android is number two. (Computer World)
- There were over 3 million crypto-jacking hits between January and May 2018. (Quick Heal)
- The number of mobile crypto-jacking malware variants grew from 8 variants in 2017 to 25 variants by May 2018 – making a 3x increase. (Quick Heal)
- 56 percent of respondents expect privileged user abuse to increase in the next 12 to 24 months, a significant increase from 44 percent of respondents in the 2011 research. (Ponemon)
- The average data breach in 2019 impacted 25,575 records. (IBM)
- The information security market is expected to grow to 289.9 billion by 2026, driven in part by spending on consultation and implementation services related to the European Union’s (EU’s) General Data Protection Regulation (GDPR) and other privacy legislation. (Fortune Business)
- Healthcare breaches had the highest cost of any industry, coming in at 65% higher than any other industry. (Ponemon)
- The total cost of a successful cyberattack is over $5 million, or $301 per employee. (Ponemon)
- The most expensive component of a cyberattack is information loss, which represents 43 percent of costs. (Accenture)
- Damage related to cybercrime is projected to hit $6 trillion annually by 2021. (CyberSecurity Ventures)
- The Equifax breach cost the company over $4 billion in total. (Time)
- Malware and web-based attacks are the two most costly attack types — companies spent an average of US $2.4 million in defense. (Accenture)
- The average data breach cost was 3.92 million in 2019 (1.5% more than 2018). (IBM)
- More than 4,000 ransomware attacks occur every day. (FBI)
- 75% of organizations infected with ransomware were running up-to-date endpoint protection. (Sophos)
- The global damage costs connected with ransomware attacks is estimated to reach $11.5 billion in 2019. (Cybersecurity Ventures)
- It is estimated there will be a ransomware attack on businesses every 14 seconds by the end of 2019, and every 11 seconds in 2021. This does not include attacks on individuals, which occurs even more frequently than businesses. (Cybersecurity Ventures)
- 91% of cyberattacks begin with a spear-phishing email, which is commonly used to infect organizations with ransomware. (KnowBe4)
- In a survey of over 1,300 IT decision-makers, 56% of organizations identified targeted phishing attacks as their biggest current cybersecurity threat. (CyberArk)
- 76% of businesses reported being a victim of a phishing attack in the last year. (Wombat Security)
- Verizon reports that users in the U.S open 30 percent of phishing all emails, with 12 percent of those targeted by these emails clicking on the infected links or attachments. (Verizon)
- Kaspersky’s Anti-Phishing system was triggered 482 million times in 2018. The security company states that this was a 2x increase over 236 million in 2017. (Kaspersky)
- The financial sector was especially targeted during 2018. 44% of detected attacks were on the banking, payment system, and online shop industries. (Kaspersky)
In comparison to previous years, businesses around the globe plan to spend more on cybersecurity, devote more resources for improving their defenses, and working harder to embed security-by-design. There is a growing realization that security is also about maintaining the continuity of business operations — and not restricted to only security of data and privacy.