The cyber security landscape is constantly evolving, with organisations required to continually monitor threats and adjust their defences.
What changes do you expect to see in 2022? We help you answer that question in this blog, in which we’ve compiled 20 cyber security statistics to help you identify the latest industry trends.
1) 43% of cyber attacks target small businesses
Accenture’s Ninth Annual Cost of Cybercrime Study found that 43% of data breaches occur at SMEs.
This might surprise small business owners who believe that their organisation wouldn’t be on cyber criminals’ radar.
But that’s unfortunately not how crooks operate. In most cases, they look for vulnerabilities and target organisations with those weaknesses. Any organisation that doesn’t have appropriate defences in place is therefore liable to fall victim.
2) 83% of SMEs aren’t equipped to recover from a cyber attack
Just as smaller organisations are less likely to have robust cyber security defences in place, so too do they often lack the resources to respond in the event of an attack.
According to an InsuranceBee survey, 83% of SMEs aren’t financially prepared to recover from a cyber attack.
Most of the costs associated with data breaches occur after the incident has been contained. This includes delays and other knock-on effects of the breach, fines, and the requirement to strengthen cyber security defences in line with regulatory requirements.
3) 3.1 billion spoofed emails are sent every day
Spam emails are a continual threat, with a Proofpoint study revealing that 3.1 billion messages are sent every day.
Most of these are detected by spam filters, but that doesn’t deter cyber criminals. It costs almost nothing to send a fraudulent email, and threat detection systems are never 100% effective, meaning a portion of phishing emails will end up in people’s inboxes.
4) Scam messages have cost businesses €23 billion since 2016
As evidence of how successful those scams are, Proofpoint adds that organisations have been scammed out of $26 billion (about €22.7 billion) since 2016.
That’s an average of about €3.6 billion per year.
5) Organisations spend €3.4 million responding to cyber attacks
A Ponemon Institute study found that organisations spend $3.86 million (about €3.4 million) recovering from cyber attacks.
This includes costs associated with incident detection, lost business and breach notification, as well as legal fees and recompensing those affected.
6) Strong incident response can save organisations €1.1 million
A key figure in the Ponemon Institute report relates to threat detection: organisations that can identify and contain a data breach within 200 days reduce their costs by about €1.1 million.
7) Remote workers increase the cost of a data breach
Another factor that impacts the cost of a data breach is whether employees work from home. The Ponemon Institute report found that organisations that have adopted remote working spend an additional $1.07 million (about €930,000) responding to data breaches.
This figure is all the more concerning given the next statistic on our list.
8) 47% of organisations will let employees work remotely after the pandemic
Remote working, once considered an emergency measure to handle COVID-19, has proven popular among employees and organisations.
It’s therefore not a surprise to learn that, according to a Gartner survey, 47% of organisations will give employees the option of working remotely on a permanent basis. Meanwhile, 82% said they will let staff work from home at least one day a week.
That’s great for employees who can no longer face commuting and for organisations that can cut costs, but as we’ve seen, it’s likely to increase the damage when a security incident occurs.
9) Phishing was used in 36% of cyber attacks
Verizon’s 2021 Data Breach Investigations Report found that 36% of all breaches involved phishing.
This includes incidents where the scam was designed to capture sensitive information or financial details, as well as those where a phishing email was part of a more extensive campaign, such as a ransomware attack.
The figure is an 11% increase on the previous year, which Verizon said may be attributed in part to the abundance of COVID-19-related scams.
10) There were at least 1,243 publicly disclosed security incidents in 2021
According to our sister site’s monthly list of data breaches and cyber attacks, there were at least 1,243 publicly disclosed security incidents in 2021.
That’s an 11% increase in security incidents compared to 2020 (1,120).
11) 5.1 billion records were breached last year
The same report found that those 1,243 security incidents resulted in 5.1 billion records being breached.
However, that figure is just the tip of the iceberg. In most cases, organisations don’t reveal the number of compromised records, either because they don’t know or aren’t compelled to make the information public.
12) Criminals have received €4.5 million in Bitcoin through ransomware extortion
Ransomware has flourished in recent years thanks in part to the emergence of cryptocurrency.
Digital currency has no paper trail, making it ideal for cyber criminals who want payment for their illegal actions.
According to a FinCEN report, ransomware extortions have resulted in at least $5.2 billion (about €4.5 billion) in Bitcoin transactions.
13) 82% of organisations have increased their cyber security budget
The key to fighting cyber crime is better resources. Organisations need to regularly monitor, assess and improve their systems – whether that’s through technological means, staff training or the creation and enforcement of policies and processes.
Fortunately, this is a lesson that organisations are starting to understand. Accenture’s State of Cybersecurity Resilience 2021 report found that 82% of organisations said they increased their cyber security budget in the past year.
14) Only 9% of organisations have purchased cyber insurance
Many experts believe that cyber insurance will become essential in 2022, as the financial risks related to data protection become increasingly burdensome.
However, according to InsuranceBee, only 9% of organisations currently have cyber liability insurance.
“This truly reflects how unaware and unprepared small business owners are to deal with security breaches,” the report says.
15) The cyber security skills gap has decreased by 400,000
For years, the demand for skilled cyber security professionals has increased faster than the number of people getting into the industry. However, the Cybersecurity Workforce Estimate found that the skills gap shrank in 2021.
The influx of cyber security professionals means there are now 2.72 million unfilled roles, compared to 3.12 in the previous year.
16) There are an additional 700,000 cyber security specialists worldwide
For the cyber security skills gap to decrease, the number of people entering the industry needs to outstrip the growing demand for skilled professionals. According to the above study, there are 4.2 million active cyber security professionals across the globe.
That represents an increase of 700,000 compared to the previous year.
17) There were 401 publicly disclosed ransomware attacks in 2021
We return to IT Governance’s list of data breaches and cyber attacks for this statistic. Of the 1,243 publicly disclosed incidents that were identified, 401 were ransomware attacks.
This represents a 39% increase over the previous year (289).
18) The average wire transfer request in BEC scams is €92,000
BEC (business email compromise) is a type of phishing attack in which fraudsters impersonate a senior employee and ask the victim to make a bank transfer to an account that, unbeknown to them, is controlled by the crook.
According to the Anti-Phishing Working Group’s Q2 2021 report, the average wire transfer request in BEC scams last year was $106,000 (about €92,700).
19) 430 GDPR fines were issued in 2021
According to IT Governance’s figures, there were 430 fines issued in 2021 related to GDPR (General Data Protection Regulation) violations.
This compares to 306 in 2020, demonstrating that GDPR enforcement remains strong.
Spain’s AEPD (Agencia Española de Protección de Datos) is the most active supervisory authority, issuing 176 fines in 2021.
20) €1 billion in GDPR fines were levied last year
Our report also found that GDPR violations were being met with sizeable fines. Across the EU, penalties totalled €1,098,944,386.84, which represents a huge increase compared to 2020 (€182,546,779).
However, it’s worth noting that there were several significant penalties that inflated the overall figure. Of the 430 fines that IT Governance looked at, the median penalty was €2,000.
That might not be large enough to scare organisations straight, as some feared would happen when the GDPR took effect, but it is still a significant sum.
Set your organisation up for success
These statistics demonstrate how important it is for organisations to adapt to the ever-evolving cyber threat landscape if they are to survive and thrive in 2022.
Whether you’re concerned about ransomware, remote working, insider threats or any other risk, you must review your security measures and determine whether they are fit for the current environment.
This might mean testing your infrastructure to identify vulnerabilities, updating your documentation to bolster your GDPR compliance, or improving your employees’ security and data protection awareness with staff awareness training.
No matter what you’re looking to focus on this year, IT Governance is here to help. Our products and resources are created by experts and designed for organisations of any size.
Whatever 2022 has in store, you can at least control your cyber risks.