The Cybersecurity Statistics You Can’t Afford to Ignore

Today’s multi-billion-dollar threat to network security all started with an innocent worm on a quest to assess the size of the internet in 1988. Robert Tappan Morris, a Cornell University graduate student, developed the program, and as the “Morris Worm” crawled through the web and installed itself on computers to count how many were connected to the internet, it left a cascade of detrimental issues in its wake. The worm was the first Distributed Denial of Service (DDoS) attack, and it unintentionally damaged 10 percent of all the computers on the internet at the time and racked up repair costs that are estimated to be as high as $2.9 million in today’s dollars. By the next year, the term “cybersecurity” was coined, and it has since morphed into one of the most existential threats to governments and organizations worldwide.

 

It’s important for leadership in every type of organization — from military to government to corporations to small business — to be aware of the prevalence and scale of cyberthreats so they can beef up their security and prevent costly attacks. Here are recent statistics to quantify how pervasive, malicious and relentless cyberattacks are today.

 

The Sources of Cybersecurity Issues

The number of targeted, large-scale breaches grows by 27 percent each year in the U.S.,1 and COVID-19 only fueled the flames. Since the pandemic began, the FBI reported a 300 percent increase in reported cybercrimes.2 Money is the main motivator behind these crimes—representing 86 percent of the breaches, while espionage accounts for 10 percent.3

 

Most often cyber criminals and hackers are looking to exploit human error, which is attributed to 95 percent of cybersecurity breaches.4 Working from home posed the perfect opportunity for criminals’ maleficence, as many employees were more distracted by their kids and/or partners in the household. Of those employees who fell for a phishing scam, 47 percent cited being distracted as the reason for their error in judgment.5

 

Cyber criminals continue to hone their craft and find better ways to disguise their sinister ploys. The vast majority of malware — 94 percent — is delivered via email.6 To dupe recipients into opening attachments, the most commonly used malicious attachment types are .doc and .dot.7 Of the domains embedded in an email, about 20 percent are very new and only used for about a week to avoid detection.8

 

Once a breach occurs, it can take weeks, months or even years for it to be detected. Last year, the average time for a company to become aware of a breach was an astounding 207 days.9

 

Stat Recap:

  • Targeted, large-scale breaches grow by 27 percent each year in the U.S.
  • Cybercrimes are up 300 percent since the start of COVID
  • Money motivates 86 percent of breaches
  • Espionage motivates 10 percent of breaches
  • Human error accounts for 95 percent of cybersecurity breaches
  • 47 percent of phishing scam victims blame their error on being distracted
  • 94 percent of malware is delivered via email
  • The most commonly used malicious attachment types are .doc and .dot
  • 20 percent of domains embedded in emails are very new and only used for about a week
  • It takes a company 207 days on average to detect a breach

 

 

The Scale of Cybersecurity Threats

In 2018 the U.S. government had 1.2 billion records breached,1 and when you look at all organizations, more than 36 billion records were exposed in the first half of 2020 alone.10

 

Today’s reality is that one in every 4,200 emails is a phishing attempt and one in 13 web requests lead to malware.7 The pace and determination of hackers and cybercriminals is unyielding. According to a University of Maryland study, hackers attack every 39 seconds, averaging 2,244 attempts a day.11

 

Attacks of all types are on the rise, including those targeting IoT devices. These devices are firmly in the crosshairs of cyber criminals, with attacks tripling in the first half of 2019.6 More criminals are opting to use ransomware as their attack of choice to bilk organizations out of money. Today, seven out of every 10 malware payloads are ransomware.1

 

Considering the average employee has access to 11 million files, and on average, only 5 percent of a company’s folders are properly protected, organizations carry an exorbitant amount of risk if their cybersecurity isn’t equipped to handle today’s threats.12

 

Stat Recap:

  • The U.S. government had 1.2 billion records breached in 2018
  • 36 billion records were exposed in the first half of 2020
  • One in every 4,200 emails is a phishing attempt
  • One in 13 web requests lead to malware
  • Hackers attack every 39 seconds, averaging 2,244 attempts a day
  • Attacks on IoT devices tripled in the first half of 2019
  • Seven out of every 10 malware payloads are ransomware
  • The average employee has access to 11 million files
  • Only 5 percent of a company’s folders are properly protected

 

 

The Cost of Cyberattacks

Falling prey to a cyberattack can carry a very steep price tag. Accenture reports that the most expensive component of a cyberattack is information lost, which can cost a large organization around $5.9 million.13 The various methods cyber criminals use affects how much the attack will cost an organization. For a malware attack, the average cost on a company is $2.6 million,13 while a data breach will cost $3.86 million on average.9 For businesses that fall prey to a ransomware attack, the average cost is $133,000,14 with payment demands on the rise 33 percent in 2020 from 2019, averaging $111,605.15 Phishing attacks are extremely common, and organizations lose $17,700 every minute because of them.6

 

Stat Recap:

  • The average cost of lost information from a cyberattack is $5.9 million
  • The average cost of a malware attack is $2.6 million
  • The average cost of a data breach is $3.86 million
  • The average cost of a ransomware attack is $133,000
  • The average ransom demand is $111,605
  • Organizations lose $17,700 every minute to phishing attacks

 

Cyberattack Implications Beyond the Bottomline

A cyberattack can cost your organization more than just monetary damages — it can also lose valuable time, productivity, customer trust and sensitive information. When publicly traded companies are victims of an attack, their share prices fall 7.27 percent on average after a breach.16 Investor confidence can continue to wane knowing that more than 77 percent of organizations do not have an incident response plan,4 and that from detection of the breach to containment, the average lifecycle is 280 days.9 During that period, the average cost of lost business is $1.52 million.9

 

Stat Recap:

  • Breaches drop publicly traded companies’ share prices 7.27 percent on average
  • 77 percent of organizations do not have an incident response plan
  • It takes 280 days on average from detection of a breach to containment
  • The average cost of lost business from a breach is $1.52 million

 

Predictions for Cybersecurity

The success cyber criminals have had wreaking havoc and earning money underhandedly only encourages them to continue their illegal activities. Analysts predict we will see increased levels of attacks in the coming years. This year alone, ransomware damage costs are expected to total $20 billion, and a business will fall victim to a ransomware attack every 11 seconds.17 Worldwide cybercrime as a whole will hit $6 trillion annually this year as well.17 By 2023, the total number of DDoS attacks worldwide will be 15.4 million,8 and by 2025, damage related to cybercrime is projected to hit $10.5 trillion annually.17

 

Stat Recap:

  • Ransomware damage costs are expected to total $20 billion in 2021
  • A business will fall victim to a ransomware attack every 11 seconds
  • Worldwide cybercrime will hit $6 trillion annually in 2021
  • By 2023, the total number of DDoS attacks worldwide will be 15.4 million
  • By 2025, cybercrime-related damage is projected to hit $10.5 trillion annually

 

Safeguard Your Organization with IDB Cybersecurity Programs

Interested in upgrading your organization’s cybersecurity to minimize potential risk exposure? The Institute for Defense and Business is offering a program to introduce participants to the multifaceted strategic cyber risks facing organizations from emerging technologies. The IU-IDB Cyber Risk Management Program will help you better understand the multifaceted cyberthreats facing the public and private sector and equip you with a toolbox to manage cyber risk exposure.

 

About IDB

The Institute for Defense and Business (IDB) delivers educational programs and research to teach, challenge and inspire leaders who work with and within the defense enterprise to achieve next-level results for their organization. IDB features curriculum in Logistics, Supply Chain and Life Cycle Management, Complex Industrial Leadership, Strategic Studies, Global Business and Defense Studies, Continuous Process Improvement, and Stabilization and Economic Reconstruction. Visit www.IDB.org or contact us on our website for more information.

 

 

1 Purplesec; 2 IMC Grupo; 3 Verizon; 4 Cybint; 5 Tessian; 6 CSO Online; 7 Symantec; 8 Cisco; 9 IBM; 10 RiskBased; 11 University of Maryland; 12 Varonis; 13 Accenture; 14 SafeAtLast; 15 Fintech News; 16 Comparitech; 17 Cybersecurity Ventures