These cybersecurity stats will give you an understanding of where the business world stands with regard to its business security.
Cybersecurity has evolved in just a few short years to become one of—if not the—biggest concern for SMBs.
Organizations big and small are being hacked and breached with increasing frequency and with alarming success.
While cyberattacks have been trending upwards over the last 10 years in any event, the onset of the COVID pandemic accelerated the volume of attacks to unprecedented levels.
In the first five months of 2020, the Internet Crime Complaint Center (IC3) received about as many complaints as they did in the entirety of 2019.
This uptick has occurred because of a number of factors—principally, workforces in remote settings are more common than ever; SMBs are by and large lacking proper protections; and end users are often without the necessary knowledge to defend themselves.
Cybersecurity Stats Overview
The state of cybersecurity at present suggests several threats against businesses that must be dealt with.
Some of the biggest threats facing companies today are as a result of several different factors.
These factors typically arise because the escalation in what a business needs to protect their network—as cybersecurity attack vectors become more prevalent and sophisticated, the solutions necessary to combat them add up and the talent required to operate these solutions is more important than ever.
This all amounts in effect to modern companies needing a broad range of cybersecurity tools and solutions and a solid team of qualified security professionals to use them—neither of which are cheap to the average SMB or even larger business.
Because of the costs needed to accommodate these modern cybersecurity requirements, many businesses either struggle to make the necessary investments, or worse still make no investment at all in key elements of their network security.
The result of all this is that SMBs in the US are under-protected, lacking the tools and expertise to properly defend themselves in a time where cyberattacks risk causing outright bankruptcy to affected victims.
Take a look at the following cybersecurity stats as we cover statistics from seven distinct areas of cybersecurity to get a clear understanding of what the business security landscape looks like in 2021.
Cybersecurity Stats: Data Breaches
1. Organizations that have experienced a cyberattack report being the victim of data breaches an average of 2.35 times per year.
2. 56% of Chief Information Security Officers (CISO) fear they will experience a breach in the next year.
3. 79% of companies that have been the victim of a cyberattack say attacks are more sophisticated than ever.
4. Insider data breaches are predicted to account for one-third of all cybersecurity incidents, with many SMBs having weak access controls and authentication protocols.
5. 75% of SMBs operating in US critical infrastructure have experienced at least one breach in their history.
6. Businesses spend $170,000 on average to fully resolve data breaches after being hit.
7. The reputational harm that data breaches cause businesses is a big concern—75% say a breach has prompted a negative view of their organization, which 82% report engaging with an investor relations (IR) firm to overcome reputational issues in the aftermath of an attack.
Related Post: The Biggest Data Breaches of 2021 and What We Learned from Them
Cybersecurity Stats: Cybersecurity Awareness
8. Cybersecurity training is deployed in almost 70% of respondent organizations.
9. Only 44% of employees receive security awareness training in SMBs.
10. 50% of c-suite executives view cybersecurity as a high priority, while just 26% of employees feel the same—suggesting the necessity of businesses to take the lead on security awareness from the top.
11. The FBI reported that phishing was the most common form of cybercrime, with incidents doubling from 2019 to 2020 from 114,000 to 241,000.
12. 41% of employees who worked remotely for their companies received no security awareness training of any kind.
13. 79% of employees engage in risky behaviors.
14. Human error is the biggest reason for insider data breaches, with 84% of companies being a victim of a data security incident caused by a mistake.
15. 34% of respondents in a Thycotic survey indicated they had sent a work document to a personal computer due to a work device malfunction.
16. Security awareness was ranked number 10 for company priorities for cybersecurity investment, with 22% of businesses citing it as a spending focus over 2021 and 2022.
17. 29% either have yet to implement mandatory security awareness training for employees or have no plans to do so.
Cybersecurity Stats: Ransomware
18. Financially motivated cybercrime, including ransomware, is a prevalent concern, with 79% of the respondents describing the potential impact as critical or catastrophic.
19. 56% of IT decision makers say that a ransomware attack on their business is either “likely” or “very likely” over the next year.
20. Cybersecurity insurers saw a 336% rise in claims 2019 through 2020.
21. 14% of all global breaches are caused by ransomware.
22. The United States is by far the most targeted country for ransomware, constituting 54.9% of total victims in the world.
23. The top five most targeted industries over the last year for ransomware are manufacturing (311 attacks), financial services (136), transportation (84), technology (73), legal and human resources (71).
24. Ransomware during the first half of 2021 saw an increase of 151% compared to the same period in 2020.
Cybersecurity Stats: Hiring
25. In the period between 2013 and 2021, unfilled cybersecurity jobs grew 350% from one million positions to 3.5 million.
26. Of candidates who apply for cybersecurity positions, fewer than one in four are qualified for the role.
27. According to the US Bureau of Labor Statistics, employment of information security analysts is projected to grow 33% from 2020 to 2030, far faster than the average and among the fastest-growing professions in the country.
28. Hiring an in-house dedicated cybersecurity expert is expensive, with salaries ranging upwards of $80,000 for a single internal staff member.
29. Nearly 90% of business executives either currently use or plan to use managed services for their cybersecurity needs.
Cybersecurity Stats: Compliance
30. 33% of businesses report needing to hire more staff to manage adherence to compliance standards and regulations.
31. 70% of respondents in a technology survey state their business has already invested in tools and solutions for managing IT compliance.
32. 84% of businesses plan to either maintain or increase their budgets for IT risk and compliance management.
33. An estimated 61% of organizations have experienced a compliance-related violation like the stealing of sensitive data in contravention of privacy laws.
34. Of risks being monitored as a result of the COVID pandemic, “compliance culture” is cited as the most important vulnerability, ahead of employee health and safety, data privacy, and cybersecurity and information security.
35. 40% of companies do not perform an annual risk assessment for their compliance standards.
36. Despite this, 74% of organizations believe they have made progress on their risk management practices in the last three years.
Cybersecurity Stats: Industry
37. 71% of organizations say their security budget has increased in 2021.
38. 30% of SMBs have increased their cybersecurity budgets in 2021 by at least 6%.
39. 50% of businesses now have a policy of “baking-in” cybersecurity and privacy into their decision making and planning.
40. Virtually all SMBs (96%) say that they will change their cybersecurity strategies due to COVID-19.
41. Three-quarters (76%) of businesses say the number of attacks they have faced has increased in the past year.
42. When organizations work with managed security service providers, their key priorities are vulnerability testing (62%), security training (51%), and breach/attack simulation (46%).
43. The cybersecurity industry market as a whole is expected to grow at a compound annual growth rate (CAGR) of 11% between 2021 and 2028—from $167 billion to $372 billion.
Cybersecurity Stats: Biggest Attack Vectors
44. Third-party apps are the biggest cause of cyberattacks for SMBs (14.4%), followed by ransomware (14.3%), out-of-date security technology (14%), process weaknesses (14%), and operating system vulnerabilities (8%).
45. Cloud workloads are increasingly cited as a key vulnerability for businesses, with 15% of businesses stating their workloads are the most vulnerable breach point in their company.
46. Additionally, Internet of Things (IoT) and cloud service providers top the list of “likely” threat vectors, with 33% of businesses noting these two vectors as a danger to their network.
47. 78% of businesses that have experienced a cyberattack say attacks increased as a result of remote work conditions for their employees.
48. 70% of businesses report an increase in phishing attacks on their organization since the pandemic began.
49. 57% of organizations deem an attack on the cloud services they use to be very likely, and 59% say the impact of such an attack on their business would be “negative” or “very negative”.
50. 61% of companies say they need to approach security in a different way because attack surfaces have expanded and they are at greater risk.
51. 63% of decision makers state they need increased visibility over data and applications in order to pre-empt attacks.
If these cybersecurity stats have made you think about your own organization’s security but you are unsure where to start, consider having a risk audit done by Impact. Get in touch today to get the ball rolling on securing your future.
