20 Cybersecurity Statistics You Should Know

Share on linkedin
Share on facebook
Share on twitter

Table of Contents

Cybersecurity has become increasingly important across every industry due to the massive transition to digital operations. Businesses can no longer afford to ignore the looming cybersecurity threat.

Here are 20 key cybersecurity statistics you should be aware of to be better prepared:

Transport Cybersecurity Statistics

Data Cybersecurity Statistics

  • Across all industries, the average cost of a data breach is set to exceed 150 million in 2020. Data leaks have become an incredibly lucrative avenue for hackers in the past years, as they can sell data on the dark web to other attackers looking to perform further malicious acts. Companies who face a data-related incident must spend large sums on incident response and technical resources to fix the vulnerability that allowed the data breach to occur, which can sometimes lead to inefficient use of resources to limit the impact on the organization and their customers as quickly as possible.
  • Reputation losses and customer turnover following a data breach cost U.S organizations over $4 million on average per breach.Recent studies found that the loss of business and reputation following a data breach caused more than $4 million in losses on average. Existing customers will look for different providers to work with following a breach, as they are no longer seen as reliable and feel that they have not been compensated for the incident. Potential customers will also be less inclined to work with an organization that has been breached.
  • 90% of breaches occur due to human error. Regardless of how strong your cybersecurity measures are, your employees remain the primary line of defence between your company and an incident. Some of the biggest data incidents, such as the Equifax breach, occurred due to human error. Equifax’s IT team had left multiple critical domains unpatched for months and some even for years due to poor management, which left them vulnerable to exploitation of critical vulnerabilities within these outdated versions. Had they applied the patches rigorously, the incident could have been prevented.

Healthcare Cybersecurity Statistics

  • By 2021, ransomware attacks on healthcare organizations are forecast to increase by 5 times the current rate. One of the biggest cybersecurity incidents in history occurred in a healthcare organization, when a ransomware infection spread across the NHS (National Health Service) in the UK and paralyzed patient care for a week. Due to the critical nature of healthcare, these organizations are often targeted by attackers looking to profit from ransoms and steal patient data.
  • Over 75% of the healthcare industry suffered a malware infection over the course of the last year. The healthcare industry is often filled with legacy systems and outdated operating systems. Much of the equipment used throughout the industry is incompatible with newer operating systems like Windows 10 and relies on those legacy systems to function. Unfortunately, this leaves them vulnerable to many types of attacks and malware infections which makes them an easy target for attackers.
  • One in seven phishing emails is opened by hospital employees. Phishing emails are one of the most common attack vectors used by hackers because they are easy to execute and often have a high rate of return. Unfortunately, healthcare employees aren’t receiving the training they need to avoid those scams and often lack the time to be vigilant in the face of these attacks. This gives hackers opportunities to infect critical systems, as malware is almost entirely delivered by phishing emails.

Phishing Cybersecurity Statistics

  • 94% of malware is delivered through email. Hackers take advantage of publicly-available information and trusted sources to coerce employees into downloading malicious attachments or clicking on malicious links, allowing them to gain access to critical systems or to paralyze operations. For instance, an American gas pipeline was recently forced to shut down operations entirely for two days after an employee mistakenly clicked on a phishing link which allowed the ransomware to infiltrate the OT network to encrypt all devices and demand a ransom.
  • 65% of hacker organizations and groups use spear-phishing as the primary vector to inject malware into a system. Spear phishing is dangerously effective, as it is highly targeted and leverages personal information on the employees to convince them. These attacks are often delivered directly to users who are more likely to have administrative access or those who can provide credentials that will allow hackers into IT systems. A recent example of spear-phishing, is a police department in Florida who had to let 6 suspects facing a total of 28 charges walk free after a ransomware, which was delivered through spear-phishing, wiped the evidence.
  • 56% of IT organizations feel that phishing is the biggest threat to their cybersecurity. Unfortunately, all too often, phishing is overlooked when it comes to cybersecurity risk management, as it seems like an uncommon threat. Failing to properly train employees to recognize phishing emails and other dangers can significantly increase the risk to the organization, as shown by recent incidents.

Vulnerabilities Statistics

Manufacturing Cybersecurity Statistics

  • There has been a 78% increase in supply chain cyberattacks. Following the damaging cyberattack on Norsk Hydro’s supply chain, manufacturers have become prized targets for hackers. If they can compromise large manufacturing operations, they can then demand a ransom to return vital data and to restore production lines, making these attacks potentially profitable. Hackers may also seek out intellectual property in an effort to resell them on the dark web.
  • 48% of UK manufacturers have faced verified cyberattacks. Manufacturers are constantly being scanned by bots looking for exploitable vulnerabilities to infiltrate their OT network. An attack on a manufacturer can be very profitable for hackers, as most of them cannot afford to interrupt their production lines. They will be more likely to pay the ransom following a successful ransomware attack, as it will often be the most efficient way they limit the impact on their production lines.
  • 21% of sensitive files in the manufacturing and finance industries are publicly exposed. It is nearly impossible for organizations to secure all their files, simply because of the resources it would require. This is why it is important for companies to perform penetration tests so they can identify which sensitive files are publicly exposed and get prioritized recommendations to secure them, using their resources as efficiently as possible to protect their most valuable assets.

Finance Cybersecurity Statistics

  • Out of the top 100 banks, 65 failed web security testing. The majority of financial transactions are now performed through web applications. These applications may hold extremely critical data belonging to their users and their development teams are often too focused on innovation and new features to keep up with their competitors, which leaves vulnerabilities that can be leveraged by hackers. This is why it is crucial for development teams to perform web app penetration tests (web application security assessments) as part of their development cycle, before a new feature or strategic application is released publicly. This will allow them to identify and fix potentially critical vulnerabilities, rather than waiting for hackers to exploit them.
  • Financial institutions are 47% more likely than other industries to experience a cyberattack. Because of the high potential profit from these attacks, hackers are more likely to target the financial services industry, as it is often a profitable avenue for fraud and the data that can be obtained in these attacks is much more valuable than any other industries.
  • In the banking industry, cybercrime costs for 2018 hit $18.3 million. This industry is faced with the most regulatory compliance requirements and the regulations are getting much more strict, which can lead to hefty fines when an incident occurs. Furthermore, as they are more targeted than any other industry, they must deal with the highest cost in technical restoration and incident response to recover from or mitigate any potential attacks.

A penetration test is a simulated hacking attempt that identifies opportunities for real hackers to break through your defences and perform various malicious acts. It generally leverages tools used by hackers and various professional methodologies to replicate the steps that modern hackers would take to intrude into your IT systems.

A pentest attempts to exploit your vulnerabilities to determine their potential impact, should they be used in a real hacking scenario. They provide a list of vulnerabilities with their respective level of severity, as well as technical recommendations to help your team apply corrective measures and focus on the most critical vulnerabilities.

These services allow your organization to answer the following questions, among several others:

  • Can a hacker gain access to any sensitive information?
  • Can a hacker hijack my technologies for any malicious acts?
  • Could a malware infection spread through the network?
  • Can an attacker escalate access to an administrative user?

Learn more about penetration testing →

There are many contexts in which a penetration test should be performed.

Here are some common use cases for a pentest:

  • As part of the development cycle of an application. (To test the security of a new feature/app)
  • To comply with security requirements. (3rd-parties, PCI, ISO27001, etc.)
  • To secure sensitive data from exfiltration.
  • To prevent infections by malware. (Ransomware, spyware, etc.)
  • To prevent disruptive cyberattacks. (Such as denial of service)
  • As part of a cybersecurity risk management strategy.

All businesses are advised to conduct a penetration test at least once a year, as well as after any significant upgrades or modifications to the company network. Given the rapid rate at which new exploits are discovered, we generally recommend that quarterly tests are performed.

Various steps are taken over the course of the project to prevent the potential impact of our tests on the stability of your technological environment and the continuity of your business operations.

For this reason, a communication plan will be put in place at the beginning of the project to prevent and mitigate any potential impact. A representative of your organization will be identified to act as the main point of contact to ensure rapid communication in the event of a situation directly impacting the conduct of your daily operations, or if any critical vulnerabilities are identified, for which  corrective measures need to be implemented quickly.

While we use a simple 4 levels risk rating approach (Critical, High, Moderate, Low), our risk assessment is actually based on the Common Vulnerability Scoring System (CVSS) standard. Two main criteria are considered when  assessing the risk level of each vulnerability:

  • Potential impact: The potential impact of an attack based on a vulnerability, combined with its  potential effect on the availability of the system, as well as the confidentiality and integrity of  the data.
  • Exploitability: The potential exploitability of a vulnerability; a vulnerability that is easier to  exploit increases the number of potential attackers and thus the likelihood of an attack.  Different factors are considered when evaluating the exploitability potential of a vulnerability  (e.g.: access vector, authentication, operational complexity, etc.)

Related Vumetric Blog Posts

Cyberattack impact

How Cyberattacks Impact Your Organization

A cyberattack is a malicious assault by cybercriminals aiming to damage a computer network or …

Read The Article
penetration test vs bug bounty

Penetration Testing vs Bug Bounty

Due to the recent spate of ransomware incidents, organizations and nervous IT administrators are wondering …

Read The Article
How Wordpress Gets Hacked and How to Prevent

How WordPress Sites Get Hacked And Fixes to Prevent it

WordPress sites get hacked on a regular basis, as it is by far the most …

Read The Article


We've Earned Internationally-Recognized Certifications

Contact a Certified Expert

Talk with a real expert. No engagement. We answer within 24h.
penetration testing provider

Concerned By Your Cybersecurity Risks?

or give us a call directly at: