Cybersecurity has become increasingly important across every industry due to the massive transition to digital operations. Businesses can no longer afford to ignore the looming cybersecurity threat.
Here are 20 key cybersecurity statistics you should be aware of to be better prepared:
Transport Cybersecurity Statistics
- The global transport and logistics industry is targeted by 116 cyberattacks daily. – As fully automated fleets and logistics are being introduced into the market, the risks of a cyberattack is increasing tenfold. Hackers are often looking for proprietary processes within these automations so they can be resold on the dark web or used for industrial espionage, which makes this industry an increasingly profitable target for cybercriminals.
- The average cost of a cybersecurity breach in the transport and logistics industry sits at 1.15 million for larger organizations. – Companies in the transport industry often hold large quantities of critical customer data that can be used by hackers for various malicious purposes. From compromised tracking information, leaked scheduled flights to customer payment information, there is a wide range of sensitive data that the transport industry holds which makes them a valuable target.
Data Cybersecurity Statistics
- Across all industries, the average cost of a data breach is set to exceed 150 million in 2020. – Data leaks have become an incredibly lucrative avenue for hackers in the past years, as they can sell data on the dark web to other attackers looking to perform further malicious acts. Companies who face a data-related incident must spend large sums on incident response and technical resources to fix the vulnerability that allowed the data breach to occur, which can sometimes lead to inefficient use of resources to limit the impact on the organization and their customers as quickly as possible.
- Reputation losses and customer turnover following a data breach cost U.S organizations over $4 million on average per breach. – Recent studies found that the loss of business and reputation following a data breach caused more than $4 million in losses on average. Existing customers will look for different providers to work with following a breach, as they are no longer seen as reliable and feel that they have not been compensated for the incident. Potential customers will also be less inclined to work with an organization that has been breached.
- 90% of breaches occur due to human error. – Regardless of how strong your cybersecurity measures are, your employees remain the primary line of defence between your company and an incident. Some of the biggest data incidents, such as the Equifax breach, occurred due to human error. Equifax’s IT team had left multiple critical domains unpatched for months and some even for years due to poor management, which left them vulnerable to exploitation of critical vulnerabilities within these outdated versions. Had they applied the patches rigorously, the incident could have been prevented.
Healthcare Cybersecurity Statistics
- By 2021, ransomware attacks on healthcare organizations are forecast to increase by 5 times the current rate. – One of the biggest cybersecurity incidents in history occurred in a healthcare organization, when a ransomware infection spread across the NHS (National Health Service) in the UK and paralyzed patient care for a week. Due to the critical nature of healthcare, these organizations are often targeted by attackers looking to profit from ransoms and steal patient data.
- Over 75% of the healthcare industry suffered a malware infection over the course of the last year. – The healthcare industry is often filled with legacy systems and outdated operating systems. Much of the equipment used throughout the industry is incompatible with newer operating systems like Windows 10 and relies on those legacy systems to function. Unfortunately, this leaves them vulnerable to many types of attacks and malware infections which makes them an easy target for attackers.
- One in seven phishing emails is opened by hospital employees. – Phishing emails are one of the most common attack vectors used by hackers because they are easy to execute and often have a high rate of return. Unfortunately, healthcare employees aren’t receiving the training they need to avoid those scams and often lack the time to be vigilant in the face of these attacks. This gives hackers opportunities to infect critical systems, as malware is almost entirely delivered by phishing emails.
Phishing Cybersecurity Statistics
- 94% of malware is delivered through email. – Hackers take advantage of publicly-available information and trusted sources to coerce employees into downloading malicious attachments or clicking on malicious links, allowing them to gain access to critical systems or to paralyze operations. For instance, an American gas pipeline was recently forced to shut down operations entirely for two days after an employee mistakenly clicked on a phishing link which allowed the ransomware to infiltrate the OT network to encrypt all devices and demand a ransom.
- 65% of hacker organizations and groups use spear-phishing as the primary vector to inject malware into a system. – Spear phishing is dangerously effective, as it is highly targeted and leverages personal information on the employees to convince them. These attacks are often delivered directly to users who are more likely to have administrative access or those who can provide credentials that will allow hackers into IT systems. A recent example of spear-phishing, is a police department in Florida who had to let 6 suspects facing a total of 28 charges walk free after a ransomware, which was delivered through spear-phishing, wiped the evidence.
- 56% of IT organizations feel that phishing is the biggest threat to their cybersecurity. – Unfortunately, all too often, phishing is overlooked when it comes to cybersecurity risk management, as it seems like an uncommon threat. Failing to properly train employees to recognize phishing emails and other dangers can significantly increase the risk to the organization, as shown by recent incidents.
- 81% of business leaders say that the rising use of technologies introduces vulnerabilities faster than they can be corrected. – While new technologies allow businesses to reach more customers and offer new features to keep a competitive edge, they often introduce vulnerabilities faster than they can be secured. As everything becomes increasingly digitalized, the implementation of web and mobile applications has become critical for businesses in every industry. Development teams are focused on innovation: staying one step ahead of their competitors and creating cutting-edge features. As a result, they may be less focused on secure development, which can introduce logic flaws into the application that hackers then take advantage of.
- 68% of business leaders have noted an increase in cybersecurity risks. – As cyber threats and tools adapt to strong security measures and hackers become more aware of common vulnerabilities found in web applications, cybersecurity risks have increased for businesses of all sizes–and it’s become even more critical that businesses test their cybersecurity to identify and fix vulnerabilities within their various technologies.
- 1 in 13 web requests leads to malware. – Hackers have become increasingly sophisticated in the way they perform cyberattacks. They’re taking advantage of the number of users on the web to distribute malware on a massive scale.
Manufacturing Cybersecurity Statistics
- There has been a 78% increase in supply chain cyberattacks. – Following the damaging cyberattack on Norsk Hydro’s supply chain, manufacturers have become prized targets for hackers. If they can compromise large manufacturing operations, they can then demand a ransom to return vital data and to restore production lines, making these attacks potentially profitable. Hackers may also seek out intellectual property in an effort to resell them on the dark web.
- 48% of UK manufacturers have faced verified cyberattacks. – Manufacturers are constantly being scanned by bots looking for exploitable vulnerabilities to infiltrate their OT network. An attack on a manufacturer can be very profitable for hackers, as most of them cannot afford to interrupt their production lines. They will be more likely to pay the ransom following a successful ransomware attack, as it will often be the most efficient way they limit the impact on their production lines.
- 21% of sensitive files in the manufacturing and finance industries are publicly exposed. – It is nearly impossible for organizations to secure all their files, simply because of the resources it would require. This is why it is important for companies to perform penetration tests so they can identify which sensitive files are publicly exposed and get prioritized recommendations to secure them, using their resources as efficiently as possible to protect their most valuable assets.
Finance Cybersecurity Statistics
- Out of the top 100 banks, 65 failed web security testing. – The majority of financial transactions are now performed through web applications. These applications may hold extremely critical data belonging to their users and their development teams are often too focused on innovation and new features to keep up with their competitors, which leaves vulnerabilities that can be leveraged by hackers. This is why it is crucial for development teams to perform web app penetration tests (web application security assessments) as part of their development cycle, before a new feature or strategic application is released publicly. This will allow them to identify and fix potentially critical vulnerabilities, rather than waiting for hackers to exploit them.
- Financial institutions are 47% more likely than other industries to experience a cyberattack. – Because of the high potential profit from these attacks, hackers are more likely to target the financial services industry, as it is often a profitable avenue for fraud and the data that can be obtained in these attacks is much more valuable than any other industries.
- In the banking industry, cybercrime costs for 2018 hit $18.3 million. – This industry is faced with the most regulatory compliance requirements and the regulations are getting much more strict, which can lead to hefty fines when an incident occurs. Furthermore, as they are more targeted than any other industry, they must deal with the highest cost in technical restoration and incident response to recover from or mitigate any potential attacks.