20 Cybersecurity Statistics You Should Know | Vumetric Cybersecurity

20 Cybersecurity Statistics You Should Know

Cybersecurity Statistics
Share on linkedin
Share on facebook
Share on twitter

Table of Contents

Cybersecurity has become increasingly important across every industry due to the massive transition to digital operations. Businesses can no longer afford to ignore the looming cybersecurity threat.

Here are 20 key cybersecurity statistics you should be aware of to be better prepared:

Transport Cybersecurity Statistics

Data Cybersecurity Statistics

  • Across all industries, the average cost of a data breach is set to exceed 150 million in 2020. Data leaks have become an incredibly lucrative avenue for hackers in the past years, as they can sell data on the dark web to other attackers looking to perform further malicious acts. Companies who face a data-related incident must spend large sums on incident response and technical resources to fix the vulnerability that allowed the data breach to occur, which can sometimes lead to inefficient use of resources to limit the impact on the organization and their customers as quickly as possible.
  • Reputation losses and customer turnover following a data breach cost U.S organizations over $4 million on average per breach.Recent studies found that the loss of business and reputation following a data breach caused more than $4 million in losses on average. Existing customers will look for different providers to work with following a breach, as they are no longer seen as reliable and feel that they have not been compensated for the incident. Potential customers will also be less inclined to work with an organization that has been breached.
  • 90% of breaches occur due to human error. Regardless of how strong your cybersecurity measures are, your employees remain the primary line of defence between your company and an incident. Some of the biggest data incidents, such as the Equifax breach, occurred due to human error. Equifax’s IT team had left multiple critical domains unpatched for months and some even for years due to poor management, which left them vulnerable to exploitation of critical vulnerabilities within these outdated versions. Had they applied the patches rigorously, the incident could have been prevented.

Healthcare Cybersecurity Statistics

  • By 2021, ransomware attacks on healthcare organizations are forecast to increase by 5 times the current rate. One of the biggest cybersecurity incidents in history occurred in a healthcare organization, when a ransomware infection spread across the NHS (National Health Service) in the UK and paralyzed patient care for a week. Due to the critical nature of healthcare, these organizations are often targeted by attackers looking to profit from ransoms and steal patient data.
  • Over 75% of the healthcare industry suffered a malware infection over the course of the last year. The healthcare industry is often filled with legacy systems and outdated operating systems. Much of the equipment used throughout the industry is incompatible with newer operating systems like Windows 10 and relies on those legacy systems to function. Unfortunately, this leaves them vulnerable to many types of attacks and malware infections which makes them an easy target for attackers.
  • One in seven phishing emails is opened by hospital employees. Phishing emails are one of the most common attack vectors used by hackers because they are easy to execute and often have a high rate of return. Unfortunately, healthcare employees aren’t receiving the training they need to avoid those scams and often lack the time to be vigilant in the face of these attacks. This gives hackers opportunities to infect critical systems, as malware is almost entirely delivered by phishing emails.

Phishing Cybersecurity Statistics

  • 94% of malware is delivered through email. Hackers take advantage of publicly-available information and trusted sources to coerce employees into downloading malicious attachments or clicking on malicious links, allowing them to gain access to critical systems or to paralyze operations. For instance, an American gas pipeline was recently forced to shut down operations entirely for two days after an employee mistakenly clicked on a phishing link which allowed the ransomware to infiltrate the OT network to encrypt all devices and demand a ransom.
  • 65% of hacker organizations and groups use spear-phishing as the primary vector to inject malware into a system. Spear phishing is dangerously effective, as it is highly targeted and leverages personal information on the employees to convince them. These attacks are often delivered directly to users who are more likely to have administrative access or those who can provide credentials that will allow hackers into IT systems. A recent example of spear-phishing, is a police department in Florida who had to let 6 suspects facing a total of 28 charges walk free after a ransomware, which was delivered through spear-phishing, wiped the evidence.
  • 56% of IT organizations feel that phishing is the biggest threat to their cybersecurity. Unfortunately, all too often, phishing is overlooked when it comes to cybersecurity risk management, as it seems like an uncommon threat. Failing to properly train employees to recognize phishing emails and other dangers can significantly increase the risk to the organization, as shown by recent incidents.

Vulnerabilities Statistics

Manufacturing Cybersecurity Statistics

  • There has been a 78% increase in supply chain cyberattacks. Following the damaging cyberattack on Norsk Hydro’s supply chain, manufacturers have become prized targets for hackers. If they can compromise large manufacturing operations, they can then demand a ransom to return vital data and to restore production lines, making these attacks potentially profitable. Hackers may also seek out intellectual property in an effort to resell them on the dark web.
  • 48% of UK manufacturers have faced verified cyberattacks. Manufacturers are constantly being scanned by bots looking for exploitable vulnerabilities to infiltrate their OT network. An attack on a manufacturer can be very profitable for hackers, as most of them cannot afford to interrupt their production lines. They will be more likely to pay the ransom following a successful ransomware attack, as it will often be the most efficient way they limit the impact on their production lines.
  • 21% of sensitive files in the manufacturing and finance industries are publicly exposed. It is nearly impossible for organizations to secure all their files, simply because of the resources it would require. This is why it is important for companies to perform penetration tests so they can identify which sensitive files are publicly exposed and get prioritized recommendations to secure them, using their resources as efficiently as possible to protect their most valuable assets.

Finance Cybersecurity Statistics

  • Out of the top 100 banks, 65 failed web security testing. The majority of financial transactions are now performed through web applications. These applications may hold extremely critical data belonging to their users and their development teams are often too focused on innovation and new features to keep up with their competitors, which leaves vulnerabilities that can be leveraged by hackers. This is why it is crucial for development teams to perform web app penetration tests (web application security assessments) as part of their development cycle, before a new feature or strategic application is released publicly. This will allow them to identify and fix potentially critical vulnerabilities, rather than waiting for hackers to exploit them.
  • Financial institutions are 47% more likely than other industries to experience a cyberattack. Because of the high potential profit from these attacks, hackers are more likely to target the financial services industry, as it is often a profitable avenue for fraud and the data that can be obtained in these attacks is much more valuable than any other industries.
  • In the banking industry, cybercrime costs for 2018 hit $18.3 million. This industry is faced with the most regulatory compliance requirements and the regulations are getting much more strict, which can lead to hefty fines when an incident occurs. Furthermore, as they are more targeted than any other industry, they must deal with the highest cost in technical restoration and incident response to recover from or mitigate any potential attacks.

Concerned By Your Cybersecurity Risks?

Recent Vumetric Blog Posts

What is Penetration Testing?

Penetration testing is an authorized simulation of a cyberattack on a company’s technologies. You may have also heard it referred to as Pentesting, Ethical Hacking, or Security Testing. The...

Internal vs External Penetration Testing

Cybersecurity is a critical component of any organization’s operations and often dictates a company’s reliability in today’s digital business world. Get it right and you secure exemplary industry reputation...

Main Security Testing Roadblocks for Startups

As a decision-maker in a SaaS startup, you might often find that your application security strategy is not getting the attention it deserves. There can be several pertinent reasons...

Assess Your Cybersecurity Risks

A specialist will reach out in order to:

Mailbox Icon
stay informed!
Subscribe to stay on top of the latest trends, threats, news and statistics in the cybersecurity industry.