With Halloween just around the corner, we wanted to share a roundup of “Scary Security Stats” from the past year.
Each year, cybersecurity companies publish a number of research reports focusing on different aspects of cybersecurity and breach trends. Below is a list of some of the most alarming statistics from several reports published throughout the year.
Stolen data has a wider reach and moves more quickly in 2021—Breach data received over 13,200 views in 2021 vs. 1,100 views in 2015 -- a 1,100% increase. (Source: Bitglass 2021 Where’s your Data Report)
The Dark Web has become darker, as the number of anonymous viewers on the Dark Web in 2021 (93%) outnumber those in 2015 (67%). (Source: Bitglass 2021 Where’s your Data Report)
Cybercriminals may be more of a “homegrown” threat than many believe, with downloads of the stolen data originating from the United States as the second-most frequent location (top three were: Kenya, United States, and Romania). (Source: Bitglass 2021 Where’s your Data Report)
The count of healthcare breaches reached 599 in 2020, a 55.1% increase since 2019 (386) (Source: Bitglass 2021 Healthcare Breach Report)
Hacking and IT incidents were the top breach causes in healthcare in 2020, leading to 67.3% of compromises (Source: Bitglass 2021 Healthcare Breach Report)
While 22% of organizations confirm that unmanaged devices accessing corporate resources have downloaded malware in the last 12 months, an alarming 49% are unsure or unable to disclose whether the same could be said of them. (Source: Bitglass 2021 BYOD Security Report)
The biggest remote work security concerns stem from data leaking through endpoints (68%), users connecting with unmanaged devices (59%), and access from outside the perimeter, meaning less anti-malware protection (56%). (Source: Bitglass 2021 Remote Workforce Report)
65% of victims penetrated by phishing had conducted anti-phishing training (Source: Cloudian Ransomware Victims Report)
Traditional ransomware defenses are failing, with 54% of all victims having anti-phishing training and 49% having perimeter defenses in place at the time of attack. (Source: Cloudian Ransomware Victims Report)
Public cloud was the most common point of entry for ransomware, with 31% of survey respondents being attacked this way. (Source: Cloudian Ransomware Victims Report)
56% of survey respondents reported that attackers were able to take control of their data and demand ransom within just 12 hours, and another 30% said it happened within 24 hours. (Source: Cloudian Ransomware Victims Report)
More than half of those surveyed said the attacks significantly impacted their financials, operations, employees, customers and reputation. (Source: Cloudian Ransomware Victims Report)
The average ransom payment was $223,000, with 14% paying $500,000 or more. (Source: Cloudian Ransomware Victims Report)
Respondents spent an average of $183,000 more for other costs resulting from the attack. (Source: Cloudian Ransomware Victims Report)
Cyber insurance covered only about 60% of ransomware payments and other costs, presumably reflecting deductibles and coverage caps. (Source: Cloudian Ransomware Victims Report)
Despite paying ransom, only 57% of respondents got all their data back. (Source: Cloudian Ransomware Victims Report)
32% of enterprises experienced unauthorized access to cloud resources, and another 19% were unaware if unauthorized access occurred. (Source: In the Dark: Why Enterprise Blind Spots are Leaving Sensitive Enterprise Data Vulnerable to Breaches)
Manual errors are the leading reason why IAM solutions fail. While 78% of enterprises claimed to be able to enforce IAM policies, 69% reported policy enforcement issues created unauthorized access. (Source: In the Dark: Why Enterprise Blind Spots are Leaving Sensitive Enterprise Data Vulnerable to Breaches)
53% of companies reported 100 or more individuals have cloud access across numerous internal and external teams, the majority of which have no security specific expertise. For example, 72% say developers have cloud access, 69% say DevOps teams have cloud access, and 41% say consultants have cloud access. (Source: In the Dark: Why Enterprise Blind Spots are Leaving Sensitive Enterprise Data Vulnerable to Breaches)
60% of enterprises reported that the interval before correcting misconfiguration errors was monthly or longer. (Source: In the Dark: Why Enterprise Blind Spots are Leaving Sensitive Enterprise Data Vulnerable to Breaches)
Only 50% of enterprises indicated that they review access policies and privileges on a monthly basis. (Source: In the Dark: Why Enterprise Blind Spots are Leaving Sensitive Enterprise Data Vulnerable to Breaches)
While 60% of organizations have experienced a cyberattack in the last two years and spend approximately $38 million on security activities, only 7% of security leaders are reporting to the CEO (Source: Security and the C-Suite: Making Security Priorities Business Priorities)
Only 37% of security professionals say their organization values and effectively leverages the expertise of the cybersecurity leader (Source: Security and the C-Suite: Making Security Priorities Business Priorities)
54% of security professionals are worried about their job security, with 63% citing insufficient budget to invest in the right technologies as a main culprit (Source: Security and the C-Suite: Making Security Priorities Business Priorities)
53% of security professionals claim senior leadership does not understand their role, and another 51% of professionals believe that they lack executive support (Source: Security and the C-Suite: Making Security Priorities Business Priorities)
62% of IT leaders say data loss with one of their cloud solutions would have a moderate or major impact on their business because they have either no backup solution or a complex one. This can be avoided by investing in a robust backup, monitoring your environment for threat and having a written and tested recovery plan. (Source: State of IT at Modern Workplaces)
Maintaining compliance feels scary with a remote workplace. When reporting their biggest challenges in maintaining compliance virtually, IT leaders named “finding a solution that is automated and easy to use (37%)”, and “employees using their own virtual tools with a lack of governance (36%)” as their top compliance concerns. (Source: State of IT at Modern Workplaces)
25% of IT leaders that said email encryption and data loss prevention solutions are most important to overall workplace security also reported that they’re not satisfied with the solution they have deployed. (Source: State of IT at Modern Workplaces)
Overall email threats are on an upward trend throughout the first half of 2021. We quarantined over 2.9 billion email threats throughout the first half of 2021, which was a 13.5% increase over the trailing 6-month period. (Source: 2021 Mid-Year Global Threat Report)
###
Comments