top of page

The Spookiest Cybersecurity Stats of 2022

With Cybersecurity Awareness Month 2022 coming to an end on Halloween, it’s the perfect time to take a deep look at some of the spookiest cybersecurity statistics surrounding the increasingly volatile threat landscape. Each year, cybersecurity companies publish a number of research reports focusing on different aspects of cybersecurity and breach trends. Below is a list of some staggering statistics from several reports published throughout the year.

  • 53% of organizations have at least one open vulnerability exposed to the internet. 22% of those organizations amass over 1,000 vulnerabilities each.

  • It typically takes organizations about a year to remediate half of the vulnerabilities in the internet-facing infrastructure.

  • The Finance sector has one of the slowest remediation rates (median=426 days), while Utilities rank among the fastest (median=270 days).

  • Despite a 15-fold increase in exploitation activity for vulnerabilities with published exploit code, there is little evidence that organizations fix exploited flaws faster.

  • There were 20,175 new vulnerabilities published in 2021, up from 18,341 in 2020. That’s the most vulnerabilities ever reported in a single year, and it’s the biggest year-over-year increase since 2018.

  • The number of new vulnerabilities exploited in the wild rose by 24% in 2021.

  • Vulnerabilities in operational technology jumped 88% from 2020 to 2021.

  • The malware industry continues to churn out a wide array of malicious software: crypto jacking and ransomware programs increased by 75% and 42% respectively in 2021.

  • 31% (approximately 5 billion) malicious transactions targeted unknown, unmanaged and unprotected APIs, commonly referred to as shadow APIs, making this the top threat challenging the industry.

  • The second largest API security threat mitigated during the first half of 2022 was API abuse, meaning attackers targeting properly coded and inventoried APIs.

  • Research found that threat actors can start weaponizing critical SAP vulnerabilities less than 72 hours after a patch is released.



bottom of page