Every day the news is full of studies and surveys stemming from the world of cybersecurity that are simply staggering. It can feel overwhelming to stay on top of the latest figures.
So, as a service to the community, we’ve poured over many studies published over the last year or so and narrowed it down to 20 cybersecurity statistics. From our perspective, these sum up the state of cybersecurity nicely.
We’ve linked back to the source for those interested in having a closer look or referencing a particular study.
Here are the 20 statistics that have stood out for us:
1) Rise in global incidents.
Some 1.4 billion data records were exposed in 1,792 incidents worldwide in 2016. The same study found 59% of data breach incidents involved identity theft. (Source: Dark Reading, Gemalto)
2) Evolution in the types of attacks.
Ransomware attacks – encrypting user data and demanding a ransom to release it – increased 50% in 2016. (Source: Bloomberg, Verizon)
3) Breaches are on the rise.
A separate study tallied 4,149 global data breaches, which reached a new high and exposed 4 billion records in 2016. (Source: Dark Reading, Risk Based Security)
4) No signs of slowing in 2017.
The Identity Theft Resource Center (ITRC) reported that the U.S. had recorded 791 attacks in just the first six months of 2017. The number is a 29% year-over-year increase and puts the U.S. on track to exceed “an all-time record high of 1,093” in 2016. (Source: HelpNetSecurity, ITRC)
5) 90 billion attacks.
In July 2017, a state official told PennLive that the Commonwealth of Pennsylvania, a so called “swing state” for its influence on federal elections, had experienced “90 billion cyber intrusion attempts” which was later clarified as “hacking attempts across all state systems and applications.” (Source: PennLive)
6) Imminent attack.
A 2017 survey of security leaders found 80% believe their company will experience a cyber attack in the next year. (Source: eSecurity Planet, ISACA)
7) The cost of a breach.
The cost of a cybersecurity breach is an estimated $3.62 million globally. In the U.S. the cost of a breach is nearly double that at an estimated $7.35 million. (Source: Dark Reading, Ponemon Institute, IBM)
8) The widening surface of attack.
In 2016, researchers identified a record 15,000 reported vulnerabilities, which was about 40% more than those identified by CVE and National Vulnerability Database. (Source: HelpNetSecurity, Risk Based Security)
9) Attack vector IoT.
Two separate studies both found that 46% of respondents experienced a “security breach or incident as a result of an attack” on devices stemming from the internet of things (IoT). (Source: Dark Reading, IDC Research, Altman Vilandrie & Co.)
10) Cybersecurity spending.
A research firm estimates cybersecurity spending reached $80 billion in 2016 and forecast spending will exceed $1 trillion by 2021. It also predicts the cost of cyber crime will grow to $6 trillion in the same time period (Source: CSO Online, Cybersecurity Ventures, Gartner)
See these related posts:
Threat Hunting: Summaries of 5 Recent Cyber Security Studies
Cliff Notes to 3 Notable Cybersecurity Studies
Roundup: The Latest from the Cybersecurity Tech Analysts
11) Growing cybersecurity market.
In 2016, $3.5 billion of venture capital was invested in 404 security startups, up from $1.8 billion invested in 279 startups three years earlier. (Source: Fortune, CB Insights)
12) Security technology spend.
More than one-third (35%) of organizations expect to increase their security spending over the next 12 months; 40% expect spending to remain the same. Most security shops plan to spend the bulk of their technology budget in the following areas:
- 53% say firewalls / next generation firewalls
- 44% say anti-virus / anti-malware
- 25% say intrusion detection / intrusion prevention systems (IDS/IDP)
- 24% say endpoint protection
- 24% says SIEM
13) Security pros don’t mind long hours.
A survey of security professionals found 57% say they work through weekends. Despite the long hours, 97% of respondents said they find their work rewarding. (Source: Dark Reading; Farsight Security)
14) Cybersecurity compensation.
A survey conducted in late 2016 found CISOs earn an average salary of $273,000 in the U.S. A separate study had similar findings, with one proving a range between $145,000 and $250,000. A third one saw ranges as high as $346,000 with a median of $224,000. (Source: Bricata, Security Current, Network World, SilverBull)
15) Forecasted shortage of cybersecurity workers.
A 2017 study, across 170 countries and involving nearly 20,000 respondents, estimates a “cybersecurity workforce gap will reach 1.8 million by 2022.” This represents a 20% increase over predictions the same study made two-years earlier. The study also found the “average information security worker in North America is paid $120,000 per year.” (Source: eSecurity Planet, Frost & Sullivan)
16) Enterprises are drowning in cybersecurity alerts.
Several studies have shown large enterprises are overwhelmed by a deluge of security alerts and many go uninvestigated. Large financial institutions are a prime example and “over a third (37%) of banks, it turns out, receive more than 200,000 security alerts a day.” (Source: American Banker, Ovum)
17) Dynamic nature of cybersecurity.
Cybersecurity may be getting more complicated – 72% says security analytics and operations are harder in 2017 than two years earlier. Respondents cited evolving threats, alert fatigue, regulatory constraints, and gaps in tools and processes are contributing factors. (Source: HelpNetSecurity, Enterprise Strategy Group)
18) Preventable risks.
A UK survey of 600 IT decision makers found 58% of former employees retain access to corporate networks after leaving the company. The survey also found 24% of businesses experienced data breaches by former employees. (Source: Infosecurity, OneLogin)
19) The education gap.
A survey of 2,000 working adults in the US and UK found 30% didn’t know what phishing was and an additional 10% couldn’t even guess. Researchers estimate hundreds of millions of phishing schemes are sent by email every day around the world. (Source: eSecurity Planet, Wombat Security Technologies)
20) The insider threat.
Most breaches (58%) can be traced to internal incidents or partners and 55% of cyber-attacks originate with an insider. (Source: CSO Online, Forrester, IBM)
If there is a study or statistic you’d like considered, please let us know on Twitter – @Bricata
If you enjoy this post, you might also like: 3 Use Cases in Network Security for Threat Hunting
Photo: Pixabay (CC0 1.0)