Each year, cybersecurity companies publish a number of research reports focusing on different aspects of cybersecurity and breach trends. Below is a list of some of the most alarming statistics from several reports published throughout the year.

Bitglass 2021 Where's Your Data Report

  • Stolen data has a wider reach and moves more quickly in 2021. Breach data received over 13,200 views in 2021 versus 1,100 views in 2015 — a 1,100% increase. 
  • The Dark Web has become darker, as the number of anonymous viewers on the Dark Web in 2021 (93%) outnumber those in 2015 (67%). 
  • Cybercriminals may be more of a “homegrown” threat than many believe, with downloads of the stolen data originating from the U.S. as the second-most frequent location (the top three were Kenya, the U.S., and Romania).  

Bitglass 2021 Healthcare Breach Report

  • The count of health care breaches reached 599 in 2020, a 55.1% increase since 2019  
  • Hacking and IT incidents were the top breach causes in health care in 2020, leading to 67.3% of compromises. 

Bitglass 2021 BYOD Security Report

  • While 22% of organizations confirm that unmanaged devices accessing corporate resources have downloaded malware in the last 12 months, an alarming 49% are unsure or unable to disclose whether the same could be said of them. 

Bitglass 2021 Remote Workforce Report

  • The biggest remote work security concerns stem from data leaking through endpoints (68%), users connecting with unmanaged devices (59%), and access from outside the perimeter, meaning less anti-malware protection (56%). 

 Cloudian Ransomware Victims Report

  • 65% of victims penetrated by phishing had conducted anti-phishing training. 
  • Traditional ransomware defenses are failing, with 54% of all victims having anti-phishing training and 49% having perimeter defenses in place at the time of attack.
  • Public cloud was the most common point of entry for ransomware, with 31% of survey respondents being attacked this way. 
  • 56% of survey respondents reported that attackers were able to take control of their data and demand ransom within just 12 hours, and another 30% said it happened within 24 hours. 
  • More than half of those surveyed said the attacks significantly impacted their financials, operations, employees, customers, and reputation. 
  • The average ransom payment was $223,000, with 14% paying $500,000 or more.
  • Respondents spent an average of $183,000 more for other costs resulting from the attack.
  • Cyber insurance covered only about 60% of ransomware payments and other costs, presumably reflecting deductibles and coverage caps. 
  • Despite paying ransom, only 57% of respondents got all their data back. 

CloudSphere: In the Dark: Why Enterprise Blind Spots are Leaving Sensitive Enterprise Data Vulnerable to Breaches 

  • 32% of enterprises experienced unauthorized access to cloud resources, and another 19% were unaware if unauthorized access occurred. 
  • Manual errors are the leading reason why IAM solutions fail. While 78% of enterprises claimed to be able to enforce IAM policies, 69% reported policy enforcement issues created unauthorized access. 
  • 53% of companies reported 100 or more individuals have cloud access across numerous internal and external teams — the majority of which have no security specific expertise. For example, 72% say developers have cloud access, 69% say DevOps teams have cloud access, and 41% say consultants have cloud access. 
  • 60% of enterprises reported that the interval before correcting misconfiguration errors was monthly or longer. 
  • Only 50% of enterprises indicated that they review access policies and privileges on a monthly basis.

LogRhythm — Security and the C-Suite: Making Security Priorities Business Priorities

  • While 60% of organizations have experienced a cyberattack in the last two years and spend approximately $38 million on security activities, only 7% of security leaders are reporting to the CEO. 
  • Only 37% of security professionals say their organization values and effectively leverages the expertise of the cybersecurity leader.
  • 54% of security professionals are worried about their job security, with 63% citing insufficient budget to invest in the right technologies as a main culprit. 
  • 53% of security professionals claim senior leadership does not understand their role, and another 51% of professionals believe that they lack executive support. 

Zix — State of IT at Modern Workplaces

  • 62% of IT leaders say data loss with one of their cloud solutions would have a moderate or major impact on their business because they have either no backup solution or a complex one. This can be avoided by investing in a robust backup, monitoring your environment for threat and having a written and tested recovery plan. 
  • Maintaining compliance feels scary with a remote workplace. When reporting their biggest challenges in maintaining compliance virtually, IT leaders named “finding a solution that is automated and easy to use (37%)”, and “employees using their own virtual tools with a lack of governance (36%)” as their top compliance concerns. 
  • 25% of IT leaders that said email encryption and data loss prevention solutions are most important to overall workplace security also reported that they’re not satisfied with the solution they have deployed.

Zix — 2021 Mid-Year Global Threat Report

  • Overall email threats are on an upward trend throughout the first half of 2021. We quarantined over 2.9 billion email threats throughout the first half of 2021, which was a 13.5% increase over the trailing six-month period.