Each year, cybersecurity companies publish a number of research reports focusing on different aspects of cybersecurity and breach trends. Below is a list of some of the most alarming statistics from several reports published throughout the year.
Bitglass 2021 Where's Your Data Report
- Stolen data has a wider reach and moves more quickly in 2021. Breach data received over 13,200 views in 2021 versus 1,100 views in 2015 — a 1,100% increase.
- The Dark Web has become darker, as the number of anonymous viewers on the Dark Web in 2021 (93%) outnumber those in 2015 (67%).
- Cybercriminals may be more of a “homegrown” threat than many believe, with downloads of the stolen data originating from the U.S. as the second-most frequent location (the top three were Kenya, the U.S., and Romania).
Bitglass 2021 Healthcare Breach Report
- The count of health care breaches reached 599 in 2020, a 55.1% increase since 2019
- Hacking and IT incidents were the top breach causes in health care in 2020, leading to 67.3% of compromises.
Bitglass 2021 BYOD Security Report
- While 22% of organizations confirm that unmanaged devices accessing corporate resources have downloaded malware in the last 12 months, an alarming 49% are unsure or unable to disclose whether the same could be said of them.
Bitglass 2021 Remote Workforce Report
- The biggest remote work security concerns stem from data leaking through endpoints (68%), users connecting with unmanaged devices (59%), and access from outside the perimeter, meaning less anti-malware protection (56%).
Cloudian Ransomware Victims Report
- 65% of victims penetrated by phishing had conducted anti-phishing training.
- Traditional ransomware defenses are failing, with 54% of all victims having anti-phishing training and 49% having perimeter defenses in place at the time of attack.
- Public cloud was the most common point of entry for ransomware, with 31% of survey respondents being attacked this way.
- 56% of survey respondents reported that attackers were able to take control of their data and demand ransom within just 12 hours, and another 30% said it happened within 24 hours.
- More than half of those surveyed said the attacks significantly impacted their financials, operations, employees, customers, and reputation.
- The average ransom payment was $223,000, with 14% paying $500,000 or more.
- Respondents spent an average of $183,000 more for other costs resulting from the attack.
- Cyber insurance covered only about 60% of ransomware payments and other costs, presumably reflecting deductibles and coverage caps.
- Despite paying ransom, only 57% of respondents got all their data back.
- 32% of enterprises experienced unauthorized access to cloud resources, and another 19% were unaware if unauthorized access occurred.
- Manual errors are the leading reason why IAM solutions fail. While 78% of enterprises claimed to be able to enforce IAM policies, 69% reported policy enforcement issues created unauthorized access.
- 53% of companies reported 100 or more individuals have cloud access across numerous internal and external teams — the majority of which have no security specific expertise. For example, 72% say developers have cloud access, 69% say DevOps teams have cloud access, and 41% say consultants have cloud access.
- 60% of enterprises reported that the interval before correcting misconfiguration errors was monthly or longer.
- Only 50% of enterprises indicated that they review access policies and privileges on a monthly basis.
LogRhythm — Security and the C-Suite: Making Security Priorities Business Priorities)
- While 60% of organizations have experienced a cyberattack in the last two years and spend approximately $38 million on security activities, only 7% of security leaders are reporting to the CEO.
- Only 37% of security professionals say their organization values and effectively leverages the expertise of the cybersecurity leader.
- 54% of security professionals are worried about their job security, with 63% citing insufficient budget to invest in the right technologies as a main culprit.
- 53% of security professionals claim senior leadership does not understand their role, and another 51% of professionals believe that they lack executive support.
Zix — State of IT at Modern Workplaces
- 62% of IT leaders say data loss with one of their cloud solutions would have a moderate or major impact on their business because they have either no backup solution or a complex one. This can be avoided by investing in a robust backup, monitoring your environment for threat and having a written and tested recovery plan.
- Maintaining compliance feels scary with a remote workplace. When reporting their biggest challenges in maintaining compliance virtually, IT leaders named “finding a solution that is automated and easy to use (37%)”, and “employees using their own virtual tools with a lack of governance (36%)” as their top compliance concerns.
- 25% of IT leaders that said email encryption and data loss prevention solutions are most important to overall workplace security also reported that they’re not satisfied with the solution they have deployed.
Zix — 2021 Mid-Year Global Threat Report
- Overall email threats are on an upward trend throughout the first half of 2021. We quarantined over 2.9 billion email threats throughout the first half of 2021, which was a 13.5% increase over the trailing six-month period.