25 Data Security Statistics Enterprises Should Be Aware Of

What is the cost of a typical data breach? How significant a threat is ransomware? Which industries are most at risk of cyberattacks?

The more you know about data security, the safer you can make your enterprise. With that in mind, here are 25 data security statistics you need to know to improve your organization’s cybersecurity.

Essential Cybersecurity Stats

Improve your data security IQ with these eye-opening cybersecurity stats. How many do you know?

1. Cybercrime Costs

Cybercrime of all types is on the increase, and the costs continue to spiral. By 2021, cybercrime is expected to cost businesses and individuals a whopping $6 trillion a year (Cybersecurity Ventures).

2. Cost of Ransomware Attacks

Ransomware is a specific type of cybercrime where an attacker installs malware on the victim’s system and immobilizes it unless a specified ransom is paid. This can cost targeted companies dearly because their entire systems are put out of order for an extended period of time. In 2019, the costs of these ransomware attacks hit $11.5 billion – and every 14 seconds, a business becomes a victim of a ransomware attack (Cybersecurity Ventures).

3. Cost of a Data Breach

Stolen or deliberately damaged data can dearly cost a targeted enterprise. The average cost of a data breach today is $3.9 million. For companies that have had more than 50,000 records compromised, that cost rises to $6.3 million (IBM/Ponemon Institute).

4. Cost of Stolen Records

When digital data is stolen or lost, the average cost is $141 per record. That’s the global average; the average cost in the U.S. is higher, at $225 per individual (IBM/Ponemon Institute).

5. Cost of a Malware Attack

Malicious software, or malware, is at the root of many cyberattacks, in the form of computer viruses, worms, Trojan horses, spyware, and ransomware. Malware-based attacks can be expensive, with the average cost of a company-wide malware attack estimated at $2.6 million (Accenture).

6. Malware-Free Attacks

So-called malware-free or fileless attacks are the latest way for cyberattackers to breach computer systems and networks. These intrusions are typically accomplished via phishing and other social engineering techniques. Malware-free attacks accounted for 51% of all cyberattacks in 2019. This compares to 40% of all attacks the year before (CrowdStrike).

7. Cybersecurity Spending

Half of organizations with more than 10,000 employees spend at least $1 million per year on cybersecurity. Another 43% spend between $250,000 and $999,999 annually. Only 7% of large enterprises surveyed spent under $250,000 per year (Cisco).

8. Big Game Hunting Ransomware

Enterprise ransomware, known as “big game hunting,” is a growing threat from global cybercriminal groups. The most prominent targets in 2019 were local governments, educational institutions, technology companies, healthcare organizations, manufacturing businesses, banking and financial institutions, and media companies (CrowdStrike).

9. Ransomware in Healthcare

The healthcare industry is one of the most common targets for ransomware attacks, with total industry losses in 2019 estimated at $25 billion (SafeAtLast).

10. Average Ransomware Cost

The average cost of a full-scale ransomware attack is estimated to be $755,991. This includes ransom payments, the costs of restoring lost data, and the costs of lost business for the duration of the attack (Sophos).

11. Ransomware Payments

Most ransoms in ransomware attacks are paid with cryptocurrency. Fully 95% of ransomware payments were processed through the BTC-e cryptocurrency trading platform (SafeAtLast).

12. Data Breaches by Industry

Cybercriminals have their favorite industries and sectors for cyberattacks. The public sector accounted for 16% of all data breaches, whereas healthcare accounted for 15% and the financial industry 10% (Verizon).

13. Cybercrime in Finance

In 2018, the industry that suffered the largest costs of cybercrime was the banking/financial services industry at $18.3 million per company surveyed (Accenture).

14. Small Business Breaches

Cyberattacks aren’t limited to large enterprises. Small businesses account for 43% of all breach victims (Verizon).

15. Cybersecurity Spending

Cybersecurity is a large and necessary expense. Spending on cybersecurity is expected to hit $133.7 billion worldwide by 2022 (Gartner).

16. Frequency of Attacks

How frequent are cyberattacks? According to a University of Maryland study, an attack on an Internet-connected computer or network occurs every 39 seconds, or 2,244 times a day on average (University of Maryland).

17. Social Engineering

Social engineering is a way of gaining unauthorized access by convincing a targeted user to do something he shouldn’t – such as providing login credentials or personal information. Phishing, spear phishing, and other social engineering attacks are on the rise, with 62% of businesses reporting social engineering attacks in 2018 (Cybint Solutions).

18. Spear Phishing

Spear phishing is a form of social engineering where the attacker uses the personal information of the target to obtain private information or security credentials. Almost two-thirds (65%) of cybercriminal groups use spear phishing as the primary means of intrusion or infection (Symantec).

19. Motivation

What motivates cyberattackers? Mostly, it’s money; 71% of data breaches are financially motivated. Another 25% were espionage-related (Verizon).

20. Types of Attack

Not all cyberattacks are the same. Hacking was involved in 52% of data breaches, phishing, or social engineering in 33%, and malware in 25% (Verizon).

21. Breach Time

It takes a company 206 days, on average, to identify a data breach. The typical time between the breach and its containment is 314 days (IBM/Ponemon Institute).

22. Internal Actors

People tend to think of cyberattacks and data breaches being instigated by malicious outside hackers. That isn’t always the case – fully 34% of data breaches involve internal actors, typically disaffected employees (Verizon).

23. DDoS Attacks

A distributed denial of service (DDos) attack overwhelms the targeted server, website, or network with a huge number of near-simultaneous pings, requests, and spam messages. In 2018, 51% of businesses experienced some form of DDoS attack (Cybint Solutions).

24. Email

Email remains a significant source of intrusion, with 92% of all malware delivered via email (CSO Online).

25. Internet of Things

The Internet of Things is an increasing security risk, with 61% of all organizations having experienced an IoT-related cybersecurity incident (CSO Online).

AWS Wickr Is Your Secure Team Collaboration Space

AWS Wickr is the most robust and secure encrypted messaging solution available today. It’s fully encrypted, enterprise-ready, and completely private. Wickr’s end-to-end encrypted platform enables you to control and protect your organization’s most critical communications, including text messaging, voice and video calls, file transfers, and more. Contact us to learn more about how AWS Wickr can work for your organization.