Amer Owaida, Security Writer at ESET takes a look at some statistics that will help you stay up-to-date on recent cybersecurity trends.
As the rollercoaster of a ride that was 2021 comes to a close and we enter a more hopeful new year, we thought it apt to compile a list of impactful cybersecurity statistics that should help you stay at the top of your security and privacy game over the next 12 months. We hope that the list will help you understand that cybersecurity permeates all facets of your digital life and that it shouldn’t be treated as an afterthought.
Without further ado, here is our list of 22 of the most impactful or interesting cybersecurity statistics to know for 2022:
1. 2021 saw the highest average cost of a data breach in 17 years, with the cost rising from US $3.86 million to US $4.24 million on an annual basis. (IBM Cost of a Data Breach Report 2021)
2. The COVID-19-powered shift to remote work had a direct impact on the costs of data breaches. The average cost of a data breach was US $1.07 million higher where remote work was a factor in causing the breach. (IBM Cost of a Data Breach Report 2021)
3. The most common cause of data breaches was pilfered user credentials. As a commonly used attack vector, these were responsible for 20% of breaches, with these breaches causing the average cost of US $4.37 million (IBM Cost of a Data Breach Report 2021)
4. Midway through 2021, IT management software provider Kaseya had its systems compromised by the Sodinokibi ransomware, with the perpetrators asking for a US$70 million ransom – this was the largest ransomware fee demanded yet. (ESET Threat Report T2 2021)
5. 36% of breaches were connected to phishing attacks, an increase of 11% which in part could be attributed to the COVID-19 pandemic. As might have been expected, threat actors have been observed tweaking their phishing campaigns based on what’s making the news at any moment in time. (Verizon 2021 Data Breach Investigations Report)
6. Social engineering attacks are the gravest threat to public administration, accounting for 69% of all public administration breaches analysed by Verizon in 2021. (Verizon 2021 Data Breach Investigations Report)
7. Shortly after Log4Shell, the critical vulnerability in the Log4j logging utility, was disclosed in December 2021, ESET detected and blocked hundreds of thousands of exploitation attempts, with most of them located in the United States and the United Kingdom. (ESET Research)
8. 2021 saw an incredible increase in the detection of Android banking malware. In T1 it rose by an incredible 158.7%, and T2 saw a continued growth of 49%. This should be considered a worrying trend since banking trojans have a direct impact on the financials of their targets. (ESET Threat Report T2 2021)
9. Four years on, WannaCryptor (also known as WannaCry) is still a global threat to be reckoned with. In T2, the infamous trojan that infects machines vulnerable to the EternalBlue exploit topped the top ESET’s ransomware detections charts accounting for 21.3% of detections. (ESET Threat Report T2 2021)
10. Cryptocurrency investment scams remain as popular as ever. Between October 2020 and May 2021, victims were scammed out of more than US $80 million. The actual number is expected to be higher, since many people are ashamed to admit they have been duped. (United States’ Federal Trade Commission)
11. Cryptocurrency has been the preferred payment method for cybercriminals for a while now, especially when it comes to ransomware. As much as US $5.2 billion worth of outgoing Bitcoin transactions may be tied to ransomware payouts involving the top ten most common ransomware variants. (FinCEN Report on Ransomware Trends in Bank Secrecy Act Data)
12. Early in 2021, the infamous Emotet botnet, one of the longest-lived and most pervasive malware threats, was disrupted in a large-scale global law enforcement operation. Some 700 command-and-control servers were taken offline during the bust (Europol)
13. The Cybersecurity Workforce Estimate, which assesses the number of available cybersecurity professionals worldwide, estimated the pool of specialists in 2021 to be some 4.2 million That is an increase of 700,000 compared to the previous year. [2021 (ISC)2 Cybersecurity Workforce Study]
14. The same study also concluded that for the second year running the cybersecurity workforce gap has decreased. While in 2020 the number of additional cybersecurity specialists needed by organisations to defend their assets was 3.12 million, that number shrank to 2.72 million in 2021. [2021 (ISC)2 Cybersecurity Workforce Study]
15. To make up the shortfall of cybersecurity professionals needed to effectively defend the critical assets of organisations, the global cybersecurity workforce would have to grow by a whopping 65%. [2021 (ISC)2 Cybersecurity Workforce Study]
16. A total of 82% of organisations have admitted to increasing their cybersecurity budgets over the past year, with these funds accounting for up to 15% of total IT spending. (Accenture’s State of cybersecurity resilience 2021 report)
17. Recent years have seen threat actors move from just infesting systems with ransomware to double extortion where they also threaten to exfiltrate the data and release it to the public or sell it Threats to leak the pilfered data have seen a sharp increase, going from 8.7% in 2020 to a whopping 81% in the second quarter of 2021. (ENISA Threat Landscape 2021)
18. There has been a significant increase in the overall costs of remedying a ransomware attack. While in 2020 the cost was US $761,106, in 2021 the overall cost of remediating a ransomware attack skyrocketed to US $1.85 million. (ENISA Threat Landscape 2021)
19. The number of distributed denial-of-service (DDoS) attacks has also been on the upward trend, in part due to the COVID-19 pandemic. 2020 saw more than 10 million attacks occur, 1.6 million attacks more than the previous year. (ENISA Threat Landscape 2021)
20. In 2020, the Federal Bureau of Investigation’s (FBI) Internet Crime Center (IC3) received a record-breaking 791,790 cybercrime complaints, with reported losses being responsible for some US $4.2 billion in losses. (FBI’s 2020 Internet Crime Report)
21. Business Email Compromise (BEC) scams remain the costliest cybercrime, with losses surpassing US $1.86 billion in 2020, according to the FBI’s latest available data. In comparison, the second-costliest scam – confidence/romance fraud – registered losses of “only” some US$600 million. (2020 Internet Crime Report)
22. The elderly were disproportionally affected by cybercrime, as some 28% of total fraud losses were sustained by victims aged over 60. This accounts for approximately US $1 billion in losses to elderly victims. (IC3 2020 Elder Fraud Report)
There you have it. Admittedly, these statistics are just the tip of the iceberg when it comes to threats facing both individuals and organisations. Even so, we hope that they give you a sense of the evolution and growing magnitude of the cyberthreats.