These 10 Cybersecurity Statistics Can Help You Understand Your Data Breach Risk
- 36% of organizations surveyed suffered a serious data security incident like cloud data breach in the past 12 months
- 74% of IT managers said that their companies had been successfully phished in the last year
- 80% of companies have faced an increase in the number of phishing attacks they face in 2021
- Insider threat risk rose about 40% in 2020, tripling in the last three years
- 75% of organizations in the United States were hit by a phishing attack that resulted in a data breach in 2020
- Malicious insider actions are responsible for almost 25% of confirmed breaches
- 60% of companies go out of business within six months of experiencing a cyberattack
- 90% of incidents that end in a data breach start with a phishing email
- 42% of organizations have been compromised because of a bad, stolen or cracked password
- 90% of data breaches are caused by human error
Statistics: Primary Causes of Cloud Data Breaches
The IT professionals surveyed in The State of Cloud Security 2021 had plenty of targets in mind as the influences that cause a cloud data breach. Spoiler alert: none of them are cybercriminal hackers.
- 32% say too many APIs and interfaces to govern
- 31% cite lack of adequate controls and database oversight
- 27% point to lack of policy awareness around data security
- 23% blamed old-fashioned negligence
- 21% said they are not checking Infrastructure as Code (IaC) prior to deployment
- 20% admitted that their IT team oversight is at fault
10 Important Facts to Remember from the Verizon/Ponemon Institute Data Breach Investigations Report 2021
1. 85% of breaches involved a human element.
This is important because it illustrates that the top cause of data breaches is still human beings. Specifically, errors made by employees. Diving deeper, the top error that spawns data breaches is misconfiguration. In second place, misdelivery is still riding high on the chart. That includes accidentally sending someone information that they’re not authorized to have or sending the wrong information outside the organization.
2. 3-time champion phishing remained the top threat action that resulted in a breach.
To no one’s surprise, phishing remains the top data breach threat for the third year in a row. It actually increased by 10%, which tracks with the tremendous increase in email volume and record-breaking cybercrime rates that started in March 2020. This category does not include ransomware, which has become such a behemoth that it has its own category these days. This reinforces how crucial phishing defense is for every business.
3. The number of breaches that involved ransomware doubled.
The villain of the year in 2020 was ransomware, and that’s reflected in this report. The number of breaches studied that included ransomware doubled, a confirmation of just how dangerous this phishing-related threat is for every organization. Ransomware is already up by more than 100% in 2021 over record numbers in 2020 and it’s still climbing, making this the top security concern for 2021. Eliminating ransomware threats starts with eliminating phishing incidents.
4. 61% of breaches involved credentials.
Everyone wants to do things the easy way, even cybercriminals. The easy way for them to snatch up data is to obtain credentials through phishing, making strong access control a necessity. But beyond just phishing a credential from an employee, huge quantities of dark web records including 22 million more added in 2020 provide ample resources for password cracking. Taking the power out of stolen or cracked passwords is one of the prime benefits of multifactor authentication (MFA), and every company needs to be using it now.
5. 85% of social engineering actions that lead to a data breach are done via email.
Once again, there’s no surprise here but there is a strong illustration of why phishing resistance training is absolutely vital. Cybercriminals are using many different lures to entice employees into action through social engineering and they can be difficult to unmask. Phishing resistance training that teaches employees to spot and reject social engineering tricks, especially sophisticated social engineering attempts, is critical to keeping cybercriminals away from data.
6. 23% of monitored organizations experienced brute force or credential stuffing attacks.
Remember credential stuffing? It seems like all that the security world has been talking about is ransomware, but credential stuffing is just as dangerous. Almost a quarter of breaches last year were the fruit of credential stuffing- with 95% of them getting hit with between 637 and 3.3 billion credentials in order to force entry. This is an important reason why single sign on (SSO) is a must-have for access control. In case of trouble, SSO enables techs to quickly isolate a compromised user account and prevent further intrusion.
7. Over 80% of breaches were discovered by external parties.
This should be a troubling number for anyone securing data. More breaches are discovered by researchers than internal teams, a strong indication that lax cybersecurity practices can create big problems. Increased security awareness training and building a strong cybersecurity culture is the prescription for increasing vigilance to make sure that breach risks are caught sooner rather than later.
8. Credentials remain the most sought-after data type and personal data is the second most sought-after data type.
Continuing its winning streak, credentials are the most desirable data for cybercriminals to snatch. It’s not a surprise that gaining access to the heart of a business is at the top of the cybercriminal wishlist. Credentials make it easy for them to conduct multiple operations quickly. Personal data remains in second place, valued both for its usefulness in identity theft and spear phishing.
9. The majority of known data breaches involve loss of personal data, quickly followed by medical data.
Bad actors want personal data to power all sorts of cybercrime operations, and they’re working hard to get it. Thanks to the hot market for COVID-19 data in 2020, medical data is in second place. A record number of breaches at hospitals, laboratories, pharmaceutical companies and even medical data processors bears out that conclusion. Anyone who handles data like this needs to be maintaining strong access controls and phishing resistance training to keep cybercriminals out of it.
10. Business Email Compromise (BEC) is the second most common vector for social engineering.
Although the primary reason that cybercriminals choose to conduct sophisticated social engineering attacks in 2020 was phishing for credentials, BEC scams took their turn in the spotlight. These fraud attempts were also buoyed by high email volumes and uncertainty as many inexperienced remote workers created a bumper crop of targets ripe for the picking. Reliance on doing business remotely also made 2020 the perfect year for BEC. Companies will benefit from stepping up security awareness training around BEC to avoid trouble from this constant threat.
These cybersecurity statistics show that every business is in danger of a data breach. Allow Optistar Technology Consultants to help you keep your secure your data. Contact us for more information, or visit here to schedule a free 30 minute phone consultation to learn more!