Cybersecurity – Learnings from 2019, Moving Ahead to 2020
Published on : Monday 13-01-2020
Cybersecurity – Learnings from 2019, Moving Ahead to 2020
Shekhar Ashok Pawar summarises cybersecurity related 50 statistics from 2019 and makes a few observations and recommendations for 2020.
There are increasing cybercrimes across the globe such as ransomware attacks, malware attacks, crypto mining, crypto jacking, identity theft, stealing/leaking/manipulating data or information or intellectual property, violating privacy, human and sex trafficking, and even selling weapons or drugs online. Moving ahead with year 2020, I am summarising 50 important statistics or observations after studying historical data of various Cyber Attacks, Cyber News and reports published by various Cybersecurity domain market leaders
- 1. 1 in 13 web requests lead to malware. (Symantec)
- 2. 1 in 36 mobile devices had high risk apps installed. (Symantec)
- 3. 22% of all folders were available to every employee. (Varonis)
- 4. 34% of data breaches involved internal actors. (Verizon)
- 5. 43% of breach victims were small businesses. (Verizon)
- 6. 48% of malicious email attachments are office files. (Symantec)
- 7. 50% of large enterprises (with over 10,000 employees) are spending $1 million or more annually on security, with 43% spending $250,000 to $999,999, and just 7% spending under $250,000. (Cisco)
- 8. 52% of breaches featured hacking, 28% involved malware and 32-33% included phishing or social engineering, respectively. (Verizon)
- 9. 53% of companies had over 1,000 sensitive files open to every employee. (Varonis)
- 10. 56% of Americans don’t know what steps to take in the event of a data breach. (Varonis)
- 11. 61% of companies think their cybersecurity applicants aren’t qualified. (ISSA)
- 12. 61% of organisations have experienced an IoT security incident. (CSO Online)
- 13. 64% of Americans have never checked to see if they were affected by a data breach. (Varonis)
- 14. 68% of business leaders feel their cybersecurity risks are increasing. (Accenture)
- 15. 69% of companies see compliance mandates driving spending. (CSO Online)
- 16. 71% of breaches were financially motivated and 25% were motivated by espionage. (Verizon)
- 17. 82% of employers report a shortage of cybersecurity skills. (ISSA)
- 18. 83% of enterprise workloads will move to the cloud by the year 2020. (Forbes)
- 19. 88% companies spent more than $1 million on preparing for the GDPR. (CSO Online)
- 20. 90% of remote code execution attacks are associated with crypto mining. (CSO Online)
- 21. 94% of malware was delivered by email. (Verizon)
- 22. 95% of cybersecurity breaches are due to human error. (Cybint Solutions)
- 23. About 20% of malicious domains are very new and used around 1 week after they are registered. (Cisco)
- 24. By 2020, security services are expected to account for 50% of cybersecurity budgets. (Gartner)
- 25. By 2020, the estimated number of passwords used by humans and machines worldwide will grow to 300 billion. (Cybersecurity Media)
- 26. By 2021, it’s projected that there will be 3.5 million unfilled cybersecurity jobs globally. (Cybersecurity Ventures)
- 27. Damage related to cybercrime is projected to hit $6 trillion annually by 2021. (Cybersecurity Ventures)
- 28. Data breaches exposed 4.1 billion records in the first half of 2019. (RiskBased)
- 29. Financial services had 352,771 exposed sensitive files on average while Healthcare, Pharma and Biotech have 113,491 files on average — the highest when comparing industries. (Varonis)
- 30. Healthcare had the highest data breach costs at $429 per record. (IBM)
- 31. In companies with over 50k compromised records, the average cost of a data breach is $6.3 million. (Ponemon Institute’s Cost of Data Breach Study)
- 32. It’s predicted that by 2021, 100% of large companies globally will have a CISO position. (Cybersecurity Ventures)
- 33. More than 77% of organisations do not have a Cybersecurity Incident Response plan (Cybint Solutions)
- 34. On average, every employee had access to 17 million files. (Varonis)
- 35. Only 5% of companies’ folders are properly protected, on average. (Varonis)
- 36. Ransomware damage costs was expected to rise to $11.5 billion in 2019 and a business could fall victim to a ransomware attack every 14 seconds at that time. (Cybersecurity Ventures)
- 37. Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations. The United States ranks highest with 18.2% of all ransomware attacks. (Symantec)
- 38. Share prices fall 7.27% on average after a breach (Cybint Solutions)
- 39. Smaller organisations (1–250 employees) have the highest targeted malicious email rate at 1 in 323. (Symantec)
- 40. Supply chain attacks are up 78% in 2019. (Symantec)
- 41. The average cost in time of a malware attack is 50 days. (Accenture)
- 42. The average cost of a data breach is $3.92 million as of 2019. (Security Intelligence)
- 43. The average cost of a ransomware attack on businesses is $133,000. (SafeAtLast)
- 44. The average cost per record stolen is $150. (IBM)
- 45. The average lifecycle of a breach was 314 days (from the breach to containment). (IBM)
- 46. The average time to identify a breach in 2019 was 206 days. (IBM)
- 47. The estimated losses in 2019 for the healthcare industry are $25 billion. (SafeAtLast)
- 48. The financial services industry takes in the highest cost from cybercrime at an average of $18.3 million per company surveyed. (Accenture)
- 49. The industry with the highest number of attacks by ransomware is the healthcare industry. Attacks will quadruple by 2020. (CSO Online)
- 50. Worldwide spending on cybersecurity is forecast to reach $133.7 billion in 2022. (Gartner)
Key Observations
Few more observations we cannot ignore while listing these statistics of 2019:
1. Ransomware attacks are increasing day by day in almost all domains across worldwide organisations. Also, such attacks are now moving towards cloud environment than computer machines or servers.
2. In September 2019, drones were used to attack the state-owned Saudi Aramco oil processing facilities at Abqaiq and Khurais in eastern Saudi Arabia. It may be noted that the drone has opened another serious security concern in the world.
3. Biometrics authentication is becoming more popular but its data is crucial and very sensitive. Such data needs to be protected with compliance and regulatory laws.
4. Cybersecurity awareness for Employees is an area of ignorance in many organisations.
Important Recommendations
Even if your organisation is in manufacturing or mechanical industry or in any domain, you cannot ignore Cybersecurity. Data and computer-based processing is part of almost every industry now.
Based on all above pointers let me share key high level recommendations for any organisation:
1. Prevention is always better than cure. Top management should have sufficient budget allocated for enhancing Cybersecurity of the organisation. They must adhere organisation level best practices, processes and tools to safeguard organisation’s key assets.
2. Cybersecurity Awareness and Best Practices related education is must for every employee or stakeholder.
3. Periodic Vulnerability Assessment and Penetration Testing (VAPT) followed by Fixation of open issues should be standard practice for any organisation. Security assessment and action to improve Cybersecurity for all key assets is must for any organisation.
Shekhar Ashok Pawar is CEO of GrassDew IT Solutions Pvt Ltd which is primarily focused on Cybersecurity, IT Consulting & Software Solutions Development Services. With more than 15 years of international experience, he is CISA, CEH, CHFI, MCP, Blockchain Developer, Dip Cyber Laws, CMMi Level 5 ATM & ISO 27001 LA. He did Executive Management (SJMSOM, IIT-Bombay), after Engineering in Electronics & Telecommunications, Mumbai. He is lead contributor to GrassDewPanther @ LinkedIn which is focused on sharing global cyber threats and related news.