Cybersecurity is a continuously evolving industry. Every year, the way threat actors attack organizations changes. For example, ransomware used to consist solely of file encryption. However, in recent years, cybercriminals have changed their methodology to include encryption, data theft, and data leakage. As organizations migrated to the cloud, they adopted new application models and device types. All of these increase their digital footprint, impacting their risk profiles. To fully understand the constantly evolving threat landscape, companies need visibility into some of the top cybersecurity statistics and trends.  

[Related Reading: The History and Evolution of Cybercrime]

The rapid shift to remote work in 2020 highlighted employees’ desire to remain remote for the longer term. With that in mind, organizations need to focus their IT strategies on improving their cloud-based security strategies.  

The research bears out this hypothesis. For example: 

  •  71% of employees access more company data more frequently from home than before the pandemic (HP Inc’s Blurred Lines & Blindspots) 
  • 23% growth in public cloud end-user spending projected for 2021 (Gartner) 
  • 25% of developers will use serverless by the end of 2021 (Forrester) 
  • 56% of business and technology executives view cloud migration as mission critical (KPMG) 

Data Breach Costs and Business Impact 

Data breach costs continue to increase year-over-year, but the threat actors continuously change their methodologies as companies enhance their security postures. Data breach costs include direct costs such as ransoms, legal costs, and business interruption costs. 

  1. $4.62 million is the average cost of a ransomware breach (IBM) 
  2. $4.24 million is the global average cost of a data breach (IBM) 
  3. 14.2% was the increase costs of data breaches between 2017 and 2021 (IBM) 
  4. $1.07 million was the increased cost in a data breach when remote work was a causal factor (IBM) 
  5. $1.76 million was the additional cost of a data breach for organizations lacking a mature zero trust deployment (IBM) 
  6. 95% of business email compromise (BEC) incidents cost between $250 and $984,855 (Verizon) 
  7. 95% of incident legal guidance costs were between $806 and $53,691 (Verizon) 
  8. $228,000 was the average business interruption costs associated with a ransomware attack (Gallagher) 
  9. 68% of companies purchasing cybersecurity risk insurance wanted cyber-related business interruption coverage (Gallagher) 

[Related Reading: The Top 8 Data Security Best Practices to Protect Against a Successful Breach] 

Data Breach Detection and Containment 

Detecting and containing data breaches is the foundation of mitigating costs. However, this process is often easier said than done. SOC analysts, overwhelmed by alerts, find their jobs stressful.  

  1. 287 days was the average time it took to identify and contain a data breach (IBM) 
  2. 250 data to identify a data breach arising from stolen/compromised credentials (IBM) 
  3. $2.46 million was the total cost gap for organizations with incident response capabilities versus no incident response capabilities (IBM) 
  4. 80% of organizations believe Security Operations Centers (SOCs) are essential to a strong security posture (Ponemon) 
  5. 53% of organizations rate their SOCs are highly effective at detecting incidents (Ponemon) 
  6. 63% of organizations use firewalls or intrusion prevention systems (Ponemon) 
  7. 71% of SOC analysts say information overload makes their jobs stressful (Ponemon) 
  8. 36% of organizations using a Security Orchestration and Response (SOAR) solution use it for incident/breach containment (Ponemon) 
  9. 254 days was the average time to discovery for incidents involving web application exploits (F5 Labs) 
  10. 70% of SOC analysts say that they investigate 10+ security alerts each day (Critical Start) 
  11. 78% of SOC analysts say that they spend an average of 10+ minutes investigating each alert (Critical Start) 
  12. 39% of SOC analysts ignore certain categories of alerts (Critical Start) 
  13. 50.9 days is the amount of time it takes to mitigate a critical risk vulnerability in a web application (Edgescan) 

Sensitive Data and Breaches Exposing Records 

Not all data breaches are related to customer information. The ones that do include personal data are more expensive.  

  1. 22 billion records were exposed from 730 publicly disclosed data breaches in 2020. (CheckPoint) 
  2. 44% of data breaches included customer personally identifiable information (PII) (IBM) 
  3. 28% of data breaches included anonymized customer data (IBM) 
  4. $180 was the average cost per record for compromised customer PII (IBM) 
  5. 80% of exposures arising from accidents, like misconfigurations or employees sending information to the wrong recipient, included PII (Verizon) 

Cloud Security 

Accelerated digital transformation increased the need for more robust cloud security and the costs associated with it. Organizations are spending money on cloud security, often using multiple vendors and tools.  

  1. 20% increase in cloud applications found during 2020 (Netskope) 
  2. 690 distinct applications is the average for organizations with 500-2,000 employees (Netskope) 
  3. 61% of malware is delivered via cloud (Netskope) 
  4. 83% of users store personal instances of cloud apps on managed devices (Netskope) 
  5. 75% of organization said that cloud security tools and solutions fail to keep pace with threats to their cloud systems (Palo Alto) 
  6. 65% of organizations invested more than 10% of their 2019 cloud budget in securing the cloud (Palo Alto) 
  7. 58% of organizations use more than one cloud security vendor (Palo Alto) 
  8. 57% of organization use six or more cloud security tools (Palo Alto) 
  9. 77% of organizations have 20 or more people on their cloud security team (Palo Alto) 
  10. 47% of organizations have a centralized security function and deliver teams also include a designated cloud security expert (Palo Alto) 
  11. 18% of organizations are taking the most security actions and across a high proportion of their workloads (Palo Alto) 

[Related Reading: The Top 5 Cloud Vulnerabilities to Watch Out for in 2021] 

Mobile and Web Application Security 

With increased cloud adoption, mobile and web application security also became more important. Web and mobile application vulnerabilities are on the rise, but many can be mitigated.  

  1. 46% of organizations had at least one employee download a malicious mobile application (Check Point 
  2. 50,000 downloads of eight malicious applications listed on Google Play occurred in 2020 (Check Point) 
  3. 25% of breaches included basic web application attacks (Verizon) 
  4. 56% of the largest incidents in the last five years include a web application security issue (F5 Labs) 
  5. 79% of web application incidents included a hack or intrusion (F5 Labs) 
  6. 40% increase in exposed/insecure Remote Desktop Services (RDP) during 2020 (Edgescan) 
  7. 32% of vulnerabilities in internet facing web applications are rated as High or Critical Risk (Edgescan) 
  8. 51.7% of critical risks issues are SQL injections (Edgescan) 
  9. 27.4% of critical risks access the full stack are PHP vulnerabilities (Edgescan) 
  10. 45% of organization embed security into the DevOps process (Palo Alto) 

Social Engineering Attacks 

Threat actors continue to try their hardest to leverage end-users as an entry point into systems and networks. These strategies remain effective, often because threat actors continue to make them more sophisticated.  

  1. 30% of breaches included social engineering (Verizon) 
  2. 52% of device network attacks included phishing (CheckPoint) 
  3. 36% of phishing campaigns target cloud applications (Netskope) 
  4. 13% of phishing pages in 2020 were hosted in cloud services (Netskope) 
  5. 80% of social engineering attacks included phishing (Verizon) 
  6. 85% of social engineering attacks compromised credentials (Verizon) 
  7. 95% of social engineering attacks were financially motivated (Verizon) 
  8. 57% of organizations said they experienced a successful phishing attack in 2020 (Proofpoint) 
  9. 65% of organizations experienced a business email compromise (BEC) attack in 2020 (Proofpoint) 
  10. 61% of organizations dealt with smishing attacks in 2020 (Proofpoint) 

[Related Reading: Why Humans Are the Weakest Link in Cybersecurity]

Ransomware Statistics 

The big news and threat continues to be ransomware. As companies have moved to the cloud, so have ransomware attacks. All of this means that the number of successful attacks and their associated costs continue to increase year-over-year. 

  1. Since 2016, over 4000 ransomware attacks have occurred daily in the US. ( 
  2. There is a ransomware victim every 10 minutes (Help Net Security) 
  3. $4.62 million was the average cost of a ransomware data breach (IBM) 
  4. 171% increase in ransomware payments year-over-year from 2019-2020 (PaloAlto) 
  5. 113 organizations experienced a data leak from the NetWalker ransomware from January 2020 – January 2021 (PaloAlto) 
  6. Since 2019, ransomware attacks have increased 435% (Forbes) 
  7. 125 ransomware families used a mix of 223 vulnerabilities tied to ransomware threats (RiskSense) 
  8. 18 CVEs tied to ransomware were found across WordPress, Apache Struts, Java, PHP, Drupal, and (RiskSense) 
  9. 40% of CVEs tied to ransomware were associated with five Common Weakness Enumerations (CWEs) (RiskSense) 

Cybersecurity and Privacy Compliance 

Organizations need to consider the compliance costs that come with data breaches. Not only do compliance violations increase the data breach costs themselves, but companies may find themselves adding fines to the long list of payments.  

  1. $2.3 million was the increased data breach costs associated with a high level of compliance failures (IBM) 
  2. $83,000 was the average claim costs associated with legal and regulatory compliance for small and medium-sized enterprises (SMEs) (Net Diligence) 
  3. $1.5 million was the average claims costs associated with legal and regulatory compliance for large companies (Net Diligence) 
  4. $5,000 to $3.5 million was the range of claim costs associated with regulatory defense and fines in 2019 (Net Diligence) 
  5. $1.3 million was the average amount of PCI fines paid by SMEs during the period of 2015-2019 (Net Diligence) 
  6. $250,000 was the average amount of PCI fines paid by large companies during the period of 2015-2019 (Net Diligence) 
  7. $13,554,900 was paid to OCR to settle HIPAA violation cases during 2020 (HIPAA Journal) 
  8. 19 HIPAA violation cases were settled in 2020 (HIPAA Journal) 
  9. $200+ million was the total cost of GDPR fines for 2020 (Security Week) 
  10. 128 fines were levied in Spain during 2020, the most fines across the entire European Union (Security Week) 
  11. $1.5 million penalty levied under the New York Department of Financial Services (NY DFS) Cybersecurity Regulation (NY DFS) 

[Related Reading: Top Cybersecurity Threats to Watch Out For This Year] 

Knowledge Is Power 

Most breaches arise because organizations have increasingly complex IT environments. This leads to visibility and accountability issues across the security team, especially when analysts need to filter out false positive alerts. Enhancing security requires a long-term plan that aligns with an organization’s overarching business goals while also keeping costs in mind. The first step to a more robust cybersecurity posture lies in understanding the current threat landscape and the organization’s risk tolerance. Setting controls, continuous monitoring, and documenting practices help mature and increase the posture of an organization’s cybersecurity and compliance programs.  

Antonio Sanchez
About the Author
Antonio Sanchez
Antonio Sanchez is Fortra’s Principal Evangelist. He has over 20 years of experience in the IT industry focusing on cyber security, information management, and disaster recovery solutions to help organizations of all sizes manage threats and improve their security posture.

Related Post

Ready to protect your company with Alert Logic MDR?