13 Cybersecurity Stats That Matter For 2020

With more and more massive data breaches smashing records, there’s no doubt cyber attacks on the rise. From Uber to Equifax, it seems like no one’s safe.

The WEF (World Economic Forum) says they’re the number one threat for businesses, whilst the US Home Secretary says they’re a bigger threat than terrorism.

But how bad is it, and what exactly’s going on?

We give you the top stats going into 2020.

1. 94% of malware is still delivered by email

Email attachments are still responsible for the vast majority of malware attacks.. The most common culprit? You guessed it: Office documents, which account for 45%. Another 26% were Windows apps.

Source: Verizon’s 2018 Breach Investigations Report

This is pretty shocking, considering the level of awareness surrounding these now.

Malware does only account for 26% of attacks overall, though, making it the third biggest contributor.

Small businesses are more likely to be targeted by email.

2. Espionage is now the 2nd biggest motive

Reports and concerns over espionage attacks have featured more recently in the news, and people are right to be alarmed.

Although the majority of attacks are unsurprisingly still financially motivated (71%), a staggering 25% now involve espionage, making it the 2nd biggest motive.

Source: Verizon’s 2018 Breach Investigations Report

Both organised crime and state-affiliated breaches have fluctuated a lot since 2010, but there’s an overall decrease in organised crime and increase in state-affiliated attacks.

The vast majority of attacks target the public industry. The financial industry was the second biggest target.

And how do they do it? Well, a whopping 78% of cyber-espionage features phishing. And 87% feature C2 malware and/or accessing backdoors.

3. Attacks on ATMs are way down

Physical attacks on ATMs (“ATM skimming”) reached a peak in the early 2010’s, but have now declined rapidly, perhaps due to more advanced chips and more liability on ATM owners. So you can rest a bit more easy on your next visit.

4. Hacking is by far the biggest threat

Hacking is by far the number one method of attack, at 52%. In contrast the second, social attacks, only account for 33%.

Source: Verizon’s 2018 Breach Investigations Report

And hacking’s on the rise. Half a billion personal records were stolen in 2018, an increase of 126% from the year before.

In fact, one study worked out there’s a hacking attack on average every 39 seconds

5. Routers and cameras are the most infected devices

Routers account for 75% of infected devices, according to Symantec’s 2020 Security Threat Report.

Connected cameras make up another 15%, a massive jump from 2017 where it was just 3.5%.

With the increasing connectivity of all household devices, any device could be a break-in point to a lot of information and control.

Oh and by the way…for all of these devices, 25% were accessed using the password ‘123456’.

6. 65% of attacks are aimed at SMEs

Think hackers mostly target the big guys? Think again.

Small to medium-sized businesses are actually targeted more than major corporations.

They’re perfect targets due to their lack of security in terms of infrastructure, awareness, training, and reduced ability to respond to attacks.

This is a common misconception, mostly due to the fact that only the big data breaches are reported in the news.

7. The average cost of a data breach worldwide is $3.92 million

The country with the highest cost is the US, whilst the industry with the highest cost is healthcare. This is over 60% more than all other industries.

Source: IBM’s 2020 Cost of a Data Breach Report

For example, the WannaCry attack in 2017 cost the UK NHS roughly $118 billion.

Lost business was the biggest factor, on average $1.42 million, and it affected companies for years.

Smaller businesses also had disproportionately higher costs relative to their size, making it much harder for them to recover. 

However, companies with an incident response team saved £1.2 million.

8. Most companies take nearly 6 months to detect a breach

  1. Most companies take nearly 6 months to detect a breach

On average, the retail industry takes 197 days, whilst the finance industry takes 98 days.

What’s worse, on average it takes 279 days to detect and contain a breach.

The majority also depressingly said they don’t see this improving next year.

9. Companies then wait 3 weeks to report a breach

According to the ICO, the vast majority (91%) also avoid including important details, like the date and impact of the breach.

One company waited a criminal 142 days to report their breach.

They also overall took longer than last year.

Big name companies take the record for delayed reporting. For example, Yahoo was hacked in 2013, but didn’t report the full details till 2017, an abysmal 4 years later.

10. 83% of finance companies have 50 attacks a month

These are attacks, not breaches, but at this rate it’s no wonder that so many get through.

44% of retail firms are in the same boat.

The average size of a data breach is 25,575 records.

And fun fact: hackers disproportionately target firms at the weekend, when less staff are around.

11. 7 out of 10 companies aren’t ready for an attack

Only 11% qualified as ‘ready’ in an extensive study by Hiscox.

Predictably, smaller firms are the least prepared, with just 7% qualified as ready and with smaller IT budgets.

The US came in first, with 30% firms qualified as ready, whilst the Netherlands came in last at just 7%.

Shockingly, nearly half of those that suffered an attack made no changes to their IT security afterwards.

And only 33% have cyber-insurance to cover damages. Smaller businesses are the least likely to have insurance, despite being more affected financially.

12. 2020 is set to be the worst year on record

Data breaches are definitely on the increase.

Companies are one third more likely to have a data breach this year, compared with 2014.

Over 1.7 billion records were stolen in January 2020 alone.

And the number of breaches at the midpoint was up 54% compared to 2018.

In fact, by July 3 breaches had already made the top 10 list.

13. The biggest data breach ever was Yahoo

Despite the increase, the biggest data breach ever was still in 2013, when literally all of Yahoo’s email accounts got hacked. This included encrypted passwords, phone numbers, emails, dates or birth and some security answers. 

This totalled 3 billion email accounts, which was roughly 40% of the population. Yahoo will never live that one down. Not that they were on much of a roll anyway.

The next 4 biggest data breaches of all time are as follows:

  • First American – 885 million financial records were stolen in May 2020. This includes social security numbers and tax documents. What’s worse, First American didn’t even realize until a third party pointed it out.
  • Facebook – 540 million user records existed insecurely on unprotected servers until May 2020, when Bloomberg pointed it out.
  • Marriott International – in 2018 their reservation system of 500 million records was hacked. Data included names, addresses, credit card numbers, phone numbers and passport numbers.
  • Friend Finder – 412 million accounts on adult sites were hacked in 2016.

What can you do?

These stats are pretty sobering, and unfortunately, it’s the companies you trust with your data that really need to wake up to the threats.

You can personally protect yourself with simple security measures such as making IOT device passwords secure, using different passwords, setting socials to private, installing a great antivirus and downloading a decent VPN.

And it seems, still be very careful with those email attachments.

Recent Reviews

Learn More About VPNs

Leave a Comment