From malware trends to budget shifts, CSO Online has the latest figures that quantify the state of the industry and highlight the analytical way to think about cybersecurity in 2020. Think ahead!
Looking for hard numbers to back up your sense of what’s happening in the cybersecurity world? We dug into studies and surveys of the industry’s landscape to get a sense of the lay of the land—both in terms of what’s happening and how security leaders are reacting to it. If you want data on what systems are most vulnerable, what malware is topping the charts, and how much people are getting paid to deal with it all, read on.
9 key cybersecurity statistics at-a-glance
- 94% of malware is delivered via email
- Phishing attacks account for more than 80% of reported security incidents
- $17,700 is lost every minute due to phishing attacks
- 60 percent of breaches involved vulnerabilities for which a patch was available but not applied
- 63 percent of companies said their data was potentially compromised within the last twelve months due to hardware or silicon-level security breach
- Attacks on IoT devices tripled in the first half of 2019.
- Fileless attacks grew by 256 percent over the first half of 2019
- Data breaches cost enterprises an average of $3.92 million
- 40 percent of IT leaders say cybersecurity jobs are the most difficult to fill
The year in vulnerabilities
Let’s start by getting basic: no matter how many new and exotic vulnerabilities you’ll hear about, in this article and others on cybersecurity, there’s one that towers over all the rest.
In an examination of thousands of security incidents, Verizon found that almost all malware arrived on computers via email: this was true in 94 percent of cases. In not unrelated news, the number one type of social engineering attack, accounting for more than 80 percent of reported incidents, is phishing—the end goal of which is often to convince users to install malware. So if you want to improve your security posture, you know where to start. (And before you think of phishing as some kind of sinister Eastern European or Nigerian scam, know that 40 percent of phishing command and control servers are in the US.)