“History repeats itself, but in such cunning disguise that we never detect the resemblance until the damage is done.” - Sydney J. Harris, American Journalist
Reflecting back on how cybercrime and cybersecurity have developed over time and into what we see today is a step in the right direction for the future of protecting your organization from attackers. Just like technological advancements are on the rise, so is cybercrime. In fact, according to DARKReading, businesses suffered 50% more cyberattack attempts every week of 2021.
Security professionals have paid close attention to the trends over the years and how each one affects the trajectory of cybercrime in the years to come. Cybercriminals are not going to stop now, so it’s important to stay in the know about trends that affect 2022.
How have trends changed in 2021, and what does this mean for 2022?
As we look ahead, it’s important for organizations to be alert and receptive to security. Here are some stats and predictions to keep in mind for the next year:
- Over the next 5 years, global cybercrime costs are predicted to grow by 15 percent per year over the next 5 years reaching $10.5 trillion annually by 2025. (Cybercrime Magazine)
- Businesses in 2021 lost approximately $1,797,945 per minute due to cybercrime. (Tessian)
- By 2024, online payment fraud will cost the e-commerce industry $25 billion in losses annually. (Legaljobs)
- 45.5% of respondents in a recent survey recorded their organization enduring between one and five successful cyber attacks during the past year. (Statista)
- The average cost of a data breach in 2021 was 4.24 million dollars, and this number is predicted to rise in 2022. (IBM)
Small Business Cybersecurity Statistics
- Small businesses account for 43% of cyber attacks. (Small Business Trends)
- On average, the cost of a cyber attack on a small business is more than $25,000. (Readwrite)
- Only 14% of small businesses are prepared to defend themselves against cyber attacks. (Embroker)
- The most common types of attacks on small businesses are phishing/social engineering, compromised/stolen devices, and credential theft. (Forbes)
Industry-Specific Cybersecurity Statistics
- More than 90% of healthcare organizations reported at least one security breach in the last few years. (Becker’s Healthcare)
- 30% of all large data breaches take place at hospitals. (Techjury)
- A record number of patients' protected health information (PHI) was exposed in 2021. (Critical Insight)
- Cyber attacks on the healthcare sector saw a 71% increase last year. (Forbes)
- 62% of about 5.8 million cases of malware reportedly came from the education industry. (Microsoft)
- Cyber incidents in the education/research sector were up by 75% last year. (Forbes)
- The education industry is ranked last in cyber preparedness. (StealthLabs)
- Financial services average 350,000+ exposed sensitive files on average, putting them in one of the most at-risk industries for cyber attacks. (Varonis)
- 51% of the British public reported saying they would switch banks if they were not reimbursed after falling victim to fraud. (Akamai)
- The financial services industry is more effective in detecting and containing cyber attacks than in preventing them. (Bricata)
When it comes to protecting your organization, every business size, type, and industry is at risk of a cyber attack. Ransomware, phishing, and malware remain among the top threats organizations should be on the lookout for.
"Ransomware is not going anywhere in 2022, but we will see attackers evolve their strategies in light of heavy crackdowns and supply chain insecurities." - Kevin Breen, Director of Cyber Threat Research at Immersive Labs.
Ransomware attacks are predicted to keep rising and also increase in effectiveness. Ransomware can cause businesses irreparable financial and data losses, as well as hurt reputation.
- Ransomware attacks on healthcare organizations were predicted to quadruple from 2017 to 2021 and 2022, and they are expected to continue trending up. (Cybercrime Magazine)
- Ransomware cost $20 billion globally in 2021 and is expected to rise to $265 billion by 2031. (Forbes)
- The European Union Agency for Cybersecurity noted a 150% rise in ransomware in 2021, and the agency expects this trend will continue in 2022. (SHRM)
- 37% of all organizations were hit by ransomware in 2021. (Cloudwards)
- A new organization gets hit by ransomware every 14 seconds. (Cloudwards)
- The frequency of ransomware attacks in 2020 doubled in 2021. (Verizon)
Social Engineering & Phishing Statistics
It can be difficult to tell what is legitimate online today. Phishing attacks commonly occur across email, mobile, social media, and phone calls, where attackers aim to compromise sensitive information by falsifying messages that look like they are coming from a reliable source.
- Over 80% of cyber attacks in 2022 are predicted as a result of a phishing scam. (TechTarget)
- 90% of all data breaches are linked to phishing attacks. (Cisco)
- 98% of attacks use social engineering. (Hosting tribunal)
- 96% of all phishing attacks use email, 3% come from malicious websites, and 1% from phones. (Tessian)
- Phishing attacks were 11% more frequent in 2021 than in 2020. (Verizon)
- More than 80% of reported cyber incidents are tied to phishing attacks. (Forbes)
- Phishing is the second most expensive cause of all data breaches. (Tessian)
- LinkedIn phishing messages make up 47% of social media phishing attempts are from faux LinkedIn messages. (Swiss Cyber Institute)
Supply-Chain Attack Statistics
- Supply chain attacks are predicted to peak in 2022. (eSecurity Planet)
- Software is predicted to continue being a primary supply chain target during 2022 and beyond. (Security Week)
- Software supply chains are predicted to be big attack targets in 2022. (Forbes)
The intent of malware is for attackers to infect computer systems and gain access. It disrupts systems and operations, compromising sensitive information, causing crashing and freezing networks, and more.
- 34% of organizations suffered losses due to malware in 2021. (Parachute)
- There has been an 87% increase in malware infections over the last 10 years. (Legaljobs)
- 84% of organizations in the US experienced some form of phishing or ransomware attack in the last year. (SecurityIntelligence)
- Over 350,000 new cases of malware were discovered every day in 2021. (ColorTokens)
- Malware attacks cause an average loss of 50 days in time for businesses. (Privacy Sharks)
Top 5 Cyber Attacks of 2021
1. CNA Financial
CNA Financial is one of the largest customized business insurance agencies in the United States. In March of 2021, the company suffered a $40 million loss due to a ransomware attack. The payout was necessary to continue operations after the website remained closed for weeks after the attack.
2. Colonial Pipeline
In May of 2021, the American oil pipeline system Colonial Pipeline fell victim to a major cyber breach that leaked passwords, data, and other sensitive information. The company was forced to shut down for the first time in 57 years and ended up paying $4.4 million in ransom to the attackers in response to the threats.
3. JBS USA
JBS USA, a leading global food processing company, temporarily closed operations due to a damaging attack on the American subsidiary of the business. Beginning in February 2021, attackers carried out data exfiltration for months, causing a ripple effect on the nation’s meat supply chain. Eventually, the company paid $11 million to attackers due to the threat and impact of closure.
Kaseya, an IT service provider, fell victim to a large-scale ransomware attack in July 2021 where attackers leveraged a vulnerability compromising 800-1500 businesses in their customer base around the world. Attackers were able to install malicious software and then perform ransomware encryption.
Brenntag is a global chemical distribution company in over 77 countries. In May 2021, the company was targeted by attackers compromising 150 GB of valuable data and demanding $4.4 million in ransom payments overall. Medical and other sensitive information was stolen, causing the company to begin taking steps to strengthen and protect their systems.
Securing Your Accounts is Crucial
No company wants to land as another headline about a devastating cyber attack. Finding a security solution to protect your organization against cybercrime is crucial in building and maintaining a strong security posture.
Crowdsourced Software Security Testing Platforms, Traditional Consultancies, and Pentest as a Service vendors are all options within the pentest security market, but each differs in how it sources, vets, and connects pentesters with customers.
If you’re curious to find the vendor best suited to bringing you closer to finding, fixing, and preventing vulnerabilities, check out The Buyer’s Guide to Modern Pentesting.