Posted on Apr 2, 2020
Data breaches can be frightening — you know they’ll have an impact on your business, but it’s hard to know what the impact will be, exactly.
The good news is that plenty of research has been done on data breaches, attack trends, and cybercrime in general. We’ve gathered some of our favorite research here in this blog post for you.
If you’re on this blog, you already know that cybercrime is a problem, but you might now know where it ranks alongside other flavors of criminal activity.
According to The Center for Strategic and International Studies (CSIS) 2018 report on the economic impact of cybercrime, cybercrime is the world’s third-most expensive illegal activity, after government corruption and drug trafficking. But it may touch us all in a way that those two don’t because most of the people on the internet — including people who work for your companies or partners — have been compromised in some way by cyber criminals, CSIS found.
Unsurprisingly, bad actors often head to where the money is, targeting banks and other financial institutions, but other industries are at risk as well. Governments are often breached, as is the healthcare industry — which suffers from the most costly breaches — and, most recently, cloud computing. The attacks on cloud and other SaaS providers are part of a trend that spells trouble for companies that may not have good third party risk management controls in place. Cloud services are, after all, often the most critical vendors any organization works with, and hackers know it.
That’s why good security controls and cyber hygiene — as we’re always writing about in these posts — are so critical. But enough from us. On to the stats!
1. There were 31,107 incidents of reported cybercrime in 2018 in the U.S., in 2018, the last year for which U.S. law enforcement agencies have information. (GAO, 2019)
2. Two thirds of the people online have had their records stolen or compromised by bad actors. (CSIS, 2018)
3. The total number of breaches in 2019 was 1,473, up from 1,257 the year before. 164.6 million records were exposed last year. (IDC, 2019)
4. There was a dip in breaches and exposed records between 2017 and 2018. (SANS, 2019.)
5. Almost $600 billion — nearly one percent of global GDP — is lost to cybercrime each year. (CSIS, 2018)
6. The wealthier a country, the greater its losses to cybercrime is likely to be. (CSIS, 2018)
7. The FBI estimated 780,000 records were lost to hacking daily in 2016. (CSIS, 2018)
8. The Privacy Rights Clearing House estimates there were 4.8 billion records lost as a result of data breaches in 2016, with hacking responsible for about 60% of these. (CSIS, 2018)
9. In 2018, for the first time ever, a DDoS attack topped 1 Tbps in size, and then, a few days later, a 1.7 Tbps attack occurred. (NetScout, 2019)
10. Over the course of 2018, phishing attacks increased by 250%. (SANS, 2019)
11. All types of breaches are costly, but malware is the most expensive at $2.6 million, followed by web-based attacks and denial of service attacks. (Accenture and Ponemon, 2019)
12. The finance industry is most often targeted — in 2018, the banking industry lost $18.37 million to cybercrime. (Accenture and Ponemon, 2019)
13. The financial sector experienced 137 breaches in 2018, and 1.7 million records were exposed. (SANS, 2019)
14. The healthcare industry has the highest average cost of a data breach at $6.45 million per breach. (Ponemon, 2019)
15. While just 11% of cyber attacks were launched against third party data centers and cloud services and cloud centers in 2017, attacks increased to 34% in 2018. (NetScout, 2019)
16. Attacks against SaaS services were up from 13% in 2017 to 41% in 2018 (NetScout, 2019)
17. The average number of records exposed in a breach is 25,575. (Ponemon, 2019)
18. It takes the average company 279 to find and contain a data breach. (Ponemon, 2019)
19. The average cost of a data breach is $3.92 million. (Ponemon, 2019)
20. The average cost per lost record is $150. (Ponemon, 2019)
21. Breaches caused customer turnover of 3.9% in 2019 — and the higher the churn caused by the breach, the higher the overall cost of the breach. (Ponemon, 2019)
22. Breaches affect companies for years. A third of breach-related costs occur more than one year after the breach itself. (Ponemon, 2019)
23. Smaller companies are among the hardest hit by data breaches. While large companies’ cost about $204 per employee, small companies’ breaches average $3,533 per employee. (Ponemon, 2019)
24. If a company is in the middle of a major cloud migration during a breach, the cost per breach rises by an average of $300,000 per breach. (Ponemon, 2019)
25. If a third party is involved in a data breach, the cost of the breach rises by an average of more than $370,000. (Ponemon, 2019)
Bad actors are going after third parties for a reason — they know that’s how to get at their clients’ data and assets. To reduce the amount of administrative time and effort spent managing third party relationships, consider a tool that automates parts of the process.
SecurityScorecard’s Atlas uses advanced artificial intelligence to streamline the third-party risk management process. Using our platform, your organizations can upload vendor responses to questionnaires. Our machine learning compares those answers to previous questionnaires and our platform’s own analytics, verifying vendor responses almost immediately. Our easy-to-read security ratings, based on an A-F scale, enable you to provide your leadership with the necessary documentation to prove governance over your vendor risk management program.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 9 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.