Cybersecurity Trends and Statistics Impacting Businesses
July 7, 2023
Trends in cybersecurity are easy to monitor because measurement is a critical component of nearly every IT system. It’s also why experts are confident when they say the cost of cybercrime is expected to reach $10.5 trillion by 2025. Cybercriminals are good at what they do.
At the same time, the work-from-home-or-wherever movement, coupled with a rush to relocate everything digital into some corner of the cloud, has dramatically increased cybersecurity exposures for all kinds of companies. The biggest risk? The employee who clicks on a link in what he thought was a note from the CEO. In other words, you can build the highest wall and the deepest moat possible, but the bad guys will sneak right by with a forged email.
7 Cybersecurity Statistics
Globally, the number of cyberattacks increased 38% from 2021 to 2022. As cybercriminals become more adept at getting past security measures, the threats will only increase. A review of key cyberattack statistics underscores the reasons behind the cybersecurity growth rate.
1. Industry Trends for Cybersecurity
Cyberattack examples can be found in all sorts of industries. However, some sectors make especially rich targets for cybercriminals, primarily because of the nature of the data they maintain. For example, healthcare remains the primary target for ransomware attacks, given the complexity of the industry’s healthcare systems and the inability to function without the technology. Education providers are also key targets, as well as financial services providers. A Boston Consulting Group report concluded that financial services businesses are 300 times more likely to be targeted than other businesses.
2. Cyber Payout Trends
Besides the added costs of trying to secure their businesses, companies that have been targets of cybercriminals have also had to pay huge amounts to regain control of their systems as part of the cost of cybercrime. Ransomware payouts continue to increase, with the largest payments by U.S. insurers exceeding $3.5 million.
3. Cyberattack Frequency
While there’s no central repository for cybercrime statistics, experts believe more than 2,300 cybercrimes occur daily, with 817 data breaches since 2021.
4. Data Breach Detection Timeline
Data breaches are among the most serious cybercrimes, and IBM’s Cost of Data Breach Report 2022 found that it takes companies an average of 277 days to detect and contain a data breach. That means cybercriminals have unfettered access to data for months. That’s particularly disturbing when you consider that 9 of 10 healthcare organizations have experienced at least one breach in recent years.
5. Cyber Staffing Trends
Cybercrime is growing faster than the IT industry’s ability to respond. A key reason for that is a shortage of trained cybersecurity staff. The 2022 (ISC)2 Cybersecurity Workforce Study reported shortages of 436,080 IT security workers in the U.S. and 3.4 million worldwide. Competition for trained employees is intense, and organizations are struggling to keep qualified team members.
6. Cyber Insurance Trends
As insurance companies grapple with the latest cybersecurity attacks and the increasing number of claims, cyber insurance premiums continue to increase. Organizations that implement effective controls and processes will be in the best position to effectively negotiate insurance rates. Read Hylant’s current Commercial Insurance Market Update for the latest insurance trends. Read our blog to learn more about cyber insurance and different types of coverages.
7. Cyber Long-Tail Cost Trends
When it comes to statistics on cybercrime, most attention is focused on the costs immediately following a breach. However, breaches continue to create costs for companies long after they’ve been addressed and repaired. Among companies in highly regulated industries, just over half the total costs happened in the first year following the incident. Two years later, companies continued to face expenses because of investigations and litigation. Managers are recognizing that the “long tail” of cybercrimes is getting even longer.
10 Cybersecurity Trends
One of the realities of today’s IT universe is that a new cybersecurity trend seems to pop into the headlines every month. Here are 10 that companies should pay attention to:
1. Remote Work Continuance
The technology for remote work has been around for years, but it took the COVID-19 pandemic to accelerate what might otherwise have been a gradual transition. While the pandemic may have largely passed, nobody expects the entire workforce to return full-time to offices anytime soon. IT directors who found keeping internal networks and equipment safe to be a full-time job are now faced with a wide range of devices in many more locations, most without the firewalls and other access management controls built into internal networks. That creates more points of vulnerability at risk to cyberattack and a need for increased education about risks and prevention.
2. The Rise of Ransomware
While ransomware has existed for some time, cybercriminals have become more experienced and effective in unleashing attacks. Here again, COVID-19 played a role in increasing cyber risks because companies were forced to transform operations into digital spaces quickly.
3. Cloud Security Threats
Companies have raced to embrace the cloud, moving data storage and applications to spaces someone else is responsible for maintaining. Many managers forget that the cloud is just another set of computers vulnerable to cyberattacks. It’s critical for companies using the cloud to become familiar with the strategies those cloud providers are using to protect stored data and ensure all interactions are safe.
4. Social Engineering
Fake websites were blamed for the 350% increase in email phishing attempts at the outset of the COVID-19 pandemic. Phishing is just one version of criminal activity involving criminals misrepresenting themselves to lure trusting individuals into sharing confidential information. Before email became common, criminals used phone calls and letters as their primary tools, but the low costs associated with emails and the tendency of average people to trust the messages they receive have dramatically increased the need for phishing prevention. Beyond traditional phishing attempts through email, cybercriminals have expanded into vishing (voice mail) and smishing (texts).
5. Artificial Intelligence and Machine Learning
Thanks to ChatGPT, machine learning systems and artificial intelligence (AI) are seeing increased use and acceptance. While companies may be able to deploy these tools to improve their security framework, keep in mind that cybercriminals will also tap into the power offered by AI and machine learning to get even better at phishing and other cybercrimes.
6. Internet of Things
The growing number of Internet of Things (IoT) devices (everything from drones, to smart speakers, to toys) has created new targets for cyberattacks. Estimates suggest that as many as 64 billion IoT devices will be used globally within three years. These connected devices are targeted for the data they access or, in some cases, to create remotely controlled “bot armies” that can be used to distribute malware or conduct DDoS attacks. Few IoT devices are equipped with anti-virus software that protects computers and phones. There are also concerns that new automotive technology will be vulnerable to hacking.
7. Data Privacy
Thanks to European Union and California laws, consumers have significantly more control over the data companies have gathered. These laws make privacy a right and penalize companies for failing to comply. That may increase the risks associated with breaches and the costs companies may face when such breaches occur.
8. Mobile Device Risks
As consumers and businesses make greater use of mobile technology, cybercriminals are hard at work finding ways to compromise all sorts of systems. That’s important because mobile devices rarely have as much protection against cyber threats as corporate networks and desktop devices.
9. Healthcare in the Crosshairs
Given the wealth of personal data accumulated by healthcare providers and the widely distributed nature of their IT systems, the healthcare sector is a favorite target of cybercriminals. In addition to the potential for breaches—experts say 90 percent of healthcare providers have experienced at least one breach in recent years—actions such as ransomware attacks can compromise a healthcare facility’s ability to provide care to patients.
10. Automation and Integration
The growth of technology and its integration into more roles and locations is increasing the risks of cyberattacks. The complexity of systems and user interactions demands even more attention to securing operations from the whole gamut of cyber threats.
How to Reduce the Risk of Cyberattacks
The statistics of cybercrime and news of recent cybersecurity attacks may be unsettling, but new cybersecurity technologies are being developed monthly. Still, the key to protecting your organization’s digital presence has more to do with behavior than with innovative technology. Following basic steps like these can enhance your cybersecurity:
Reduce Data Transfers
Are all of your organization’s data transfer activities truly necessary? Sometimes, companies move data around simply because they can, not because they need to. The less often you expose your data to vulnerable situations, the less likely it will be hacked.
Users have always been cautioned to make sure they only download from safe sites. Still, in our increasingly digital world filled with ever-more-creative cybercriminals, it may be difficult for them to determine which sites are truly safe. IT teams can expect to devote more time and resources to educating users about safety.
Improve Password Security
The biggest risk factor for nearly every organization continues to be users. Encouraging more complex passwords and deploying multifactor authentication wherever possible significantly reduces the risks of cyberattacks.
Update Device and Network Software
As technology companies identify vulnerabilities in software and devices, they’re quick to issue patches and updates to eliminate them. Regular updating is a foundation of effective cybersecurity programs.
Implement Endpoint Detection and Response Tools
Data breach monitoring tools can be used to detect and respond to intrusions. The sooner the problem is detected, the sooner the organization can implement its response plan for minimizing damage and losses.
Develop a Breach Response Plan
Your incident response plan outlines the steps you’ll take when you discover a breach. It should include guidelines and procedures, including the criteria for determining the severity and impact of the incident.
As noted earlier, social engineering attacks such as phishing and poor password practices are some of the most significant factors in cybercriminals’ ability to attack companies. Ongoing training is a critical weapon in the battle against cyber threats.
Transparency About Cyber Practices with Customers
Protecting your customers’ trust is vital in maintaining your organization’s hard-earned image. People are well aware of ransomware threats and issues related to data privacy, and they want to be confident that their digital information is being treated with care and respect.
For insurers, cyber is still a relatively new risk. Carriers continue to debate the best way to underwrite it, which is why policy wording and exclusions keep changing and underwriting forms aren’t yet standardized. This can be challenging for insureds.
How Hylant Can Help You
Cyber risk management is complex, and the consequences of a weak plan or poorly written insurance policy can be severe and far-reaching. It pays to work with experts.
Hylant’s dedicated cyber risk and insurance team works with organizations to help their leadership teams, boards of directors, risk managers and IT teams understand their cyber risks from an insurance perspective. We provide risk profiling, exposure quantification, insurance procurement and negotiation, risk readiness and incident response planning services. Working with our clients, we minimize the potential financial and reputational impacts of cyber events on their organizations. Learn more here.
The above information does not constitute advice. Always contact your insurance broker or trusted advisor for insurance-related questions.
Managing Costly Prescription Drugs and Cell and Gene Therapy in 2024
February 20, 2024
Improving Utilization of Employee Assistance Programs
February 15, 2024
Can Public Disclosures of Cybersecurity Incidents Be Delayed?
February 12, 2024