10 Cybersecurity Statistics That Can Help You Prevent a Data Breach

These 10 Cybersecurity Statistics and Insight from The DBIR Gives You an Edge Against Cybercrime

---

Looking for an edge against cybercrime? Today’s cybercriminals are unleashing havoc on businesses around the globe, through complex, socially engineered attacks that have just one goal in mind: stealing your data. They’re getting very good at it too; data breach numbers have been rising steadily. New data breaches are happening daily, and they’re not just profitable for the bad actors who sell that stolen data. They’re also gateways to future attacks by adding to the massive pool of information including billions of passwords on the dark web that fuels operations like ransomware, business email compromise, spear phishing and more hacking. If you’re worried about protecting your company’s credentials and data, these 10 cybersecurity statistics paired with 10 important facts about data breaches pulled from Verizon’s Data Breach Investigations Report 2021 can give you an edge in planning an effective strategy to keep your data safely inside your business and away from cybercriminals.

---

---

Cybersecurity Statistics to Help You Prevent a Data Breach

---

These 10 Cybersecurity Statistics Can Help You Understand Your Data Breach Risk

---

• 36% of organizations suffered a data security incident like cloud data breach in the past 12 months
• 74% of IT managers said that their companies had been successfully phished in the last year
• 80% of companies have faced an increase in the number of phishing attacks they face in 2021
• Insider threat risk rose about 40% in 2020, tripling in the last three years
•  75% of organizations in the United States were hit by a phishing attack that resulted in a data breach in 2020
• Malicious insider actions are responsible for almost 25% of confirmed breaches
•  60% of companies go out of business within six months of experiencing a cyberattack
•  90% of incidents that end in a data breach start with a phishing email
•  42% of organizations have been compromised because of a bad, stolen or cracked password
• The US is the leader in phishing-related data breaches in 2021, with rates 30% higher than the global average, and 14% higher than the same period in 2020. 

---

Cybersecurity Statistics About the Primary Causes of Cloud Data Breaches 

---

The IT professionals surveyed in The State of Cloud Security 2021 had plenty of targets in mind as the influences that cause a cloud data breach. Spoiler alert: none of them are cybercriminal hackers.

• 32% say too many APIs and interfaces to govern  
• 31% cite lack of adequate controls and database oversight 
• 27% point to lack of policy awareness around data security
• 23% blamed old-fashioned negligence   
• 21% said they are not checking Infrastructure as Code (IaC) prior to deployment 
• 20% admitted that their IT team oversight is at fault 

---

---

Cybersecurity Statistics Show: A Data Breach is Punishingly Expensive

---

It’s not just the initial hit in a cyberattack that’s driving companies into the red. In an expert breakdown of the cost of a data breach, it’s easy to see how the impact of a data breach can linger for years, impacting a company’s brand reputation and its bottom line. Around 61% of the cost of a data breach is paid in the first year after impact, an estimated 24% comes due in the next 12 to 24 months, and the bills for the final 15% can arrive more than two years later. Altogether, IBM reports that data breach costs rose from $3.86 million to $ 4.24 million, the highest average total cost in the 17-year history of their reporting.

In a study, done by economists and technology experts at Yeshiva University in New York City and Hong Kong Polytechnic University, it’s easy to see how a data breach can damage a company’s financial future too. Companies that suffer a data breach face a 22% higher loan spread and a 40-basis-point increase in borrowing costs on average. The negative lending cost impact of a breach is worse for companies in “vulnerable industries”, including healthcare, business services and transportation. Breached firms can look forward to paying 40 basis points, or about 0.4 percentage points, substantially higher interest rates than the average of 28 points for nom-breached companies. Only financial restatement carried a higher penalty at 65 basis points. Breached companies also tend to face a roughly 25% increase in loan covenants.

---

Cybersecurity Statistics Show: No Company is Safe from Greedy Malicious Insiders

---

The dark web economy is booming, and cash-strapped staffers may be tempted to make easy money by selling their credentials or your data on the dark web. The cybercrime-as-a-service trend on the dark web provides ample opportunity for profit. The DBIR breaks down the reasoning behind incidents that resulted from the actions of malicious employees, and top motivation never changes – it’s overwhelmingly money. An estimated 70% of malicious insider breaches were financially motivated, chiefly through employees selling credentials or access to systems and data on the dark web. In economically challenging times like these, that fact needs to be top of mind for anyone who is working on defensive strategies to combat insider threat risks. Another 25% of the malicious insider incidents surveyed were motivated by espionage, like selling formulas, sensitive data or company secrets. The final cause of malicious insider incidents, around 4% were caused by angry employees who just wanted to damage the company.

---

---

Cybersecurity Statistics Show: Data is Currency on the Dark Web

---

Data is the fuel of cybercrime, enabling hackers and cybercriminals to conduct cybercrime operations like phishing, ransomware, business email compromise, brute force hacking and other devastating gambits against businesses. Buyers are hungry for databases, creating opportunities for enterprising hackers. Those enterprising hackers are having a field day snatching up data from companies that haven’t addressed vulnerabilities. Sometimes, hackers don’t even wait for a buyer, they’ll sell pre-hacked, freshly unlocked databases that can be priced as high as $20,000, or up to $50 per 1,000 entry. Typically, those entries include some personally identifying information (PII) in each entry like username, email address, full name, phone number, home address, date of birth and occasionally social security and identification numbers. Boutique hacking, sometimes involving assistance from malicious insiders, like accessing a custom database is available at a premium price: between $100 and $20,000, or between $5 and $50 per 1,000 entries – definitely not chump change. Storing your data in the cloud does not reduce your organization’s chance o a data breach either 36% of organizations suffered a cloud data breach in the past 12 months.  

---

Cybersecurity Statistics Show: Bad, Recycled or Compromised Passwords Are a Data Breach Risk

---

Reused, recycled and weak passwords are a fast path to a data breach. About 60% of the data that was already on the dark web at the start of 2020 could harm businesses. Then that generous pool of passwords for sale in dark web markets was augmented by an estimated 22 billion new records that landed in dark web data markets and dumps in 2020. In 2021, record-breaking data dumps like the massive RockYou2021 leak added an estimated 8.4 billion passwords to the mix. Add in gigantic new breaches including the 2021 LinkedIn breach that exposed records including passwords for 92% of LinkedIn’s estimated total of 756M users to danger on the dark web, and it’s easy to see how even one recycled password can spell disaster. Big companies are at just as much risk as small ones too.  Over 281 million records of personally identifiable information (PII) for employees of Fortune 1000 companies were available, making it easy for bad actors to conduct impersonation and fraud operations as well as answer the “secret questions” that are so popular in many applications. Researchers also noted a pattern — a 60% password reuse rate among email addresses in surveyed databases exposed in more than one breach in 2020.

---

---

10 Important Facts to Remember from the Verizon/Ponemon Institute Data Breach Investigations Report 2021

---

The annual Data Breach Investigations Report (DBIR) produced by Verizon and the Ponemon institute provides an unbeatable in-depth look at the breach landscape. These data points from the 2021 DBIR can provide essential insight into the threats that businesses are really facing and the threats that are just around the corner. Want to read it yourself? Download the Verizon/Ponemon Institute Data Breach Investigations Report 2021.

---

1. 85% of breaches involved a human element.

This is important because it illustrates that the top cause of data breaches is still human beings. Specifically, errors made by employees. Diving deeper, the top error that spawns data breaches is misconfiguration. In second place, misdelivery is still riding high on the chart. That includes accidentally sending someone information that they’re not authorized to have or sending the wrong information outside the organization.

2. 3-time champion phishing remained the top threat action that resulted in a breach.

To no one’s surprise, phishing remains the top data breach threat for the third year in a row. It actually increased by 10%, which tracks with the tremendous increase in email volume and record-breaking cybercrime rates that started in March 2020. This category does not include ransomware, which has become such a behemoth that it has its own category these days. This reinforces how crucial phishing defense is for every business.

3. The number of breaches that involved ransomware doubled.

The villain of the year in 2020 was ransomware, and that’s reflected in this report. The number of breaches studied that included ransomware doubled, a confirmation of just how dangerous this phishing-related threat is for every organization. Ransomware is already up by more than 100% in 2021 over record numbers in 2020 and it’s still climbing, making this the top security concern for 2021. Eliminating ransomware threats starts with eliminating phishing incidents.

4. 61% of breaches involved credentials.

Everyone wants to do things the easy way, even cybercriminals. The easy way for them to snatch up data is to obtain credentials through phishing, making strong access control a necessity. But beyond just phishing a credential from an employee, huge quantities of dark web records including 22 billion more added in 2020 provide ample resources for password cracking. Taking the power out of stolen or cracked passwords is one of the prime benefits of multifactor authentication (MFA), and every company needs to be using it now.

5. 85% of social engineering actions that lead to a data breach are done via email.

Once again, there’s no surprise here but there is a strong illustration of why phishing resistance training is absolutely vital. Cybercriminals are using many different lures to entice employees into action through social engineering and they can be difficult to unmask. Phishing resistance training that teaches employees to spot and reject social engineering tricks, especially sophisticated social engineering attempts, is critical to keeping cybercriminals away from data.

---

---

6. 23% of monitored organizations experienced brute force or credential stuffing attacks.

Remember credential stuffing? It seems like all that the security world has been talking about is ransomware, but credential stuffing is just as dangerous. Almost a quarter of breaches last year were the fruit of credential stuffing- with 95% of them getting hit with between 637 and 3.3 billion credentials in order to force entry. This is an important reason why single sign-on (SSO) is a must-have for access control. In case of trouble, SSO enables techs to quickly isolate a compromised user account and prevent further intrusion.

7. Over 80% of breaches were discovered by external parties.

This should be a troubling number for anyone securing data. More breaches are discovered by researchers than internal teams, a strong indication that lax cybersecurity practices can create big problems. Increased security awareness training and building a strong cybersecurity culture is the prescription for increasing vigilance to make sure that breach risks are caught sooner rather than later.

8. Credentials remain the most sought-after data type and personal data is the second most sought-after data type.

Continuing its winning streak, credentials are the most desirable data for cybercriminals to snatch. It’s not a surprise that gaining access to the heart of a business is at the top of the cybercriminal wishlist. Credentials make it easy for them to conduct multiple operations quickly. Personal data remains in second place, valued both for its usefulness in identity theft and spear phishing.

9. The majority of known data breaches involve the loss of personal data, quickly followed by medical data.

Bad actors want personal data to power all sorts of cybercrime operations, and they’re working hard to get it. Thanks to the hot market for COVID-19 data in 2020, medical data is in second place. A record number of breaches at hospitals, laboratories, pharmaceutical companies and even medical data processers bears out that conclusion. Anyone who handles data like this needs to be maintaining strong access controls and phishing resistance training to keep cybercriminals out of it.

10. Business Email Compromise (BEC) is the second most common vector for social engineering.

Although the primary reason that cybercriminals choose to conduct sophisticated social engineering attacks in 2020 was phishing for credentials, BEC scams took their turn in the spotlight. These fraud attempts were also buoyed by high email volumes and uncertainty as many inexperienced remote workers created a bumper crop of targets ripe for the picking. Reliance on doing business remotely also made 2020 the perfect year for BEC. Companies will benefit from stepping up security awareness training around BEC to avoid trouble from this constant threat.

---

---

These cybersecurity statistics show that every business is in danger of a data breach. let us help you keep your data safe with the innovative solutions in the ID Agent digital risk protection platform

---

• Dark Web ID – Don’t let cybercriminals sneak into your network to snatch your data with a compromised credential. Gain powerful protection from the hazards of dark web credential exposure with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses that gets to work immediately and alerts you to trouble fast, before the bad guys have a chance to strike,
• Passly – Secure identity and access management with multifactor authentication is a must-have to take the power out of a filched password. Multifactor authentication alone adds an extra layer of protection between hackers and your valuable data, stopping 99% of password-based cybercrime.  Passly seamlessly integrates with over 1,000 common business applications for no-fuss configuration. Get quick and easy access to SSO applications and passwords with the ability to automatically fill in the blanks for web logins and automated password resets to make everyone’s life a little bit better.
• BullPhish ID – Protecting a business from cybercrime starts with protecting it from phishing. An estimated 65% of cybercriminals use phishing as their primary method of attack. The new BullPhish ID helps businesses increase their phishing resistance. By enabling trainers to either choose a premade phishing simulation kit in 8 languages or create their own materials that capture an industry’s unique threats, you can be certain that staffers are being trained to recognize and deal with the phishing threats that they face every day. But they’ll learn about much more than just phishing including compliance, password safety, security hygiene and more, giving every employee a solid grounding in cybersecurity pitfalls and best practices.

---

---

---

---