The year is coming to a close, and 2022 featured plenty of news, issues, and evolution in the world of cybersecurity. While progress was made in many ways relating to privacy regulations and increased security efforts by businesses, the overall outlook is still an uphill battle. Cybercriminals are a resilient bunch, and so long as business continues to grow within the digital domain (how could it not?), the threats to security will continue to evolve.
There is no way to outright prevent your business from experiencing data theft or other cybersecurity issues. That’s a statement we’ve repeated time and time again, making how you plan for and respond to these issues paramount in perpetuity. Looking back at the numbers and statistics surrounding cybersecurity over the last year provides vital insight into coming trends and a chance for us to stress again how critical cybersecurity is to the ongoing success of businesses of any size.
Overall Costs of Cybercrime Continue to Skyrocket
The primary reason why the onslaught of cyberattacks continues to skyrocket is simple – the amount of money that thieves have the potential to steal is astronomical. Overall global costs of cybercrime have been in the trillions of dollars, rising from $3 trillion in 2015 to over $6 trillion in 2021. Experts predict this will continue to grow on a similar trajectory and top $10 trillion by 2025.
As you might imagine by those numbers, the overall cost of a data breach is at an all-time high. The global average for a data breach for businesses is now $4.35 million. But that number nearly doubles to $9.44 million for businesses in the US. US businesses have seen the highest data breach costs for over a decade, and this dubious honor is likely to continue. The global average is expected to be only a 2.6% rise over 2021, which does mark somewhat of a slowdown in year over year average cost increases.
An interesting breakdown of the total cost statistics reveals that lost business cost is not the top loss category in a data breach. Detection and escalation of threats now cost, on average, just shy of $1.5 million, with lost business costs trailing shortly behind at $1.42 million. This is the first time in six years that lost business costs have decreased from the previous year.
Numbers by Industry
There are clear patterns relating to what industries are targeted most frequently and which incur the most financial loss during a data breach. The healthcare industry has again seen the highest costs here, a trend that has continued for the last few years. The average cost of a data breach in the healthcare industry in 2022 is $10.1 million. Most attacks in this industry occur through phishing attempts or vulnerable third-party software opening the door to security issues.
The financial industry also continues to be a top target for cybercrime, with the average cost of a breach in this sector approaching $6 million in 2022. There were thousands of cyberattacks in the financial industry in 2022, with phishing, malware, and network and app anomalies as key vectors for compromise.
Supply chain attacks have been on the rise recently, with three out of five companies experiencing a software supply chain attack. Spotlighting this issue is a study claiming that 82% of CIOs think that their organizations are susceptible to software supply chain cyberattacks.
Small and Medium-Sized Businesses
Small and medium-sized businesses (SMBs) make comprise a large number of the overall attacks that occur. These businesses might not lose as much money per incident as larger corporations, but they are often more frequent targets because they don’t have the same security measures in place.
One stat that helps spotlight the state of cybersecurity and smaller businesses is that despite over half of all small businesses in the US experiencing some sort of cyber attack in 2022, only 50% of them have cybersecurity plans in place at all. On the upside, 78% of SMBs claim they will increase cybersecurity spending within the next year.
Businesses of all sizes need to have a pre and post-breach plan in place ahead of time to better handle the many hurdles that are associated with an attack. Many owners feel unprepared, with 67% of SMBs saying they are ill-equipped to deal with a data breach with in-house resources. That’s why 89% of them now work with some type of outside data breach response and planning service. And testing these plans before an attack occurs is highly valuable with an average savings of $2.66 million for organizations utilizing an incident response team compared to those who did not.
Email and Cloud Attacks Show Vulnerabilities
Some common themes remain true relating to where most cyberattacks appear. Almost half of all data breaches affecting businesses now occur in the cloud. And ransomware attacks accounted for 41% of all data breaches. Stolen and compromised credentials are the most common cause of data breaches and the most costly attack vector. This method of compromise also took the most time to identify as the source of an attack.
Looking at these common vulnerabilities demonstrates that criminals aren’t necessarily attempting new tactics for cyberattack but rather are getting better at employing the tried-and-true methods. This doesn’t mean that new attack vectors won’t appear, but it does provide a prime example of how businesses can better assess risk and increase security efforts by looking at previous patterns.
Final Thoughts
Statistics like those shown here help to provide an insightful and objective look at cybersecurity issues relating to business. Trends and figures can serve owners and security professionals by highlighting the industries at greatest risk and how much money is at stake during an incident. If you are unfamiliar with these stats or the growing frequency of cybercrime in general, use this post as a guiding point to get your business headed in the right direction for 2023.
LibertyID provides full-service, fully-managed identity fraud restoration to its subscribers. With a 100% success rate in resolving all 31+ forms of identity fraud. LibertyID Business Solutions provides Business fraud remediation, full pre-breach preparation with custom WISP protocols, post-breach regulatory response, customer, and employee identity fraud restoration management, advanced employee training, and third-party vendor management tools.