Security continues to be the highest priority for all companies across different industries. Getting the latest trends and statistics helps organizations to shape their plans, costs, and priorities.
With the new risks appearing each day and attackers constantly developing their techniques, it can be very difficult for organizations to keep up. While threats and risks continue to grow, the great news for security and IT professionals is that they can overcome the challenges they are facing on a daily basis. These challenges can be handled effectively by staying updated on the new threats and also by understanding the trends that are giving rise to them.
Here are 100 Workplace Security Statistics that provide context on how security risks are growing and offer insight into what’s coming next:
1. As per 2017 statistics, every year there are around 130 large-scale target breaches in the United States and each year this number is growing by 27% per year- Accenture
2. Three billion Yahoo accounts were hacked in 2016 and this is said to be one of the biggest breaches of all time – Oath
3. In 2017, the Equinox breach affected 147.9 billion consumers- Equifax
4. According to Uber’s report, hackers stole information of 57 million drivers and riders- Uber
5. A report shared in 2017 revealed that 412 million user accounts were stolen from the website of FriendFinder- LeakedSource
(Check out our article on Efficient Workplace Secuirty Devices)
6. Every year around twenty-four thousand malicious mobile applications are blocked- Symantec
7. About 31% of companies have experienced cyber attacks on operational technology infrastructure- Cisco
8. In 2017, 100,000 groups and more than 400,000 machines were attacked by the WannaCry virus in 150 countries- Malware Tech Blog
9. 4 billion WannaCry virus attacks were blocked in 2017- Symantec
10. In between January 2005 and April 2018, 8854 breaches have been recorded- ID Theft Resource Center
11. In 2017, crypto jacking attacks increased by 8500 percent- Symantec
12. As per a report shared, the average number of records breached by countries was 24,089 in 2017. The country with the highest number of breaches was India with around 33,000 files and the United States had around 28,500- Ponemon Institute’s 2017 Cost of Data Breach Study
13. Under Armor’s report released that My Fitness Pal was hacked in 2018 affecting around 150 million users- Under Armor
14. By 2021 damage related to cybercrime is predicted to hit $6 trillion yearly – Cybersecurity Ventures
15. The average cost of a malware attack on an organization is $2.4 million. Accenture
16. Costs related to ransomware damage reached $5 billion in 2017, 15 times more than the cost in 2015- CSO Online
17. Cybercrime costs increased in 2017 with organizations spending about 23% more than in 2016 — on an average amount of $11.7 million – Accenture
18. The Equifax breach cost the organization a total amount of over $4 billion – Time Magazine
19. Between 2016 and 2017 there was around 22.7% increase in the costs of cyber security- Accenture
20. According to a study, the average cost of each stolen or lost records per individual is around $141. This cost is different in every country. The most expensive breaches are in the United States ($225) and then in Canada ($190)- Ponemon Institute’s 2017 Cost of Data Breach Study
21. Information loss is the most expensive component of a cyber attack which depicts 43% of costs- Accenture
22. In 2017, the average cost of breach for 50,000 compromised records was $6.3 million- Ponemon Institute’s 2017 Cost of Data Breach Study
23. 50 days is an average cost in time of a malware attack – Accenture
24. Including customer acquisition activities, turnover of customers, diminished goodwill, and reputation losses, U.S has the highest cost of lost business ($4.13 million per company) – Ponemon Institute’s 2017 Cost of Data Breach Study
25. In 2017, total malware variants increased by 88%- Symantec
26. In 2017, the average global cost of cybercrime increased by 27%- Accenture
27. 74% of the organizations have about 1,000 stale files- Varonis
28. The most common information that applications leaks are device location (37%) and phone numbers (63%) – Symantec
29. In 2017, the trojan horse virus named Ramnit attacked the financial sector, which accounted for 53% of attacks- Cisco
30. Spear-phishing emails were used the most in 2017 by 71% of the groups that participated in cyber attacks- Symantec
31. Web-based and malware attacks are the two most expensive types of attack. For such attacks, companies spend around an average of $2.4 million in security- Accenture
32. Ransomware attacks are more common in countries with a higher number of population connected to the internet. The United States is ranked the highest among all countries with 18.2% of ransomware attacks- Symantec
33. About 60% of the malicious domains are related to spam campaigns- Cisco
34. The applications with the highest cyber security problems are lifestyle apps, which comprises 27% of malicious applications. Whereas, audio and music apps account for 20%- Symantec
35. The financial services industry has the highest cost of cybercrime, recorded $18.3 million per company- Accenture
36. From 2015 to 2017, amongst all the countries the U.S was the most affected by cyber attacks and out of these attacks 303 were known to be large-scale attacks – Symantec
37. 20% of the malicious domains are new and used for one week after the registration- Cisco
38. In 2017, over 20% of cyber attacks originated from China, 11% from the United States and 6% from the Russian Federation- Symantec
39. Microsoft office formats like Excel, Word, and PowerPoint are the most common malicious file extensions that account for 38% of the total- Cisco
40. The estimated number of passwords used by machines and humans globally will increase up to 300 billion by 2020- Cybersecurity Media
41. 21% of files are not protected at all- Varonis
42. 69% of the companies believe that the threats they are experiencing cannot be blocked by the anti-virus software they use- Ponemon Institute’s 2017 Cost of Data Breach Study
43. 41% of the organizations have more than 1,000 sensitive files including health records left credit card numbers that are unprotected- Varonis
44. 70% of the companies believe that their security risks significantly increased in 2017- Ponemon Institute’s 2017 Cost of Data Breach Study
45. About half of the security risks faced by companies arise from multiple products and security vendors- Cisco
46. In 2017, IoT attacks were up by 600%- Symantec
47. Each year ransomware attacks are increasing by 350%- Cisco
48. 7 out of 10 organizations say that their security risks greatly increased in 2017- Ponemon Institute’s 2017 Cost of Data Breach Study
49. 65% of the organizations have around 500 users who are never reminded to change passwords- Varonis
50. The highest number of attacks by ransomware is faced by the healthcare industry. These attacks will multiply by 2010- CSO Online
51. Mobile Malware variants increases in 2017 by 54% – Symantec
52. In 2017, 61% of the breach victims were organizations with under 1,000 employees- Verizon
53. Nowadays, 1 in 13 web requests give rise to malware which is up by 3% from 2016- Symantec
54. In 2019, the ransomware damage costs will reach to $11.5 billion and businesses will be a victim of ransomware attack every 14 seconds- Cybersecurity Ventures
55. The new malware was increased by 80% on Macs in 2017- Symantec
56. The Middle East and the United States spend the most on post-data breach response. Costs in the Middle East were $1.43 million and $1.56 million in the U.S.- Ponemon Institute’s 2017 Cost of Data Breach Study
57. System vulnerabilities increased by 13% in 2017- Symantec
58. As predicted by cybersecurity Ventures, Worldwide spending on cybersecurity will be over $1 trillion from 2017 to 2021- Cybersecurity Ventures
59. In 2017, there was a 29% increase in vulnerabilities related to the industrial control system- Symantec
60. 95% of the successful cyber attacks are an outcome of phishing scams- Info Security
61. 45% of the employees get no training on cybersecurity from their employees- CompTIA
62. Risks related to security have decreased by 70% when organizations invest in cybersecurity awareness and training- WombatSecurity
63. 52% of the business owners don’t know what to do in the occurrence of a cyber security incident- CyberArk
64. Most of the cyber security training programs lead to a 37-fold ROI (Return On Investment)- CSO
65. 78% of the employees know about the risks of suspicious links in the emails, but they still choose to click on them- FAU
66. 93% of cyber security professionals believe that technology and humans need to work together to detect threats like phishing attacks and respond to them- InfoSecurity
67. As per research conducted by Ponemon, even the least effective training programs can result in a 7-fold ROI- CSO
68. Investment in security training and awareness significantly reduces the impact of cyber attacks on businesses by 72%- WombatSecurity
69. In 2017, the total number of publicly disclosed data breaches were 1,579- Identity Theft Resource Center
70. 1,946,181,599 are the total number of records comprising sensitive and personal data compromised in between January 2017 and March 2018- PrivacyRights
71. In 2017, 75% of the data breaches were caused by external attackers- Verizon
72. In a 2018 survey of 1,200 companies, it was reported that 71% of US enterprises suffer from at least one data breach- 2018 Global Threat Report
73. In 2017, the average cost of a data breach was recorded to be $3.62 million- Ponemon Institute
74. In a survey of 2,800 IT professionals, 77% of the respondents said that their companies do not have a response plan for a cyber security incident- IBM
75. The average time taken by companies to identify a data breach is 191 days- 2017 Cost of Data Breach Study
76. In 2017, the average time needed to fully carry out a data breach was recorded to be 66 days- Ponemon Institute
77. In a survey of 9,500 executives worldwide, 45% of the respondents said their corporate board actively participates in setting up security budgets- PwC
78. 87% of the organizations say that they need up to 50% more budget for cyber security- EY GISS Survey
79. 76% of the enterprises would likely increase the resources allocated for cyber security following a breach that caused damage- EY Global Information Security Survey 2017-18
80. In a survey of 9,500 executives across 75 industries in 122 countries, 29% of the respondents said CISOs bear the responsibility for IoT security- PwC
81. IN 2017, 77% of the attacks on endpoint devices involved the use of exploits and fileless malware- ALERT LOGIC
82. In a survey, 1,300 IT decision makers indicated that targeted phishing attacks are their current biggest cyber security threat- CyberArk
83. In 2017, 26.2% of those who were attacked by ransomware were business users- Kaspersky Lab
84. In 2017, 87% of remote code execution attacks involved crypto-mining malware- Imperva
85. According to Thales report, 97% of the respondents are using sensitive data with digital transformative technologies- THALES
86. In 2019, the global cost of cybercrime is expected to exceed $2 trillion- Juniper Research
87. In 2018, the spending on cyber security in the United States reached 66 billion U.S. Dollars- Statista
88. In 2018, the total number of data breaches in the United States amounted to 1,244 and over 446.5 million records were exposed- Satista
89. Privacy concerns and risk management within digital transformation initiatives will make 40% of the organizations spend more on additional security service through 2020- Gartner
90. In a survey of 1200 organizations, 74% of US respondents said that adherence to compliance requirements is either “very” or “extremely” effective- 2018 Global Threat Report
91. 88% of 300 CIOs, general counsels, CPOs, and other senior staff at Japanese, US, and UK organizations reported spending more than $1 million on GDPR compliance- PwC
92. For the financial year 2019, the proposed budget for federal cyber security in the United States is $15 billion- Whitehouse.gov
93. In 2018, the amount requested by the US Department of Homeland Security for cyber security operations was $971 million- Statista
94. In a survey of 200 Defense Department and civilian IT decision makers, 52% of the respondents feel that mandates and cyber security regulations are hindering risk management- SolarWinds
95. At federal agencies, 54% of IT decision makers view untrained and careless employees as posing the biggest security threat- SolarWinds
96. 100% of the respondents in a survey of 850 organizations with at least 500 mobile devices faced a mobile attack in 2017- Check Point
97. In a survey of 359 cyber security practitioners, 54% of the respondents reported at least one security incident in the past 12 months that involves industrial control system- Kaspersky
98. 55% of the industrial organizations allowed third parties like service providers, suppliers or partners to access their industrial control network- The State of Industrial Cybersecurity 2017
99. In a survey of 9,500 IT professionals, 40% of business leaders are worried about a cyber attack on IoT networks and other emerging technologies that can cause operational disruptions- PwC
100. 61% of the enterprises used some level of IoT technologies and therefore, had to deal with the security incidents in 2017- Trustwave
Conclusion
When it comes to security at a workplace, proactive IT strategy, the right technology, and policies play a crucial role. But, employee awareness and training is the key to prevent common security risks such as phishing attacks from damaging your business.