General Cybersecurity Statistics
- MFA blocks 99.9% of account compromise attacks – Microsoft
- The mean time to identify a breach (MTTI) is 207 days – Ponemon2020
- The mean time to contain a breach (MTTC) is 280 days. – Ponemon2020
- 80% of end-point attacks were zero-day (0day) attacks – with the frequency of zero-day attacks expected to increase to 42% next year.” – Ponemon 2020
Why I DON’T use the “60% of SMBs go out of business within 6 months of a cyber attack”
Ransomware
- Median Ransom Payment $110,532, Q3 2020 – Q3 2020, Coveware
- Most victims of a ransomware attack (70%+) have less than 1,000 employees. – Q3 2020, Coveware
- 50% of ransomware cases included the threat to release exfiltrated data along with encrypted data – Q3 2020, Coveware
Data Breach Cost Stats
- Average total cost of a data breach, $3.86M – Ponemon2020
- Average cost of a data breach for Healthcare Industry in 2020 was $7.13M – Ponemon 2020
- Average cost of data breach with less than 500 employees, $2.35M – Ponemon 2020
- Average cost of a data breach to an organization with 500-1000 employees, $2.53M – Ponemon 2020
- Average cost of a data breach to an organization with 1000+ employees, $3.78M – Ponemon 2020
- Average cost of data breach notification in the US is $740,000 – Ponemon 2020
- Cost Per Record (PII) in breaches caused by malicious attack $175 – Ponemon2020
Cost Factors
- Customer/Patient churn or turnover more than 3% increases recovery costs significantly. – Ponemon2019
- Average cost savings for companies with an IR team that had a tested IR plan, $2M – Ponemon2020
- Top 4 factors that DECREASE cost: – Ponemon2019
- Forming an IR team,
- Extensive use of encryption,
- Extensive testing of IR plan,
- Business Continuity Management – Ponemon2019
Email & Phishing
- Phishing & pre-texting represent 90% of social incidents and 93% of breaches – DBIR 2018
- Average user receives 16 malicious emails per month – ISTR 2018
- 92.4% of Malware is delivered via email
- 48% of Malicious Email Attachments are Office Files (up 5%) – ISTR 2019
- 77% percent of phishing attacks impersonated financial institutions, and were much more likely to use HTTPS than other types of targets. In fact, for some of the targeted financial institutions, over 80% of the phishing pages used HTTPS. – Webroot2019
- “One of the biggest changes has been a shift away from using malicious attachments to a preference for utilizing malicious URLs, instead. In 2017, for example, Proofpoint reported 3 out of 4 malspam emails delivered malware via attachments. Fast-forward to Q1 2018 and the firm’s data showed that emails with malicious links outnumbered emails with malicious attachments 4 to 1”
- In 2017, spear-phishing emails were the most widely used infection vector, employed by 71 percent of those groups that staged cyber attacks