Cybersecurity facts and figures for 2022, statistics and trends

Opinion poll: Cyber threats will not only continue to massively attack organizations after 2022, but they will also increase in strength.

Solutions are open-and-shut: first, we need them to develop your systems’ protections and to have to defend against them in the future. Second, comprehension should become more pervasive.

Phishing, ransomware, GDPR threats – are the most popular security threats monitored by the universe. In 2022, cyber threats will not only continue to harass public and private organizations but will increase their power.

Solutions are being developed to protect and defend against them, but awareness of the full severity of this problem must become more widespread and sped up.

Cybersecurity trends in 2022

These interesting facts about cybersecurity only confirm the power of cybercriminals, whose professional networks continue to grow and become more structured. To protect against this, private and public organizations must be more rigorous and focus on learning best practices.

In 2022, the question is no longer whether it will attack us, but when?

Ransomware

Ransomware will continue to exist despite the vast availability of deterrent resources. Attacks could become more sophisticated, targeting companies of all sizes.

Actual losses can be deplorable. Behind this type of attack is an organized and professional criminal network developer.

Data Leaks

It also expected this sample of attacks to increase, and here again, leaks will be more costly for affected organizations. With this type of attack, it often attacked the human element even before the IT infrastructure.

Indeed, it is much easier to get someone to install spyware without realizing their mistake than to look for technical vulnerabilities. Therefore, phishing campaigns will be quite common in 2022.

Cryptocurrencies

Cybercriminals will target virtual currencies as they continue to grow in popularity and active demand around the world. With the increase in asset holders, cryptocurrency wallet management solutions and transactions, this is like a personal invitation for hackers.

Mobile devices, apps

In 2022, mobile devices are still an easy target even for a green hand. Check Point, which showed that in 2020, 97% of companies face mobile threats using multiple attack vectors highlighted this trend. Not to mention, the remote operation has led to an increase in the attack surface. Every available device offers an entry point.

Thanks to 5G and IoT, targeted applications and services will become (very) profitable. A trend confirmed by McAfee-Fireeye and Gartner. Overall, teleworking presents a major challenge for security companies and requires significant consolidation of existing security systems.

Cloud

While the cloud has many benefits, it is also becoming increasingly standardized. This is a boon for cybercriminals, who can more easily test their attacks against precisely standardized solutions. In addition, vulnerabilities in the cloud make massive attacks possible.

Deepfake

Deepfake technology is one of the top riskiness for 2022. It’s about video or audio recordings made or altered by artificial intelligence that can create false content made of credible. Aimed at manipulating, misinforming and discrediting populations and organizations, Deepfake can lead to the worst fears of international destabilization.

Supply Chain

Attacks on the supply chain are likely to continue. A sector undergoing a powerful digital transformation has become a target for hackers. Rather than confronting large security-equipped companies, they are targeting suppliers who are likely to have sensitive data (accountants, lawyers, etc.).

Social media

Cybercriminals will continue to use them to infiltrate organizations through fake profiles. Misinformation and fake news campaigns will continue to be a source of mass phishing or fraud. We saw this in the example of fake vaccination certificates this year.

10 cybersecurity statistics facts that show the importance of cyber risk to businesses

In December 2021, cybercriminals stole over 35 million euros from a French real estate developer. This is just the latest in numerous cyberattacks around the world that are affecting a growing number of businesses and organizations. This has made it necessary for companies to realize the cyber threat and protect themselves from becoming victims of cybercrime.

Below are facts about cybersecurity and cybersecurity statistics for 2020 and 2021 to better understand the growing importance of defending against cyberattacks in 2022.

Top cybersecurity facts, figures and statistics for 2021-2022

Cybersecurity fact 1 of 10

54% of French companies will be attacked in 2021

Data on cybersecurity in France in 2021 is worrisome. According to the CESIN 2022 Corporate Cybersecurity Barometer, over one in two French companies will suffer at least one cyberattack in 2021.

Cybersecurity fact 2 of 10

+255% of Ransomware attacks

The National Agency for Information Systems Security (ANSSI) found a 255% increase in ransomware attacks on organizations in 2020 compared to 2019.

Ransomware is software designed to “hold hostage” company or individual data that cyber criminals ask to pay a ransom for data recovery.

Cybersecurity fact 3 of 10

$50,000 is the average cost of a cyberattack

When a company is attacked, it can cause:

• Business interruption
• Damage to computer equipment
• Leakage of data needed for operations
• Impact on brand recognition.

It is the sum of these events that can be very costly for the company under attack.

Cybersecurity fact 4 of 10

On average in Europe, losses from cyberattacks account for 27% of turnover

A business interruption after a cyberattack has a significant impact on a company’s annual turnover. In the time to restore a computer system and restore backup data (if any), a company loses an average of 27% of its annual revenue. Also, 60% of SMBs attacked do not recover and file for bankruptcy within 18 months of the attack.

Cybersecurity fact 5 of 10

Only 50% of U.S. companies have a cybersecurity plan

Half of the U.S. companies affected by the cyberattack have refused to file a complaint. The other 50% are prepared for upcoming hacker attacks. This is an important fact to keep in mind because studies and statistics usually only count proven fraud (i.e., frauds that have been explicitly recognized as opposed to errors and abuses, and that have been reported).

This means that the actual number of cyberattacks in the U.S. is potentially even higher.

The COVID pandemic has exacerbated the threat of cyberattacks and the risks to businesses

Cybersecurity fact 6 of 10

47% of remote employees were defrauded by phishing

Nearly half of employees have been duped by phishing attempts while working from home. This figure underscores the need for organizations to run phishing campaigns to make employees aware of fraudulent emails, particularly to reduce the risk of ransomware attacks.

Phishing is a type of fraud in which cybercriminals try to trick an Internet user by posing as a trusted person or service to induce them to click on a fraudulent link, provide sensitive information, or transfer funds. The “hook” usually takes the form of an e-mail, a text message (smishing), or a phone call (vishing).

Cybersecurity fact 7 of 10

More than 30 percent of the attacks used new methods

More cybersecurity statistics. About 35% of the cyberattacks during the Covid-19 pandemic involved previously unknown attack methods. Before the pandemic, this was 20% of attacks. In a concise period, cyberattack methods have developed and strengthened: attackers have found new vulnerabilities to exploit and new methods to trick people behind the screen.

Assessing cyber risk has become increasingly difficult as attack methods have grown faster and more difficult to defend against. This is one reason traditional cyber insurance companies have raised premiums and tighten exclusion criteria in 2022-2023. Meanwhile, small and medium-sized businesses are finding it increasingly difficult to protect themselves from a risk that increasingly affects them.

Cybersecurity fact 8 of 10

82% of employers are concerned about their employees working remotely

In this context, four in five companies said they were concerned about cybersecurity risks associated with remote work, according to a 2021 Thales study. There appears to be an urgent need to implement more cyber defenses and ensure good cyber hygiene in the office and remotely.

Companies and institutions recognize the threat and redouble their cybersecurity efforts

Cybersecurity fact 9 of 10

40% of companies invest in their cybersecurity by 2023

In the European Union, 2 in 5 companies have increased their cybersecurity budgets in 2021.

The amounts companies allocate to protecting their information systems are mostly invested in:

1. Subscriptions to special insurance contracts,
2. Risk audits,
3. Cybersecurity risk awareness operations for employees,
4. Creation of special management structures,
5. Strengthening the teams responsible for protecting information systems,
6. Acquiring new IT solutions and tools.

Cybersecurity fact 10 of 10

55% of companies will strengthen their defenses by 2022

The severity of the number of cyberattacks in both 2020 and 2021 has prompted many business leaders to strengthen protections in the future. For example, more than half of US companies said in 2021 that they intend to invest in IT cybersecurity in 2022-2023. The latest available data shows an increase in cyber threats to US and international organizations.

What will happen in 2022?

All indications are that the upward trend seen over the past few years is likely to intensify. In particular, there are fears that ransomware attacks will intensify in the coming months.

Therefore, it is important for companies not to leave the protection of their sensitive data and information systems to chance.

7 major IT threats in 2022

In 2021, more companies experienced at least one successful cyberattack. Increasingly, many sophisticated cyber threats are proving to be more and more effective at extorting organizations.

Today, more than ever, understanding the evolution of cyberattacks and how to defend against them is critical for businesses.

Here’s an overview of major cyber threats and cybersecurity advances in 2022 with cybersecurity quick facts. Not all cyber threats pose the same risk to businesses.

From the most common to the newest, we’ll look at the top 7 cyber threats.

1. Ransomware is becoming increasingly dangerous

Ransomware continues to grow at an alarming rate, accounting for at least 79% of all reported cyberattacks, according to Sophos. According to the latest ANSSI data, Ransomware attacks increased by 60% in the first six months of 2021, after 255% in 2020.

In 2022, this cyber threat is evolving and becoming more sophisticated. We are seeing an increase in double ransomware: a hacker demands the first ransom for decrypting data and then a second ransom to prevent the resale of data on the dark web.

Some analysts even mention the emergence of a triple extortion mechanism: besides encryption and the threat of data resale, cybercriminals conduct DDoS attacks to increase pressure on the victim. According to a study by the startup Anozr Way, this practice could cause the number of victims to double by 2022.

2. DDoS attacks are on the rise

Like ransomware, distributed denial-of-service (DDoS) attacks aim to block a company’s infrastructure. The cybercriminal sends millions of requests simultaneously to the target. The volume of connections is so large that the target server cannot respond and eventually becomes unavailable.

DDoS attacks as we know them today have been around for over 20 years. However, we are now witnessing a multiplication and complication of this type of threat.

It is important to note that as the attack surface of information systems has become more extensive and diversified; it is now logically easier to create distributed attacks from the many compromised devices available on the Internet.

Some numbers speak for themselves: AWS, Amazon’s cloud division, had to fend off a DDoS attack of a record 2.3 Tbps. Some studies show that spare capacity usage for an attack per company increased by 49% and packet transmission rates increased by 91%.

3. Identity theft: a cybersecurity classic

The art of impersonation is not new to the Internet. But with the global network, this manipulation has taken on a whole extra dimension. First, a company has its data stolen (e.g., through phishing) to recover the identities of employees.

Then a hacker who may be on the other side of the world impersonates an employee to demand an urgent payment. Believing they are dealing with a legitimate request, the person they are addressing obeys.

Undoubtedly, identity theft remains a serious problem in 2022.

4. More and more vulnerabilities

Unpatched computer flaws, immediately exploited by hackers, affect many applications used in the enterprise. These flaws are difficult to counteract because they are not well known. Once they are discovered, security patches published by the vendor must be applied. The year 2021 broke the record for the number of vulnerabilities discovered, and 2022 is expected to break it again.

5. Supply chain attacks are up to 300%

Supply chain attacks are a new type of cyber threat targeting corporate logistics that was previously ignored by cybercriminals. Tensions related to shortages of electronic components and raw materials, exacerbated by the geopolitical context, are putting even more strain on companies that already operate on a just-in-time basis.

Cybercriminals have realized this and are seeking to disrupt the already weakened supply chain to paralyze company production and thus put themselves in a position to demand ransom. Between 2020 and 2021, the number of such attacks increased by 300%. All indications are that this type of attack will continue to grow in 2022.

6. The rise of the IoT: an area of high impact

IoT is a growing sector and its potential is significant, especially in the industrial sector. By 2022, it will connect more than 12 billion objects to the Internet, according to IoT Analytics. However, many of them do not have security built-in, especially in the industrial and healthcare sectors.

Unprotected connected objects are just like gateways to companies’ IS: a find for hackers! According to a Zscaler report, IoT malware attacks increased 700% in volume and reach 2021. This trend is expected to speed up in 2022.

7. Attacks amplified by artificial intelligence

Hackers increasingly use artificial intelligence (AI) to identify targets and automate attacks on an even larger scale. It’s real-time and money is saved for them! AI helps them develop malware and intelligent infection and phishing scenarios, bypass security filters, and manage and expand botnets (zombie machines).

It is estimated that by 2021, bots were involved in over 2.8 million DDoS attacks. As cyber threats grow in number and sophistication and their footprint constantly increases, new technologies are emerging to meet the cybersecurity needs of enterprises: As cyber threats grow, so do defenses!

New Defenses in Cybersecurity

New defenses enhance IS monitoring. The SASE architecture and next-generation SOC represent two important advances in cybersecurity. Offering better protection for terminals, physical networks and remote servers, these solutions adapt to the evolution of the company’s IS.

SASE: centralized cybersecurity management in the cloud

In cybersecurity, the risk factor remains one of the many tough problems in taking countermeasures. While the digital transformation of companies is changing, the IS of companies is increasingly using the services of many cloud providers to store their data and business applications. As a result, the footprint is increasing and the complexity of cybersecurity management is increasing: cyber risk is growing.

Considering this evolution, secure access edge service becomes the top cybersecurity trend of 2022. SASE’s promise is simple: manage your company’s entire cybersecurity from a single cloud platform.

SASE brings together a set of innovative cybersecurity and networking technologies managed from a centralized management interface. These technologies include the following 3 network security tools:

• Next-Gen Secure Web Gateway (NG SWG) is designed to protect web and cloud traffic (web filtering, anti-virus, DLP, firewall);
• CASB (Cloud Access Security Broker) provides security for the company’s SaaS and IaaS applications;
• ZTNA (Zero Trust Network Access) technology handles connections between employees allowed to access certain applications.

In short, SASE is ideal for successfully migrating your company to the cloud or for managing a very heterogeneous fleet of home workers or international nomads, while ensuring data and application security from a single management console. By simplifying your infrastructure organization, you can effectively define security policies for all your users and reduce your exposure to risk.

EDR/XDR and Next Gen SOC: strengthening tools to combat new threats

EDR and XDR: Endpoint Protection and Beyond

As cyberthreats evolve, Endpoint Protection Platform (EPP) solutions – often referred to as “next-generation antivirus” – are showing their shortcomings. Although they block phishing attacks and most malware, hackers can now bypass them.

EDR (Endpoint Protection & Response) offers advanced endpoint protection (PCs, servers, tablets, smartphones). Indeed, in its “detection” component, it constantly monitors and collects data from devices to detect attack attempts and exploitation of vulnerabilities. Then, in its “investigate” part, EDR analyzes the collected data to detect breaches. Finally, EDR sends the information to stop the threat and prevent any attempted infection.

XDR (Extended Detection Response) is a natural evolution of EDR. Besides all enterprise endpoints, XDR extends its monitoring to access points such as the cloud, networks, email, etc. In 2022, this type of global protection will win over more and more companies.

Next-Generation SOC

The SOC (Security Operation Center) has historically been the control tower of a company’s IS. Its role is to detect, alert and provide a detailed report of any security incident. To respond to the incident, it must then pass it on to another team, which can add to the delay in treatment. Allowing for a completely personalized approach to IT security, SOC is quite complex to install and maintain over time and represents a significant cost, even for large entities.

In 2022, SOC will develop to become more flexible and reactive. From then on, the next generation of SOC will be available to more midsize companies (500 workstations and more), starting with the PC base and servers controlled by EDR, and then expanding to other key IS components (XDR, Firewall, Mails, Proxy, IPS). In addition to the monitoring/detection aspect, the new generation SOC also can react in an automated and immediate way to more effectively counter the spread of malware in the information system. A must for companies that want to benefit from optimal cybersecurity in 2022.

SFR Business delivers the highest level of security

To ensure your companies IS secure, SFR Business protects the end-to-end chain of information from a user to the application. This convergence approach allows us to achieve simplicity.

By surrounding ourselves with the biggest global and innovative cybersecurity players – Fortinet, Palo Alto Networks, Check Point, Cisco, Cylance, Trend Micro, Cybereason or Netskope – SFR Business integrates models that deliver the highest level of IT security in your company today.

Cybersecurity statistics by area

Cybersecurity in the Energy Industry

• In Europe, 29% of respondents believe that defense investments are only undertaken after a cyber incident, meaning that these organizations would only react rather than prepare.
• The Colonial Pipeline ransomware cyberattack in the U.S. showed just how disruptive these cyberattacks can be. A leaked password caused a state of emergency in 17 U.S. states and led to massive fuel shortages.
• Protecting customers’ personal data is also crucial for energy companies, as a potential breach can have serious reputational and financial repercussions for the company. Trellix research recently found that 52% of companies using cloud services have had user data stolen in an attack. Organizations need to hold themselves accountable when protecting customer data and ensure that they comply with all required regulations and standards.

Сybersecurity attacks statistics

• It takes a company approximately 6 months to detect a security breach.
• Windows is the operating system most attacked by hackers, Android comes in second.
• 78% of IT security leaders believe their organizations do not have sufficient protection against cyberattacks despite cybersecurity investments made in 2020.

SMB cybersecurity statistics

• More than half of SMBs (53%) suffered a cyberattack in 2017, according to the SMB Cybersecurity Report conducted by Cisco.
• Сyberattack entails a significant financial outlay. Specifically, the average cost ranges between 20,000 and 50,000 euros, according to a study conducted by the National Institute of Cybersecurity.
• SMBs take an average of 212 days to identify an attack and 75 days longer to contain it.
• 60% of SMBs that are victims of severe cyber-attacks disappear within 6 months of the incident.

Cybersecurity education statistics

• Netwrix study also reveals that 27% of educational institutions have experienced a ransomware attack and 49% of them took several days to detect it.
• The majority of educational institutions experienced phishing attacks (60%) and account for compromises (33%) in 2020. Phishing represents the most prevalent incident across all verticals analyzed in the report with an average incidence of 40%.
• Of the institutions that experienced a data breach, one-third faced unanticipated costs to close security gaps.
• The majority of respondents attribute their high level of vulnerability in the cloud to understaffed IT and security teams (53 percent), lack of cloud security expertise (52 percent) and lack of budget (49 percent).

Healthcare cybersecurity statistics

• More than 90 percent of all healthcare organizations have reported at least one cybersecurity breach in the past three years.
• 62.7 percent of companies believe cyberattacks have increased since 2020 due to the COVID-19 pandemic.
• Cyber attackers target the human flaw above all else, and the healthcare sector is no exception. According to a survey by Proofpoint “58% of CISOs consider the human factor to be their biggest cyber vulnerability” The healthcare sector is one of the most exposed sectors and yet its actors, who are the custodians of data, are sometimes the least trained.

Human error cybersecurity statistics

• Human error behind cyberattacks suffered by more than 300,000 SMEs in 2021. 70% more than in all of 2020 and more than twice as many as before the pandemic, with the main vulnerability being related to social engineering (human failures induced by cybercriminals).
• According to the Data Compromise Investigation Report (DBIR) published by Verizon, most attacks seen in 2020 (85%) involved human interaction.
• Phishing attacks go hand in hand with the use of stolen credentials. More than 60% of breaches involved credentials, and 95% of organizations that suffered credential stuffing attacks had between 637 and 3.3 billion malicious login attempts in the past year. The use of stolen credentials has not increased much but already accounts for a large portion of breaches.

Small business cybersecurity statistics

• In 2020, the volume of major cyber attacks against sensitive sectors quadrupled in Europe! 43% of SMEs experienced a cybersecurity incident in 2020.
• The insurer Hiscox believes that while ransomware attacks have received a lot of attention in recent months, especially in the media, they are not the most common type of attack. 3 out of 10 targeted companies, or 36%, have had to deal with a virus infection, while 31% have had their email hacked.
• Nearly 60% of malware attacks are suffered by small and medium-sized businesses. These companies are often more vulnerable than larger companies, which have more resources to protect their information systems and personal data.

Cybersecurity manufacturing statistics

• 145 million new malware were found alone in 2019. As if that were not enough, 38.5 million more were detected between January and April 2020. Over the past 10 years, the trend has increased dramatically. The main thing that keeps us safe is the products that cybersecurity companies walk away with.
• The United States accounted for 11.06 percent of all known ransomware attacks during the first three months of 2019. A Trend Micro report saw Brazil account for 10.64 percent, ranking second. India, Vietnam and Turkey were the top five most affected countries.
• According to Accenture’s State of Cybersecurity Resilience 2021 report, 82 percent of organizations say they have increased their cybersecurity budgets in the past year, with these funds accounting for up to 15 percent of total IT spending.

Retail Cybersecurity statistics

• According to the survey, companies are using a wide range of methods to address the shortage of cybersecurity professionals. Using professional services (34.3%) and automating security functions (31.4%) are the top methods they have chosen to mitigate the impact of the expert shortage. To manage multiple locations with limited IT staff, retailers must operate with a high level of automation, save time with zero-touch deployment, and gain broad network visibility and control from a single dashboard.
• Cyber-attacks on the retail sector are a constant concern: so far in 2018 major US retailers such as Best Buy, Macy’s or Sears have suffered hacks. Unfortunately, these figures have increased by 29% since 2013, because as Big Data grows, the costs associated with successful cyberattacks also increase.
• Consumer data theft reveals a cybersecurity vulnerability among online merchants. According to password manager Dashlane, about 52% of online retailers are not demanding enough about their security policies, while data theft is exploding.

Financial services cybersecurity statistics

• More recently, the financial rating agency Moody’s confirms this trend based on figures from the report by specialist research firm VMware Carbon Black. Between February and April 2020, the number of frauds against financial institutions tripled (+238%) as a result of the development of teleworking imposed by the pandemic. Similarly, attempts to steal personal data have increased ninefold.
• Large banks and other financial services companies have increased their spending on cybersecurity by 15 percent this year. The average spend per employee is $2,691, up from $2,337 in 2019. Some companies have even budgeted as much as $3322 per employee for cybersecurity, an increase of $322 from last year’s high, Financial Planning notes in a recent article.
• According to these figures (which largely concern the United States), banks and insurance companies were the most affected by attacks or breakdowns over the period, accounting for 25.3% of incidents. Finance is thus at the forefront, ahead of “services” (24.4% of incidents) and public administrations (15.6%).

To summarize

From 2021 to 2022, Expert Computer Solutions experts prevented more than 1,000 security incidents at manufacturing, professional services and construction companies in the U.S. Through a strategic approach to analyzing and implementing security solutions tailored to your needs, we mitigate cyberattacks every day. Our company understands the vulnerabilities cybercriminals are looking for and the steps an organization must take to mitigate their impact.

You can trust Expert Computer Solutions as a go-to resource for cybersecurity preparedness based on your reality. We’ll work with your leadership team to implement a customized cybersecurity program that protects your business from ever-changing threats, combined with governance reporting for easy tracking.

Today’s challenges require more attention to cybersecurity, not only for large and international businesses but especially for small and medium-sized businesses. Expert Computer Solutions offers a range of Managed Cybersecurity Services & Solutions for small and medium businesses in Houston.