Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
News Releases

2017 Trustwave Global Report Reveals Cybersecurity Trends

Fight Against Cybercrime Shows Both Improvements and Downsides

CHICAGO - June 20, 2017 - Trustwave today released the 2017 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2016. The report demonstrates both good and bad news in the world of cybersecurity as intrusion detection and breach containment times were relatively better, but other threats like malvertisements became cheaper and malicious spam saw increases.

Key highlights from the 2017 Trustwave Global Security Report include:

  • Intrusion detection gets better, especially when breaches are self-detected: The median number of days from an intrusion to detection of a compromise decreased to 49 days in 2016 from 80.5 days in 2015, with values ranging from zero days to almost 2,000 days (more than five years). For internally detected incidents the median was 16 days, while 65 was the median number of days for externally detected incidents.
  • Once detected, victims contain breaches relatively quickly: The median number of days from detection to containment was 2.5 in 2016 with values ranging from −360 days, meaning the intrusion ended 360 days before detection, to 289 days. In cases where containment occurred after detection, the median duration was 13 days from detection to containment.
  • Intrusion containment remains stagnant: The median number of days from an intrusion to containment of a compromise stayed relatively the same at 62 days in 2016 compared to 63 days in 2015.
  • North America and retail lead in data breaches: Similar to previous years, 49% of data breaches investigated by Trustwave were in North America, while 21% were in Asia-Pacific, 20% in Europe, Middle East and Africa, and 10% in Latin America. The largest single share of incidents involved the retail industry, at 22%, followed closely by the food and beverage industry, at nearly 20%.
  • POS breaches increase: Environments most breached in 2016 again consisted of corporate and internal networks, at 43%. Incidents affecting POS systems increased to 31% in 2016, from 22% in 2015, while incidents affecting e-commerce environments fell to 26% from 38%. Incidents involving POS environments were most common in North America, which has been slower than much of the world to adopt the EMV payment card standard.
  • Payment card data most at risk: More than half of the incidents investigated targeted payment card data: Card track (also called magnetic stripe) data, at 33% of incidents, primarily came from POS environments. Card-not-present (CNP) data, at 30%, mostly came from e-commerce transactions. Financial credentials, including account names and passwords for banks and other financial institutions, accounted for 18% of incidents, followed by other targets.
  • Attackers seek stiff prices for their zero-day vulnerabilities: In 2016, Trustwave discovered an alleged undisclosed Windows zero-day vulnerability and accompanying exploit code on sale for an initial price of $95,000.
  • Exploit market disruption: The most common exploit kits in the world - Angler, Magnitude and Nuclear - disappeared or went private in 2016, leading to a shakeup of the exploit kit market.
  • Malvertisements get dirt cheap: In 2016, the estimated cost for cybercriminals to infect 1,000 vulnerable computers with malvertisements was only $5 -- less than $.01 per vulnerable machine. Malicious advertising remains the number one source of traffic to exploit kit landing pages.
  • Malware tries to hide itself: 83% of malware samples Trustwave examined in 2016 used obfuscation, while 36% used encryption.
  • Malware-laden spam creeps up: In 2016, 35% of spam messages contained malware, up from 3% in 2015. Meanwhile, 60% of all inbound email was spam, up from 54% in 2015.
  • Database flaws increase: Database vendors patched 170 vulnerabilities in the most common database products in 2016, up from 139 vulnerabilities in 2015.
  • Applications are almost always vulnerable: 99.7% of web applications Trustwave application scanning services tested in 2016 included at least one vulnerability, with the mean number of vulnerabilities detected being 11 per application.

Trustwave Chief Executive Officer and President Robert J. McCullen said, "Cybersecurity in 2016 had both highlights and lowlights. As our data breach investigations and threat intelligence show attackers continue to evolve their tactics and focus on extreme paydays as cybercrime becomes more like genuine businesses. Meanwhile security skills and talent remain scarce. As an industry, we must continue to focus on key areas like threat detection and response, security scanning and testing and cloud security services that provide meaningful layers of protection from constantly evolving threats."

Trustwave experts gathered real-world data from hundreds of breach investigations the company conducted in 2016 across 21 countries. This data was added to billions of security and compliance events logged each day across the global network of Trustwave Advanced Security Operations Centers, along with data from tens of millions of network vulnerability scans, thousands of web application security scans, tens of millions of web transactions, tens of billions of email messages, millions of malicious websites, penetration tests, telemetry from security technologies distributed across the globe and industry-leading security research.

To download a complimentary copy of the 2017 Trustwave Global Security Report, visit:


Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit


All trademarks used herein remain the property of their respective owners. Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks.

Latest News Releases

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments

Chicago, IL – June 4, 2024 – Trustwave, a leading cybersecurity and managed security services provider, today announced an expanded portfolio of offerings designed to help organizations unlock the...

Read More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in Public Sector

Chicago – May 14, 2024 – Trustwave, a leading cybersecurity and managed security services provider, today released a comprehensive report titled "2024 Public Sector Threat Landscape: Trustwave Threat...

Read More

Trustwave Named as a Leader in the 2024 IDC MarketScape for Worldwide Emerging MDR Services

Chicago – May 7, 2024 – Trustwave, a leading cybersecurity and managed security services provider, today announced its placement in the Leaders Category in the IDC MarketScape: Worldwide Emerging...

Read More