Security Statistics
Looking for the latest security stats and trends? You've come to the right place.
-
WINDOWS 7 VULNERABILITY
30% of Windows desktop computers are still running Windows 7 – which began its end-of-life in 2020.
-
POINT OF SALE GETS SAFER
Continuing a multi-year decrease, POS declined to 5% of environments breached as merchants adopt safer standards.
-
"HELLO JOE"
In 2019, Ever-evolving ransomware threats increasingly used algorithms to address victims by name.
-
HIDING BEHIND GMAIL
30% of business email compromise attacks use gmail.com addresses in the from line.
-
27 MILLION DOLLARS!
The amount that one single business email compromise scam cost a company in 2019.
-
SPAM GETS CANNED
Only 28% of email messages are spam in 2019 – down from 45% in 2018
-
Impact of Global Cybersecurity Skills Shortage
74% of cybersecurity professionals say their organization has been impacted by the global cybersecurity skills shortage.
-
ALL APPS VULNERABLE
For a second straight year, 100% of web applications tested possessed at least one vulnerability, with the median number of vulnerabilities rising to 15, up from 11 in 2017.
-
CRYPTOJACKING DOMINATES WEB ATTACKS
A steep year-over-year increase of 1,250% was observed in cryptojacking malware, which was almost non-existent in 2017.
-
THREAT RESPONSE TIME IMPROVES
The median time duration from threat intrusion to containment fell to 27 days, from 67 days in 2017, and the median time between intrusion and detection for externally detected compromises fell to 55 days, down from 83 days in 2017.
-
SOCIAL ENGINEERING THE PRIMARY CONDUIT
In both cloud and POS environments, 60% of breach investigations can attribute successful social engineering as the conduit to initial point of entry.
-
DATABASE VULNERABILITIES ABOUND
The number of vulnerabilities patched in five of the most common database products was 148, up from 119 in 2017.
-
MALWARE-LADEN SPAM DOWN
Spam messages analyzed containing malware significantly diminished in 2018, to 6% from 26% in 2017.
-
ASIA PACIFIC UNDER SIEGE
The Asia-Pacific region led in the number of data compromises investigated, accounting for 35% of instances, overtaking North America at 30%.
-
264,483
The number of unique phishing reports submitted during the second quarter of 2018.
-
FIRST FEAR
U.S. CEOs place cybersecurity as their No. 1 business worry, ahead of new competitors and a recession.
-
Worse before it gets better
77% of organizations believe the problem of ransomware has gotten worse or stayed the same over the past year.
-
What's causing breaches?
28% of breaches result from poor passwords, and another 28% from weak remote access security.
-
Under pressure
63% of security professionals felt more pressure to secure their organizations in 2015 compared to the prior 12 months, and 65% expect to feel additional pressure this year.
-
There's a bug for that
95% of mobile applications scanned by Trustwave contained at least one vulnerability, with a median total of 6.5.
-
The mighty will fall
The share price of publicly traded companies in the U.K. will drop an average of 1.8 percent following a "severe breach.
-
The importance of security testing
More than two-thirds of organizations consider security vulnerability testing to be a best practice.
-
The cost of cybercrime
Cybercrime costs the worldwide economy roughly $450 billion annually, up nearly 200 percent in five years.
-
Spam prevalence relenting, but threat remains
From an initial high of 93%, the amount of spam that comprises inbound email is down to 60%. But 6% of those unsolicited messages contain a malicious attachment or link.
-
Sleeping with the enemy
81% of victims fail to detect a breach themselves.
-
Skills gap
Shortage of security expertise has climbed from the eighth-biggest operational pressure facing security pros to the third-biggest.
-
Show me the ROI
Attackers earned a 1,425% return on investment for exploit kit and ransomware schemes.
-
Short end of the stick
By 2021, companies will be unable to fill 3.5 million open cybersecurity positions.
-
Send in the reserves
84% want the size of their IT security team increased and 30% want it at least quadrupled.
-
Security spending on the rise
Organizations spent 44% more money last year than the year before on security.
-
Risky business
33% of companies have never commissioned a risk assessment.
-
Ransomware causalities
30% of organizations experienced a successful ransomware attack over the past year.
-
Password pandemonium
39% of passwords are eight characters, a length that takes an average of one day to crack. Compare that to 10-character passwords, which take an average of 591 days.
-
Overall spending on security up, but down per employee
At 6.1% of the IT budget, the average spending on security has reached a five-year peak in 2014. However, when measured per employee, the average amount allocated to security in 2014 is lower than in 2010 ($450 versus $473).
-
Midsized companies lack IT security roles
24% of midsize organizations do not have anyone with a dedicated information security or IT security role.
-
Malware everywhere
59% of organizations have experienced a malware infiltration in the past six months.
-
Java withdrawal, as exploits plummet
Exploits of Oracle Java decreased 63.5 percentage points, year over year. Functionality that now blocks Java content by default has made it a less susceptible target.
-
IT or Security?
In 38% of enterprises, security is still indistinguishable from IT.
-
IoT deployment moving fast
67% of companies either are already using IoT devices or planning to use them in the next year.
-
Hot commodities
Job postings for cybersecurity professionals are up 91% year over year.
-
Higher learning
73% of organizations are turning to education and training to make users less susceptible to social engineering and spear phishing - up 4% from the previous year.
-
"Flash" flooding
33% of detected exploits are of Adobe Flash, up 28.2 percentage points from the previous year.
-
File transfers
28% of security pros rank unauthorized file transfers as their top insider threat worry.
-
False sense of security
70% of businesses believe they're safe from cyberattacks and data compromises.
-
External versus internal threats
62% of security pros are more pressured by external threats than internal ones.
-
Evenly matched
IT security practitioners are nearly split - 51% to 49% - over who poses the greatest threat: external adversaries versus trusted insiders.
-
Endpoints go managed
Citing potential benefits like improved incident detection and response, as well as cost reduction, 57% of enterprise organizations are already using a managed security service in some capacity to protect their endpoints.
-
Emerging headaches
44% of security pros rank the cloud as the riskiest emerging technology, with IoT (17%) and BYOD (16%) behind it.
-
Embracing managed security
The number of security pros who either already partner or plan to partner with a managed security services provider has climbed from 78% to 86%.
-
Days gone by
Breaches take a median length of 86 days to be detected, and 111 days from intrusion to containment.
-
Data going out the door
49% of breaches involve the theft of personally identifiable info and cardholder data.
-
Cybercrime losses mounting worldwide
$600 billion, or nearly 1% of global GDP, is lost to cybercrime every year.
-
Costs rising
Business breach costs to jump to $2.1 trillion by 2019.
-
CISO reporting structure
66% of financial CISOs report into the CIO, CRO or COO, whereas just 8% report directly to the CEO.
-
Business disruption attempts
The second quarter of 2015 saw a 132% increase in DDoS attacks on Akamai's Prolexic network compared to Q2 in 2014, and a 7% increase compared to Q1 2015.
-
Bogus boss scams
27% of organizations encountered a CEO fraud attack in the past 12 months.
-
B.Y.Uh-Oh
Bring-your-own device (BYOD) is practiced at 59% of organizations, with another 13% planning to allow it.
-
Automated malware a top concern
Automated malware was the top concern for security pros surveyed by 451 Research about the top security threats they face (28% of respondents).