Cybersecurity is a BIG issue, and the interesting thing is…a lot of people don’t realize they care about it.
A lot of people think about cybersecurity as something pretty basic: choose a good password, and beyond that it’s really a term for governments and big companies to worry about.
Of course, when you think about it, cybersecurity matters to just about everyone.
It’s super important for small businesses, who may be targeted without having the resources to hire a security professional.
And have you ever been concerned about what Facebook is doing with your data? Then you’ve worried about cybersecurity.
See what I mean? This goes for EVERYONE who does anything on the internet.
So I’ve picked quite a few of the most relevant and reputable statistics about cybersecurity in this list, and I think they’ll matter a lot to you, no matter your context.
Ready? Let’s start off with something of interest to the business owners out there:
Item #1: NEARLY HALF of American small businesses suffered a cyber-attack last year.
First, sorry to start off with such a negative and scary stat.
But also, it’s pretty important to know. So let’s just look at the numbers, presented to us by Hiscox’s 2018 Small Business Cyber Risk Report:
So as you can see, last year nearly half of small businesses in the United States suffered a cyber-attack. And of those, 44% suffered 2+ attacks.
A lot of us have this idea that cyber-attacks are mostly an issue for big firms to worry about. Unfortunately, small businesses have got a LOT to worry about themselves.
So even if this stat doesn’t cheer you up, at least it will help us put to bed the idea that SMBs are largely ignored by cyber-attacks.
Let’s hammer this dose of reality home extra-hard, while we’re at it:
Item #2: MOST of those small businesses fail to act after an attack.
This stat actually comes from the same report as the last one. And it might give you the same sinking feeling as the last one.
Let’s have a look:
Yep…not a third, not even half, but NEARLY 2/3rds of small businesses fail to act following a cybersecurity incident.
Now, let’s note that this does NOT mean that 65% of small businesses got hacked and did nothing about it.
First, plenty of small businesses in this stats probably didn’t even know they had a cybersecurity incident.
And part of that is because cybersecurity incidents aren’t the same thing as being “hacked” in a super malicious way.
Nonetheless, it’s still pretty clear that small businesses, for various reasons, are not taking enough action to prevent cyber-attacks OR to fix cybersecurity issues.
Item #3: Over 85% of the email was spam in July 2019.
This really isn’t shaping up to be a “feel-good” list, is it? Well, such is life I suppose.
Check out the latest data, straight from Cisco’s Talos Intelligence Group:
Those are some enormous numbers, barely comprehensible. But the key figure is that 85% of email that is spam.
Want to know the worst part?
The proportion of spam to real mail is SUPER consistent over time:
Meaning there’s no real reason to think that in the near future, most email will be non-spam.
Okay, but here’s a silver lining:
Remember that spam is not the same thing as malware.
Spam obviously has a much higher rate of malware, phishing attempts, and so on, but this number doesn’t mean that 85% of your email is deadly to your cybersecurity.
… Just that a lot of email is on the riskier side.
On the note of email, though:
Item #4: The most common malicious attachments in email are Microsoft Office files.
Clearly, a lot of malware gets distributed through email. People have generally gotten wise to the usual, more overt malware email tactics.
Unfortunately, this means bad actors have also evolved their game. Cisco’s June 2019 email security report details some pretty shocking numbers.
Nowadays malware is often sent through mostly “normal” attachment types:
So the result is that over 40% of malicious attachments—TWO IN FIVE—are Microsoft Office attachments, mostly .doc files. PDFs are about 10% and .zip files are nearly a third.
This doesn’t mean you should stop sending Word documents through email…just that you shouldn’t assume an attachment is safe because it’s a Microsoft Office file.
Item #5: Cybercriminals have been a more pervasive threat than hackers recently.
I know what you’re thinking: what’s the difference between a hacker and a cybercriminal? Is this going to be a distinction without a difference?
Well, there’s definitely some overlap…but there’s still a meaningful difference. In short:
A hacker breaks into your system. A cybercriminal does this…and does something criminal (like stealing important information, robbing you, etc).
This report by Isaca on 2019’s cyberthreat landscape includes a poll given to business owners on the post frequent threat actors.
So while hacking in general is obviously the big overall concern, cybercriminals are the chief perpetrators…meaning robbers, basically.
Item #6: Phishing has been the most common attack type.
Phishing is a bad-faith effort at getting sensitive information (usually account information and card numbers), usually with the perp pretending to be a trustworthy person or group.
You might think phishing is the easiest security issue to avoid, because you’re a smart person who can tell the difference between good and bad actors.
And you know what?
You’re probably right. Most people who have been on the internet for a bit, and especially business-owners, can see through most phishing attempts.
But you shouldn’t dismiss them. Because here’s how common they are:
They are the MOST common cyber-attack type, and they have been for the last three years (according to the aforementioned Isaca report).
Heck, what’s interesting is that the other most common forms of attack—malware and social engineering—have actually decreased while phishing has stayed strong.
Item #7: One in ten URLs are malicious.
This data comes straight from Symantec’s 2019 Internet Security Threat Report, and there’s no way to sugarcoat it.
It’s easy to have a false sense of security—you maintain basic security practices on the internet, you only click links that look safe, etc.
But when you consider that 10% of URLs are malicious, it sure becomes apparent that you can’t be too careful.
Because if so many URLs are malicious, odds are even cautious people are going to run into them. Stay safe!
Item #8: Most Internet-of-Things (IOT) attacks hit routers.
The Internet-of-Things refers to increasingly common internet-enabled “smart” household devices.
IOT devices are the things that you see ads for all the time. Smart speakers and home assistants put out by Amazon, Apple, Google, etc, are very popular IOT devices.
But lots of new IOT products are coming out every day: door locks, cameras, microwaves, ovens, etc.
But IOT devices are notoriously vulnerable to hacking at this point in time. Symantec decided to test out IOT security and put the results in the report I mentioned in the last stat.
Here’s what they found:
Routers are the most frequently attacked points for IOT attacks.
Routers got about 75% of the attacks, and internet-connected cameras got another 15%.
A bunch of other things make up the remaining 10%, meaning these are the two you really need to be careful about if you’re trying to modernize your home or business.
Item #9: Over a QUARTER of internet users worldwide use a VPN or proxy.
Virtual Private Networks, or VPNs, are basically private networks built on public networks and are almost always encrypted nowadays—meaning users can experience better privacy and security.
Proxies overlap somewhat in that they switch up your traffic and make your IP look different (though they’re still pretty different from VPNs).
Anyway, VPNs and proxies are pretty common, according to recent data.
These numbers are from 2018 and presented by the reputable GlobalWebIndex research firm, and are probably the best recent numbers we’ve got:
What’s more, GlobalWebIndex points out that these numbers have been largely consistent since 2013.
This is honestly more than I expected, and it has a few implications—for one, it could change how we look at traffic statistics. For example:
Perhaps a lot of American traffic statistics are actually from people around the world trying to bypass local restrictions.
It also means that a solid amount of people, whether they intend to or not, are adding an extra layer of security and anonymity to their internet use.
Pssst: if you’re interested in checking out VPNs but not interested enough to set down money, you can actually try some free ones out.
Don’t worry—I’ve got a list of the best free ones to help you get started!
Item #10: Network vulnerabilities are far more common than application vulnerabilities.
This last stat is a little more technical, but don’t worry—I’ll take you through it.
First let me show you the numbers, brought to us by EdgeScan’s 2019 Vulnerability Statistics Report:
Network vulnerabilities accounted for the vast majority of cyber vulnerabilities at 81%, whereas web application vulnerabilities accounted for the rest.
Okay, but what does that mean?
You know what a network is, but a web application might be a little fuzzy for you. A web application is basically a program or software that works within a browser environment.
What does that mean in daily life?
Email, online shopping carts, plugins for your WordPress site, and so on. A lot of stuff that’s extremely common nowadays.
Now this might seem a little surprising, and some say that web application vulnerabilities are the most common, more common than network vulnerabilities.
Hashing this out could be an entire article unto itself, so I won’t get too into it here.
The reason I’ve left this statistic for you is to show you that network vulnerabilities are still extremely common, even if web applications are what we think of the most when it comes to cybersecurity.
But, let me point out one more thing out: even if network issues are over 80% of cybersecurity weaknesses, web apps have a higher proportion of high-risk problems.
So if you’ve been super concerned about the security of web applications…keep it up! Just don’t neglect network security too much either.
Like I said in the beginning, cybersecurity is a very multi-faceted thing. It’s relevant to just about everyone, and sometimes in more than one way per person (as a private individual and as a site manager, for example).
Cybersecurity is also a battle waged on many fronts: at the level of the network and the level of the website, on individual scales and massive organizational ones.
There are lots of stats out there on cybersecurity, but the game is constantly changing, and that’s why I found the most reliable recent stats and put them here.
Everyone has different contexts, concerns, and vulnerabilities online. But to the extent that I can generalize advice…I’d say, the best thing is to be careful!
Stay safe, y’all!
Don’t worry everyone…I haven’t hyped up these stats baselessly. Here’s our list of sources—you can check them out for yourself:
3. Cisco Cybersecurity Report June 2019 – Email: Click with Caution
4. Isaca report on 2019’s cyberthreat landscape (includes poll on threat actors and attack types)
5. Symantec Internet Security Threat Report (malicious URL and IOT attack percentages)
7. EdgeScan’s 2019 Vulnerability Statistics Report (web applications vs. network vulnerabilities)