Cyber Security: Key stats for enterprises in 2022
Looking back, 2021 was a trying year for cyber security. Not only were there several high-profile breaches, such as SolarWinds and Colonial Pipeline, but there were also more sustained attacks than had ever previously been recorded.
As TechInformed wrote earlier this month, cyber-attacks hit their all-time peak at the end of 2021, topping more than 925 attacks a week per organisation.
These figures came from a report by cyber intelligence provider Check Point Research, which found weekly attacks on corporate networks in 2021 were twice as high as the year before.
Research and education sectors were hit hardest, seeing a 75% rise on 2020 attacks to average 1,605 attacks per organisation every week.
But government and military (1,136 attacks per organisation per week) and communications (1,079 attacks weekly per firm) were just behind, seeing growth of 47% and 51% respectively.
It is also proving very, very costly for businesses. According to IBM’s Cost of a Data Breach report, 2021 saw the highest average cost of a data breach in 17 years, with the cost rising from US$3.86 million to US$4.24 million on an annual basis.
The Covid-19 pandemic accelerated this growth because of the shift to remote working. IBM’s study found the average cost of a data breach was US$1.07 million higher where remote work was a factor in causing the breach. Stolen credentials were the most common cause, responsible for up to 20% of these breaches.
So, what does this tell us? Cyber security attacks are not only a growing problem for businesses, but they are also increasingly expensive, highlighting the need for a robust approach to defence.
It should come as no surprise to learn then, that cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. More surprising however is the fact that this is only the second time that cyber security has topped the list, according to Forbes.
The market, as you’d expect, has responded, with investment in cyber security on the up. Accenture’s State of Cybersecurity Resilience 2021 report found 82% of organisations admitted to increasing their cybersecurity budgets over the past year, with investment now making up around 15% of total IT spend.
In fact, the worldwide information security market is forecast to reach $170.4 billion in 2022.
Greater investment means there are now more cyber security professionals working than ever before. The Cybersecurity Workforce Estimate, which assesses the number of available cybersecurity professionals worldwide, estimates the pool of specialists in 2021 to be in the region of some 4.2 million. That is an increase of 700,000 compared to the previous year.
The workforce gap – while still an issue – has also reduced year-on-year. In 2020 the number of additional cybersecurity specialists needed by organisations to defend their assets was 3.12 million, that number shrank to 2.72 million in 2021, according to the same report.
So, what types of attack should businesses be aware of? Ransomware involves a malicious actor taking over a device making any files and the systems that rely on them unusable, until the user pays to unlock it. In the last five years, the frequency of detected ransomware attacks has grown from an attack every 40 seconds to one every 11 seconds.
Ransomware is just one type of malware attack, with malware – which also includes viruses, Trojans, worms, and spyware – making up most cyber-attacks.
Malware attacks have rises significantly in the last decade, hitting around 812 million in 2018, although no figures for 2021 were available.
Other common attacks include phishing and spear-phishing, man-in-the-middle attacks, SQL injections, and distributed denial of service (DDoS).
According to internet infrastructure giant Cloudflare, the first half of 2021 witnessed massive ransomware and ransom DDoS attack campaigns that interrupted aspects of critical infrastructure around the world, but in the latter part of the year, the company’s defence system automatically detected and mitigated a 17.2 million request-per-second (rps) DDoS attack, an attack almost three times larger than any other that it had previously recorded.
To put this in context, Cloudflare serves over 25 million HTTP requests per second on average, meaning the attack was up to 68% of its average legitimate traffic.
A new form of DDoS is also taking prominence, called Ransom DDoS. In Q4, ransom DDoS attacks increased by 29% YoY and 175% QoQ, according to Cloudflare.
Clearly, cyber security continues to be a core issue for businesses across the globe, with not only the frequency, but also the complexity of attacks growing every year. While industry is investing more money than ever to mitigate these challenges, the question is are they taking cyber security seriously enough?
Subscribe to our Editor's weekly newsletter