22 cybersecurity statistics to know for 2022

As we usher in the New Year, let’s take a look at some statistics that will help you stay up-to-date on recent cybersecurity trends

As the rollercoaster of a ride that was 2021 comes to a close and we’re entering a more hopeful new year, we thought it apt to compile a list of impactful cybersecurity statistics that should help you stay at the top of your security and privacy game over the next 12 months. We hope that the list will help you understand that cybersecurity permeates all facets of your digital life and that it shouldn’t be treated as an afterthought

Without further ado, here is our list of 22 of the most impactful or interesting cybersecurity statistics to know for 2022:

  1. 2021 saw the highest average cost of a data breach in 17 years, with the cost rising from US$3.86 million to US$4.24 million on an annual basis. (IBM Cost of a Data Breach Report 2021)
  2. The COVID-19-powered shift to remote work had a direct impact on the costs of data breaches. The average cost of a data breach was US$1.07 million higher where remote work was a factor in causing the breach. (IBM Cost of a Data Breach Report 2021)
  3. The most common cause of data breaches was pilfered user credentials. As a commonly used attack vector, these were responsible for 20% of breaches, with these breaches causing the average cost of US$4.37 million. (IBM Cost of a Data Breach Report 2021)
  4. Midway through 2021, IT management software provider Kaseya had its systems compromised by the Sodinokibi ransomware, with the perpetrators asking for a US$70 million ransom – this was the largest ransomware fee demanded yet. (ESET Threat Report T2 2021)
  5. Phishing attacks were connected to 36% of breaches, an increase of 11%, which in part could be attributed to the COVID-19 pandemic. As might have been expected, threat actors have been observed tweaking their phishing campaigns based on what’s making the news at any moment in time. (Verizon 2021 Data Breach Investigations Report)
  6. Social engineering attacks are the gravest threat to public administration, accounting for 69% of all public administration breaches analyzed by Verizon in 2021. (Verizon 2021 Data Breach Investigations Report)
  7. Shortly after Log4Shell, the critical vulnerability in the Log4j logging utility, was disclosed in December 2021, ESET detected and blocked hundreds of thousands of exploitation attempts, with most of them located in the United States and the United Kingdom. (ESET Research)
  8. 2021 saw an incredible increase in the detection of Android banking malware. In T1 it rose by an incredible 158.7%, and T2 saw a continued growth of 49%. This should be considered a worrying trend since banking trojans have a direct impact on the financials of their targets. (ESET Threat Report T2 2021)
  9. Four years on, WannaCryptor (also known as WannaCry) is still a global threat to be reckoned with. In T2, the infamous trojan that compromises machines vulnerable to the EternalBlue exploit topped the top ESET’s ransomware detections charts accounting for 21.3% of detections. (ESET Threat Report T2 2021)
  10. Cryptocurrency investment scams remain as popular as ever. Between October 2020 and May 2021, victims were scammed out of more than US$80 million. The actual number is expected to be higher, since many people are ashamed to admit they have been duped. (United States’ Federal Trade Commission)
  11. Cryptocurrency has been the preferred payment method for cybercriminals for a while now, especially when it comes to ransomware. As much as US$5.2 billion worth of outgoing Bitcoin transactions may be tied to ransomware payouts involving the top 10 most common ransomware variants. (FinCEN Report on Ransomware Trends in Bank Secrecy Act Data)
  12. Early in 2021, the infamous Emotet botnet, one of the longest-lived and most pervasive malware threats, was disrupted in a large-scale global law enforcement operation. Some 700 command-and-control servers were taken offline during the bust (Europol)
  13. The Cybersecurity Workforce Estimate, which assesses the number of available cybersecurity professionals worldwide, estimated the pool of specialists in 2021 to be some 4.2 million. That is an increase of 700,000 compared to the previous year. [2021 (ISC)2 Cybersecurity Workforce Study]
  14. The same study also concluded that for the second year running the cybersecurity workforce gap has decreased. While in 2020 the number of additional cybersecurity specialists needed by organizations to defend their assets was 3.12 million, that number shrank to 2.72 million in 2021. [2021 (ISC)2 Cybersecurity Workforce Study]
  15. To make up the shortfall of cybersecurity professionals needed to effectively defend the critical assets of organizations, the global cybersecurity workforce would have to grow by a whopping 65%. [2021 (ISC)2 Cybersecurity Workforce Study]
  16. A total of 82% of organizations have admitted to increasing their cybersecurity budgets over the past year, with these funds accounting for up to 15% of total IT spending. (Accenture’s State of cybersecurity resilience 2021 report)
  17. Recent years have seen threat actors move from just infesting systems with ransomware to double extortion where they also threaten to exfiltrate the data and release it to the public or sell it. Threats to leak the pilfered data have seen a sharp increase, going from 8.7% in 2020 to a whopping 81% in the second quarter of 2021. (ENISA Threat Landscape 2021)
  18. There has been a significant increase in the overall costs of remedying a ransomware attack. While in 2020 the cost was US$761,106, in 2021 the overall cost of remediating a ransomware attack skyrocketed to US$1.85 million. (ENISA Threat Landscape 2021)
  19. The number of distributed denial-of-service (DDoS) attacks has also been on the upward trend, in part due to the COVID-19 pandemic. 2020 saw more than 10 million attacks occur, 1.6 million attacks more than the previous year. (ENISA Threat Landscape 2021)
  20. In 2020, the Federal Bureau of Investigation’s (FBI) Internet Crime Center (IC3) received a record-breaking 791,790 cybercrime complaints, with reported losses being responsible for some US$4.2 billion in losses. (FBI’s 2020 Internet Crime Report)
  21. Business Email Compromise (BEC)scams remain the costliest cybercrime, with losses surpassing US$1.86 billion in 2020, according to the FBI’s latest available data. In comparison, the second-costliest scam – confidence/romance fraud – registered losses of “only” some US$600 million. (2020 Internet Crime Report)
  22. The elderly were disproportionally affected by cybercrime, as some 28% of total fraud losses were sustained by victims aged over 60. This accounts for approximately US$1 billion in losses to elderly victims. (IC3 2020 Elder Fraud Report)

There you have it. Admittedly, these statistics are just the tip of the iceberg when it comes to threats facing both individuals and organizations. Even so, we hope that they give you a sense of the evolution and growing magnitude of the cyberthreats.

5 Cybersecurity Trends to Watch in 2022

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Firmware attack can drop persistent malware in hidden SSD area

bleepingcomputer.com – Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that’s beyond the reach of the user and security solutions.

Tweeted by @botcybersec https://twitter.com/botcybersec/status/1476584455859052548

Engineering the Future of Artificial Intelligence

To connect our people with the latest ideas, a vibrant firmwide network links Booz Allen with outside research leaders from across the global academic community. We actively collaborate with computer science labs and math departments at Harvard University, Syracuse University, the Montreal-based Mila institute, and other organizations. And our university-wide master collaboration agreement with the University of Maryland Baltimore County lets Booz Allen practitioners work on interdisciplinary projects with any professor from any department. Open access to academic environments enables our people to hone their expertise, often at the Ph.D. level, while continuing to build careers in industry.

We support emerging researchers by providing them with mentoring and ongoing opportunities to explore transformational AI concepts. A Booz Allen initiative provides computer science and math graduates from universities including the Massachusetts Institute of Technology and Harvard with opportunities to author papers and conduct other research activities. Participants build on their prior undergraduate and graduate course work and their university research projects to rapidly hone skills and publish findings. We have also helped members of the University of Notre Dame’s ESTEEM program complement their advanced science and engineering backgrounds with learning experiences in entrepreneurship and innovation.

AI practitioners who bring their talents to Booz Allen benefit from world-class technical capabilities that open up new avenues for research. We invest in advanced computing infrastructure both to support specific client projects and to expand internal research opportunities. Booz Allen teams use a newly built, state-of-the-art graphics processing unit (GPU) cluster to explore their areas of research focus across AI-related disciplines, from adversarial AI and malware detection to computer vision, natural language processing, and more.

By investing in research as a powerful foundation for our business, we seek to create new knowledge and help the world better understand the promise of AI. What sets Booz Allen apart is the unique opportunity we have, as the largest provider of AI services to the federal government, to turn our research into real-world applications that transform how agencies solve challenging problems and achieve mission goals, whether it’s serving citizens more efficiently, turning raw data into intelligence insights, strengthening public health, or thwarting adversaries in cyberspace and on the battlefield. The unique needs of our clients then refine our research, ensuring our long-term work has real-world impact.

Read more than 60 research papers from Booz Allen experts and explore career opportunities to learn more about how we engineer the next AI solutions on a foundation of peer-reviewed research and practical innovation.