Cybersecurity Statistics 2023
100+ stats that prove why small businesses need it
The COVID-19 pandemic has far exceeded our most pessimistic forecasts. We could never have imagined the necessary change expected of us to get through this global disaster. It has forced us to re-evaluate the way we live our lives on a far bigger scale and, through the enforcement of lockdown and working from home, certainly to open our eyes to the positive change that could be introduced – a simplified life where businesses are shifting towards a more digital and tech-focused approach. Having said that, the rise of remote working solutions certainly raises questions regarding business continuity planning, cybersecurity and disaster recovery, for many companies in the SME market. Cybercriminals are forging more sophisticated attacks to target companies. It is therefore surprising that 58% of small and medium businesses are confident in their cybersecurity – further, they doubt that they will be targeted by cybercriminals. As such, we’ve collected and analysed the most intriguing cybersecurity statistics of 2023, both from a global and UK perspective. The main purpose of this article is to help businesses realise that preparing and investing in preventative cybersecurity measures should never be ignored, as the consequences may well be catastrophic.
Global Cybersecurity statistics
Historic data underlines how the threat landscape is evolving. So much so that according to Capita, the average total global cost of a data breach over the past seven years was £2.75 million. It is absolutely crucial to consider these findings and implement a future proof, robust cybersecurity strategy into an SMEs’ business continuity process.
1. In 2018, 38% of malicious email attachments were delivered as Microsoft Office file formats, such as Word, PowerPoint and Excel. (Cisco)
2. A business is successfully hacked every 39 seconds. (Security Magazine)
3. 68% of the time, business leaders feel their cybersecurity risks are escalating. (Accenture)
4. In the first nine months of 2020, nearly 200 million ransomware attacks took place – a huge year-on-year increase. (SonicWall)
5. 63% of network intrusions are the result of compromised passwords and usernames. (Microsoft)
6. 80% of organisations have experienced at least one successful cyberattack. (Imperva, 2020 Cyberthreat Defense Report)
7. Cybercriminals are able to navigate through increased security systems. “Next-gen” supply chain attacks have grown 420% in the last year alone. (2020 State of the Software Supply Chain)
8. Last year, the number of DDoS attacks increased by around 50%.
9. Phishing is one of the top reasons for data breaches. (Verizon’s 2020 Data Breach Investigation Report)
10. Almost 32.5% of cyberattack email subjects featured the word “payment”. (ENISA Threat Landscape 2020 – Phishing)
11. Spain (7.76%) followed by Germany (7.05%), and Russia (5.87%) are the countries most likely to fall foul of malicious email attacks. (Kaspersky Spam and Phishing in 2020)
12. Since 2019, there has been a 680% increase in fraudulent mobile app transactions. (RSA 2019 Current State of Cybercrime Report)
13. There are 230,000 new malware samples developed every day. (PurpleSec)
14. Most small businesses’ cybersecurity budgets are limited to £350 a year. (Juniper)
15. Cybercrime costs £2million for businesses worldwide and they potentially end up losing £18 per minute due to data breaches. (RiskIQ research)
16. It takes an estimated 280 days to find and contain the average cyberattack, while the average attack costs $3.86 million, according to a research conducted by IBM.
17. According to a RiskBased Security research, data breaches resulted in 36 billion records being exposed in the first three quarters of 2020 alone.
18. In 2020, malware usage increased by 358%, along with ransomware rising to 435%. (Deep Instinct)
19. Based on IDC’s prediction, by 2025, there will be an estimated 55.7 billion connected devices, of which 75% will be connected to the IoT. These devices will generate 73.1 zettabytes of data, an increase from 18.3 zettabytes in 2019.
20. 70% of security officers believe their budget will decrease in 2021, resulting in a limited and reduced spending on compliance, governance, and risk tools. (McKinsey)
21. Not knowing who is responsible for securing implementations was the leading cause of security incidents among 82% of cloud users. (Oracle and KPMG Cloud Threat Report 2019)
22. According to the FBI, there has been a 300% increase in cybercrimes since the beginning of COVID-19. (IMC Grupo)
23. There are around 300 billion passwords at risk, which could potentially be used by both humans and machines around the world. (SC Media)
24. According to the Internet Crime Complaint Center (IC3), phishing was the top crime reported with more than double the number of complaints seen in 2019.
25. Webmail and SaaS users are the biggest targets of phishing attacks, APWG believes.
26. Agari finds that 68% of all identity-deception-based attacks used display name deception when impersonating a trusted individual or a brand – in many cases, a third-party supplier, vendor or partner.
27. During COVID-19, two of the most popular types of attacks were spam emails (65.7%) and malware (26.8%). (ENISA Threat Landscape Report 2020 – Spam)
28. 45% of remote working employees named distraction as the main reason for falling into the trap of phishing scams.(Tessian)
29. Since remote working started, Gartner found that external security risks are still the main concern of 52% of compliance and legal leaders.
30. According to WatchGuard, there was an increase of 8.3% in the usage of mobile VPN between January and March 2020.
31. During the first month of lockdown, in 2020, scams increased by 400%. This has made the COVID-19 pandemic the largest security threat ever, ReedSmith has found.
32. During COVID-19, 81% of cybersecurity consultants have reported that their responsibilities changed. ((ISC)²)
33. CPO discovered that more than 500 thousand Zoom user accounts were compromised and sold on a dark web forum.
34. 93% of companies that have a significant data breach go bankrupt within one year. (phoenixNAP)
Cybersecurity statistics in the UK
The global pattern of cyberattacks perfectly exemplifies the risks and obstacles UK businesses face. In its 2021 cybersecurity Breaches Survey, the UK government’s Department for Digital, Culture, Media and Sport has looked into ways cybersecurity breaches can cause substantial harm to all types of businesses and found the following:
In the past 12 months, four in ten businesses (39%) reported having cybersecurity breaches or attacks, with the number (65%) being higher among medium businesses.
The number dropped this year, as compared to 2020 (46%), only because fewer businesses are identifying breaches or attacks.
The survey also pointed out that the risk is higher than ever during the pandemic and businesses are struggling to cope and administer cybersecurity measures.
Only 35% of companies are now deploying security monitoring tools in comparison to 2020 when this ratio (40%) was higher. 32% don’t use any form of user monitoring.
This can be considered as a consequence of the rise of remote working. Businesses are now less aware of the breaches and attacks their staff face.
The most common types of attacks are phishing attacks (83%) followed by impersonation (27%). These patterns around frequency and threat vectors are the same as the results from 2020 and 2019.
27% of the businesses that have identified attacks experience them at least once a week.
Among the 39% of companies identifying attacks, one in five (10%) end up losing money, data or other assets.
One third (35%) of the businesses are negatively affected regardless, as they might require new post-breach measures, have staff time diverted or suffer broader business disruption.
The report also details how these adverse outcomes or impacts in 2021 are lower for businesses than in 2019 and previous years. This is not necessarily a result of having fewer breaches or attacks – instead, it is due to more companies implementing basic cybersecurity measures following the introduction of the General Data Protection Regulation (GDPR) in 2018 or the rise of cloud storage and backups.
When businesses have faced breaches with material outcomes, the average cost in the past 12 months was an estimated £8,460. For medium and large firms combined, this average cost is higher, at £13,400.
Despite this notoriously historic year pushing many organisations’ cybersecurity professionals to their limits, cybersecurity remains a top priority for business leaders. However, it has not become a higher priority during Covid-19.
77% of businesses say cybersecurity is a high priority for their directors or senior managers. However, 84% of these businesses claimed the pandemic had made no change to their importance on cybersecurity.
Many organisations focused on increasing cybersecurity measures and adopted cloud security, multi-factor authentication or new rules requiring VPN connections to access files. However, in some cases, these measures were viewed in the short term as conflicting with business continuity rather than an essential part of it.
As a result of the rising popularity of remote working, many organisations found it harder to address cybersecurity. They have admitted that COVID-19 and the ensuing move to home working initiated substantial changes in their digital infrastructure. This involved issuing laptops or other equipment to staff, setting up Virtual Private Networks (VPN), expanding VPN capacity or Cloud migration.
34% of businesses now have a VPN.
Despite the challenges of working from home, companies have had to face a new set of obstacles, such as direct security, user monitoring or upgrading hardware, software and systems. Fewer businesses (35%) deployed security monitoring tools than in 2020 (40%).
With employees working from home, organisations have more endpoints to keep secure. However, fewer businesses (83%) reported having up-to-date malware protection, whereas this percentage (88%) was more significant last year.
More companies in 2020 (83%) had set up network firewalls, whereas in 2021, this number was only 78%.
On many occasions, the pandemic, having stretched resources, has led to competing priorities in IT and cybersecurity teams and caused a conflict between prioritising IT service continuity and maintenance work and other aspects of cybersecurity, such as patching software.
As the UK prepares to leave COVID-19 behind, organisations need to make preparations to manage cybersecurity in a “blended” working environment. Also, they must recognise that there is more to do to remain resilient to future uncertainties. Despite this:
Only three in ten (31%) businesses have a business continuity plan with cybersecurity included and only a fifth of companies (18%) have policies that cover the use of personal devices for work.
In 2021, 43% of businesses decided to take out some form of cyber insurance – this number increased from (32%) for organisations in 2020.
34% of business leaders felt the need to undertake cybersecurity risk assessments, whilst 20% of businesses decided to test their staff through mock phishing exercises.
To continue preparation, 15% of companies carried out cybersecurity vulnerability audits and only 12% reviewed cybersecurity risks posed by suppliers.
This cybersecurity statistics report conducted by the UK government’s Department for Digital, Culture, Media and Sport showcases the ambitions of UK businesses and the broader challenges they expect to face. SMEs aim to make continuous improvements in their cybersecurity strategy, including multi-factor authentication, tweaking policies and processes to cover Software as a Service (SaaS).
Small business Cybersecurity statistics
1. 43% of SMEs do not have any cybersecurity defence plan. (Hashed Out by The SSL store)
2. 60% of smaller businesses that fall foul to a cyberattack are out of business within six months.
3. 89% of managed service providers (MPSs) state that ransomware is the most common threat to businesses of the SME market. (Datto’s Global State of the Channel Ransomware Report 2020 )
4. Small organisations receive malicious emails at a higher rate. (Symantec’s Internet Security Threat Report 2019)
5. 43% of cyberattacks are aimed at small businesses. (Cybint)
6. 47% of SMBs have no IT know-how and don’t know how to protect themselves against cyberattacks. (Fundera)
7. Data breach statistics show an estimated 146 billion records will be exposed between 2018 and 2023. (SmallBizGenius)
8. In 2020, 43% of cybersecurity breaches were within SMEs. (Verizon)
9. One small UK business is hacked every 19 seconds. (Hiscox)
10. Three out of four small businesses don’t have adequate staff to address IT security. (Ninja RMM)
11. 54% of smaller businesses believe they are too small to face a cyberattack. (The Florida Nerds)
12. One in three SMEs use free consumer cybersecurity and one in five have no endpoint security in place at all. (BullGuard)
13. For 47% of small and medium businesses, keeping data secure is the biggest challenge. (Vipre)
14. In 2019, seven in ten employees had their password stolen, according to data from Keeper Security.
15. Before switching to remote working, 22% of SMEs had no cybersecurity prevention plan in place, Alliant cybersecurity found.
16. In the event of a cyberattack, 54% of SMEs wouldn’t know how to react, as they don’t have a cybersecurity plan in place. (LogSentinel SIEM)
17. 65% of small businesses have failed to adjust their cybersecurity strategy after facing a breach in the past. (ComputerWeekly)
18. Surprisingly, 91% of small businesses don’t invest in cyber liability insurance and, as such, cannot protect themselves from a cybersecurity attack. (CTN)
19. In 70% of the cases, cybercriminals are using web applications and miscellaneous errors to attack small businesses. (Small Business Trends)
20. Small businesses are targeted 43% of the time, yet only 14% have an adequate plan to defend themselves in case of an attack.(CNBC)
21. Small and micro-businesses are not prepared and don’t have the knowledge to defend themselves in case of a cyberattack, with 81% of staff not receiving adequate cybersecurity training. (Towergate Insurance)
22. To protect valuable business data, only 22% of small businesses encrypt their databases. (Azinity)
23. UK SMEs face a staggering 65,000 hack attempts every day, of which 4,500 are successful. (The UK Domain)
24. 60% of small businesses claim they face more severe and sophisticated cyberattacks by the day. (Alert Logic)
25. 14% of small companies would rate their ability to manage their cybersecurity attacks as highly effective. (Idency)
26. Only 38% of smaller businesses take preventative measures and upgrade their software solutions regularly. (ProSource)
27. Vodafone UK found that an average cyberattack costing £3,230 would destroy 23% of UK SMEs.
28. 25% of UK small businesses have no plans to upgrade or review their cybersecurity strategy in the near future. (Cyber Rescue)
29. 70% of small businesses are not prepared to deal with a potential cyberattack. (NS Tech)
30. 85% of small businesses intend to increase their budget on managed security services. (SecurIT)
31. 58% of the time, small businesses are attacked by malware.(Digital Solutions)
32. 40% of small and medium businesses suffered eight or more hours of downtime after a cyberattack. (AgilitySMB)
33. In the event of a data breach, 71% of customers say they would stop transacting with a business. (Allianz)
34. When targeting SMEs, 83% of data breaches are usually financially motivated. (Forbes Blue)
35. 22% of the major 200 UK cyber attacks occurred against small businesses. (UK Cybersecurity report 2022)
Useful IT statistics resources for all businesses
Take action based on the statistics
To conclude, worldwide and UK cybersecurity statistics show that the scale and type of cyberattacks are only getting higher and more advanced. To tackle this and meet the increasing security concerns, SMEs need a reliable IT partner to help them through this procedure. Over its ten-year history, North London-based IT company, TWC IT Solutions, has supplied cybersecurity solutions and implemented managed firewall, endpoint security antivirus and DDOS mitigation services, across seven sectors to over 200 clients. Should you need any help in developing a robust, cybersecurity strategy, we are here for you. Call us today to arrange a personal consultation specific to your company needs on 08000 248 900. We’ve got IT covered.
Social Media Executive, TWC IT Solutions
IT Awards and Distinctions
Nine distinctions in two years.
USA SUPPORT OFFICES:
ASIA SUPPORT OFFICE:
Hong Kong, China
MIDDLE EAST SUPPORT OFFICE:
UK HEAD OFFICE:
32-34 Station Close