Facts and Stats about Cybersecurity

October 7, 2024

Cybercrime remains one of the primary risks facing companies across the United States.

The following statistics highlight the most pressing cybersecurity risks organizations face today and underscore the importance of proactive security measures.

Top Cybersecurity statistics

According to the Identity Theft Resource Center (ITRC), there were 3,205 data compromise incidents in 2023 which impacted over 353 million Americans and cost American businesses an average of $9.36 million per incident.
The threat of cyberattacks is particularly acute for small-to-medium businesses (SME), which are the targets of approximately 50% of all such attacks,according to Cybersecurity Ventures. Alarmingly, 60% of small businesses close their doors within six months of experiencing a data breach or cyberattack.
The ITRC reported that data breaches surged 72% in 2023 to a new record
Norton Antivirus reported that over 75% of targeted cyberattacks in 2024 start with an email.
94% of organizations reported email security incidents

Cyber attack stats for Small-to-Medium Enterprises

Cybersecurity is a growing concern for small businesses, with over 20% identifying it as one of their biggest threats. The following statistics shed light on why SMEs are increasingly vulnerable to cyberattacks:

According to CISCO, 70% of cyber attackers deliberately target small businesses
Small businesses are 3x more likely to be targeted by cybercriminals than larger companies
61% of small businesses experienced a breach in the last year
70% of ransomware attacks in 2021 hit businesses with fewer than 500 employees
Malware and email phishing (18% vs 17%) are the most frequent cybersecurity incidents for small businesses.
The total cost of cybercrimes to small businesses is $2.4 billion per year
60% of small businesses that suffer a cyberattack go out of business within six months.

Manufacturing and cybersecurity

Manufacturing facilities are a top target due to their low tolerance for downtime and lower level of cyber maturity compared to other sectors.

The Manufacturing sector represented 29% of the published ransomware victims globally, marking a 56% year-over-year increase.
In 2023, manufacturers comprised more than 25% of security incidents, with malware attacks – primarily ransomware –making up the majority of those incidents.
In attacks on critical infrastructure organizations, 85% of incidents could have been mitigated with patching, multi-factor authentication or least-privilege principles.
There were 54 million victims from Supply Chain Attacks.

Defense and cybersecurity

Defense organizations are prime targets for cyberattacks due to the sensitive nature of the information they handle. Here are some statistics that tell the story further.

The aerospace and defense sector has seen a 300% increase in cyber attacks since 2018.
The average cost of a data breach in the defense sector is $5.46 million.
At least 70% of the defense industrial base are small businesses, and they’re facing many of the same cyber threats as the typical small business
Over 80% of aerospace and defense organizations have experienced a breach in the past 12 months
61% of defense organizations have experienced a ransomware attack in the past year, with the industry experiencing 1250 cyber incidents per week

Cybersecurity Maturity among defense contractors

The Department of Defense has raised cybersecurity standards by introducing the Cybersecurity Maturity Model Certification (CMMC), which will be required in defense contracts starting in 2025. However, many contractors are struggling to meet these new demands. According to Radicl, a cybersecurity firm for SMEs:

Over half of defense contractors are struggling with implementing their CMMC compliance requirements
31% are challenged with creating efficient protocols to protect against data breaches
31% also report they are struggling to build an effective cybersecurity program on limited budgets and resources
25% report they are challenged by staying one step ahead of the evolving cyber threat landscape

Finance and cybersecurity

Small banks make a far better target than large national ones. Big banks can afford to spend billions to detect attacks and fortify themselves. Small banks can rarely match that level of vigilance. Moreover, attackers are very aware of this discrepancy.

According to Gradient Cyber, cybercrime is quickly becoming one of the most significant emerging threats to small banks.
In 2023, the number of data compromises in the financial services industry in the United States reached 744, up from 138 such incidents in 2020.
The average cost of a data breach in the finance industry reached a staggering amount of $8.19 million in 2023.

Healthcare industry and cyberattacks

The healthcare industry is considered one of the most vulnerable sectors to cybercrime because patient data is so valuable.

The number of attacks on physician groups rose from 2% of healthcare attacks in the first half of 2021 to 12% in the first half of 2022.
Specialty clinics represent 1 in 5 attacks on healthcare facilities and service and supply vendors and physician groups faced 9% of threats.

Hacking/IT incidents were found to be the primary cause, accounting for 73% of data breaches in the first half of 2023.
The most common causes of data breaches in the healthcare industry are phishing attacks, ransomware attacks, and business email compromise attacks (BEC). 88% of healthcare workers opened phishing emails.

How to stay ahead of cyber attacks and protect your data

SMEs are pivotal to the American economy. As these statistics highlight, protecting data is paramount to keeping them viable. This starts by knowing you will be targeted– It is a matter of when your data will be attacked, not if. That’s why organizations need to ensure that when attackers get to data in transit or data in servers, all they get is gibberish. This can be achieved by protecting your data with end-to-end encryption.

PreVeil’s end-to-end encrypted email and file sharing platform ensure that the only people who can access your data are you and the sender. And no one else – not even PreVeil. PreVeil offers industry-leading solutions with unrivaled security, simplicity and affordability. Its end-to-end encrypted email and file-sharing platform seamlessly integrates with existing IT infrastructures, enabling institutions to meet compliance requirements without costly and disruptive changes. Widely deployed by over a thousand enterprises, PreVeil is a proven solution trusted to safeguard sensitive information.

Contact PreVeil to learn more about how we can help your organization protect its sensitive information.

Contact Sales

Author

Orlee Berlove, reviewed by Noël Vestal, PMP, CMMC RP

Noël Vestal is PreVeil's Compliance Officer and CMMC Certified Professional (CCP) with over 15 years in DoD IT program management. She implemented the NIST 800-171/CMMC Level 2 compliance program for an OSC member of the DIB. She has her M.S. in Information Technology and holds certifications from the CMMC Accreditation Body (CyberAB), Project Management Professional (PMP), and CompTIA’s Security + certification.

Orlee Berlove has been a marketing leader for over 25 years, and is currently the Senior Director of Marketing at PreVeil. She has her Masters of Engineering, Operations Research and her Bachelor of Arts from Cornell University.

Related Blog

See All Blog

October 17, 2024

The CMMC Final Rule is Published: What Contractors Need to Know

CMMC

October 15, 2024

Countdown to Compliance: Demystifying the CMMC Timeline

CMMC

October 10, 2024

What is ITAR Compliance

ITAR

Facts and Stats about Cybersecurity and Compliance

By: Orlee Berlove, reviewed by Noël Vestal, PMP, CMMC RP

Table of contents