If one thing became clear in 2022, it was that no organization, regardless of its size or vertical, is safe from a data breach. A breach can happen to any organization, enterprise, or government at any time.
At the beginning of 2022, the Lapsus$ Group went on a hacking spree, successfully stealing source code from Microsoft Bing and Cortana. The Costa Rican government declared a national emergency in response to ransomware attacks targeting the healthcare and social security systems. Nation-state threats and DDoS attacks continue to skyrocket throughout the Russo-Ukrainian War.
Data below shows that the global skills shortage and rapidly growing threat landscape are putting pressure on security teams. Here are some of the most pressing cybersecurity statistics to take into consideration as you plan for 2023:
The Security Talent Shortage
1. As of April 2022, there are over 700,000 cybersecurity job openings in the United States. Cybersecurity analysts are currently the most in-demand job within the industry.
– Cybersecurity Supply/Demand Heat Map | Cyber Seek
2. It’s estimated that there will be 3.5 million unfilled cybersecurity positions globally by 2025. That’s approximately the same as in 2021.
– Cybersecurity Jobs Report: 3.5 Million Openings In 2025 | Cybersecurity Ventures
Ransomware Attacks Continue
3. In 2020 alone, healthcare organizations lost almost $21 billion to ransomware attacks.
– Ransomware Attacks on US Healthcare Organizations | Comparitech
4. Nearly a quarter of ransomware attacks target the manufacturing industry. 17% of attacks target professional services. 13% of ransomware attacks specifically target government organizations.
– Ransomware 2020: Attack Trends Affecting Organizations Worldwide | Security Intelligence
5. It’s reported that 75% of companies were hurt by a ransomware attack, up from 61% in one year. 64% of affected companies paid the ransom, but nearly 40% weren’t able to recover their data.
– The State of Email Security 2022 | Mimecast
Supply Chain, DDoS and Nation-State Attacks
6. In 2021, supply chain attacks increased by more than 100% year-over-year.
– The Threat Landscape in 2021 | Symantec
7. The total number of DDoS attacks will be 15.4 million by 2023.
– Cisco Annual Internet Report | Cisco
8. Nearly 80% of nation-state attacks specifically target government agencies, non-government organizations (NGOs), and think tanks.
– Microsoft Digital Defense Report | Microsoft
9. The United States sees the most expensive data breaches in the world, with an average of $4.24 million per attack. That’s a 10% jump in one year, and the biggest single-year increase in the past seven years.
– Cost of a Data Breach Report | IBM
10. 30% of data breaches in the United States involve internal actors, compared to 17% in Asia-Pacific (APAC) regions and 13% in Europe, Middle East and Africa (EMEA). However, APAC and EMEA organizations experienced a higher-than-average rate of Cyber-Espionage-related breaches.
– 2020 Data Breach Investigations Report | Verizon
The past two years have shown us to always expect the unexpected. But there’s one thing we can all expect from 2023: even more devastating attacks across the world.
Gartner: Create a SOC Target Operating Model to Drive Success
‘Security and risk management leaders often struggle to convey the business value of their security operations centers to nonsecurity leaders, resulting in reduced investment, poor collaboration and eroding support…’ — Access this Gartner SOC Operating Model report – courtesy of Swimlane.