By: Steve Morgan
Cybersecurity Ventures is excited to release this special first annual edition of the Cybersecurity Almanac, a handbook containing the most pertinent statistics and information for tracking cybercrime and the cybersecurity market.
Cisco’s commitment to security and partnerships starts at the top, and it’s one of the reasons why we’re collaborating with them. “At Cisco, security is foundational to everything we do,” said Chuck Robbins, chairman and CEO. Last year Cisco blocked seven trillion threats, or 20 billion threats a day, on behalf of their customers, according to Robbins.
Cisco and Cybersecurity Ventures have compiled 100 of the most important facts, figures, statistics, and predictions to help frame the global cybercrime landscape, and what the cybersecurity industry is doing to help protect governments, citizens, and organizations globally.
Cybersecurity Ventures formulates our own ground-up research — plus we vet, synthesize and repurpose research from the most credible sources (analysts, researchers, associations, vendors, industry experts, media publishers) — to provide our readers with a bird’s-eye view of the most dangerous cyber threats, and the most important solutions.
(Media citations should appear as “… according to the Cisco/Cybersecurity Ventures 2019 Cybersecurity Almanac” and hyperlink to here)
Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades. Cyberattacks are the fastest growing crime globally, and they are increasing in size, sophistication and cost.
- Cybersecurity Ventures predicts that cybercrime damages will cost the world $6 trillion annually by 2021 – exponentially more than the damage inflicted from natural disasters in a year, and more profitable than the global trade of all major illegal drugs combined.
- Cybersecurity Ventures predicts that by 2021 more than 70 percent of all cryptocurrency transactions annually will be for illegal activity, up from current estimates ranging anywhere from 20 percent (of the 5 major cryptocurrencies) to nearly 50 percent (of bitcoin).
- Around $76 billion of illegal activity per year involves bitcoin, which is close to the scale of the U.S. and European markets for illegal drugs, according to a study published by the University of Sydney in Australia, ranked as one of the top 100 universities globally.
- Digital ad fraud is rising sharply. One report found that advertisers lost an estimated $19 billion to fraudulent activities last year, equivalent to $51 million per day. This figure, representing advertising on online and mobile devices, is expected to rise, reaching $44 billion by 2022.
- The “Cyber’s Most Wanted” list on the FBI website features 63 notorious people (up from 19 in 2016) that have conspired to commit the most damaging crimes against the U.S., including computer intrusions, wire fraud, identity theft, money laundering, false registration of domain names, espionage, theft of trade secrets, and other offenses — costing the affected organizations and individuals tens of billions of dollars.
- Cybercrimes are vastly undercounted because they aren’t reported — due to embarrassment, fear of reputational harm, and the notion that law enforcement can’t help (amongst other reasons). The unit chief at the FBI’s Internet Crime Complaint Center (IC3) stated that the number of reported cybercrimes in the agency’s reports only represent 10 to 12 percent of the total number actually committed in the U.S. each year.
- Asia-Pacific companies receive 6 cyber threats every minute, according to Cisco. A Frost & Sullivan study commissioned by Microsoft revealed that the potential economic loss across Asia Pacific due to cybersecurity incidents can hit a staggering $1.745 trillion (USD).
BREACHES & VULNERABILITIES
Advances in technology are the main driver for economic growth but have also led to a higher incidence of cyberattacks. The leading trends such as e-commerce, mobile payments, cloud computing, Big Data and analytics, IoT, AI, machine learning, and social media, all increase cyber risk for users and businesses.
- The 10 biggest data breaches of all time — with the number of accounts hacked and year occurred — according to Quartz: Yahoo, 3 billion (2013); Marriott, 500 million (2014-2018); Adult FriendFinder, 412 million (2016); MySpace, 360 million (2016); Under Armor, 150 million (2018); Equifax, 145.5 million (2017); eBay, 145 million (2014); Target, 110 million (2013); Heartland Payment Systems, 100+ million (2018); LinkedIn, 100 million (2012); rest of list…
- Cryptocrime is an emerging segment of the cybercrime ecosystem. One report estimates that hacks on cryptocurrency exchanges suffered roughly $1 billion in losses during 2018.
- The 5 biggest bitcoin hacks of all time — with the exchange name, amount stolen, and year occurred — according to CoinSutra: Mt. Gox, 2609 BTC | +750,000 BTC (2011); BitFloor, 24,000 BTC (2012); Poloniex, 12.3 percent of all BTCs – 97 BTC (2014); BitStamp, 19,000 BTC (2015); Bitfinex, 120,000 BTC (2016).
- The cost of the 2018 Coincheck hack, the biggest cryptocurrency heist to date, was $530 million. 523 million NEM coins (known as XEM) had been stolen from a hot wallet (a wallet connected to the Internet) allowing hackers to drain the coins into a separate account. The cost of those stolen coins has since declined dramatically.
- In a keynote at DevNet Create, Susie Wee, SVP and CTO of Cisco DevNet, shared research from Cybersecurity Ventures that estimates there are 111 billion lines of new software code being produced each year — which introduces potential for a massive number of vulnerabilities that can be exploited. Zero-day exploits alone are predicted to reach one per day by 2021, up from one per week in 2015.
- The FBI reported that the Business Email Compromise (BEC), aka Email Account Compromise (EAC) — a sophisticated scam targeting both businesses and individuals performing wire transfer payments — has cost more than $12.5 billion in losses over the past 4.5 years (as of its last tally through May 2018).
- Less than half of companies globally are sufficiently prepared for a cybersecurity attack, according to a PricewaterhouseCoopers report that surveyed 3,000 business leaders from more than 80 countries.
- The 5 most cyber-attacked industries over the past 5 years are healthcare, manufacturing, financial services, government, and transportation. Cybersecurity Ventures predicts that retail, oil and gas / energy and utilities, media and entertainment, legal, and education (K-12 and higher ed), will round out the top 10 industries for 2019 to 2022.
- ATM makers, banks, and law enforcement have been scrambling to defend the 400,000 ATMs in the U.S. against “jackpotting.” When cybercriminals take control of the machine, cash spews out of it like a Las Vegas jackpot. Jackpotting has been rising worldwide, though it’s unclear how much has been stolen because victims and police often do not disclose details.
- Almost 50 percent of Ultra High Net Worth family wealth is being managed through family offices, which can be (cyber) targets due to the potential extortion value attached to reputational threats. 40 percent of family offices lack a cybersecurity policy. 28 percent of these businesses have already been victims of cyberattacks.
- Distributed-Denial-of-Service (DDoS) attacks represent the dominant threat observed by the vast majority of service providers — and they can represent up to 25 percent of a country’s total Internet traffic while they are occurring. Globally the total number of DDoS attacks will double to 14.5 million by 2022 (from 2017), according to the Cisco Visual Networking Index (VNI).
- Hacking tools and kits for cyberattacks, identity theft, malware, ransomware, and other nefarious purposes have been available in online marketplaces for several years — at price points starting as low as $1 — which makes the cost of entry to a life of cybercrime nearly free.
Ransomware damage costs are predicted to be 57X more in 2021 than they were in 2015. This makes ransomware the fastest growing type of cybercrime. The U.S. Department of Justice (DOJ) has described ransomware as a new business model for cybercrime, and a global phenomenon.
- Global ransomware damage costs are predicted to hit $20 billion in 2021, up from $11.5 billion in 2019, $5 billion in 2017, and just $325 million in 2015, according to Cybersecurity Ventures.
- Ransomware attacks saw a 350 percent increase in 2018, according to one estimate. Cybersecurity Ventures expects that businesses will fall victim to a ransomware attack every 11 seconds by 2021, up from every 14 seconds in 2019, and every 40 seconds in 2016.
- Global spending on security awareness training for employees — one of the fastest growing categories in the cybersecurity industry — is predicted to reach $10 billion by 2027, up from around $1 billion in 2014. Much of this training is centered on combating phishing scams and ransomware attacks.
- It’s widely reported that more than 90 percent of successful hacks and data breaches stem from phishing scams, emails crafted to lure their recipients to click a link, open a document or forward information to someone they shouldn’t. Training users how to detect and react to these threats is a critical ransomware deterrent.
- The No More Ransom online portal is now available in 35 different languages and carries 59 free decryption tools, covering some 91 ransomware families. So far, the tools provided on No More Ransom have managed to decrypt the infected computers of over 72,000 victims worldwide.
CRYPTOJACKING & SIM-SWAPPING
Cryptojacking is illegally mining cryptocurrencies, and it’s gaining ground on ransomware as a favorite revenue stream for cybercriminals. The problem is so severe that Google announced it would ban all extensions that involved cryptocurrency mining from its Chrome browser. SIM swapping is on the rise and poses a major threat to cryptocurrency account holders.
- Cryptojacking was one of the fastest growing cybersecurity threats in 2018, with 25 percent of all businesses already falling victim to it.
- A report from the Cyber Threat Alliance (CTA) indicates a massive 459 percent increase in the rate of cryptojacking, through which hackers hijack computer processing power to mine cryptocurrencies such as bitcoin and Monero.
- Cryptojacking participants can use more sophisticated means to evade detection — and according to one study only around 50 percent of malicious attacks are detected.
- On average, most cryptojackers don’t earn much. 1 out of every 500 of the top million Alexa-ranked sites hosts cryptojacking code. The ten most profitable cryptomining sites identified generate between $119 to $340 per day, according to academics at Braunschweig University of Technology in Germany. It remains to be seen how many cryptojackers will revert to ransomware, and data theft and resale on the Dark Web for higher payouts.
- SIM swapping attacks have stolen tens-of-millions of dollars worth of cryptocurrency. The compromise involves tricking a mobile carrier employee into rerouting a subscriber’s phone number to a hacker’s SIM card. This enables the perpetrator to intercept the victim’s messages — including 2FA codes — which helps locate the private keys used to access a cryptocurrency account. The first hacker convicted of SIM swapping was sentenced to 10 years in prison.
DIGITAL ATTACK SURFACE
The modern definition of the word “hack” was first coined at MIT in April 1955. The first known mention of computer (phone) hacking occurred in a 1963 issue of The Tech. Over the past fifty-plus years, the world’s attack surface has evolved from phone systems to so many digitally connected “things” that it’s outpacing our ability to properly secure them.
- The World Wide Web was invented in 1989. The first-ever website went live in 1991. Today there are more than 1.9 billion websites.
- The world’s digital content is expected to grow to 96 zettabytes by 2020 (this is how big a zettabyte is), up from 4 billion terabytes (4 zettabytes) just 3 years ago. With this kind of exponential growth the opportunities — for innovation, and for cybercrime — are incalculable because data is the building block of the digitized economy.
- The far corners of the Deep Web — known as the Dark Web — is intentionally hidden and used to conceal and promote heinous criminal activities. Some estimates put the size of the Deep Web (which is not indexed or accessible by search engines) at as much as 5,000 times larger than the surface web, and growing at a rate that defies quantification, according to one report.
- According to the latest Cisco Visual Networking Index (VNI), by 2022, more IP traffic will cross global networks than in all prior “Internet years.” In other words, more traffic will be created in 2022 than in the 32 years since the Internet started. However, increased connectivity brings with it increased security challenges.
- Driven by the rapid increase in the use of cloud apps, cloud data center traffic will represent 95 percent of total data center traffic by 2021, according to Cisco. The growth of Internet of Things (IoT) applications, such as smart cars, smart cities, and connected health devices, will also expand data center demands.
- Cybersecurity Ventures predicts that the total amount of data stored in the cloud — which includes public clouds operated by vendors and social media companies (think AWS, Twitter, Facebook, etc.), government-owned clouds that are accessible to citizens and businesses, and private clouds owned by mid-to-large-sized corporations — will be 100X greater in 2022 than it is today.
- Despite promises from biometrics and facial recognition developers of a future with no more passwords — which may, in fact, come to pass at one point in the far-out future — one report finds that the world will need to cyber protect 300 billion passwords globally by 2020.
- The global smartphone install base is set to grow 50 percent in the next four years to 6 billion devices, up from 4 billion in 2016. Infections for both Android and iPhones continue to increase as they are now the largest threat vector on the planet for technology. 2019 will see this trend continue.
- Research from Cisco and Cybersecurity Ventures indicates that smartphones will account for more than 55 percent of total IP traffic by 2025, and Wi-Fi and mobile devices will account for nearly 80 percent of IP traffic by that time — with BYOD (bring your own device) and mobile apps posing a major security threat to enterprises over the next 6 years.
- The number of connected devices on the Internet will exceed 50 billion by 2020, according to Cisco. To put it another way, the number of IoT devices will be three times as high as the global population by 2021. And by 2022, 1 trillion networked sensors will be embedded in the world around us, with up to 45 trillion in 20 years.
HUMAN ATTACK SURFACE
Like street crime, which historically grew in relation to population growth, we are witnessing a similar evolution of cybercrime. It’s not just about more sophisticated weaponry; it’s as much about the growing number of human targets.
- There were nearly 4 billion Internet users in 2018 (nearly half of the world’s population of 7.7 billion), up from 2 billion in 2015. Cybersecurity Ventures predicts that there will be 6 billion Internet users by 2022 (75 percent of the projected world population of 8 billion) — and more than 7.5 billion Internet users by 2030 (90 percent of the projected world population of 8.5 billion, 6 years of age and older).
- Gartner forecasts that more than half a billion wearable devices will be sold worldwide in 2021, up from roughly 310 million in 2017. Wearables includes smartwatches, head-mounted displays, body-worn cameras, Bluetooth headsets, and fitness monitors.
- Hundreds of thousands — and possibly millions — of people can be hacked now via their wirelessly connected and digitally monitored implantable medical devices (IMDs) — which include cardioverter defibrillators (ICD), pacemakers, deep brain neurostimulators, insulin pumps, ear tubes, and more.
- For the most recent year reported by the FBI, the Internet Crime Complaint Center (IC3) received nearly 50,000 complaints from victims over the age of 60 with adjusted losses in excess of $342 million — which leads all age groups.
- The global market for connected cars is expected to grow by 270 percent by 2022 — and more than 125 million passenger cars with embedded connectivity are forecast to ship worldwide between 2018 and 2022. This means most drivers will be online and susceptible to auto (cyber) intrusions by 2022, regardless of whether they consider themselves to be “online” or not.
Hospitals are more vulnerable than any other type of organization in 2019. Outdated systems, lack of experienced cyber personnel, highly valuable data, and added incentive to pay ransoms in order to regain patient data are magnetizing cybercriminals to the healthcare market.
- Ransomware attacks on healthcare organizations are predicted to quadruple between 2017 and 2020, and will grow to 5X by 2021.
- Cybersecurity Ventures predicts that the healthcare industry will spend more than $65 billion cumulatively on cybersecurity products and services from 2017 to 2021.
- Personal health information is 50 times more valuable on the black market than financial information, and stolen patient health records can fetch upwards of $60 per record (which is 10-20 times more than credit card information).
- Cybersecurity Ventures predicts that healthcare will suffer 2-3X more cyberattacks in 2019 than the average amount for other industries. Woefully inadequate security practices, weak and shared passwords, plus vulnerabilities in code, exposes hospitals to perpetrators intent on hacking treasure troves of patient data.
In 2004, the global cybersecurity market was worth $3.5 billion — and in 2017 it was worth more than $120 billion. The cybersecurity market grew by roughly 35X during that 13-year period — prior to the latest market sizing by Cybersecurity Ventures, for the 5-year period 2017 to 2021.
- Cybersecurity Ventures predicts that global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the five-year period from 2017 to 2021 — and the cybersecurity market will continue growing by 12-15 percent year-over-year through 2021.
- Worldwide spending on information security (a subset of the broader cybersecurity market) products and services exceeded $114 billion in 2018, an increase of 12.4 percent from last year, according to the latest forecast from Gartner, Inc. For 2019, they forecast the market to grow to $124 billion, and $170.4 billion in 2022. (*)
- Cybersecurity Ventures predicts that the global blockchain market will exceed $40 billion by 2025. Results from one survey indicate institutional investors from hedge funds, pension funds, and private equity believe that blockchain technology will have the biggest impact on healthcare, financial services and banking. The study reveals that 39 percent of the investors believe blockchain will do to banking what the Internet did to media.
- In 2019, Cybersecurity Ventures expects that Fortune 500 and Global 2000 chief information security officers (CISOs) will reduce the number of point security products/solutions in use at their corporations by 15-18 percent.
- Total venture capital funding in the cybersecurity space totaled more than $5 billion in 2018, up 20 percent from nearly $4.5 billion in 2017. In 2018, the total amount of funding for Israeli cybersecurity companies grew 22 percent year-over-year to more than $1 billion. According to these figures, Israel, the world’s second-largest exporter of cyber technology (behind the U.S.), accounted for roughly 20 percent of all cybersecurity VC funding.
- Based on venture capital dollars invested in cybersecurity, the top 4 countries are (in this order): U.S., Israel, U.K., and Canada.
- Virginia is part of the nation’s Cyber Capital, the Washington D.C. region. The state is home to the most cybersecurity companies per capita in the nation.
- 68 percent of U.S. businesses have not purchased any form of cyber liability or data-breach coverage, showing that businesses are not adopting cyber insurance at a rate that matches the risks they face, according to a Cisco paper. However, a majority of the 25 most populous U.S. cities now have cyberinsurance or are looking into buying it, according to a Wall Street Journal survey.
- Legislation such as 2018’s EU General Data Protection Regulation (GDPR) is helping drive the demand for cyber insurance as healthcare providers, financial services firms, and companies in all industries are tasked with keeping user data safe — and recovering from data breaches and ransomware attacks. Market forecasts for cyber insurance policies range from $14 billion by 2022 to $20 billion by 2025, up from less than $1.5 billion in 2016.
- Singapore announced the launch of the world’s first commercial cyber risk pool, a facility for providing cyber insurance to corporate buyers, as cyberattacks in the Asia Pacific region become more pervasive. The pool will commit up to $1 billion (USD) in risk capacity and will be backed by capital from traditional insurance and insurance-linked securities markets to provide bespoke coverage.
- The $100 million Hull McKnight Georgia Cyber Center (GCC) for Innovation and Training in Augusta, Georgia, marks the single-largest investment in a cybersecurity facility by a state government.
- The 2019 U.S. President’s budget includes $15 billion for cybersecurity, a $583.4 million (4.1 percent) increase over 2018. The Department of Defense (DoD) was the largest contributor to the budget. The DoD reported $8.5 billion in cybersecurity funding in 2019, a $340 million (4.2 percent) increase over 2018.
- Driven by the federal government’s desire to enhance agency cybersecurity posture at every possible level, Deltek forecasts the demand for vendor-furnished information security products and services by the U.S. federal government will increase from $10.9 billion in FY 2018 to over $14.1 billion in FY 2023 at a compound annual growth rate (CAGR) of 5.3 percent.
- Cybersecurity is the single biggest risk organizations throughout Europe are likely to face over the next year, according to the European Confederation of Institutes of Internal Auditing’s (ECIIA) annual Risk in Focus 2019 report. The data suggests that spending on cybersecurity in the region will see another uptick in 2019.
- A 2018 report estimates that energy companies, ranging from drillers to pipeline operators to utilities, invest less than 0.2 percent of their revenue in cybersecurity — while the number of hacker groups targeting the energy sector is soaring. Energy networks are vulnerable to cyberattacks — and hackers can cause massive power outages, placing national defense infrastructures at risk, and endangering millions of citizens.
- Estimates placing at least 85 percent of all business assets in digital form, a massive increase of cybercrime, and underinvestment into cyber insurance coverage has led Cybersecurity Ventures to predict that future stock prices of publicly-traded companies — and valuations of most startups and emerging enterprises seeking venture capital — will be influenced by market and investor perceptions of how secure a business’ information systems, data, and employees are.
(*) The Gartner forecast doesn’t cover various cybersecurity categories including IoT (Internet of Things), ICS (Industrial Control Systems) and IIoT (Industrial Internet of Things) security, automotive cybersecurity, and others, which are included in the Cybersecurity Ventures figures.
Cisco firmly believes diversity is a mandate in the cyber imperative: diversity of ideas, perspectives, backgrounds, and ways of seeing the world. This diversity creates the opportunity for creative problem solving that the growing security threat requires. Cybersecurity Ventures believes that every IT position is also a cybersecurity position now. Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure, and people.
- There will be 3.5 million unfilled cybersecurity jobs by 2021 — enough to fill 50 NFL stadiums — according to Cybersecurity Ventures. This is up from Cisco’s previous estimation of 1 million cybersecurity openings in 2014. The cybersecurity unemployment rate is at zero percent in 2019, where it’s been since 2011.
- U.S. News and World Report stated that the information security profession is growing at a rate of 36.5 percent through 2022. That bodes well for newbies, much the same as more experienced cyber fighters.
- The population of cyber engineers and analysts throughout the Washington D.C. Beltway is 3.5 times as big as the rest of the U.S. combined.
- With more than 150,000 cyber-related engineering and data science professionals, Maryland has the number one cyber workforce in the world, and leads the U.S. in cyber employment for classified nation-state jobs. Maryland also has the largest concentration of university-trained cyber engineering graduates in the world.
- San Antonio is home to the nation’s second-largest concentration of cybersecurity experts.
- The U.S. has a total employed cybersecurity workforce consisting of nearly 715,000 people, and there are currently almost 314,000 unfilled positions, according to Cyber Seek, a project supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce.
- Jobs requesting public cloud security skills remain open 79 days on average — longer than almost any other IT skill, according to Cyber Seek.
- The National Association of Software and Services Companies (NASSCOM) estimated that India alone will need 1 million cybersecurity professionals by 2020 to meet the demands of its rapidly growing economy.
- Cybersecurity Ventures predicts that 100 percent of large corporations (Fortune 500, Global 2000) globally will have a CISO or equivalent position by 2021 (up from 70 percent in 2018), although many of them will be unfilled due to a lack of experienced candidates.
- The second-highest paying tech job in 2019 is a CISO, with a salary range of $175,000 to $275,000. Fortune 500 corporations in big cities pay as much as $380,000 to $420,000 annually, and more, to their CISOs, much higher than the average range for the position in mid-sized companies, government agencies, and academia.
- Flaws in software code, which create vulnerabilities, have created a burgeoning bug bounty economy with big payouts to elite freelancer hackers. Some of them earn more than $500,000 a year. But, that’s a far cry from the average take-home pay for most bug bounty hunters that are self-employed part-timers with no guaranteed income.
- For the top coders with leadership and cybersecurity skills — a rare breed — salaries exceed $225,000. In some companies, this position pays more than it does to the CISO. Software plus “soft skills” equals big pay for aspiring programmers with a senior management role in their sights.
- New data indicates that of all IT jobs, cybersecurity engineers — with an average annual salary of $140,000 — are projected to be the highest paying and most recruited heading into 2019.
WOMEN IN CYBERSECURITY
Cisco’s John Stewart, senior vice president and chief security and trust officer, said in his keynote at last year’s RSA Conference that Women in CyberSecurity and Girls Who Code are examples of groups that are working to close the skills and diversity gap.
- Cybersecurity Ventures predicts that women will represent 20 percent of the global cybersecurity workforce by the end of 2019. This recalculates a 6-year old figure based on a limited survey that concluded women held just 11 percent of cybersecurity positions.
- Research firm Forrester predicts that the number of women CISOs at Fortune 500 companies will rise to 20 percent in 2019, compared with 13 percent in 2017. This is consistent with new research from Boardroom Insiders which states that 20 percent of Fortune 500 global CIOs are now women — the largest percentage ever.
- Quartz worked with data from private-equity research firm Pitchbook to develop a unique dataset that identifies more than 200 rising stars among the venture-backed companies (across all industries) led by female founders in the U.S. 5 women in cybersecurity showed up in the top 25 — and collectively they raised $300 million. Altogether 9 women in cybersecurity on the index raised nearly half a billion dollars.
- 91 percent of women in cybersecurity have a bachelor’s degree, and 20-25 percent of them have an MBA or master’s degree. 5 percent have a Ph.D., and 2 percent have no degree.
- Women in the cybersecurity field are trending up in Israel, the world’s second-largest country in terms of cybersecurity investment. In 2018, TechCrunch reported that for the most recent year tracked, 15 percent of newly established Israeli cybersecurity startups had a female founder, an increase from 5 percent the previous year.
- RESET, held in London, was the first cybersecurity conference with an all-female speaker lineup. The June 2018 event featured 15 women in cybersecurity speakers with in-depth knowledge of destructive cyberattacks and criminal operations, threat hunting and strategy, and human-centric security. 175 people attended the one-day conference.
- There’s a growing number of women in cybersecurity associations, events, lists, media stories, blogs, women-owned companies, and new programs — for instance the 100 Women in 100 Days Cybersecurity Certification — that are creating more momentum than ever for gender equality in our field.
PERSONAL & DATA PRIVACY
Cybercrime has hit the U.S. so hard that a supervisory special agent with the Federal Bureau of Investigation who investigates cyber intrusions told The Wall Street Journal that every American citizen should expect that all of their data (personally identifiable information) has been stolen and is now on the Dark Web.
- Hackers stole nearly 447 million consumer records containing sensitive personal information last year, according to the Identity Theft Resource Center. That’s a jump of 126 percent from the prior year and a new record for the number of compromised files in a single year.
- Over 40 percent of companies have sensitive files that are unprotected and open to every employee, according to TechRepublic.
- Tech Support Fraud is a widespread scam in which criminals claim to provide customer, security, or technical support in an effort to defraud unwitting individuals and gain access to the individuals’ devices. In the FBI’s most recent Internet Crime Report, they state that there was a 90 percent increase in losses over the prior year — from complaints reported to the Internet Crime Complaint Center (IC3).
- Nearly 60 million Americans were affected by identity theft last year, according to a 2018 online survey by The Harris Poll, an increase from 15 million in 2017.
- 87 percent of companies are experiencing delays in their sales cycle due to customers’ or prospects’ privacy concerns, up from 66 percent last year, according to those surveyed in the 2019 Cisco Data Privacy Benchmark Study. This is likely due to the increased privacy awareness brought on by GDPR and the frequent data breaches in the news.
- Those organizations that invested in data privacy to meet GDPR experienced shorter delays due to privacy concerns in selling to existing customers: 3.4 weeks vs. 5.4 weeks for the least GDPR ready organizations. Overall the average sales delay was 3.9 weeks in selling to existing customers, down from 7.8 weeks reported a year ago, according to the 2019 Cisco Data Privacy Benchmark Study.
- Among all respondents in the 2019 Cisco Data Privacy Benchmark Study, 59 percent indicated they are meeting all or most of GDPR’s requirements today. Another 29 percent said they expect to be GDPR ready within a year, 9 percent said it would take more than a year to get ready, with the remaining 3 percent stating the requirements did not apply to their organization.
Adversaries view small/midmarket businesses as soft targets that have less sophisticated security infrastructure and practices and an inadequate number of trained personnel to manage and respond to threats, according to a Cisco Cybersecurity Special Report.
- Nearly half of all cyberattacks are committed against small businesses.
- 60 percent of small companies that suffer a cyberattack are out of business within six months, according to the U.S. National Cyber Security Alliance.
- Cisco’s 2018 SMB Cybersecurity Report found that 53 percent of midmarket companies in 26 countries experienced a breach. For these companies, the top security concerns are targeted phishing attacks against employees, advanced persistent threats, ransomware, denial-of-service attacks and the proliferation of employees allowed to use their own mobile devices.
- A Better Business Bureau survey found that for small businesses — which make up more than 97 percent of total businesses in North America — the primary challenges for more than 55 percent of them in order to develop a cybersecurity plan are a lack of resources or knowledge.
- Cisco security experts explain that small/midmarket businesses are more inclined to pay ransoms to adversaries so that they can quickly resume normal operations after a ransomware attack. They simply can’t afford the downtime and lack of access to critical data — including customer data.
K-12 & HIGHER EDUCATION
Today, students are learning how to deal with sophisticated cyber threats by becoming hackers themselves — the good kind, according to EdTech Magazine. With the help of experts and educators, many middle and high school students throughout the U.S. are taking ethical hacking courses and setting themselves on the path to becoming cybersecurity experts. Colleges and universities are responding to the labor crunch with diverse programs focused on cybercrime, cybersecurity, and related coursework.
- Since January 2016, there have been more than 410 cyber incidents targeting K–12 schools in the United States, according to EdTech Strategies.
- According to the Center for Cyber Safety and Education’s Children’s Internet Usage Study, over half (53 percent) use the Internet for purposes other than homework or schoolwork seven days a week. Over a quarter (29 percent) of children admit to having used the Internet in a way that their parents would not approve. And alarmingly, four out of 10 (40 percent) say they have “friended” or connected with someone they didn’t know on a site or app.
- Recent data suggests there’s growing interest from students entering college, and IT workers thinking about cybersecurity as an upgrade to their current positions. There are more than 125 colleges and universities in the U.S. alone offering a master’s degree in cybersecurity. Dozens of those programs offer online-only classes and degrees, so even students who can’t attend in person can get a degree.
- Maryland has the largest number of university-trained cyber engineering graduates in the world. Maryland is the number one cyber education state in the country, with 17 NSA/DHS Centers of Academic Excellence. Maryland-based universities have awarded 10,000 bachelor’s degrees in cybersecurity-related programs since 2015.
- With the introduction of 18 new cybersecurity badges in 2018, nearly two million Girls Scouts of all ages (K-12) will be able to explore opportunities in STEM while developing problem-solving and leadership skills, according to Girls Scouts of the USA (GSUSA).
The 2019 Cybersecurity Almanac will be periodically updated with revised and new facts, figures, predictions and statistics.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.
Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.
Cisco (NASDAQ: CSCO) is the worldwide technology leader that has been making the Internet work since 1984. Our people, products, and partners help society securely connect and seize tomorrow’s digital opportunity today. Discover more at newsroom.cisco.com and follow us on Twitter at @Cisco.
Cybersecurity Ventures is the world’s leading researcher and Page ONE for the global cyber economy, and a trusted source for cybersecurity facts, figures, and statistics. Follow us on Twitter at @CybersecuritySF. Cybercrime Magazine publishes our reports covering global cybercrime, cyberwarfare, hacks and data breaches, cybersecurity market forecasts and spending predictions, M&A and VC funding activity, cyber defense employment, and more.
Media citations should appear as “… according to the Cisco/Cybersecurity Ventures 2019 Cybersecurity Almanac” and hyperlink to here
We invite broadcasters, publishers, editors, reporters, and bloggers to borrow generously from the 2019 Cybersecurity Almanac in their efforts to raise up cybercrime and cybersecurity in the public’s consciousness. When quoting a single fact, figure, statistic, or prediction, then we encourage you to provide attribution to the original source i.e. “according to Cisco” or “according to Cybersecurity Ventures” or other.