2020 has been a busy year for cybersecurity around the world with hacks, ransomware attacks, and data breaches making the news on a regular basis. According to analysts there were double the number of cyber attacks in 2020 than in 2019. Some of this increase follows trends from previous years, but it also appears as though a significant proportion of the increase in cyber crime in 2020 is a result of the disruption caused by the Covid-19 pandemic.
We take a look back at some of the key figures and headlines from cyber attacks 2020.
1. Investment in cybersecurity is projected to reach $123bn in 2020
Forbes reported earlier this year that even as Covid-19 caused many companies to reduce IT spend overall, investment in cybersecurity increased in 2020 compared with 2019. 89% of this investment is concentrated in five areas: security services, infrastructure protection, network security protection, identity access management and consumer security software.
Investment in cybersecurity now accounts for 26% of the IT budget in SMBs and 29% in enterprises. By contrast, in 2019 it was 23% and 26%.
2. 65% of SMEs in the UK suffered a cyber attack in 2019/20
There’s no such thing as being too small to be interesting to a malicious actor. Small and medium enterprises around the world are major targets for cyber attack because they are perceived as having small security budgets and weaker defences.
Research by Towergate Insurance discovered that 65% of small and medium enterprises in the UK suffered a cyberattack in 2019/20. That compared to 46% of all businesses on average.
3. There are 3.12 million unfilled cybersecurity positions worldwide
There is a real shortage of skilled cybersecurity professionals around the world. Many companies struggle to fill their cybersecurity positions, and there are over 3 million vacant positions in cybersecurity worldwide. That’s a lot of positions.
Progress is being made, but there is still a long way to go. Research earlier in 2020 by (ISC)2 showed that for the first time ever, the year on year numbers of vacant cybersecurity positions decreased from 4.07 million in 2019 to 3.12 million in 2020, and that there are now 25% more cybersecurity professionals working in the field than in 2019. While this is good news, (ISC)2’s report also showed that there is still a need for more cybersecurity professionals. Employment in cybersecurity needs to grow by 89% to fill all the vacant positions.
However some of the year on year reduction is also shown by reduced IT security teams, with research by PwC suggesting that 20% of firms will reduce the size of their IT security teams next year. This is at a time when IT security is needed more than ever.
4. Losses from cyber crime have cost the world more than $1tn – 1% of world GDP
In December, the Center for Strategic International Studies released a report called the Hidden Costs of Cybercrime, which announced that global losses from cybercrime are approaching $1 trillion, which equates to just over 1% of global GDP.
The most expensive forms of cybercrime are economic espionage, intellectual property theft, financial crime, and ransomware. Hidden costs associated with cybercrime come from operational downtime, loss of productivity, loss of reputation, and time and money spent on responding to an incident.
5. Ransomware attacks increased by 130% in 2020
The biggest cyber attacks 2020 winner was ransomware. Ransomware attacks on education settings, hospitals, governments, and more increased in 2020. Ransom amounts also increased, and the average ransom demand is now approaching $200,000. The US is the most targeted country for ransomware attacks, and October 2020 was the busiest month in 2020 for ransomware attacks (data is not yet available for December).
Ransomware figures for 2020 include:
199.7 million ransomware attacks were reported in Q3 2020, an increase of 40% on Q3 2019
$23m – the ransom demanded from German software company Software AG in October 2020
€10m – the ransom demanded from French construction firm Bouygues
$6m – the highest ransom paid in 2020 – by Travelex
51% of businesses asked in one survey were hit by ransomware in 2020
25% of ransomware victims pay
56% of ransomware victims recovered their data using a backup
$20 billion – projected cost of ransomware to businesses worldwide in 2020
$1.45 million – the average cost of recovering from a ransomware attack
73% of ransomware attacks are successful
33% – the proportion of cyber attacks 2020 using Ryuk ransomware
11 seconds – a company will be hit by ransomware every 11 seconds in 2021
6. October 2020 had the highest number of cyber security breaches EVER
117 security incidents were recorded publicly around the world in October 2020, adding up to 18.4m breached records. Please note, not all cyber attacks 2020 are recorded publicly, so these are just the tip of the iceberg.
The healthcare industry was hit particularly hard in October, with ransomware attacks on several hospitals.
Cyber attacks in October 2020 included:
41 uncategorised cyber attacks
36 ransomware attacks
23 data breaches
8 financial information breaches
8 malicious insider attacks
7. There are more than 2 million active phishing websites
According to the Google Transparency Report there were 2,046,249 unsafe phishing websites on the internet on 6th December 2020. This is an increase of 21% during 2020, as Google’s Safe Browsing service identified 1,690,000 phishing websites back on 5th January 2020.
Many of these websites are legitimate websites that have been hacked, or have been set up specially around shopping holidays.
8. 52% of data breaches were caused by hackers
According to Verizon, the biggest cause of data breaches was hacking at 52%. Phishing accounted for 33%, and malware for 28% of data breaches (of which 27% are ransomware).
In addition, 34% of all data breaches involve employees or other people on the inside of an organisation, and 95% of cybersecurity breaches are caused by human error, often involving passwords.
Cyber attacks 2020 – an upwards trend
2020 has seen an increase in the number of cyber attacks, but it has also seen some changes in how these attacks are carried out. Ransomware is becoming increasingly popular among attackers. Other attackers are becoming more sophisticated as seen by the recent attacks on FireEye and several US government agencies.
With the growth in cyber attacks, every organisation needs to consider their cyber security position in 2021 including their on-premise network security and cloud security in order to ensure that they are well prepared to deal with an attack whenever it takes place.