2020 was marked by a rapid and unprecedented digital transformation for many organizations, as many adapted their operations to allow remote work. This transformation has also resulted in a drastic increase in cybersecurity risks for many organizations and a significant growth in the amount of cyberattacks.
In order to prepare for the upcoming year and the risks that will continue to be on the rise, here are many relevant statistics that you should know for 2021:
Application Cybersecurity Statistics for 2021
More than half of web application vulnerabilities are classified high-severity or critical – Web applications have become essential in everyone’s day-to-day life, whether for making banking transactions, ordering from a restaurant, or collaborating in a workplace setting, it’s undeniable that they now hold an important place in our lives. In order to maintain a competitive edge, companies are constantly adding new features and new integrations which increases the complexity of these applications. For this reason, critical and high-severity vulnerabilities often unknown to development teams are introduced into the app and can have serious repercussions when exploited by an attacker.
2/3 of all attacks on web applications involve an SQL injection – SQL injection attacks, one of the predominant security controls addressed in the OWASP standard, targets the application’s database and attempts to gain access to any stored data. Vulnerabilities that involve SQL injections are often critical, as they are generally accessible without requiring any specific access.
Cyberattacks on web applications increased by 52% in 2019 according to a report published in mid-2020 – Hackers are becoming well aware of the risks associated with the growing use of web applications. The have become one of the primary vectors of attack prioritized by attackers due to the amount of sensitive data they process.
More than 20% of all cyberattacks in 2020 were against web applications – Nearly 1 in 4 cyberattacks in 2020 targeted a web application.
COVID-19 Cybersecurity Statistics for 2021
During COVID-19, phishing attacks increased by 667% in only one month – Hackers are taking advantage of the pandemic to create convincing scenarios, leveraging a combination of fear and a sense of urgency to persuade individuals to download malicious attachments or submit their credentials in a malicious web page. For example, some phishing emails sent in March 2020 impersonated governments and claimed to invite users to a vaccine trial, asking that they fill out a form attached to the email.
Over 30% of Canadian organizations have seen a noticeable spike of cyberattacks during the pandemic – According to a survey conducted by the Canadian Internet Registration Authority (CIRA), more than 30% of Canadian organizations faced a significant increase in cyberattacks during the COVID-19 pandemic.
The majority of Canadian companies implemented new cybersecurity protections directly in response to COVID-19 – With the rise of cyberattacks in 2020, most organizations in Canada were forced to put new cybersecurity measures in place. Furthermore, the adoption of remote work has resulted in unexpected cyber risks that led companies to implement new protections.
Cyberattacks against banks rose by 238% due to COVID-19 – Banks were a primary target for hackers in 2020 as millions of consumers shifted their banking and shopping habits due to stay-at-home orders, notably with a 50% increase in online transactions during the pandemic. The primary goal of attackers is to steal banking credentials or sensitive information they can use to access and divert funds.
Ransomware attacks increased by 148% at the peak of the pandemic – Considering the rise in phishing, it’s no surprise that ransomware attacks have also increased drastically during the pandemic. Cryptographic malware is generally delivered through infected email attachments, allowing hackers to infect workstations. The latter is designed to ultimately exploit vulnerabilities for spreading itself across an entire network and infecting as many devices as possible.
According to CIRA, Canadian governments saw a 20% increase in cybersecurity incidents in May 2020 – Many Canadian government agencies faced an increase in ransomware and phishing attacks in May 2020, as many opted for remote work, resulting in various cybersecurity incidents. This same trend has been seen on the other side of the border, with many local US governments declaring a state of emergency due to ransomware attacks.
Canada’s Cybersecurity Statistics For 2021
80% of companies in Canada were hit by a cyberattack between 2019 and 2020 – According to a survey conducted by CIRA, only 20% of Canadian companies did not record a cyberattack between 2019 and 2020.
30% of all Canadian organizations hit by a cyberattack saw their day-to-day work interrupted – From denial of service (DDoS) to encrypted workstations due to ransomware, nearly a third (1/3) of companies suffered a loss in productivity and saw their daily operations affected by an attack, causing delays for their customers, revenue losses, and skyrocketing technical recovery costs.
45% of companies in Canada performed a penetration test in 2020 to prevent future cyberattacks – Penetration tests or pentests remain the most effective way to secure an organization from cyberattacks, as it allows them to replicate a cyberattack following the same steps a hacker is using to identify vulnerabilities that can be exploited. Additionally, it prioritizes their security gaps based on their risk level and provides recommendations to help them effectively allocate their resources on measures that protect them from cyberattacks.
41% of Canadian organizations plan to conduct penetration testing to mitigate their cyber risks in 2020 and 2021 – Nearly half of companies plan to incorporate penetration tests into their risk management strategy for the upcoming year. Many of them face roadblocks or have a hard time justifying the return on investment that it provides to their company, but the benefits are clear. For example, startups have limited resources and investing on a pentest might seem counter-intuitive, but it will allow them to meet various requirements to unlock business partnership and in turn, get more resources.
66% of organizations in Canada hold sensitive data from their customers, employees, suppliers, vendors, or partners – This explains why so many organizations are investing into cybersecurity measures, such as penetration tests. Whether it’s for meeting requirements from their clients, securing sensitive assets, or preventing financial losses due to customer turnover following a data breach, implementing strong cybersecurity protections is essential in today’s digital world.
Data Breach Statistics For 2021
71% of all data breaches are financially motivated – An entire market on the dark web is dedicated to the reselling and purchase of leaked data after a data breach. This data is often used by attackers to connect into a company’s critical system by attempting to use the credentials of every employee they manage to find. This is not surprising for most experts in the industry, as statistics have shown that cybercrime is more profitable than the combined operations of drug trafficking worldwide.
20% of data breaches are motivated by cyber espionage – According to Verizon’s yearly report, 20% of data breaches are motivated by cyber espionage, such as corporate espionage.
43% of data breaches in 2020 occurred through cloud-based web applications – With the large amount of sensitive data stored on web applications, the risks associated with the large flexibility of configurations on cloud infrastructures (often misconfigured) and the critical vulnerabilities on these apps, they are becoming a primary target for attackers.
25% of data breaches in 2020 involved phishing as a vector of attack – No matter how strong a company’s cybersecurity measures are, phishing can circumvent a lot of these protections and render them ineffective.
Healthcare Cybersecurity Statistics For 2021
Medical devices have 6 vulnerabilities on average that cannot be patched – A majority of medical equipment relies on obsolete operating systems with many vulnerabilities that cannot be mitigated, although these risks can be alleviated with proper network segmentation and strong procedures.
62% of hospital administrators feel unprepared to deal with cyber risks – Considering the fact that hospitals spend 50% to 75% less on cybersecurity compared to other industries, administrators lack the necessary resources to protect their infrastructure against cyberattacks.
24% of healthcare employees have never received cybersecurity awareness training – A majority of incidents in the healthcare industry were caused by a lack of awareness regarding cybersecurity risks. Cyberattacks on hospitals are so frequent that many US government agencies, such as the FBI and CISA, recently issued a joint warning regarding the imminent threat they pose. These attacks generally result from phishing emails on which an employee clicked, as one in seven hospital employees are said to open phishing emails. A recent ransomware attack that targeted a hospital in the US forced them to divert ambulances to nearby hospitals and to delay surgeries after an employee clicked on a malicious attachment in an email. Thorough cybersecurity awareness is the most effective way to prevent these incidents and reduces the risk of a cyberattack drastically in an organization.