current trends, forecasts and analytics
Trends in the field of information security:
Cyber threats are the fifth highest priority risk that could lead to a global crisis in 2024. (Global Risks Report 2024World Economic Forum);
Cyber incidents are the most significant global business risk (Allianz Risk BarometerAllianz);
Data leaks are a catalyst for cyberattacks on critical infrastructure. There has also been an increase in ransomware attacks (Allianz Risk BarometerAllianz);
The number of attacks using compromised data in 2023 increased by 71% compared to 2022 (X-Force Threat Intelligence Index 2024IBM);
The most attacked industry is manufacturing, accounting for about 26% of all attacks. Second and third places are occupied by the financial industry and consumer services with 18% and 15%, respectively (X-Force Threat Intelligence Index 2024IBM);
The number of BEC attacks related to wire transfers increased in the last quarter of 2023. Researchers note that attackers began to carry out more such attacks, requesting smaller amounts of money in each of them (PHISHING ACTIVITY TRENDS REPORTAnti-Phishing Working Group).
Damage from cybercrime:
The cost of cybercrime will approach $10.5 trillion per year by 2025. In 2015, damage was estimated at $3 trillion (2023 Official Cybercrime ReportEsentire);
The average cost of property damage from a data breach has increased 15% over the past 3 years to $4.45 million (Cost of a Data Breach Report 2023IBM);
The cost of a healthcare data breach has increased by 53% since 2020 (Cost of a Data Breach Report 2023IBM).
Human factor:
95% of all leaks occur due to the “human factor” (DLP Statistics 2024Webinarcare);
Researchers from the Ponemon Institute surveyed 309 companies from around the world and identified the number of insider incidents. In 2022 there were 6.8 thousand, in 2023 – 7.3 thousand. The average cost of each incident from 2022 to 2023 increased from $15.4 million to 16.2 million. The average number of days required to contain an incident were 85 and 86 days in 2022 and 2023, respectively (Cost of Insider Risks Global ReportPonemon and DTEX);
75% of all insider incidents are due to human error: 50% are due to negligence, and the remaining 25% are due to the actions of third parties who tricked the insider into obtaining information. Acts by malicious insiders were less frequent (25%) but more costly. They are estimated at an average of 700 thousand dollars per incident (Cost of Insider Risks Global ReportPonemon and DTEX);
The percentage of companies that experience a high number of insider incidents (21-40) increased from 67% in 2022 to 71% in 2023 (Cost of Insider Risks Global ReportPonemon and DTEX);
66% of companies experienced information leaks caused by employees in 2023. In 2022, their share was 44% (SearchInform Study 2023).
Phishing:
44% of US shoppers have disputed purchases because they claim they were victims of phishing scams (Q4 2023: Dispute data consumer insights, and emerging trends,SIFT);
94% of organizations have been victims of a phishing attack. The most popular attack techniques include links to phishing sites, emails from compromised addresses, or including malware attached to the email (Email threat landscape 2024: Phishing reportEgress);
Attackers bypassed multifactor authentication in 83% of phishing attacks (Email threat landscape 2024: Phishing reportEgress);
In 2023, the Anti-Phishing Working Group reported more than 5 million phishing attacks. This is the worst indicator in the entire history of the company's reports (APWGAnti-Phishing Working Group).
Ransomware:
The number of ransomware attacks decreased by 11.5%. Now attackers prefer to sell data instead of demanding ransom for it. However, ransomware remains extremely popular and is used in 20% of all attacks (IBM X-Force Threat Intelligence Index 2024IBM);
81% of organizations surveyed experienced ransomware attacks in 2023, 48% paid a ransom (The 2023 SpyCloud Ransomware Defense ReportSpy Cloud).
Data leaks:
The most data leaked in 2023 was in the United States and Russia – 96.7 and 78.4 million accounts, respectively. France ranks third with just over 10 million (Surfshark);
The percentage of companies that lost more than $1 million as a result of a breach increased from 27% in 2022 to 36% in 2023 (Findings from the 2024 Global Digital Trust InsightsPWC);
The number of breaches increased from 40% to 80% of the total number of cyber incidents from 2019 to 2022, respectively. (Allianz Risk Barometer, Allianz). According to our statistics, 37% of companies experienced a personal data leak in 2023. This is 5% more than in 2022, and 8% more than in 2021 (SearchInform Research 2023).
AI:
53% of respondents consider artificial intelligence a “global risk.” This is due to misleading content generated by AI (Global Risks Report 2024World Economic Forum);
Organizations that use automation and AI in their security processes save an average of $1.76 million compared to those that do not. (Cost of a Data Breach Report 2023IBM);
Almost every fifth business uses AI for information security (tech.co).
Digital hygiene:
Users who have completed anti-phishing training click on phishing links 30% less often (Keepnet);
More than 65% of business representatives surveyed do not use password managers (tech.co);
Half of employees are poorly aware of basic information security rules (SearchInform Study 2023).
Personnel:
In 2022, 6% of executives reported a lack of competencies and personnel needed to respond to cyber incidents. In 2023, this figure reached 12%, and based on the latest research, the shortage of personnel could reach 20% (Global Cybersecurity Outlook 2024World Economic Forum);
The global shortage of personnel related to cybersecurity is more than 4 million people and will only grow (Cybersecurity Workforce Study: Looking Deeper into the Workforce GapISC2);
Experts predict that skills shortages will account for more than half of the serious cyber incidents by 2025 (Gartner);
66% of companies observe a stable shortage of personnel in the information security market, 12% feel it is increasing (SearchInform Research 2023).
Well, at the same time, we remind you that we conduct our own research regularly – you can find out about them in our section “Practice and analytics” In addition, it contains various useful materials – from checklists and white books to training tests – that will help you understand information security systems and help your employees improve their information security literacy.