2019 cyber-security statistics and future forecasts

Earlier this month Hashedout published a disturbing report summarize 2019 cyber security statistics. Among their list of 80 statistics, few of them caught our attention. Here are 8 statistics we thought were the most interesting:

1. Security breaches increased by 67% Over the past five years, according to Accenture's global survey.
2. Ransomware attacks occur every 14 seconds according to the Cybersecurity Ventures Official Annual Cybercrime Report (ACR). The company also estimates that number will increase to every 11 seconds by 2021.
3. Cybercrime damages are anticipated to cost businesses and organizations $6 trillion annually by 2021, according to the 2019 ACR from Cybersecurity Ventures. This number, which is up from the company's 2015 estimate of $3 trillion in cybercrime damages annually, "represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined."
4. Ransomware attacks estimate to increase 5X by 2021. According to The Cybersecurity Almanac 2019 from Cybersecurity Ventures, ransomware attacks against healthcare organizations will increase by this amount between 2017 and 2021. This isn't all that surprising considering that healthcare ranks 15th out of 18 U.S. industries with regard to cybersecurity and research shows that hospital employees open one of every seven phishing emails.
5. 95% of HTTPS servers vulnerable to MitM According to Netcraft. MitM attacks were thought to pose a threat to 95% of HTTPS servers in 2016.
6. MitM attacks were involved in 35% of exploitations More than one-third of exploitation of inadvertent weaknesses involved MitM attacks, according to IBM's X-Force Threat Intelligence Index 2018.
7. 32% of U.S. companies failed to properly implement SSL/TLS High-Tech Bridge reports that 32% of U.S. companies (16% of European companies) received failing grades for their implementations of SSL/TLS encryption, according to High-Tech Bridge's report.
8. Only 52.5% companies are fully compliant with PCI DSS (Payment Card Industry Data Security Standard requirements) requirements in 2017, according to Verizon's 2018 Payment Security Report.

Cyber security threats need to be a main focus of each organization. With only 2% of the IT expenditure invested in security, this forlorn forecast is inevitable. Organizations need to re-consider their approach to this manner, to avoid the statistics.