In today’s digital world, cyber attacks have become one of the most common threats to all kinds of businesses. And while damaging to any organization, a cyber attack that targets a startup or small business can end up being the cause behind the company having to close their doors for good.

The idea of enduring a cyber attack can be scary, and rightly so. But, there are ways to protect yourself and your business. Before jumping to those solutions though, it can be helpful to first fully understand what the potential dangers are and how they are being handled by others across various industries. 

Understanding and Protecting Against Cyber Attacks 

There are two classifications of cyber attacks. An incident is a security event that compromises the integrity, confidentiality or availability of an information asset. And a breach is an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party.

The options may seem endless when thinking through the ways that a cyber attack can occur, but in general there are four paths that, if left vulnerable, can lead to a cyber attack. They include credentials, phishing, exploiting vulnerabilities, and botnets. 

As a business owner, you’ll want to protect against any vulnerabilities to avoid both cyber attack incidents and breaches. To do so, you can hire a web security lead or team, purchase cyber security software and two-factor authentication for remote teams, like DUO, and if those safeguards fail it is also wise to purchase Cyber Security Insurance. 

Cyber Attack Statistics You Should Know in 2022

Let’s take a look at how cyber attacks are impacting how businesses operate across the globe: 

The Cyber Security Market

According to Fortune Business Insights, The worldwide information security market is forecasted to reach $366.1 billion in 2028. As of 2021, it was valued at 139.77 billion. This shows that businesses are currently investing in cyber protection–and that the need to do so will only continue to grow with time. 

Further, it’s important to note that the need for protection is not unsubstantiated. Research has revealed that the pandemic has only elevated the necessity of cyber security. One study from ThoughtLab showed that the number of material breaches respondents suffered rose 20.5% from 2020 to 2021, and cybersecurity budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80%.

The Worldwide Threat

A study conducted by Positive Technologies in late 2021 found that cybercriminals can penetrate a harrowing 93 percent of company networks around the world. 

When looking at the US, UpCity found that Cybercrime cost US businesses more than $6.9 billion in 2021, and only 43% of businesses feel financially prepared to face a cyber-attack in 2022.

And according to Microsoft, the US was the target of 46 percent of cyberattacks in 2020, more than double any other country. 

Industries Most Impacted

Positive Technologies also found that there was a 117% increase in cyberattacks on retail businesses between the years 2018-2019. This is likely in part to the rise in the global e-commerce market.

Additionally it’s been found that the medical and insurance industries are also a target. A report from San Francisco-based Abnormal Security found that medical industries and insurance companies had a 45-60% chance of being the target of a phone fraud attack via email. In this kind of a cyber attack, the scammer sends an email to the target, asking the target to call them. In the second half of 2021, those attacks increased by 10 percent.

The Causes Behind the Vulnerabilities 

ThoughtLab’s 2022 cyber security benchmarking study, Cybersecurity Solutions for a Riskier World found that Executives anticipate that attacks from social engineering and ransomware will target weak spots primarily caused by:

• Software misconfigurations (49%)
• Human error (40%)
• Poor maintenance (40%)
• Unknown assets (30%)

Another study by UpCity found that out of the 600 business owners and IT professionals surveyed, the results deemed that the most common causes of cyber-attacks are done so via malware and phishing breaches. 

The Role That Human Error Plays

The 2021 Unisys Security Index was conducted in 11 countries across North America, Latin America, Europe and Asia Pacific. And while it may seem that the increased levels of concern around internet security are obvious to everyone, the results revealed that there was a general lack of awareness amongst employees. The survey found that: 

• More than half are unaware of mobile security risks like SMS phishing. (56%)
• Nearly 4 in 5 are unaware of SIM jacking or PAC fraud, when a scammer can access your phone from theirs. (79%)
• Nearly half of workers are downloading unauthorized apps or software for work purposes. (45%)
• Nearly 2 in 5 think it’s someone else’s responsibility to keep data secure when working from home. (38%)

Further, when looking at the US specifically, the Index found that nearly 6 in 10 hybrid workers download unauthorized software and apps on their work devices. 

When asked why they chose to do so, 45% of respondents said that the software or apps they downloaded were better than the tools their company provided, while 43% said that their company did not provide a good alternative option.

Similarly, about 6 in 10 respondents (62%) shared that they are not familiar with the threat of SMS phishing. This is an attack when a scammer texts asking for personal or financial information. And more than half (51%) of people surveyed said that they are not wary of clicking on links in a text message, email or social media app. 

And to make matters even more precarious, nearly three-quarters (72%) of respondents did not know where to report a scam should they be victimized.

Overall Preparedness of Businesses

The same ThoughLab study referenced earlier found that while cyber attacks are so prevalent, 29% of CEOs and CISOs and 40% of chief security officers admit their organizations are unprepared for a rapidly changing threat landscape. And according to UpCity’s findings, only 50% of U.S. businesses have a cybersecurity plan in place–of those, 32% haven’t changed their cybersecurity plan since the pandemic forced remote and hybrid operations.

The reasons cited include: 

• The complexity of supply chains (44%) in fact 82 percent of CIOs believe their software supply chains are vulnerable
• The fast pace of digital innovation (41%)
• Inadequate cybersecurity budgets (28%)
• Lack of executive support (28%)
• Convergence of digital and physical assets (25%)
• Shortage of talent (24%)

The highest percentages of unprepared organizations were in critical infrastructure industries including: healthcare (35%), the public sector (34%), telecoms (31%), and aerospace and defense (31%).

What You Can Do

As a business owner, it is your responsibility to protect the personal, financial and medical information of your customers and employees. Of course, having a certified and experienced cyber security team is a great element of a protection plan. But that will not solve for all vulnerabilities–not to mention it will not be an option for every business. There are tools and software that can help, but ultimately a sure-fire and somewhat affordable way to protect your business in the case of an attack is to have insurance. 

Take a look at some of our recent reviews of leading insurance companies for startups and small businesses that include cyber security coverage. 

This article may feature links to partners who compensate our business, but these partnerships in no way impact our research, recommendations, or advice.