chat
expand_more

5 Must-Know Cybersecurity Stats of 2022

Discover some of the most significant cybersecurity statistics from 2022 and how your organization can minimize risk heading into the new year.
December 8, 2022

The past year has seen significant growth both in the type and severity of cyberattacks. To better understand what’s driving these attacks and, more importantly, how you can minimize your risk, we’ve identified the stats you need to know leading into the new year.

1. On average, remote work-related breaches cost organizations $1 million more than those where remote work was not a factor.

The shift to remote work and the cascading move to more cloud office apps and decentralized work sites has had a significant impact on the size of breaches. With 25% of employees in the United States working remotely and hybrid work becoming increasingly common, there are more opportunities for cyberattacks.

While there are many great benefits of remote work both for employees and employers, this new way of working also opens up new access points for attackers to enter an organization’s digital walls. According to Gartner, 70% of organizations already making the move to cloud email, allowing new entry and exit points for potential breaches from email platform attacks.

Source: Data Breach Report 2022 - Ponemon Institute, and sponsored, analyzed and published by IBM Security®

2. About 150 billion spam emails are sent every day.

Wow, that’s a lot of spam getting sent across the globe every day! The good news is that the majority of spam is picked up by spam filters. The bad news is that if even a tiny percentage of spam gets through these filters, that’s still a lot of spam to manage. In 2022, Abnormal saw a 91% increase in unwanted mail over the previous year.

All of this leads to email fatigue and our daily deluge of emails pushes us to use shortcuts in how we engage with email. To stay productive, employees tend to process and respond to emails from those they (appear to) know with less caution—which can lead directly into an attacker’s scam. To help employees stay vigilant, it is more important than ever to remove those spam messages so they can focus on the email that truly matters.

Source: Statista

3. Business email compromise (BEC) accounts for 35% of all cybercrime losses.

In May of 2022, the FBI Internet Crime Complaint Center released an eye-popping report that highlighted the continued growth in BEC attacks. Global losses from BEC attacks between July 2019 and December 2021 increased by 65% over the previous year, and account for 35% of all losses due to cybercrime.

Because these targeted attacks are unique and leverage stronger veils of trust through social engineering, they are hard to recognize and often costlier than other, less-targeted attacks. A separate report from the FBI shows that BEC attacks have amounted to more than $43B in exposed losses since June 2016.

Training employees to be vigilant and use their critical thinking skills when reviewing payment requests can help mitigate less sophisticated BEC attacks, but the numbers indicate that even the best training won’t keep organizations entirely safe. The most effective tool is prevention, using technology that can analyze normal behavior about the identity, context, and content of emails and identify when sender accounts may be compromised.

Source: FBI 2021 Internet Crime Report

4. The global cybersecurity workforce gap is roughly 3.4 million people.

The supply of skilled cybersecurity workers needed to protect cross-industrial enterprises from increasingly complex modern threats has not kept up with demand. As any good economics course would teach you, when supply is less than demand, the price to fulfill demand will increase.

Practically speaking, this means organizations either need to pay more to security analysts to protect their organizations from threats or seek out options that free up security analysts' time through automation and AI technology. Otherwise, they’re guaranteed to increase their risk of becoming a cyber attack victim. Without an appropriate level of cybersecurity staff, organizations are less able to properly assess and manage risks, remediate misconfigurations, or patch critical systems expeditiously.

Source: (ISC)2 Cybersecurity Workforce Study, 2022

5. Only 36% of organizations have visibility into the level of access and permissions that internal and external users possess.

Third-party apps have become an integral part of the workplace. In fact, 165 new third-party apps were added to Microsoft’s AppSource between Dec 1 and Dec. 5. Adding purpose-built apps to Google Workspace or Microsoft 365 can fill gaps in the native cloud functionality businesses need to operate. However, these wonderfully well-meaning and productivity-increasing apps have potential pitfalls if their permissions and configurations are not monitored effectively.

More than half (51%) of organizations don’t have an inventory of third-party apps with access to their network. Attackers have seized this opportunity to infiltrate tenants through third-party applications on email platforms. After using those applications to gain access, attackers can download platform data, send additional attacks, or keep tabs on the environment before striking in other ways. Taking steps to monitor and audit third-party app installations and access levels is increasingly important.

Source: ITProToday

There is a confluence of factors driving greater risk and impact of cybersecurity attacks this year. The shift to remote work, and subsequently the cloud, has opened up new vectors of vulnerability within company security postures across the world. With the changing landscape of security infrastructure, attackers have become increasingly more sophisticated, orchestrating precise social engineering attacks that compromise organizations and their vendors. This is occurring against the backdrop of an unprecedented cybersecurity analyst shortage that leaves many organizations unable to secure their email platforms without the aid of more effective technology.

Are your security initiatives keeping up with the pace and sophistication of new cyber threats? To see how Abnormal’s behavioral AI can help secure your cloud email platform, schedule a demo.

5 Must-Know Cybersecurity Stats of 2022

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More
B Microsoft Blog
Explore the latest cybersecurity insights from Microsoft’s 2024 Digital Defense Report. Discover next-gen security strategies, AI-driven defenses, and critical approaches to counter evolving threats and safeguard your organization.
Read More
B Osterman Blog
Explore five key insights from Osterman Research on how AI-driven tools are revolutionizing defensive cybersecurity by enhancing threat detection, boosting security team efficiency, and countering sophisticated cyberattacks.
Read More
B AI Native Vendors
Explore how AI-native security like Abnormal fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.
Read More