5 Must-Know Cybersecurity Stats of 2022

Discover some of the most significant cybersecurity statistics from 2022 and how your organization can minimize risk heading into the new year.
December 8, 2022

The past year has seen significant growth both in the type and severity of cyberattacks. To better understand what’s driving these attacks and, more importantly, how you can minimize your risk, we’ve identified the stats you need to know leading into the new year.

1. On average, remote work-related breaches cost organizations $1 million more than those where remote work was not a factor.

The shift to remote work and the cascading move to more cloud office apps and decentralized work sites has had a significant impact on the size of breaches. With 25% of employees in the United States working remotely and hybrid work becoming increasingly common, there are more opportunities for cyberattacks.

While there are many great benefits of remote work both for employees and employers, this new way of working also opens up new access points for attackers to enter an organization’s digital walls. According to Gartner, 70% of organizations already making the move to cloud email, allowing new entry and exit points for potential breaches from email platform attacks.

Source: Data Breach Report 2022 - Ponemon Institute, and sponsored, analyzed and published by IBM Security®

2. About 150 billion spam emails are sent every day.

Wow, that’s a lot of spam getting sent across the globe every day! The good news is that the majority of spam is picked up by spam filters. The bad news is that if even a tiny percentage of spam gets through these filters, that’s still a lot of spam to manage. In 2022, Abnormal saw a 91% increase in unwanted mail over the previous year.

All of this leads to email fatigue and our daily deluge of emails pushes us to use shortcuts in how we engage with email. To stay productive, employees tend to process and respond to emails from those they (appear to) know with less caution—which can lead directly into an attacker’s scam. To help employees stay vigilant, it is more important than ever to remove those spam messages so they can focus on the email that truly matters.

Source: Statista

3. Business email compromise (BEC) accounts for 35% of all cybercrime losses.

In May of 2022, the FBI Internet Crime Complaint Center released an eye-popping report that highlighted the continued growth in BEC attacks. Global losses from BEC attacks between July 2019 and December 2021 increased by 65% over the previous year, and account for 35% of all losses due to cybercrime.

Because these targeted attacks are unique and leverage stronger veils of trust through social engineering, they are hard to recognize and often costlier than other, less-targeted attacks. A separate report from the FBI shows that BEC attacks have amounted to more than $43B in exposed losses since June 2016.

Training employees to be vigilant and use their critical thinking skills when reviewing payment requests can help mitigate less sophisticated BEC attacks, but the numbers indicate that even the best training won’t keep organizations entirely safe. The most effective tool is prevention, using technology that can analyze normal behavior about the identity, context, and content of emails and identify when sender accounts may be compromised.

Source: FBI 2021 Internet Crime Report

4. The global cybersecurity workforce gap is roughly 3.4 million people.

The supply of skilled cybersecurity workers needed to protect cross-industrial enterprises from increasingly complex modern threats has not kept up with demand. As any good economics course would teach you, when supply is less than demand, the price to fulfill demand will increase.

Practically speaking, this means organizations either need to pay more to security analysts to protect their organizations from threats or seek out options that free up security analysts' time through automation and AI technology. Otherwise, they’re guaranteed to increase their risk of becoming a cyber attack victim. Without an appropriate level of cybersecurity staff, organizations are less able to properly assess and manage risks, remediate misconfigurations, or patch critical systems expeditiously.

Source: (ISC)2 Cybersecurity Workforce Study, 2022

5. Only 36% of organizations have visibility into the level of access and permissions that internal and external users possess.

Third-party apps have become an integral part of the workplace. In fact, 165 new third-party apps were added to Microsoft’s AppSource between Dec 1 and Dec. 5. Adding purpose-built apps to Google Workspace or Microsoft 365 can fill gaps in the native cloud functionality businesses need to operate. However, these wonderfully well-meaning and productivity-increasing apps have potential pitfalls if their permissions and configurations are not monitored effectively.

More than half (51%) of organizations don’t have an inventory of third-party apps with access to their network. Attackers have seized this opportunity to infiltrate tenants through third-party applications on email platforms. After using those applications to gain access, attackers can download platform data, send additional attacks, or keep tabs on the environment before striking in other ways. Taking steps to monitor and audit third-party app installations and access levels is increasingly important.

Source: ITProToday

There is a confluence of factors driving greater risk and impact of cybersecurity attacks this year. The shift to remote work, and subsequently the cloud, has opened up new vectors of vulnerability within company security postures across the world. With the changing landscape of security infrastructure, attackers have become increasingly more sophisticated, orchestrating precise social engineering attacks that compromise organizations and their vendors. This is occurring against the backdrop of an unprecedented cybersecurity analyst shortage that leaves many organizations unable to secure their email platforms without the aid of more effective technology.

Are your security initiatives keeping up with the pace and sophistication of new cyber threats? To see how Abnormal’s behavioral AI can help secure your cloud email platform, schedule a demo.

5 Must-Know Cybersecurity Stats of 2022

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
Integrates Insights Reporting 09 08 22

Related Posts

BC 5 31 23 Vendor Risks
Learn the biggest risks associated with your vendor relationships and how to protect your organization from Vendor Email Compromise (VEC) attacks.
Read More
B 5 30 23 Teams
See how Abnormal's advanced security solutions protect Microsoft Teams workspace from malicious attacks and account takeovers.
Read More
Zoom BC
Discover how Abnormal protects your Zoom messages and prevents attackers from using the application to breach your business.
Read More
B 5 22 23 SOC
Discover how Abnormal simplifies detection, enhances investigation, and automates remediation, increasing threat investigation efficacy at the SOC level.
Read More
B Phishing
Knowing what to do after receiving a phishing attack is essential for preventing costly consequences. Learn how to respond to Phishing attacks.
Read More
B 5 15 23 Israel BEC
Abnormal research into an advanced Israel-based threat group puts a spotlight on the continuing rise of BEC attacks.
Read More