100 Workplace Security Statistics (Some of These are Scary!!)


Security continues to be the highest priority for all companies across different industries. Getting the latest trends and statistics helps organizations to shape their plans, costs, and priorities.

With the new risks appearing each day and attackers constantly developing their techniques, it can be very difficult for organizations to keep up. While threats and risks continue to grow, the great news for security and IT professionals is that they can overcome the challenges they are facing on a daily basis. These challenges can be handled effectively by staying updated on the new threats and also by understanding the trends that are giving rise to them.

Here are 100 Workplace Security Statistics that provide context on how security risks are growing and offer insight into what’s coming next:

1. As per 2017 statistics, every year there are around 130 large-scale target breaches in the United States and each year this number is growing by 27% per year- AccentureOpens in a new tab.

2. Three billion Yahoo accounts were hacked in 2016 and this is said to be one of the biggest breaches of all time – OathOpens in a new tab.

3. In 2017, the Equinox breach affected 147.9 billion consumers- EquifaxOpens in a new tab.

4. According to Uber’s report, hackers stole information of 57 million drivers and riders- UberOpens in a new tab.

5. A report shared in 2017 revealed that 412 million user accounts were stolen from the website of FriendFinder- LeakedSourceOpens in a new tab.

(Check out our article on Efficient Workplace Secuirty DevicesOpens in a new tab.)

6. Every year around twenty-four thousand malicious mobile applications are blocked- SymantecOpens in a new tab.

7. About 31% of companies have experienced cyber attacks on operational technology infrastructure- CiscoOpens in a new tab.

8. In 2017, 100,000 groups and more than 400,000 machines were attacked by the WannaCry virus in 150 countries- Malware Tech BlogOpens in a new tab.

9. 4 billion WannaCry virus attacks were blocked in 2017- SymantecOpens in a new tab.

10. In between January 2005 and April 2018, 8854 breaches have been recorded- ID Theft Resource CenterOpens in a new tab.

11. In 2017, crypto jacking attacks increased by 8500 percent- SymantecOpens in a new tab.

12. As per a report shared, the average number of records breached by countries was 24,089 in 2017. The country with the highest number of breaches was India with around 33,000 files and the United States had around 28,500- Ponemon Institute’s 2017 Cost of Data Breach Study

13. Under Armor’s report released that My Fitness Pal was hacked in 2018 affecting around 150 million users- Under ArmorOpens in a new tab.

14. By 2021 damage related to cybercrime is predicted to hit $6 trillion yearly – Cybersecurity VenturesOpens in a new tab.

15. The average cost of a malware attack on an organization is $2.4 million. AccentureOpens in a new tab.

16. Costs related to ransomware damage reached $5 billion in 2017, 15 times more than the cost in 2015- CSO OnlineOpens in a new tab.

17. Cybercrime costs increased in 2017 with organizations spending about 23% more than in 2016 — on an average amount of $11.7 million – AccentureOpens in a new tab.

18. The Equifax breach cost the organization a total amount of over $4 billion – Time MagazineOpens in a new tab.

19. Between 2016 and 2017 there was around 22.7% increase in the costs of cyber security- AccentureOpens in a new tab.

20. According to a study, the average cost of each stolen or lost records per individual is around $141. This cost is different in every country. The most expensive breaches are in the United States ($225) and then in Canada ($190)- Ponemon Institute’s 2017 Cost of Data Breach Study

21. Information loss is the most expensive component of a cyber attack which depicts 43% of costs- AccentureOpens in a new tab.

22. In 2017, the average cost of breach for 50,000 compromised records was $6.3 million- Ponemon Institute’s 2017 Cost of Data Breach Study

23. 50 days is an average cost in time of a malware attack – AccentureOpens in a new tab.

24. Including customer acquisition activities, turnover of customers, diminished goodwill, and reputation losses, U.S has the highest cost of lost business ($4.13 million per company) – Ponemon Institute’s 2017 Cost of Data Breach Study

25. In 2017, total malware variants increased by 88%- SymantecOpens in a new tab.

26. In 2017, the average global cost of cybercrime increased by 27%- AccentureOpens in a new tab.

27. 74% of the organizations have about 1,000 stale files- VaronisOpens in a new tab.

28. The most common information that applications leaks are device location (37%) and phone numbers (63%) – SymantecOpens in a new tab.

29. In 2017, the trojan horse virus named Ramnit attacked the financial sector, which accounted for 53% of attacks-  CiscoOpens in a new tab.

30. Spear-phishing emails were used the most in 2017 by 71% of the groups that participated in cyber attacks- SymantecOpens in a new tab.

31. Web-based and malware attacks are the two most expensive types of attack. For such attacks, companies spend around an average of $2.4 million in security- AccentureOpens in a new tab.

32. Ransomware attacks are more common in countries with a higher number of population connected to the internet. The United States is ranked the highest among all countries with 18.2% of ransomware attacks- SymantecOpens in a new tab.

33. About 60% of the malicious domains are related to spam campaigns- CiscoOpens in a new tab.

34. The applications with the highest cyber security problems are lifestyle apps, which comprises 27% of malicious applications. Whereas, audio and music apps account for 20%- SymantecOpens in a new tab.

35. The financial services industry has the highest cost of cybercrime, recorded $18.3 million per company- AccentureOpens in a new tab.

36. From 2015 to 2017, amongst all the countries the U.S was the most affected by cyber attacks and out of these attacks 303 were known to be large-scale attacks – SymantecOpens in a new tab.

37. 20% of the malicious domains are new and used for one week after the registration- Cisco

38. In 2017, over 20% of cyber attacks originated from China, 11% from the United States and 6% from the Russian Federation- SymantecOpens in a new tab.

39. Microsoft office formats like Excel, Word, and PowerPoint are the most common malicious file extensions that account for 38% of the total- Cisco

40. The estimated number of passwords used by machines and humans globally will increase up to 300 billion by 2020- Cybersecurity MediaOpens in a new tab.

41. 21% of  files are not protected at all-  VaronisOpens in a new tab.

42. 69% of the companies believe that the threats they are experiencing cannot be blocked by the anti-virus software they use- Ponemon Institute’s 2017 Cost of Data Breach Study

43. 41% of the organizations have more than 1,000 sensitive files including health records left credit card numbers that are unprotected- VaronisOpens in a new tab.

44. 70% of the companies believe that their security risks significantly increased in 2017- Ponemon Institute’s 2017 Cost of Data Breach Study

45. About half of the security risks faced by companies arise from multiple products and security vendors- CiscoOpens in a new tab.

46. In 2017, IoT attacks were up by 600%- SymantecOpens in a new tab.

47. Each year ransomware attacks are increasing by 350%- CiscoOpens in a new tab.

48. 7 out of 10 organizations say that their security risks greatly increased in 2017-  Ponemon Institute’s 2017 Cost of Data Breach Study

49. 65% of the organizations have around 500 users who are never reminded to change passwords- VaronisOpens in a new tab.

50. The highest number of attacks by ransomware is faced by the healthcare industry. These attacks will multiply by 2010- CSO OnlineOpens in a new tab.

51. Mobile Malware variants increases in 2017 by 54% – SymantecOpens in a new tab.

52. In 2017, 61% of the breach victims were organizations with under 1,000 employees- VerizonOpens in a new tab.

53. Nowadays, 1 in 13 web requests give rise to malware which is up by 3% from 2016- SymantecOpens in a new tab.

54. In 2019, the ransomware damage costs will reach to $11.5 billion and businesses will be a victim of ransomware attack every 14 seconds- Cybersecurity VenturesOpens in a new tab.

55. The new malware was increased by 80% on Macs in 2017- SymantecOpens in a new tab.

56. The Middle East and the United States spend the most on post-data breach response. Costs in the Middle East were $1.43 million and $1.56 million in the U.S.- Ponemon Institute’s 2017 Cost of Data Breach Study

57. System vulnerabilities increased by 13% in 2017- SymantecOpens in a new tab.

58. As predicted by cybersecurity Ventures, Worldwide spending on cybersecurity will be over $1 trillion from 2017 to 2021- Cybersecurity VenturesOpens in a new tab.

59. In 2017, there was a 29% increase in vulnerabilities related to the industrial control system- SymantecOpens in a new tab.

60. 95% of the successful cyber attacks are an outcome of phishing scams- Info SecurityOpens in a new tab.

61. 45% of the employees get no training on cybersecurity from their employees- CompTIAOpens in a new tab.

62. Risks related to security have decreased by 70% when organizations invest in cybersecurity awareness and training- WombatSecurityOpens in a new tab.

63. 52% of the business owners don’t know what to do in the occurrence of a cyber security incident- CyberArkOpens in a new tab.

64. Most of the cyber security training programs lead to a 37-fold ROI (Return On Investment)- CSOOpens in a new tab.

65. 78% of the employees know about the risks of suspicious links in the emails, but they still choose to click on them- FAUOpens in a new tab.

66. 93% of cyber security professionals believe that technology and humans need to work together to detect threats like phishing attacks and  respond to them- InfoSecurityOpens in a new tab.

67. As per research conducted by Ponemon, even the least effective training programs can result in a 7-fold ROI- CSOOpens in a new tab.

68. Investment in security training and awareness significantly reduces the impact of  cyber attacks on businesses by 72%- WombatSecurityOpens in a new tab.

69. In 2017, the total number of publicly disclosed data breaches were 1,579- Identity Theft Resource CenterOpens in a new tab.

70. 1,946,181,599 are the total number of records comprising sensitive and personal data compromised in between January 2017 and March 2018- PrivacyRightsOpens in a new tab.

71. In 2017, 75% of the data breaches were caused by external attackers- VerizonOpens in a new tab.

72. In a 2018 survey of 1,200 companies, it was reported that 71% of US enterprises suffer from at least one data breach- 2018 Global Threat ReportOpens in a new tab.

73. In 2017, the average cost of a data breach was recorded to be $3.62 million- Ponemon InstituteOpens in a new tab.

74. In a survey of 2,800 IT professionals, 77% of the respondents said that their companies do not have a response plan for a cyber security incident-  IBMOpens in a new tab.

75. The average time taken by companies to identify a data breach is 191 days- 2017 Cost of Data Breach StudyOpens in a new tab.

76. In 2017, the average time needed to fully carry out a data breach was recorded to be 66 days- Ponemon InstituteOpens in a new tab.

77. In a survey of 9,500 executives worldwide, 45% of the respondents said their corporate board actively participates in setting up security budgets- PwCOpens in a new tab.

78. 87% of the organizations say that they need up to 50% more budget for cyber security-  EY GISS SurveyOpens in a new tab.

79. 76% of the enterprises would likely increase the resources allocated for cyber security following a breach that caused damage- EY Global Information Security Survey 2017-18Opens in a new tab.

80. In a survey of 9,500 executives across 75 industries in 122 countries, 29% of the respondents said CISOs bear the responsibility for IoT security- PwCOpens in a new tab.

81. IN 2017, 77% of the attacks on endpoint devices involved the use of exploits and fileless malware- ALERT LOGICOpens in a new tab.

82. In a survey, 1,300 IT decision makers indicated that targeted phishing attacks are their current biggest cyber security threat- CyberArkOpens in a new tab.

83. In 2017, 26.2% of those who were attacked by ransomware were business users- Kaspersky LabOpens in a new tab.

84. In 2017, 87% of remote code execution attacks involved crypto-mining malware- ImpervaOpens in a new tab.

85. According to Thales report, 97% of the respondents are using sensitive data with digital transformative technologies- THALESOpens in a new tab.

86. In 2019, the global cost of cybercrime is expected to exceed $2 trillion- Juniper ResearchOpens in a new tab.

87. In 2018, the spending on cyber security in the United States reached 66 billion U.S. Dollars- StatistaOpens in a new tab.

88. In 2018, the total number of data breaches in the United States amounted to 1,244 and over 446.5 million records were exposed- SatistaOpens in a new tab.

89. Privacy concerns and risk management within digital transformation initiatives will make 40% of the organizations spend more on additional security service through 2020- GartnerOpens in a new tab.

90. In a survey of 1200 organizations, 74% of US respondents said that adherence to compliance requirements is either “very” or “extremely” effective- 2018 Global Threat ReportOpens in a new tab.

91. 88% of 300 CIOs, general counsels, CPOs, and other senior staff at Japanese, US, and UK organizations reported spending more than $1 million on GDPR compliance- PwCOpens in a new tab.

92. For the financial year 2019, the proposed budget for federal cyber security in the United States is $15 billion- Whitehouse.govOpens in a new tab.

93. In 2018, the amount requested by the US Department of Homeland Security for cyber security operations was $971 million-  StatistaOpens in a new tab.

94. In a survey of 200 Defense Department and civilian IT decision makers, 52% of the respondents feel that mandates and cyber security regulations are hindering risk management- SolarWindsOpens in a new tab.

95. At federal agencies, 54% of IT decision makers view untrained and careless employees as posing the biggest security threat- SolarWindsOpens in a new tab.

96. 100% of the respondents in a survey of 850 organizations with at least 500 mobile devices faced a mobile attack in 2017- Check Point

97.  In a survey of 359 cyber security practitioners, 54% of the respondents reported at least one security incident in the past 12 months that involves industrial control system- KasperskyOpens in a new tab.

98. 55% of the industrial organizations allowed third parties like service providers, suppliers or partners to access their industrial control network- The State of Industrial Cybersecurity 2017Opens in a new tab.

99. In a survey of 9,500 IT professionals, 40% of business leaders are worried about a cyber attack on IoT networks and other emerging technologies that can cause operational disruptions- PwCOpens in a new tab.

100. 61% of the enterprises used some level of IoT technologies and therefore, had to deal with the security incidents in 2017- TrustwaveOpens in a new tab.

Conclusion

When it comes to security at a workplace, proactive IT strategy, the right technology, and policies play a crucial role. But, employee awareness and training is the key to prevent common security risks such as phishing attacks from damaging your business.

Steve Todd

Steve Todd, founder of Open Sourced Workplace and is a recognized thought leader in workplace strategy and the future of work. With a passion for work from anywhere, Steve has successfully implemented transformative strategies that enhance productivity and employee satisfaction. Through Open Sourced Workplace, he fosters collaboration among HR, facilities management, technology, and real estate professionals, providing valuable insights and resources. As a speaker and contributor to various publications, Steve remains dedicated to staying at the forefront of workplace innovation, helping organizations thrive in today's dynamic work environment.

Recent Posts