By Indusface Research Team
Many information security lapses happened this year. Records were lost, money was lost, higher management professionals quit, and budgets were reshuffled to improve application security.
Indusface brings all of this and a lot more. These important security facts from across the world will help you devise powerful anti- breach strategies to keep your business secure and customers confident.
Data Breaches by Volume
1. A total of 750 data breach incidents have been recorded till November this year.
2. The number touched 783 in 2014 with a 27.5% rise compared to 2013. Going by the figures, we are most likely to cross last year’s figures.
3. About 177,837,053 records were stolen.
4. Banking, finance, and business sectors took the biggest hits with about 50% of the data breach incidents reported in these sectors.
5. Businesses and banking/financial industry lost 21 million records in total, which crunched their business, stock value, and customer trust.
Key Learnings: Despite of the rising cybersecurity awareness, businesses are still losing the data breach battle. In the coming year, it will be difficult for the new-age businesses recover from bad reputation and goodwill damage especially against stiff competition that’s puts higher value in garnering customer and business security.
Data Breaches by Cost
6. The average cost to company per stolen record is $154 this year.
7. Highest per record cost is for the education sector, which is $300.
8. The figure is $215 per stolen record for finance and banking sectors.
9. United States and Germany spend most on data breaches. It is around $230 and 224 respectively.
10. Total average cost of a data breach to a company is $3.79 million this year.
11. In 2015, ‘Lost Business’ has been the highest data breach cost component for organizations. The average amount spent is $1.57 million, which was $1.33 million last year.
12. ‘Lost Business’ takes into account reputation damage, goodwill loss, customer disinterest, and increased customer acquisition spending.
Key Learnings: Although not every business loses millions of dollars directly on small data breaches, other repercussions are nasty. For instance, recently TalkTalk stock tanked 10% and Ashley Madison CEO has to resigns after the breaches. In a recent survey, data breach has also been linked to loss of traffic and customers.
13. United States and China are the top bot-based DDoS attack sources. The availability of cheap cloud computing and hosting in these countries explains that .
14. Most of the DDoS attacks are used to cloak other attacks. Something that had happened with the infamous Sony breach incident in 2014 too.
15. In 2015, DDoS was extensively used for holding companies against a ransom. Several banking and financial companies received threats to pay millions or suffer from full-blown DDoS attacks that last for days.
16. Companies spent anywhere up to $19, 000 to resolve DDoS attack on their servers.
17. Malicious or zombie bots and machines are available for just $5/hour. Many rival companies launch small-scale DDoS attack to disrupt services of their competitors.
18. No matter what the volume is, DDoS attacks are difficult to stop at every level.
Key Learnings: You can never be fully prepared for application layer DDoS attacks. It’s ever-standing threat that can only be resolved with close app traffic monitoring. Indusface Total Application Security monitors DDoS threats and diffuse them before they cause server or application performance damages.
19. The Information Security budget in the Asia had fallen by $0.6 million last year. This year too, the figures haven’t improved.
20. On the other hand, the information security spending increased by 12% in 2014.
21. Information security makes just 11% of the total IT budgets.
22. However, this budget has increased over the past few years. It is expected to rise to 28% by the next year.
23. Chief Internet Officer (CIO) and Chief Technology Officer (CTO) largely decide the security spending structure.
Key Learnings: Gartner says that by 2018, 50% of the organizations will use security services firm specializing in data protection. It’s a mandatory trend as new-age businesses focus on growing and other processes that they specialize in. Gartner also stated that Information Security spending reached $75.4 Billion in 2015.Of course, cybersecurity budgets will increase more but organizations should be able to derive value out of it. Wouldn’t it help to get firsthand data on how many threats are found and how many attacks are averted against your website? Learn more about the Indusface Dashboard.
Mobile Application Security
24. 1 in 4 Android devices encounter a threat every month.
25. Data breaches can happen through smartphones and tablets.
26. The iOS vulnerabilities have increased by 262% compared to 2011.
27. Around 56% of enterprises accept that they are likely to have sophisticated threats in their applications.
Key Learnings: As the world moves towards mobility, app testing will become critical. It’s not just about the BYOD security, businesses apps can be hacked like web apps to crash server or steal data. Here’s a detailed view on that: Mobile Application Risks Part 1 and Part 2.
Application Layer Statistics
28. 62% of the IT management and IT security practitioners from 42
countries including North America, Middle East, Europe, Latin
America, Africa and Asia Pacific regions think that data is lost
through the applications.
29. In fact, 34% also believe that security risks are the highest at application layer.
30. Gartner says that 70% of the cyber-attacks happen at the application layer.
31. 44% believe that web application firewall is an important enabling technology.
32. Did you know that 83% of the hacks and data breaches could have been avoided beforehand with a few changes?
Key Learnings: Today web applications are the doorways to business. They command communication, transactions, shopping carts and what not. Isn’t it obvious that hackers will go after apps to steal Personally Identifiable Info (PII), credit card and bank details, and website accounts? Unfortunately, most businesses still adopt ‘network layer is everything’ approach. Application layer security awareness is mandatory where focus should be on continuous weakness detection, attack prevention, and expert monitoring.
- Indusface Blogs and Infographs
- Ponemon Institute Research Reports
- Identity Theft Resource Center (ITRC)
- CyberEdge Group 2015 Cyberthreat Defense Report
- EY Global Information Security Survey