In January 2020, the Coronavirus outbreak started to garner international headlines. On March 11, 2020, the World Health Organization declared COVID-19 a worldwide pandemic. That week, life around the world changed. Bustling streets became empty, hospital beds overflowed, and businesses were faced with the impossible decision of whether or not to close their doors, in some cases, for good.
An increase in cyber attacks is common in a time of crisis. In 2008, the worldwide economic crisis led to cyber attacks as company capital decreased and citizens became an easy target. Cybercriminals prey on societal vulnerabilities, and COVID-19 is no exception. The landscape of cybersecurity attacks in 2020 has followed suit to its economic recession predecessor.
Even in its early stages, we can see the effect of COVID-19 on individuals, businesses, and the entire world with these revealing 2020 cybersecurity statistics.
Key Takeaways:
- COVID-19 can already be classified as the largest-ever cybersecurity threat.
- Cyber attacks were most prevalent in the healthcare and financial industries.
- Email phishing attacks were the most common source of data breaches while working from home.
- Amongst the heightened security threats, organizational cybersecurity budgets are still expected to decrease in 2021.
Table of Contents:
- Data Breach Statistics by Industry
- Remote Work and Data Breaches
- Coronavirus-Related Cyberthreats
- Cybersecurity Spend During Coronavirus
- Cyber Attack Statistics by Country
Data Breach Statistics by Industry
Cybercriminals are running rampant across susceptible industries in the wake of COVID-19, but not all are equally impacted. Healthcare and financial services faced the most security challenges in 2020 due to their vulnerability in the worldwide crisis.
Not to say other industries aren’t impacted, though. Cyber attacks have ranged from local government to small business across the world since January.
- In 2020, 98% of point of sale data breaches in the accommodation and food services industry were financially motivated. (Verizon)
- Healthcare cybersecurity breaches cost the most of any other industry at $7.13 million. (IBM)
- Local government domain administrator accesses are sold for an average of $3,217 in 2020. (Digital Shadows)
- A data breach of the federal disaster loan applications impacted 8,000 small business owners exposing their applications. (U.S. PIRG)
- Ransomware groups targeted aid organizations, medical billing companies, manufacturing, transport, educational software, and government institutions in April, 2020. (Microsoft)
- 52% of compliance leaders say the most-increased third-party risk for their organization is cybersecurity. (Gartner)
- On July 10, the OCIE released a ransomware alert that one or more hackers have orchestrated attacks to penetrate financial institution networks. (SEC)
- Confirmed data breaches in the healthcare industry increased by 58% this year. (Verizon)
Remote Work and Data Breaches
As organizations around the world scramble to adapt to a strictly remote workforce, the widespread increase of data breaches has been omni-present. DevelopIntelligence Information Security trainer Frank S. Rietta explains, “The biggest challenge for many organizations, which should not have been a challenge, is how to work with a 70-90% remote workforce. The technology to allow teams to work securely from home has existed for years, but there has been slow adoption due to organizational inertia and the overreliance on network security rather than cloud-based environments. This is a structural and not a technological challenge.”
- 47% of employees cited distraction as the reason for falling for a phishing scam while working from home. (Tessian)
- Web application breaches account for 43% of all breaches and have doubled since 2019. (Verizon)
- 52% of legal and compliance leaders are concerned about third-party cyber risks due to remote work since COVID-19. (Gartner)
- Remote work has increased the average cost of a data breach by $137,000. (IBM)
- 81% of cybersecurity professionals have reported their job function changed during the pandemic. ((ISC)²)
- In April, 83% of tech firms reported new customer inquiries, 36% of which within the cybersecurity sector. (CompTIA)
- The search term “how to remove a virus” increased by 42% in March. (Google Trends)
- From January to March there was an increase of 8.3% in mobile VPN usage. (WatchGuard)
- 76% of remote workers say working from home would increase the time to identify and contain a breach. (IBM)
Coronavirus-Related Cyberthreats
Cyberthreats have exploded in 2020, exploiting the needs and fears of global populations.
“This is social engineering at its worst — and unfortunately, it’s more likely to work in these uncertain times. People haven’t become more gullible in the past six months; they’ve become used to big changes in small messages. When the next news headlines could be a matter of safety or sickness, it’s much easier to believe information that appears right in your inbox.” explains Cindy Murphy, President of Digital Forensics at Tetra Defense.
- 33,000 unemployment applicants were exposed to a data security breach from the Pandemic Unemployment Assistance program in May. (NBC)
- Scams increased by 400% over the month of March, making COVID-19 the largest-ever security threat. (ReedSmith)
- In April, Google blocked 18 million daily malware and phishing emails related to Coronavirus. (Google)
- Half a million Zoom user accounts were compromised and sold on a dark web forum. (CPO Magazine)
- There are 1,767 high-risk Coronavirus themed domain names created each day. (Palo Alto Networks)
- 471 fake online shops selling fraudulent COVID-19 items were taken down in the UK. (ZDNet)
- 450 active WHO email addresses and thousands of COVID-19 response team’s email addresses were leaked in April. (WHO)
- Visits to popular hacker websites and forums increased by 66% between March and May. (cybernews)
Cybersecurity Spend During Coronavirus
Whilst companies and governments are being hit hardest by threat agents, expected budgets have not shown any signs of combatting the attacks. Additionally, it’s become commonplace for those who have been impacted by lost wages to have been presented with at least one COVID-19-related scam in some capacity.
- The average cyber breach costs companies $3.86 million and takes 280 days to identify and contain. (IBM)
- In 2020, worldwide government IT spending is forecasted to reach $438 billion. (Gartner)
- 54% of Britons who experienced loss of income due to COVID-19 were also hit with a cyber scam. (Computing)
- Zoom account credentials are sold for as little as $0.0020 cents on the dark web. (CPO Magazine)
- Worldwide cybercrime costs will hit $6 trillion annually by 2021. (Cybersecurity Ventures)
- Worldwide organizational cybersecurity spend is expected to decrease by 8% in 2020. (Statista)
- 70% of CISOs and security buyers forecast cybersecurity budgets will shrink in 2021, but still plan to request a significant budget increase. (McKinsey)
- On average, customer PII costs $150 per record. (IBM)
Cyber Attack Statistics by Country
The timeline of cyberattacks has ranged from North America to the Asia-Pacific. Cybersecurity risks seemed to follow with the virus, as countries in East Asia saw the initial spikes in attacks prior to their Western counterparts.
- North America will spend the most money on Government IT globally in 2020, reaching $191 billion. (Gartner)
- The spike in attacks against the Republic of Korea were higher than the worldwide average in early March, following the early arrival of the virus to the country. (Microsoft)
- In the UK, victims of COVID-19 related scams have lost over £11 million collectively as of July, 8th. (Action Fraud)
- 85% of victims and threat actors reside in the same country. (Verizon)
- The FBI and CISA reported the People’s Republic of China targeting the intellectual property of COVID-19 research organizations. (FBI)
- 65% of organizations admitted to achieving zero-to-minimal compliance of United States data privacy and security regulations. (SC Media)
- The GDPR criticized the UK for lack of data privacy legislation regarding its test-and-trace program. (DARKreading)
- The Czech Republic reported a cyberattack on Brno University Hospital, shutting down its entire IT network. (Europol)
- From January to July, there were a total of 216,001 network attacks in the Asia-Pacific region. (WatchGuard)
- United States cybersecurity breaches cost the highest of any other country at $8.64 million. (IBM)
These COVID-19 cybersecurity statistics lend a looking glass into what the future of computer trends might be like. Services may switch to more cloud-based softwares with user intent at the forefront of design. Time will tell what the next-gen of technology will hold for individuals, governments, and organizations—and the best bet is to stay vigilant and implement a cross-platform antivirus program.