Cybersecurity was a big focus for CompTIA in 2021. From our research team to our Cybersecurity Advisory Council, Cybersecurity Community, and CompTIA ISAO, we produced a lot of content and data around how tech companies are responding to the latest cyberattacks, ransomware, hacks, and other cybercriminal behavior.
We’ve pored through everything we published and pulled out 10 important cybersecurity statistics from the last 12 months, including businesses' current views on the state of their own cyber prowess, to carrying cyber insurance, to worries about being targeted.
37% Are Somewhat or Very Concerned for their Organization’s Cyber Resilience
A LinkedIn poll of more than 900 CompTIA followers reveals that 37% of people are either somewhat concerned (21%) or very concerned (16%).
In addition, only 27% of people are completely confident in their organization’s cyber resilience, evidence that businesses still have a lot of work to do.
As one person commented, “The minute your content with your security is the minute you fail.”
42% of Companies Have Cyber Insurance
Of course, that means the other 58% do not. While 26% said they are at least considering it, a startling 32% said they are not interested in policies that protect against cybercriminals at this time. One commenter posted, “They will after a breach. Isn't that how it always works?” CompTIA recently partnered with The Hartford to offer cybersecurity insurance to members to help protect MSPsfrom unforeseen liabilities and data breaches. Click here for more details.
65% of Businesses Don’t Require Their Customers to Carry Cyber Insurance
Cyber insurance should be standard for your company, but also your customers, according to Brian Weiss, a CompTIA ISAO member and CEO of ITECH Solutions, based in San Luis Obispo, Calif. “You have a higher chance of getting hit with a cyber incident than of having a fire. Your clients already are paying for things less likely to happen, so why not consider cyber insurance?” Weiss said in November. In a LinkedIn poll, a total of 65% said they don’t require it, including a surprising 22% that went so far to say their customers’ cyber insurance is none of their business.
69% Believe State of Cybersecurity Is Improving
While 69% may seem like a solid number of people who have faith that we’re becoming more cyber resilient, it’s actually down from 80% in 2020, according to CompTIA's 2021 State of Cybersecurity research report. And the number of people who believe the state of cybersecurity is getting worse jumped to 16% in 2021 from 11% in the prior year.
“Prolonged pandemic uncertainty, ransomware attacks on critical infrastructure, and supply chain attacks rippling through the business landscape were all likely contributors to a more pessimistic sentiment,” according to the report.
Number of Hackers Is the No. 1 Issue Driving Cybersecurity
Businesses face a wide range of issues when it comes to evaluating their cyber resiliency and planning their security investments, according to the 2021 State of Cybersecurity report. But the volume (chosen by 49% of respondents) and variety of attacks (chosen by 43%) are top of mind.
“Next, they are concerned about guarding their customers’ privacy. From there, they are dealing with a growing reliance on data for business operations, the ability to quantify cybersecurity efforts to justify investments, and the different types of skills needed for success. In fact, companies may be underestimating many of these issues—regulatory compliance in particular is likely to be a major challenge moving forward,” according to the report.
62% of MSPs Are Very Concerned About Being Targeted
Nearly two thirds of MSPs said they’re very concerned about cybersecurity attacks that use them to access customer networks, according to CompTIA’s 2021 MSP Trends in Cybersecurity document. Only 8% said they’re not concerned about being targeted. Meanwhile, MSPs are taking multiple steps to mitigate these risks, according to the report, including more engagement with security vendors, increasing security budgets and investments, requiring staff to pursue and update security certifications, and hiring security professionals like a CISO.
31% of CompTIA ISAO Members Earned an A Risk Rating
One of the new benefits for CompTIA ISAO members is the CompTIA ISAO Cyber Risk Rating, powered by SecurityScorecard, which calculates an organization’s cybersecurity posture using data data from 10 risk factors. Members can an A to F letter grade and corresponding score from 1 to 100 in addition to detailed analysis and corrective or preventative actions to take to improve your score. As of earlier this month, 31% of companies had earned an A, up from 19% in October. There are many more companies being monitored now, but it’s clear that many others have taken steps to improve their grade as well, according to MJ Shoer, senior vice president at CompTIA and executive director of the CompTIA ISAO. “Clearly there is room for even more improvement, but we are seeing steady improvements in members’ scores over time,” he wrote.
24% of Businesses Have Been Significantly Impacted by a Cyberattack
While other statistics show a much higher percentage of businesses attacked by hackers, 24% of CompTIA LinkedIn followers said their company has been significantly impacted by an attack. Of course, there’s a good chance that respondents might be unaware of an attack too. Many cyber experts say it’s just a matter of time before a vulnerability is found by a cybercriminal and a breach—or worse—occurs.
As one commenter noted, “I was wondering where the NOT YET option was.”
Security Monitoring Is Top Security Practice in Place
According to the 2021 State of Cybersecurity Report, 49% of companies said they practice security monitoring, followed by 41% who practice workforce assessment and education. On the other end, only 24% employ zero trust practices, and 27% practice threat modeling.
“The most common cybersecurity practice is monitoring for cybersecurity incidents, which seems self-explanatory. However, this practice also includes analysis of network traffic attack patterns, which is where things get interesting. Simply monitoring for incidents is largely a static activity, where monitoring tools are configured around known attack types and programmed to send notifications when those attacks are detected,” according to the report. “Analysis is a more advanced, more proactive initiative. It requires both an understanding of typical network behavior and also an understanding of attack methodology, so that any anomalies can be investigated as potential infections.”
10 Terrifying Stats MSP Customers Need to Know
Finally, here are 10 more stats and data points from external sources, all important information for MSPs and other tech companies to share with their customers, including that 95% of data breaches are caused by human error, and 90% of cyberattack costs occur beneath the surface, including hidden costs to damaged credibility and reputation.