The year 2021 is (finally!) in the past, but many of its most difficult cybersecurity challenges will be with us even in 2022 and beyond. To understand them and know how the cybersecurity landscape will look like throughout this year, it helps to examine some of the most important industry-specific statistics that have been published so far.
1. Organizations Are Forecast Spend More Money on Cybersecurity
According to Gartner research, the global information security market is on track to reach $170.4 billion in 2022, growing at a five-year CAGR of 8.5%. That's because average annual security spending per employee doubled from $584 in 2012 to $1,178 in 2018 and will likely increase again this year due to the global disruption of established cybersecurity processes caused by the coronavirus pandemic.
2. The Pandemic Has Raised the Cost of Data Breaches
The 2020 Cost of a Data Breach Report published by IBM revealed that having a remote workforce had increased the average total cost of a data breach of $3.86 million by nearly $137,000. This statistic is especially alarming considering that 82% of organizations intend to let employees work remotely at least some time even after COVID-19, according to Gartner's survey of company leaders.
3. Most Cyber-Attacks Still Go Unnoticed
Despite all the effort made by organizations to strengthen their cybersecurity defenses, a security effectiveness report published by FireEye states that 53% of cyber-attacks go unnoticed and as many as 91% don't generate any security alert whatsoever. Clearly, organizations that want to better secure their employees, systems, and data in 2022 need to invest in a reliable intrusion detection system and make that it's configured properly.
4. Email Remains the Most Commonly Exploited Attack Vector
Even in 2022, it would be almost impossible to find a single organization that doesn't rely on email to some extent. The problem is that 94% of malware attacks in 2019 were delivered via email, according to Verizon's DBIR data, and not much has changed since then. Besides malware, cybercriminals also use email to launch phishing and spear-phishing attacks, distribute spam, and perform business email compromise (BEC) scams, just to give a few examples.
Cloud-Based Security Threats Are on the Rise
The growth of remote work and online collaboration during the coronavirus pandemic has convinced many organizations to increase their cloud spending, with IDC projecting the global cloud services market spending to reach $1 trillion in 2024. As is often the case, cybercriminals were quick to take advantage of the global move to the cloud, and attacks on web applications rose by 800% last year, compared to the first half of 2019.
More Remote Jobs Equals More Insider Threats
The move to remote work has caused a spike in insider data breaches, which are expected to increase by 8% in 2022 and account for 33% of all cybersecurity incidents, according to Forrester. To stop insider threats, organizations must take a multi-pronged approach that combines employee education with real-time monitoring and consistently enforced policies and controls. That's relatively easy to do for large organizations with substantial resources but much more difficult to do without outside help for SMBs.
The Cost of Non-Compliance Is Getting Bigger
A report by research firm the Ponemon Institute and security company GlobalScape revealed that the annual cost of non-compliance to organizations had increased 45% since 2011. In fact, non-compliance now costs 2.71 times as much as maintaining or meeting compliance requirements. Considering that the European Union's General Data Protection Regulation (GDPR), which is one of the world's strictest data and privacy regulations, was put into effect only on May 25, 2018, it's safe to say that the cost of non-compliance will keep getting bigger even in 2022 and beyond.
Small Organizations Have Become Attractive Targets
By analyzing 3,950 confirmed breaches for its Data Breach Investigations Report, Verizon was able to determine that 28% of all breach victims were small organizations. In the past, cybercriminals largely ignored such organizations because there wasn't much to steal for them. Thanks to ransomware, cybercriminals don't even have to steal anything valuable to make a profit-they can simply make business data inaccessible and demand a ransom to unlock them. Because the ransom is typically lower than the cost of downtime caused by the attack, many organizations decide to pay it.
Hiring an In-House Cybersecurity Expert Is Difficult
It has never been more difficult to hire in-house IT talent. In the cybersecurity sector alone, the global workforce gap hit an estimated 4.07 million, and it will only grow wider before it starts to shrink, which is why the cybersecurity unemployment rate is projected to stay at 0% through 2022. That's bad news for all organizations that are currently hiring, but it's especially bad news for SMBs because they typically can't offer a competitive salary and benefits.
Organizations Are Increasingly Outsourcing Their Security Programs to MSPs
Over the next few years, revenue from the managed services market worldwide is set to grow at a CAGR of 11.5% to more than $300 billion, up from $200 billion in 2020. More and more organizations are becoming aware of the benefits associated with outsourcing their cybersecurity to a managed security service provider (MSSP). Such benefits include round-the-clock access to security experts and state-of-the-art solutions, cost savings and predictable expenses, and more time to focus on core business activities, just to give three examples.