Individuals and organizations in the US need to be warier than ever about cyber crime and its impacts. Threats such as phishing schemes, ransomware attacks, and various types of fraud all feature heavily in the US cyber crime landscape. Advancing technology and increased awareness mean that users are stepping up their cyber security practices, but it’s tough to stay ahead of determined cyber criminals.
Below, we paint a picture of what’s happening in the world of US cyber security with statistics from the latest studies and reports:
1. Almost 83% of US organizations saw at least one successful attack over a one-year timeframe
The Cyberthreat Defense Report (CDR) by CyberEdge Group offers lots of information about cyber attacks in various regions. It tells us that in the US, 82.6 percent of organizations have been compromised by a cyber attack within a 12-month period. Five countries in the study saw a higher portion of impacted organizations: Mexico (93.9 percent), Spain (87.5 percent), Italy (85.7 percent), Colombia (83.9 percent), and China (83.3 percent).
2. Ransomware affected almost 70% of US organizations within a year
The CyberEdge report also reveals how many companies were hit by ransomware. It discovered 69.5 percent of organizations dealt with a ransomware attack in 2020. The US was the fifth most impacted country behind China, Mexico, Canada, and Saudi Arabia.
3. US organizations upped security budgets by almost 5% in 2020
According to the CDR, US organizations increase their security budgets by 4.9 percent between 20219 and 2020. In 2020, US firms spent an average of 13.7 percent of their IT budgets on security.
4. Nearly 90% of businesses prefer using security products that utilize machine learning and AI
An interesting area of the CDR focuses on the preference firms have for security products that draw on advanced technologies such as AI and machine learning. It found that 87.7 percent of companies surveyed had a moderate to strong preference for these technologies. This was about average, with Turkish firms (100 percent) having the strongest interest and Australian companies (72 percent) having the least.
5. The US endures the largest portion of ransomware Trojan attacks
A Kaspersky study of mobile malware revealed that the US was by far the most attacked country by mobile ransomware Trojans. It had a 2.25 per cent share of attacked users compared to the next highest Kazakhstan (0.77 percent), followed by Iran (0.35 percent), and China (0.21 percent).
6. 59% of organizations were hit by ransomware
The Sophos State of Ransomware Report 2020 provides a wealth of information about this type of malware which is wreaking havoc on individuals and businesses alike. In the US, 59 percent of organizations were hit by a ransomware attack in 2020. This made it the sixth most attacked country behind India (82 percent), Brazil (65 percent), Turkey (60 percent), Belgium (60 percent), Sweden (59 percent), and the US (58 percent).
7. Attacks were stopped before data was encrypted in 25% of cases
Sophos found that around one quarter of attacks were blocked before the malware managed to encrypt data. This is good news for those businesses but not so for the other 75 percent. Companies in Turkey, Spain, and Italy fared better, thwarting 51 percent, 44 percent, and 38 percent of attacks respectively.
8. One quarter of US organizations paid the ransom
So what about ransom payments? 25% of US firms that suffered a ransomware attack paid the amount demanded. This number was just above the global average, but was more than six times higher than the figure in Spain (four percent), where firms are the least likely to pay up.
9. US companies paid an average of $620,000 in remediation costs
Ransomware attacks represent a range of other costs to businesses. Sophos reveals that the global average remediation cost for a ransomware attack was about $750,000. The cost of ransomware attacks in the US was a little below this at $622,596.18. Swedish companies saw the highest costs, surpassing $2.7 million, and the Czech Republic saw the lowest at around $260,000.
10. 9 in 10 organizations have cyber security insurance
One more area Sophos reported on was how many companies in each region have cyber security insurance. It discovered that 90 percent of US businesses hold a cyber insurance policy, putting the country in the top five on the list. Of those, three quarters (75 percent) have ransomware covered in their policy.
11. Almost 12% of users tried to open a phishing link in 2020
Another Kaspersky study reveals the habits of users with respect to phishing emails. It found that 11.82 percent of users in the US attempted to open at least one phishing link in 2020. Brazilians (19.94 percent) were most likely to have tried opening a phishing link.
12. The US was the third-largest source of spam
The same study reveals the major sources of spam. Russia was the worst offender, with 21.27 percent of spam originating in the country. Germany (10.97 percent) was in second and the US (10.47 percent) in third.
13. The US tops the list of the most COVID-related malicious file detections
According to statistics from McAfee, there have been a total of more than 11 million COVID-19 related malicious file detections since May 2020. Almost 2.6 million of these were observed in the US. A fairly close second is Spain with 2.2 million detections, and in third is South Africa with around 900,000.
14. The US ranks 45th out of 75 for cybersecurity performance
A Comparitech study analyzed the cyber health of 75 countries around the world. It used over a dozen criteria to come up with an overall score for each country. The US scored 19.69 (lower is better) putting it in 45th place overall. The top scorer was Denmark with 3.56 and the last on the list was Tajikistan with 35.54.
15. The US has the highest portion of firms qualifying as cyber experts
The Hiscox Cyber Readiness Report 2021 refers to each organization as expert, intermediate, or novice in relation to cyber security. It found that the US has the highest proportion (25 percent) of firms that qualify as cyber experts. It also found that the country has the lowest portion (27 percent) of companies that were considered cyber novices.
16. 18% of firms had to pay a substantial fine as a result of a breach
Of the US firms participating in the Hiscox study, a large portion (18 percent) said they had to pay a substantial fine as the result of a breach. This was well over the global average of 11 percent.
17. 33% have standalone cyber insurance
Hiscox also looked at cyber insurance policies and found that around one third of US firms hold a standalone cyber insurance policy. This number was unchanged from 2020.
18. The US is the third most affected country by stalkerware
A 2020 Kaspersky study into stalkerware gathered data about the number of incidents in regions across the globe. It found that Russia had the highest number (12,389) of affected users. This was followed by Brazil (6,523) and the US (4,745) was the third most affected by stalkerware.
19. 75% of US organizations experienced phishing attacks
The Proofpoint 2021 State of the Phish reveals that three-quarters of US organizations dealt with a successful phishing attempt in 2020. This was 30 percent above the global average and represented a 14 percent increase compared to 2019. 35 percent of those affected experienced immediate financial loss, twice the global average.
Proofpoint’s study of social engineering attacks went beyond email and into areas such as smishing and fishing in the US. It found that 81 percent of US firms had faced smishing attacks in 2020 and 77 percent had experienced vishing schemes. What’s more, a surprising 80 percent had dealt with weaponized USB drives.
21. Only 52% of US workers know what phishing is
Proofpoint asked respondents about the definitions of various terms including phishing, ransomware, malware, and smishing. Only just over half (52 percent) knew the correct definition for the term phishing, although this was up slightly compared to 49 percent in 2019. The global average was 63 percent. The UK performed the best with 69 percent knowing the correct definition.
22. 54% know the definition of malware
Again, only around half of US respondents knew the definition of the term malware. This was well below the global average of 65 percent. In its 2020 study, Proofpoint found that 30 percent of US workers think malware is a type of wifi-boosting hardware.
23. 75% give family members and friends access to work-issued devices
Around three quarters of US respondents to the Proofpoint study admitted that they allow friends and family members to access their work-issued device for various tasks such as checking emails, reading news, using social media, and shopping online.
24. 28% of US businesses use MFA
The 3rd Annual Global Password Security Report by LastPass studied how employees use passwords and other authentication methods. It found that in the US, 28 percent of businesses use Multi-Factor Authentication (MFA). This is around average, with Denmark (46 percent) heading the list and Italy (20 percent) at the bottom.
25. The average employee has 75 passwords
LastPass also asked how many passwords each employee uses and discovered that US employees generally deal with around 75 passwords. Again, this was about average. Employees in Belgium have to manage 115 passwords and those in Sweden, just 50.
26. American company Google was issued the largest GDPR fine to date
Although the General Data Protection Regulation (GDPR) is an EU-governed regulation, it still impacts companies across the pond, and indeed all over the globe. Any company that deals with the data of EU citizens must adhere to the regulations. And it was made very clear that US companies would not be immune when the largest GDPR fine to date was issued to US-based firm Google. In January 2019, the company was ordered to pay €50,000,000 for not observing principles around transparency, sufficiency of information, and the presence of legal basis.
27. The US had the highest data breach costs averaging $8.64 million
The IBM Cost of a Data Breach Report 2020 provides details about data breaches including the time taken to identify them and the costs involved. In the US the average cost of a data breach was $8.64 million per incident. This is by far the highest, with the Middle East in second place with $6.52 million, followed by Canada with an average cost of $4.5 million. The US figure was up five percent since last year.
28. 24% of breaches are the result of human error
IBM tells us the cause behind breaches and found that almost one-quarter (24 percent) are caused by human error. That said, the largest cause of breaches is malicious attacks, behind 54 percent of incidents. A further 22 percent are caused by system glitches.
29. It takes US companies an average of 186 days to identify a data breach
Wondering how long it takes to identify and contain a breach? You may be surprised to learn that the average identification time is 207 days and time to containment is 73 days. US firms do a little better than this, taking an average of 186 days to identify and 51 days to contain a breach.
30. The IC3 received over 790,000 complaints in 2020
The Internet Crime Report 2020 from the FBI’s Internet Crime Complaint Center (IC3) reveals the number of internet crime complaints received each year since 2016. The 2020 figure was 791,790, way up over 2019’s number of 467,361. The large majority of reported crimes involved phishing or similar. The losses associated with the 2020 reports totalled $4.2 billion. Since 2016, there have been a total of 2.2 million complaints resulting in losses of $13.3 billion.