35+ COVID-19 cybersecurity statistics

It’s clear that today’s world is vastly different from the one we were living in a year ago. The COVID-19 pandemic has brought a wave of change that impacts almost every facet of our lives. Cybersecurity hasn’t escaped those changes and there is a whole new landscape to navigate.

For example, the shift to remote work has opened the door to a number of different attack vectors. What’s more, fear, uncertainty, and misinformation surrounding coronavirus have presented opportunities for cybercriminals carrying out phishing schemes, ransomware attacks, and more.

We can usually look to recent trends to observe patterns emerging in cybersecurity. But with things changing so quickly, even studies as recent as 2019 don’t paint an accurate picture of the threats we face today. Thankfully, there is a lot of work being done to gauge the current situation so we can better prepare ourselves for the post-pandemic environment.

Below is a roundup of core COVID-19 cybersecurity statistics and facts that show how things have changed and what you can expect.

1. By June, the FBI was seeing a 75% spike in daily cybercrimes

According to representative Emanuel Cleaver at a June 16th house meeting: “We are seeing a 75% spike in daily cybercrimes reported by the FBI since the start of the pandemic.” That said, this was lower than the spike seen early in the pandemic when cybercrime reports had quadrupled.

2. 20% of companies faced a security breach because of a remote worker

The Malwarebytes Enduring from home: COVID-19’s impact on business security report published in August 2020 found that one-fifth of companies surveyed had a security breach that resulted from a remote worker’s actions. This isn’t surprising since the report also stated that 18 percent of organizations admitted their employees didn’t consider cybersecurity a priority. Five percent considered employees a security risk as a result of being oblivious to cybersecurity practices.

Malwarebytes COVID-19 graphs.
Source: Malwarebytes

Other contributing factors include 28 percent of organizations having employees using personal devices for work-related activities, 44 percent failing to provide work-from-home cybersecurity training, and 45 percent neglecting to analyze the security of work-from-home software tools.

Malwarebytes contributing factors.
Source: Malwarebytes

3. By July, in the UK, more than £11 million had been lost to coronavirus scams

The UK’s Action Fraud National Fraud & Cyber Crime Reporting Centre keeps tabs on the number of scams related to coronavirus. By July 8th, 2,866 victims had reported a total loss of £11,316,266 in COVID-related schemes. The organization also reported 13,820 phishing emails related to coronavirus. And it’s not just direct coronavirus-related scams that were making headlines. Overall, during early UK lockdowns, there was an increase in online shopping fraud, and by June 2020, over £16 million was lost in these schemes.

4. Details of more than half a million Zoom accounts were sold on the dark web

One of the most popular pieces of work-from-home software during the pandemic has been the video-conferencing platform Zoom. Of course, software that’s forced to scale quickly—perhaps without the security advancements to back it up—offers a prime target for hackers. Right on cue, details of 530,000 Zoom accounts were on sale on the dark web by mid-April. Some of these were sold for as little as $0.0020 per account.

In a separate report from Channel Futures, we discovered that by July 2020, there had been a 2,000 percent increase in the number of malicious files that had “zoom” in their name.

5. “Virus” was the top COVID-19-related phishing keyword in 1H 2020

The Mid-Year Update to the 2020 SonicWall Cyber Threat Report reveals the top five COVID-19-related phishing keywords in the first half of 2020. The company analyzed spam and phishing emails that contained terms linked to the pandemic and discovered these were the most common words used:

  • Virus: 42.33%
  • Corona: 32.92%
  • Quarantine: 9.72%
  • COVID: 8.77%
  • Mask: 6.26%

6. The rate of malware attacks followed the rate of COVID diagnoses

An interesting finding from the SonicWall report was that the rate of malware attacks shows some correlation to the rate at which COVID-19 cases were diagnosed. For example, when many protective measures were lifted in May and June, both the number of diagnosed COVID-19 cases and the number of malware attacks started rising.

Global COVID-19 malware attack trends graph.
Source: SonicWall

7. A broad range of threats related to coronavirus have been observed

The SonicWall report observed at least 20 COVID-19-related threats. These included Corona Anti-Locker Ultimate (data-stealing malware), a Remote Access Trojan (RAT) posing as a COVID-19-related document and distributed via spam, and spam emails purporting to concern a COVID-19 relief package but actually contain a malicious executable file.

8. In the UK, 28% of incidents relate to the country’s coronavirus response

The UK National Cyber Security Centre (NCSC) Annual Review 2020 covers data collected from September 2019 to August 2020. Of 723 incidents the NCSC responded to, more than 200 of them were coronavirus-related. In addition, it observed 260 sender IDs which were used (or likely used) in malicious coronavirus-themed campaigns. The NCSC and its partner Netcraft took down more than 15,000 coronavirus-linked malicious campaigns.

9. Global organizations observed a 148% surge in ransomware attacks in March

Analysis of data from the VMware Carbon Black Cloud found that the number of ransomware attacks more than doubled in March 2020 compared to February baseline levels. Pre-pandemic, the most heavily targeted sector was retail, but during the period studied, attacks against the financial sector jumped dramatically.

This may have been just the start, as Monster Cloud reported observing a huge 800 percent increase in ransomware attacks.

10. Bots were responsible for nearly half of the “Reopening America” Twitter accounts

It’s not just financial losses that we have to be concerned about, as cyberattacks can threaten a broad range of areas, including politics. A study by Carnegie Mellon University found that bots were responsible for almost half of the Twitter accounts that discussed “Reopening America.”

11. Under 2% of daily malspam is COVID-19-related

While many of the statistics provided here paint a rather “doom and gloom” picture of the new cybersecurity landscape, Microsoft has some better news. It found that less than two percent of daily malspam is related to COVID-19 and another report mentions that: “The spike of COVID-19 themed attacks you see above is barely a blip in the total volume of threats we typically see in a month.”

COVID-19-themed attacks.
Source: Microsoft

12. There was a 40% percent increase in the number of unsecured RDP machines

The remote work environment saw a huge increase in the prevalence of unsecured Remote Desktop Protocol (RDP) machines as reported by Webroot via Channel Futures. According to the report:

With unsecured RDP, cybercriminals will use brute force to gain complete control of the machine. Unsecured RDP isn’t new, but during the pandemic, the attack area surface is only continuing to grow.

13. The number of brute force attacks grew by 500%

Research by Kaspersky found that by mid-April, the number of brute force attacks observed per day was more than six times pre-pandemic figures. Pre-COVID, they were looking at around 200,000 attacks per day in the US, but on April 7th, that number skyrocketed to over 1.4 million, before falling slightly over the next few days. This pattern was seen in countries across the globe with increases coming in waves in many regions.

Global brute force attacks during COVID-19.
Source: Kaspersky

14. At one point, thousands of scammy coronavirus domains were being created daily

A mid-March study from ZDNet found that thousands of domains related to coronavirus were being created each day. While that’s perhaps unsurprising given the relevance of these domains, a concerning figure around their legitimacy arose: a whopping 90 percent of new coronavirus domains were found to be scammy.

15. Healthcare organizations of all sizes are expected to increase cybersecurity spending

A McKinsey & Company article published in July 2020 details how the COVID-19 crisis is shifting cybersecurity budgets and priorities. In many industries, spending is expected to increase in 2021. These include healthcare, which should see significant increases across organizations of all sizes, as well as finance, tech, public and social sectors, and insurance, all of which should see at least small increases across organizations.

That said, industries that haven’t fared well during the pandemic expect that cybersecurity budgets will decrease overall. These include retail, advanced industries, energy and materials, and travel and leisure.

Budget change chart.
Source: McKinsey & Company

When it comes to the types of projects organizations will be spending money on, web security, data protection, and compliance will take a backseat to more pressing issues such as network security, identity and access management, and messaging security.

As stated in the article:

Product spending reflects CISO’s need to address pandemic-era business conditions, including safeguarding remote workers from heightened attacks.

16. Most companies are concerned about COVID-19’s impact on cyberattacks

The World Economic Forum (WEF) published an insight report titled COVID-19 Risks Outlook: A Preliminary Mapping and Its Implications in May 2020. It detailed concerns companies have about how the post-pandemic world might have changed. Interestingly, the third-most worrisome area (and the top tech-related concern) was “Cyberattacks and data fraud due to a sustained shift in working patterns” with more than 50 percent of respondents listing this as a primary concern.

COVID-19 worrisome threats chart.
Source: WEF

17. Google blocked 18 million daily malware and phishing emails related to Coronavirus in April

Google blocks around 100 million phishing emails each day, and in April, 18 million of those were related to COVID-19. And that’s not even counting the 250 million daily Coronavirus-centric spam messages it observed.

18. 54% of Britons who lost income due to COVID-19 were targeted with cyber scams

As if losing part or all of your income isn’t bad enough, a June Citizens Advice report tells us that more than half of British adults whose income was impacted during the pandemic were contacted by scammers. Overall, over one in three adults were contacted, including 45 percent of people with a long-term illness or disability.

19. The UK’s “test and trace” program was reportedly launched in violation of the GDPR

The UK’s test and trace program was rolled out in May, but multiple news outlets reported in July that the program had violated data protection laws. Under the General Data Protection Regulation (GDPR), a project such as this that processes personal data should have undergone a Data Protection Impact Assessment (DPIA), which the “test and trace” program apparently didn’t.

See also: The Covid-19 tracking app and privacy

20. Authoritarian governments are expected to use the pandemic to deploy surveillance technologies

A Cyber Threat Bulletin issued in June by the Canadian Centre for Cyber Security included this key judgment:

We assess that it is very likely that authoritarian governments will use COVID-19 as a justification to procure and deploy surveillance technologies against their own citizens and expatriates residing in Canada or Canadians living abroad.

It goes on to suggest that telecommunications surveillance products (such as mobile applications designed to map and analyze virus spread) could potentially be leveraged by authoritarian governments to covertly target users.

21. Interpol called the increase in the number of cyberattacks alarming

In an August 2020 report, Jürgen Stock, Interpol Secretary General, said:

Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.

Interpol provided the example of one of its private-sector partners that had detected a huge number of COVID-19-related threats in the first four months of the year, including more than 900,000 spam messages, 737 malware-related incidents, and 48,000 malicious URLs.

22. COVID-19 exposed significant gaps in IT disaster recovery planning

The VMWare Carbon Black Global Threat Report released in June 2020 surveyed IT professionals from a range of industries across the globe. It found that 84 percent of respondents reported gaps in IT operations, with 35 percent noticing very significant gaps in IT operation disaster recovery planning, including rollouts of hardware and software. What’s more, 70 percent found gaps in their cybersecurity threat visibility.

23. Q2 2020 saw a 47% increase in ransom demands

A Coalition report focused on small to mid-size organizations found that between Q1 and Q2 2020, the average ransom demand increased by 47 percent to $338,669.

Average ransom demand chart.
Source: Coalition

The most costly ransomware is Maze with an average ransom of $420,000, followed by Ryuk ($282,000) then Netwalker ($176,190).

Cost of each ransomware during COVID-19 chart.
Source: Coalition

24. 85% of CISOs sacrificed cybersecurity for a swift change to remote work

Netwrix’s 2020 Cyber Threats Report offers findings from a survey of 937 professionals. The vast majority of CISOs surveyed admitted to having cut corners on cybersecurity to help their organizations quickly pivot to a remote work model. To make matters worse, 58 percent said that employees had ignored cybersecurity guidelines and policies.

25. The number of IT professionals concerned about VPN exploitation has more than tripled

Based on the last statistic, it’s no surprise that Netwrix discovered a whopping 85 percent of IT professionals are worried about VPN exploitation. This is 59 percentage points higher than the pre-pandemic figure.

26. Almost half of cyber security staff shifted to IT tasks by the end of April

Just as cyber security risks were increasing, so were demands for IT support as network models had to shift from an in-office to at-home model. But according to the April (ISC)2 Cybersecurity Pulse Survey, 81 percent of cyber security professionals said their job function had changed. What’s more, 47 percent had been relieved of at least some security duties in favor of completing other IT tasks such as helping get remote workers set up.

27. More than half of companies reported an increase in phishing attacks by mid-May

It didn’t take long for phishers to start trying to take advantage of remote workers. By mid-May, Barracuda was reporting that 51 percent of companies had seen an increase in phishing attacks due to having employees work from home. What’s more, that same portion of respondents admitted employees weren’t trained in cyber risks as they relate to remote working, and 46 percent say their web applications may not be secure. Not helping matters is that a large portion (40 percent) of employers had cut their cybersecurity budgets in an attempt to lower costs.

Barracuda report email phishing attack statistic.
Source: Barracuda

28. Amazon Web Services hosts the most risky or malicious domains

A May 2020 COVID-19: Cloud Threat Landscape study by Palo Alto Networks analyzed over a million “newly observed hostnames” (NOHs) with keywords related to the pandemic. More than 86,600 of these were classed as “malicious” or “high-risk,” and almost 3,000 of those were hosted in public clouds. Of those, 79.2 percent were hosted by Amazon Web Services, 14.6 percent by Google Cloud Platform, and 5.9 percent by Microsoft Azure.

29. Almost two-thirds of Canadian organizations have implemented new policies

The 2020 CIRA Cybersecurity Report asked Canadian organizations what kinds of cybersecurity protections they implemented in response to COVID-19. Almost two-thirds (63 percent) implemented new policies and 60 percent added protections for work-from-home employee devices. Over one-third (38 percent) adopted new platforms as part of their cybersecurity protection strategy.

Chart showing actions taken by Canadian organizations due to COVID-19.
Source: CIRA

30. The first six months of 2020 saw a surge of 9 million COVID-related threats

The Trend Micro 2020 Midyear Cybersecurity Report saw a whopping 9 million threats related to COVID-19 between January and June 2020. The vast majority of these (91.5 percent) were email threats, 8.4 percent were malicious URLs, and 0.1 percent were malware. There was a decline after a peak in April (2.9 million) with June threats decreasing to 1.8 million.

The report also showed large increases in the overall number of general threats in Q2 versus Q1. Notably, there was a 68 percent spike in the number of malicious files blocked and an 80 percent increase in the number of malicious URLs blocked.

Number of threats blocked charts.
Source: Trend Micro

31. Most employees don’t trust remote working tools

The Cisco 2020 Consumer Privacy Survey published in June 2020 revealed a distinct lack of trust in the tools people are using for remote work. Only 13 percent of people were not at all concerned with remote working tools. The remaining were either very concerned (25 percent), moderately concerned (35 percent), or slightly concerned (27 percent).

Chart showing concern around remote tools during COVID-19.
Source: Cisco

Consumers are worried about other areas that may be lacking in cybersecurity too. While there have been calls to relax healthcare privacy laws, 37 percent of respondents said there should be no relaxing of laws, and 26 percent agreed a few privacy laws could be suspended or specific exceptions made.

32. Two out five see data privacy as more important than before

According to the Cisco report, the major privacy concern (cited by 31 percent) for healthcare, public health, and other related data is that it will be used for unrelated purposes. Other major concerns include the data being shared too broadly (25 percent) or not being deleted once no longer needed (24 percent). Indeed, 40 percent of people agreed that the pandemic has made data privacy more important.

33. More than one-third of organizations set to have a predominantly remote workforce

The Cisco Future of Secure Remote Work Report tells us that post-COVID, 37 percent of organizations will have more than half of their workforce working remotely. While this is lower than the peak figure during the pandemic (62 percent), it’s almost double the pre-pandemic figure of 19 percent.

Remote workforce charts.
Source: Cisco

34. Cybersecurity is more important than before

The Cisco report also tells us cybersecurity has become a main priority for many organizations. Cybersecurity is cited as “extremely important” for 44 percent and “more important than before” for a further 41 percent.

Cybersecurity priorities during COVID-19.
Source: Cisco

This could have a lot to do with the fact that globally, 61 percent of surveyed organizations had seen an increase in at least 25 percent of cyber threats or alerts since the beginning of the pandemic. This was experienced by most small businesses (55 percent), medium-sized organizations (70 percent), and large enterprises (60 percent).

35. Work computers pose the biggest challenge in cybersecurity protection

The Cisco report also reveals some of the biggest challenges organizations face when trying to protect components of their adjusted networks. 56 percent say office laptops and desktops pose a challenge, closely followed by personal (employee-owned) devices (54 percent). 46 percent say customer information is difficult to protect and the same number admit that cloud applications pose a challenge.

These statistics go a long way in explaining why more than half of businesses say that they were only somewhat prepared to shift to a remote work model at the start of the COVID-19 pandemic. A further six percent say they were not prepared.

36. 96% have changed cybersecurity policies due to remote work

The huge majority of organizations participating in the Cisco study said that they had made changes in their security practices to support a remote-work environment. Businesses of all sizes cite changes, including small organizations (93 percent), medium companies (97 percent), and large organizations (97 percent).

37. The top change to cybersecurity policies was increased VPN capacity

Of the organizations that implemented policy changes, increased VPN capacity was the most popular adjustment, implemented by 59 percent of organizations. Other common changes included increased web controls (55 percent) and the use of multi-factor authentication (MFA) (53 percent).

38. Most businesses see lack of employee awareness as a big remote work challenge

So have the changes gone smoothly? Not exactly. According to Cisco, most organizations report challenges with trying to reinforce remote work-related cybersecurity protocols. The main issue faced is lack of employee education and cybersecurity awareness, reported by 59 percent of companies. Having too many tools and solutions to manage and toggle is another big hurdle faced by 50 percent of organizations.

See also: