2017 was another record year for cybercrime. According to the Online Trust Alliance (OTA), the number of cybersecurity incidents nearly doubled from the previous year. This led Jeff Wilbur, director of the OTA initiative at the Internet Society, to call it the “worst year ever in data breaches.”

The group’s “Cyber Incident & Breach Trends Report” attributed this massive surge — from about 82,000 incidents in 2016 to an estimated 160,000 in 2017 — to the unprecedented rise of ransomware, which accounted for 134,000 attacks. Even worse, the report noted that the total number of attacks could actually be as high as 350,000, since many breaches go unreported.

Another Record Year for Cybersecurity Incidents

The rise in incidents is due in large part to several novel attacks methods that emerged or ramped up in the past year. The FBI estimated that business email compromise (BEC), for example, cost companies around the world $5.3 billion, as cited in the report. Ransom denial-of-service (RDoS) activity, in which fraudsters threaten to direct overwhelming amounts of traffic to target websites unless domain owners pay a ransom, also spiked in 2017.

Of course, high-profile ransomware attacks such as WannaCry and NotPetya also contributed to 2017’s eye-popping cybercrime statistics. The former, which the OTA called “one of the most widespread and devastating attacks in history,” infected 300,000 computers across 150 countries, halting operations at organizations around the world. The latter similarly affected hundreds of thousands of endpoints in more than 100 countries.

According to the Ponemon Institute and IBM’s “2017 Cost of Data Breach Study,” the average cost of a data breach was $3.62 million in 2017, up 10 percent from the previous year. The U.S. alone lost an average of $7.35 million per incident, a 5 percent increase from 2016.

Overall, the report noted a marked increase in cybercrime across all categories, including the number of breaches, number of records exposed, and breadth of countries and organizations impacted.

Poor Security Awareness to Blame

The most alarming statistic cited in the report is the fact that 93 percent of incidents could have been prevented by following basic security best practices, such as patching software and conducting phishing training. While 52 percent of breaches were the result of “actual hacks,” 15 percent were due to lack of security software, 11 percent were caused by insufficient insider threat oversight and 8 percent due to phishing attacks.

These numbers suggest an urgent need for greater security awareness. More effective training and more thorough incident response planning can help mitigate these threats and avoid the monumental costs associated with them.

More from

Cost of a data breach 2023: Geographical breakdowns

4 min read - Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553 organizations of various sizes across 16 countries and geographic regions, and 17 industries. In the report, the top five costs of a data breach by country or region (measured in USD millions) for 2023…

The Growing Risks of Shadow IT and SaaS Sprawl

4 min read - In today's fast-paced digital landscape, there is no shortage of apps and Software-as-a-Service (SaaS) solutions tailored to meet the diverse needs of businesses across different industries. This incredible array of options has revolutionized how we work, providing cost-effective and user-friendly tools that streamline tasks and boost productivity. However, this ever-expanding application ecosystem comes with its challenges: namely, shadow IT and SaaS sprawl. According to a recent study by Entrust, 77% of IT professionals are concerned about shadow IT becoming a…

Are you ready to build your organization’s digital trust?

4 min read - As organizations continue their digital transformation journey, they need to be able to trust that their digital assets are secure. That’s not easy in today’s environment, as the numbers and sophistication of cyberattacks increase and organizations face challenges from remote work and insider behavior. Digital trust can make your organization’s digital transformation stronger. A lack of digital trust can do irreparable harm. However, according to ISACA’s State of Digital Trust 2023 report, too many organizations struggle to define and implement…

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging. We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically. For this reason, 75% of organizations…