January 30, 2018 By Larry Loeb 2 min read

2017 was another record year for cybercrime. According to the Online Trust Alliance (OTA), the number of cybersecurity incidents nearly doubled from the previous year. This led Jeff Wilbur, director of the OTA initiative at the Internet Society, to call it the “worst year ever in data breaches.”

The group’s “Cyber Incident & Breach Trends Report” attributed this massive surge — from about 82,000 incidents in 2016 to an estimated 160,000 in 2017 — to the unprecedented rise of ransomware, which accounted for 134,000 attacks. Even worse, the report noted that the total number of attacks could actually be as high as 350,000, since many breaches go unreported.

Another Record Year for Cybersecurity Incidents

The rise in incidents is due in large part to several novel attacks methods that emerged or ramped up in the past year. The FBI estimated that business email compromise (BEC), for example, cost companies around the world $5.3 billion, as cited in the report. Ransom denial-of-service (RDoS) activity, in which fraudsters threaten to direct overwhelming amounts of traffic to target websites unless domain owners pay a ransom, also spiked in 2017.

Of course, high-profile ransomware attacks such as WannaCry and NotPetya also contributed to 2017’s eye-popping cybercrime statistics. The former, which the OTA called “one of the most widespread and devastating attacks in history,” infected 300,000 computers across 150 countries, halting operations at organizations around the world. The latter similarly affected hundreds of thousands of endpoints in more than 100 countries.

According to the Ponemon Institute and IBM’s “2017 Cost of Data Breach Study,” the average cost of a data breach was $3.62 million in 2017, up 10 percent from the previous year. The U.S. alone lost an average of $7.35 million per incident, a 5 percent increase from 2016.

Overall, the report noted a marked increase in cybercrime across all categories, including the number of breaches, number of records exposed, and breadth of countries and organizations impacted.

Poor Security Awareness to Blame

The most alarming statistic cited in the report is the fact that 93 percent of incidents could have been prevented by following basic security best practices, such as patching software and conducting phishing training. While 52 percent of breaches were the result of “actual hacks,” 15 percent were due to lack of security software, 11 percent were caused by insufficient insider threat oversight and 8 percent due to phishing attacks.

These numbers suggest an urgent need for greater security awareness. More effective training and more thorough incident response planning can help mitigate these threats and avoid the monumental costs associated with them.

More from

DHS establishes Artificial Intelligence Safety and Security Board

3 min read - As part of its commitment to addressing the rapid growth and adoption of AI technology across all industries and sectors, the Department of Homeland Security (DHS) announced the establishment of the Artificial Intelligence Safety and Security Board in late April. The Board’s first meeting is planned for early May when they will begin the task of focusing on how to develop and deploy AI technology within the United States’ critical infrastructure safely and securely. Based on the DHS Homeland Threat…

Working in the security clearance world: How security clearances impact jobs

2 min read - We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense.But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines.This brief explainer discusses the duration of security clearances, the recurring processes involved in maintaining them and possibilities for expansion, as well as the economic benefits of these credentialed positions.Duration of security…

White House cements CISA’s role as national coordinator for cybersecurity

2 min read - In 2013, the Obama Administration rolled out "The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience", a forerunner to the Cybersecurity and Infrastructure Security Agency (CISA), created "to strengthen and maintain secure, functioning and resilient critical infrastructure." The directive was groundbreaking in 2013, noting the importance of the rising risk of cyberattacks against critical infrastructure. But as cyber risks are constantly shifting, every cybersecurity program needs to be re-evaluated, and CISA is no exception. That’s why, in April 2024,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today