Blog/Infosec 101/

What can we learn from this year’s cybersecurity reports?

Nov 03, 2020

lab

Everything is always changing. Have you got the skills and time to keep up? In slow-paced industries like publishing or healthcare, you may have time to absorb new ideas. But that’s not the case when it comes to cybersecurity, where new attacks, vulnerabilities, and security tools emerge every day. One way to stay up to date with cybersecurity is to look at surveys and reports by leaders in the industry. Today, we’re covering 5 such reports from 2020, highlighting key points and insights.

NordLocker’s survey on encryption habits

Before we dig into reports by IBM, the World Economic forum, and Kaspersky, we'd like to make a humble mention of our own report. We’ve conducted a survey of 1,400 participants in the UK and the US, exploring people’s experiences with cybercrime and their data protection habits. Here are the key points from NordLocker’s encryption habits report:

  • Around 50% of people share their computers with spouses, parents, or kids.
  • 55% of UK users and 67% of those from the US have fallen victim to a cyberattack at least once.
  • 50% of respondents know about encryption, 20% have used it in the past, and 10% use it for file protection now.

Evidently, people are both aware of various cyber threats and know about reliable file protection methods, like encryption. What’s even more interesting is that people clearly recognize the need for encryption. For example, the respondents ranked cyber threats as the number one reason for protecting files.

But, despite the fact that the majority of respondents know what encryption is and have even admitted to storing work-related files on personal computers, the desire for convenience often wins over security. Hopefully, people’s reluctance to use encryption is caused by the lack of fast and easy-to-use security software, a problem solved by NordLocker.

Kaspersky’s Privacy report 2020

Another consumer survey report comes from Kaspersky. During early 2020, the independent research agency Toluna surveyed 15,002 people in 23 countries. The survey included a variety of questions about personal privacy online. Kaspersky later published a report based on this survey. Here’s a summary of the findings:

  • Over 82% of people have attempted to remove their private information from websites or social media, while 37% of respondents said they didn't know how to do that.
  • Around 40% of people use additional measures to hide their browsing activity from cybercriminals, people using the same device, and websites they visit.
  • 1 in 2 users don’t know how to check if their password has been leaked.
  • 21% of those questioned are very concerned about the data that apps on their devices collect.

Kaspersky's report emphasizes the astoundingly increasing number of devices connected to the internet as well as our growing reliance on apps and the privacy issues that come with that. The survey shows that more than a few are affected: 34% of users have had incidents where someone was able to access data they weren't supposed to. In the majority of these cases, the stranger used or shared that data.

When answering questions about personal data, 25% of users admitted to having found their private information displayed publicly without their consent. And the fact that 37% of respondents didn't know how to hide their private data indicates that we, app developers and creators, should focus on building apps with user privacy in mind.

Another key discovery is that consumers are aware of privacy issues when using devices with voice assistants and cameras. A significant number of people put a sticker on their webcam lens or disable webcam permissions in the settings. Also, over 53% of users take some measures to protect themselves against voice assistants’ snooping on their private conversations.

Despite people’s awareness of how devices can spy on us, account protection is an area that needs improvement. Only 11% of those surveyed use a password manager, and those who don’t write them down either in a notebook, on a sticky note, or in a computer document.

Alarmingly, 55% of the respondents claim they can remember their passwords. Exercising your memory muscles isn’t bad. But with an average of 24 digital accounts per person, the only way most of us can remember our passwords is by using weak, easy-to-guess combinations.

Cloud security report 2020

Consumer surveys are not the only learning resource worth looking at. In May 2020, Cybersecurity Insiders released a superb resource, packed with cybersecurity insights from a variety of industries. The survey questioned 653 representatives of government and financial institutions, technology and healthcare companies, and more. The questions were mainly concerned with cloud security, security budgets and training, the biggest challenges, and cloud experiences.

Here are the most important lessons to take away:

  • 75% of respondents feel very to extremely concerned about cloud security. Around 66% are not confident at all, slightly confident, or moderately confident about their cloud security. The two greatest concerns about working with the cloud are privacy and data leaks.
  • The lack of qualified staff and compliance with privacy regulations are two of the biggest challenges facing day-to-day operations.
  • IT team training and certifying is the top tactic organizations use to ensure they stay ahead of the evolving market.
  • Over a quarter of security budget is spent on cloud security, a number which is expected to rise in the next 12 months.

It's important to note that despite big claims and guarantees, industry insiders don't seem to be confident about the security of their services. For example, 16% of respondents rated the company's security readiness as 'below average'. When answering questions on security and training, the survey participants admitted that over half of their company's employees would benefit from training or certification. On the other hand, cloud service providers are not skimping on security: 59% of companies are planning to increase budgets, while many prioritize regular training.

IBM’s cost of data breach report

IBM has been doing surveys on data breach costs for 15 years. Recently, they released the 2020 edition of their signature Cost of a Data Breach Report. Cost of a Data Breach Report. No surprises there — the global pandemic had a significant impact on how industry experts predict we will deal with cyberthreats in the future. In this year's Cost of a Data Breach Report, IBM surveyed 524 organizations.

Here are the key takeaways:

  • A data breach costs $3.86 million on average. However, it doubles to $7.13 million in healthcare.
  • Over 66% of respondents predict that COVID-19 will make it harder and more expensive to detect data breaches.
  • It takes 280 days on average to identify and contain a data breach. Managing to cut this time down to 200 days saved companies around $1 million.
  • In 52% of cases, the breach was a result of an attack. However, compromised credentials and cloud misconfigurations each account for 19% of the breaches.

Data breaches do not affect everyone in the same way. As we recently explained, healthcare has a lot of problems and is very vulnerable to cyberattacks. The survey revealed that not only does healthcare suffer the most expensive data breaches, but also pays the highest cost per breached account ($150), as compared to other industries.

COVID-19 has played a significant role in the increasing costs of cybersecurity, as working from home and moving business operations online naturally exposes companies to more vulnerabilities.

The survey also examined ways to strengthen security, the most prominent being security automation as well as planning and testing incident response. On the other hand, complex systems and lack of security knowledge were named as the factors impairing the company's ability to fend off attacks the most.

World Economic Forum Global Risks Report

While cybersecurity is not the focal point of this report from the World Economic Forum (WEF), there are still many lessons to take away from it. One such lesson is that even non-tech events, like the recent pandemic, can turn cybersecurity on its head. This year, the report dubbed "The Unsettled World" covers the most pressing geopolitical, economic, social, technological, and environmental issues.

Here are some insights from the report:

  • The importance of AI is growing fast. Russia, China, and the US are all pushing their AI development efforts and budgets.
  • 76% of respondents expect a growing loss of privacy both to governments and companies in the short term.
  • Cyberattacks and data theft are among the top 10 risks expected to grow in the next 10 years.
  • The likelihood and impact of technical issues are increasing. While technology was among the top 5 risks only three times between 2007 and 2016, data fraud and cyberattacks have been included in this list five times since 2017.

Technology is a gamechanger. AI alone is expected to boost economic growth by 14%. But, despite all the benefits, there are many reasons to be wary of our fast technological progress. Task automation, quantum computing, facial recognition, manipulation through fake news, the growing number of IoT and other devices going online can all pose a danger to our privacy and security. Worst of all, as the WEF report emphasizes, national and international policies do not respond to technological advances fast enough.

Unfortunately, there are too many reports and too little time to fit everything into one blog post. We highly recommend checking out the full surveys — despite our best efforts, there’s still a lot we have not covered. Also, spread awareness and share this article by clicking on the social media buttons below.

Cybersecurity doesn’t have to be complicated. Get NordLocker today 50% off!

Elisa Armstrong

Elisa Armstrong

Verified author

Elisa’s all about languages. She speaks five, loves stand-up comedy, and is writing her first novel. Besides her extensive knowledge of cybersecurity, she’s an expert in persuasion techniques hackers use and strives to teach people how to avoid online scams.