https://www.varonis.com/blog/cybersecurity-statistics#attack

166 Cybersecurity Statistics and Trends
[updated 2022] Rob Sobers

"Recent security research suggests most companies have poor
cybersecurity practices in place, making them vulnerable to data loss.
To successfully fight against malicious intent, it�s imperative that
companies make cybersecurity awareness, prevention, and security best
practices a part of their culture.

To give you a better idea of the current state of overall security,
we�ve compiled more than 160 cybersecurity statistics for 2022. This
will help show the prevalence and need for cybersecurity in all facets
of business. These stats include data breaches, hacking stats,
different types of cybercrime, industry-specific stats, spending,
costs, and information about the cybersecurity career field."
++++++++++++++++++++++++++++++++++++++++++++++
94 percent of malware is delivered by email. (Verizon)

69 percent of organizations believe their antivirus software is
useless against current cyber threats. (Ponemon Institute)

48 percent of malicious email attachments are Microsoft Office files.
(Symantec)

95 percent of cybersecurity breaches are caused by human error. (World
Economic Forum)

On average, only five percent of companies� folders are properly
protected. (Varonis)

54 percent of companies say their IT departments are not sophisticated
enough to handle advanced cyberattacks. (Sophos)

43 percent of all breaches are insider threats, either intentional or
unintentional. (Check Point)

In 2021, nearly 40 percent of breaches featured phishing, around
11percent involved malware, and about 22 percent involved hacking.
(Verizon)

The top malicious email attachment types are .doc and .dot which make
up 37 percent; the next highest is .exe at 19.5 percent. (Symantec)

The average time to identify a breach in 2021 was 212 days. (IBM)

The average lifecycle of a breach in 2021 was 286 days from
identification to containment. (IBM)

The likelihood that a cybercrime entity is detected and prosecuted in
the U.S. is estimated at around 0.05 percent. (World Economic Forum)

A 2021 LinkedIn data breach exposed the personal information of 700
million users or about 93 percent of all LinkedIn members.
(RestorePrivacy)

An attack on Microsoft in March 2021 affected more than 30,000
organizations in the U.S., including businesses and government
agencies. (Microsoft)

In April 2021, a two-year-old vulnerability was discovered that
exposed the personal information of more than 533 million users.
(Auth0)

Nearly 48 million people had their personal information stolen in a
2021 T-Mobile data breach. (T-Mobile)

Personal data belonging to more than 100 million Android users was
exposed in a 2021 data leak due to misconfigured cloud services.
(Check Point)

Malware increased by 358 percent in 2020. (Help Net Security)

Microsoft Office documents are the most manipulated target, with
attacks rising by 112 percent. (Help Net Security)

Only eight percent of businesses that pay ransom to hackers receive
all of their data in return. (Sophos)

48 percent of malicious email attachments are Microsoft Office files.
(Symantec)

665 percent of cybercriminal groups used spear-phishing as the primary
infection vector. (Symantec)
(https://www.trendmicro.com/vinfo/us/security/definition/spear-
phishing)

Phishing attacks account for more than 80 percent of reported security
incidents. (CSO Online)

Also as of February 2022, there are nearly 600,000 job openings in the
cybersecurity industry, meaning only 68 percent of open jobs are
filled. (Cyber Seek)

More open roles exist for systems security analysts than any other
cybersecurity profession. (Cyber Seek)

70 percent of cybersecurity professionals claim their organization is
impacted by the cybersecurity skills shortage. (ISSA & ESG)