20 Cybersecurity Statistics Manufacturers Can’t Ignore

This article was originally published on the Manufacturing Innovation Blog by NIST MEP.

Cybersecurity threats are a huge business risk for all companies. Small and medium-sized businesses (SMBs) — including manufacturers — are especially vulnerable to attacks. Small and medium-sized manufacturers (SMMs) are often seen as an easy entry point — a “soft” target — into larger businesses and government agencies. One of the first steps when prioritizing how to manage your business risk is to gather information about the threat environment. The 20 important (and shocking) cybersecurity statistics listed below focus on what manufacturers need to know about the “what” and “so what” of cybersecurity, so they can start planning their “now what” actions.

1. A recent survey shows that 10% of breached small businesses shut down in 2019. (National (opens new window) Cybersecurity Alliance (opens new window))
2. 77% of industrial companies rank cybersecurity as a major priority. (Kaspersky Labs (opens new window))
3. 32% of Managed Service Providers (MSPs) report Construction and Manufacturing most targeted by ransomware. (datto (opens new window))
4. According to a recent SBA survey, 88% of small business owners felt their business was vulnerable to a cyber attack. (SBA (opens new window))
5. Ransomware is the No. 1 threat to SMBs with 1 in 5 reporting that they have fallen victim to a ransomware attack. (Datto (opens new window))
6. From Q2 of 2019 to Q3 of 2019, the average ransomware payment increased 13% to $41,198. (Coveware (opens new window))
7. Cybercrime will cost the world $6 trillion annually by 2021. (Cybersecurity Ventures (opens new window))
8. It is predicted by 2021 a business will fall victim to a cybersecurity attack every 11 seconds. (Cybersecurity Ventures (opens new window))
9. Predictions state global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the five-year period from 2017 to 2021. (Cybersecurity Ventures (opens new window))
10. The average cost of a data breach is $3.92 million as of 2019. (Security Intelligence (opens new window)) 
11. About 20% of malicious domains are very new and used within about one week after they are registered. (Cisco (opens new window))
12. Roughly 60% of malicious domains are associated with spam campaigns. (Cisco (opens new window))
13. Microsoft Office formats such as Word, PowerPoint and Excel make up the most prevalent group of malicious file extensions at 38% of the total. (Cisco (opens new window))
14. An estimated 74% of companies have more than 1,000 stale sensitive files. (Varonis (opens new window))
15. An estimated 41% of companies have more than 1,000 sensitive files including credit card numbers and health records left unprotected. (Varonis (opens new window))
16. An estimated 21% of all files are not protected in any way. (Varonis (opens new window))
17. Data breaches exposed 4.1 billion records in the first half of 2019. (RiskBased (opens new window))
18. Among organizations that receive daily security alerts, an average of 44% of those alerts are not investigated. (Cisco (opens new window))
19. 63% of Managed Service Providers (MSPs) predict ransomware will target social media accounts. (datto (opens new window))
20. Extensive use of encryption was found to reduce the total cost of a data breach by $360,000. (SecurityIntelligence (opens new window))

There are many other statistics that capture the “what” and “so what” about why SMMs should consider instituting a cybersecurity practice. If you need help with the “now what” and are not sure where to start, check out the NIST MEP collection of cybersecurity resources for manufacturers (opens new window). If you’d like further advice customized to your business’ cybersecurity needs, reach out to your local MEP Center (opens new window) to connect with an expert from the MEP National Network^TM.

By Jennifer Kurtz, Cyber Program Director at Manufacturer’s Edge, the MEP Center in Colorado, and a representative of the MEP National Network

Manufacturing Innovation, the blog of the Manufacturing Extension Partnership (MEP) (opens new window), is a resource for manufacturers, industry experts and the public on key U.S. manufacturing topics. There are articles for those looking to dive into new strategies emerging in manufacturing as well as useful information on tools and opportunities for manufacturers.

The views presented here are those of the author and do not necessarily represent the views or policies of NIST.

If you have any questions about our blog, please contact us at mfg@nist.gov.