This article was originally published on the Manufacturing Innovation Blog by NIST MEP.
Cybersecurity threats are a huge business risk for all companies. Small and medium-sized businesses (SMBs) — including manufacturers — are especially vulnerable to attacks. Small and medium-sized manufacturers (SMMs) are often seen as an easy entry point — a “soft” target — into larger businesses and government agencies. One of the first steps when prioritizing how to manage your business risk is to gather information about the threat environment. The 20 important (and shocking) cybersecurity statistics listed below focus on what manufacturers need to know about the “what” and “so what” of cybersecurity, so they can start planning their “now what” actions.
- A recent survey shows that 10% of breached small businesses shut down in 2019. (National Cybersecurity Alliance)
- 77% of industrial companies rank cybersecurity as a major priority. (Kaspersky Labs)
- 32% of Managed Service Providers (MSPs) report Construction and Manufacturing most targeted by ransomware. (datto)
- According to a recent SBA survey, 88% of small business owners felt their business was vulnerable to a cyber attack. (SBA)
- Ransomware is the No. 1 threat to SMBs with 1 in 5 reporting that they have fallen victim to a ransomware attack. (Datto)
- From Q2 of 2019 to Q3 of 2019, the average ransomware payment increased 13% to $41,198. (Coveware)
- Cybercrime will cost the world $6 trillion annually by 2021. (Cybersecurity Ventures)
- It is predicted by 2021 a business will fall victim to a cybersecurity attack every 11 seconds. (Cybersecurity Ventures)
- Predictions state global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the five-year period from 2017 to 2021. (Cybersecurity Ventures)
- The average cost of a data breach is $3.92 million as of 2019. (Security Intelligence)
- About 20% of malicious domains are very new and used within about one week after they are registered. (Cisco)
- Roughly 60% of malicious domains are associated with spam campaigns. (Cisco)
- Microsoft Office formats such as Word, PowerPoint and Excel make up the most prevalent group of malicious file extensions at 38% of the total. (Cisco)
- An estimated 74% of companies have more than 1,000 stale sensitive files. (Varonis)
- An estimated 41% of companies have more than 1,000 sensitive files including credit card numbers and health records left unprotected. (Varonis)
- An estimated 21% of all files are not protected in any way. (Varonis)
- Data breaches exposed 4.1 billion records in the first half of 2019. (RiskBased)
- Among organizations that receive daily security alerts, an average of 44% of those alerts are not investigated. (Cisco)
- 63% of Managed Service Providers (MSPs) predict ransomware will target social media accounts. (datto)
- Extensive use of encryption was found to reduce the total cost of a data breach by $360,000. (SecurityIntelligence)
There are many other statistics that capture the “what” and “so what” about why SMMs should consider instituting a cybersecurity practice. If you need help with the “now what” and are not sure where to start, check out the NIST MEP collection of cybersecurity resources for manufacturers. If you’d like further advice customized to your business’ cybersecurity needs, reach out to your local MEP Center to connect with an expert from the MEP National NetworkTM.
By Jennifer Kurtz, Cyber Program Director at Manufacturer’s Edge, the MEP Center in Colorado, and a representative of the MEP National Network
Manufacturing Innovation, the blog of the Manufacturing Extension Partnership (MEP), is a resource for manufacturers, industry experts and the public on key U.S. manufacturing topics. There are articles for those looking to dive into new strategies emerging in manufacturing as well as useful information on tools and opportunities for manufacturers.
The views presented here are those of the author and do not necessarily represent the views or policies of NIST.
If you have any questions about our blog, please contact us at firstname.lastname@example.org.