October happens to by Cybersecurity Awareness Month – granted you should care about the safety and security of your personal and business information well beyond the 31 days during this tenth month of the year. But here we are, and there’s no better time than now to either refresh or get started on your cybersecurity strategy.

The added attention on the topic is warranted nonetheless. Cybersecurity is often looked at in the same light as, say, insurance or an extended warranty plan – one of those things that you get just in case or review every once in a while. In actuality, though, cybersecurity is something that business ought to take extremely seriously and have tools in place that act as a preventative measure, not just for when a breach actually occurs.

We’ve hit on some of the astounding statistical points around this space in the past, but it’s worth reiterating and even updating retailers on just how impactful a cybersecurity event can be on a business, and they serve as a great reminder that it’s not just the large companies out there that are at risk.

With that in mind, here’s a look at some remarkable facts about the cybersecurity sector.

Cyberattacks Caused Over $12.5 Billion in Damages in the U.S. in 2023

The cyberattack market is growing at an astounding rate. Last year, businesses suffered an estimated $12.5 billion in damages related to cyberattacks. That was up more than $2 billion from the year prior, and up over $11 billion from 2017, according to the 2023 IC3 Annual Report. Going back to the turn of the century, the market was worth barely $18 million.

The incredible trajectory of the value of cyberattacks can almost be directly correlated to the pandemic and the increasing popularity of remote work, which, in turn, resulted in more people using their personal devices for professional purposes – not to mention their home networks or those of the local coffee shop.

The Average Cost of a Data Breach in 2024 is $9.36 Million

Along with the increase of the total market for cyberattacks, the average cost of a single breach has gone up over the past decade-plus. According to the July 2024 Cost of Data Breach Report from IBM, a business can expect to be out around $9.36 million for a single cyber event in 2024, down slightly from last year’s all-time high of $9.48 million, but still a significant chunk of change – probably enough to put many small businesses out of business if they were to be the target.

Phishing Attempts are the Most Frequently Used Methods of Entry

When one typically thinks of a cyberattack, the common thought is a hacker behind a desk that happens to install some sort of virus on a computer. And while that is still a viable threat today, it’s not the most commonly used method of entry into your business. It’s those pesky phishing attempts that really do most businesses in today.

Phishing can take on many different forms, but in its simplest definition, it’s the attempt to get a person to provide information or access through fraudulent means, i.e. pretending to be someone you’re not. There’s standard phishing, which includes fake emails or messages. But, with advances in technology, there’ve also been advances in the types of phishing attacks. Consider:

• Bulk phishing: fake message from a known sender that gets delivered to a wide list of individuals in the hopes that one person gets fooled
• Smishing: fake text messages that purport to be from someone in your company
• Vishing: fake voice mails or phone calls from people in your company or a financial partner
• Spear phishing: fake messages of any kind that are disguised to come from a known source
• TOAD Call-back phishing: Telephone-Oriented Attack Delivery, or TOAD attacks use what appear to be legitimate numbers.

All told, U.S. businesses faced some 298,878 phishing attempts in 2023, down half-a-percent from the year prior, but still more than 10-times the amount of attempts faces in 2018, and nearly three-times as many as 2019.

Whatever the type of phishing attempt, at the end of the day they’re all designed to try to trick the target into divulging sensitive or important information that can then be used to gain access to the company’s data, their personal financial information, etc.

What all of those types of phishing also have in common is that they were among the most-used methods of attack experienced by companies across the globe over the past three years, according to the State of Phishing report from Proofpoint.

So, we again remind you that there’s no better time than right now to ensure your cybersecurity strategy is well in place. Update whatever software you use to the latest versions. Train employees to spot those phishing attempts. Have the proper spyware in place to identify and isolate potential threats. Take all the steps necessary to protect your company and your data!