Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Keiran Mather
Bulletproof red team demonstrate a novel approach to evade static analysis in Linux malware.
Read More
A turbulent decade is now behind us. In the last ten years, hackers attempted to break into business networks every 39 seconds1. Global spending on cyber security has rocketed up from $3.5 billion in 2004 to a staggering $120 billion in 2017. This is not going to go down, with an estimated $170.4 billion expected to be the figure by 2022.
With this rise in spend, it’s safe to say we’re all cyber secure and those hackers haven’t had any luck in years. Except throughout the decade roughly four billion records were stolen and there were approximately 10.52 billion malware attacks2 recorded in 2018 alone. So, maybe not. The fact is, businesses are as vulnerable as ever, and getting the right security strategy in place is still a challenge with numerous shifting factors. With this in mind, here are 15 top cyber security statistics to consider as we take our first tentative steps into an uncharted decade.
Throughout the year, we have conducted hundreds of penetration tests. 20% of all tests contained a critical to high flaw. We define a critical issue as a flaw which poses an immediate and direct risk to a business. Having a critical flaw in an app or network will leave you vulnerable to a costly, reputation damaging data breach. Among these, default or poor passwords, as well as access control issues make up a large portion with outdated software being the worst offender.
Best practices dictate that businesses have an effective update schedule in place. With 50% of all critical and high rated flaws found in our tests relating to out-of-date components or software, it’s clear that a lot of companies are not sticking to best practices. Whilst there are some rare instances where out-of-date components are deliberately left unpatched, on the whole it comes down to oversight, negligence and lack of resources. If you have outdated software in play, it’ll be found and exploited.
A hacker with enough time and resources can decrypt traffic that has been encrypted with outdated cryptography. This can be particularly dangerous if customers are inputting sensitive information. If working to best practices, the most recent cryptography will be used by default.
GDPR proved to be the biggest shake up in data protection law in years and this has had an impact on the number of data protection officers working across Europe with a recent figure being quoted as high as 500,000.
Our honeypot investigations have shown that public facing services are discovered in as little as 32ms, demonstrating that everything is a target the moment it goes live. This busts the widely held myth that a company can be ‘too small to be a target.’
The vast majority of businesses are underprepared to deal with cyber security issues, with 74% admitting that they don’t have the right staff to deal with a security event. Even if protected by the best technology, without knowledgeable people to take action on events, businesses are left vulnerable to attack.
Interested to learn more behind these cyber security stats? Get your copy of the Bulletproof Annual Cyber Security Industry Report 2020.
Download the report
Our analysts, armed with our managed SIEM platform, recorded thousands of events throughout the year that required investigation. 53% of which involved user activity. Users are the biggest weakness to cyber security, able to undo all security controls. This can involve compromised user accounts, users accessing what they should not, user accounts being used as service accounts, accounts with administrator privileges when they should not have etc.
A sharp jump from previous quarters, attacks in Q3 of 2019 rose by 243%, showing the threat landscape is as volatile as ever. Companies should never get complacent, attacks come in thick and fast from everywhere.
Dwell time, the time it takes for a business to become aware of a breach, sits between 43 and 895 days for SMBs. This is a wide range hinting at a variety of different security strategies. The longer it takes to discover a breach, the more time a hacker has to gather information and profit from their exploits.
Whilst it shared similar percentages with other industries (even tying with the automotive industry), education contained the most critical risks throughout Bulletproof’s penetration tests in 2019.
£96.3 billion is a lot of money, which means cyber security is a big business. As threats continue to evolve, this figure is likely to grow even further. This is a 141% increase from 2010.
According to our penetration testers, most outdated software relates to Microsoft patches. As these can often come about to patch glaring security holes, not installing them can be dangerous.
For a mid-sized company, a successful phishing attack could cost up to £1.3 million. For these sorts of companies, that can equate to a large portion of a company’s annual turnover, which makes for an uncertain future.
Whilst what constitutes a data breach can vary in severity, this is an alarming statistic. 88% of companies include big, small and medium sized companies, all of whom will have different levels of security in place. No one is safe.
Losing customers further adds to the cost of a data breach. Reputational damage can be the hardest to recover from, particularly if you lose financial or other important data belonging to your customers.
Things don’t look like they’ll be getting any better on the security front in the coming years. If anything, the stats show that there’s no predicting what will come next. Companies have a responsibility to protect their customer data, and failing to do so could cost a lot of money. As we progress into 2020, it’s more important than ever to invest in cyber security or you’re likely to be among next year’s stats.
Joseph is a Communications Executive and Security Blogger who has contributed articles covering a range of topics including staying ahead of cyber threats.
Find out how to secure your business in 10 steps with our free best practice infographic.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.