Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
A turbulent decade is now behind us. In the last ten years, hackers attempted to break into business networks every 39 seconds1. Global spending on cyber security has rocketed up from $3.5 billion in 2004 to a staggering $120 billion in 2017. This is not going to go down, with an estimated $170.4 billion expected to be the figure by 2022.
With this rise in spend, it’s safe to say we’re all cyber secure and those hackers haven’t had any luck in years. Except throughout the decade roughly four billion records were stolen and there were approximately 10.52 billion malware attacks2 recorded in 2018 alone. So, maybe not. The fact is, businesses are as vulnerable as ever, and getting the right security strategy in place is still a challenge with numerous shifting factors. With this in mind, here are 15 top cyber security statistics to consider as we take our first tentative steps into an uncharted decade.
Throughout the year, we have conducted hundreds of penetration tests. 20% of all tests contained a critical to high flaw. We define a critical issue as a flaw which poses an immediate and direct risk to a business. Having a critical flaw in an app or network will leave you vulnerable to a costly, reputation damaging data breach. Among these, default or poor passwords, as well as access control issues make up a large portion with outdated software being the worst offender.
Best practices dictate that businesses have an effective update schedule in place. With 50% of all critical and high rated flaws found in our tests relating to out-of-date components or software, it’s clear that a lot of companies are not sticking to best practices. Whilst there are some rare instances where out-of-date components are deliberately left unpatched, on the whole it comes down to oversight, negligence and lack of resources. If you have outdated software in play, it’ll be found and exploited.
A hacker with enough time and resources can decrypt traffic that has been encrypted with outdated cryptography. This can be particularly dangerous if customers are inputting sensitive information. If working to best practices, the most recent cryptography will be used by default.
GDPR proved to be the biggest shake up in data protection law in years and this has had an impact on the number of data protection officers working across Europe with a recent figure being quoted as high as 500,000.
Our honeypot investigations have shown that public facing services are discovered in as little as 32ms, demonstrating that everything is a target the moment it goes live. This busts the widely held myth that a company can be ‘too small to be a target.’
The vast majority of businesses are underprepared to deal with cyber security issues, with 74% admitting that they don’t have the right staff to deal with a security event. Even if protected by the best technology, without knowledgeable people to take action on events, businesses are left vulnerable to attack.
Interested to learn more behind these cyber security stats? Get your copy of the Bulletproof Annual Cyber Security Industry Report 2020.
Download the report
Our analysts, armed with our managed SIEM platform, recorded thousands of events throughout the year that required investigation. 53% of which involved user activity. Users are the biggest weakness to cyber security, able to undo all security controls. This can involve compromised user accounts, users accessing what they should not, user accounts being used as service accounts, accounts with administrator privileges when they should not have etc.
A sharp jump from previous quarters, attacks in Q3 of 2019 rose by 243%, showing the threat landscape is as volatile as ever. Companies should never get complacent, attacks come in thick and fast from everywhere.
Dwell time, the time it takes for a business to become aware of a breach, sits between 43 and 895 days for SMBs. This is a wide range hinting at a variety of different security strategies. The longer it takes to discover a breach, the more time a hacker has to gather information and profit from their exploits.
Whilst it shared similar percentages with other industries (even tying with the automotive industry), education contained the most critical risks throughout Bulletproof’s penetration tests in 2019.
£96.3 billion is a lot of money, which means cyber security is a big business. As threats continue to evolve, this figure is likely to grow even further. This is a 141% increase from 2010.
According to our penetration testers, most outdated software relates to Microsoft patches. As these can often come about to patch glaring security holes, not installing them can be dangerous.
For a mid-sized company, a successful phishing attack could cost up to £1.3 million. For these sorts of companies, that can equate to a large portion of a company’s annual turnover, which makes for an uncertain future.
Whilst what constitutes a data breach can vary in severity, this is an alarming statistic. 88% of companies include big, small and medium sized companies, all of whom will have different levels of security in place. No one is safe.
Losing customers further adds to the cost of a data breach. Reputational damage can be the hardest to recover from, particularly if you lose financial or other important data belonging to your customers.
Things don’t look like they’ll be getting any better on the security front in the coming years. If anything, the stats show that there’s no predicting what will come next. Companies have a responsibility to protect their customer data, and failing to do so could cost a lot of money. As we progress into 2020, it’s more important than ever to invest in cyber security or you’re likely to be among next year’s stats.
Joseph is a Communications Executive and Security Blogger who has contributed articles covering a range of topics including staying ahead of cyber threats.
Find out how to secure your business in 10 steps with our free best practice infographic.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.