Top cyber security stats you need to know for 2021

Oliver Pinson-Roxburgh Headshot
Oliver Pinson-Roxburgh
CEO & Co-founder
26th November 2020

Forewarned is forearmed

Bulletproof has released its Annual Cyber Security Industry Report 2021, where we look at the security challenges facing businesses in 2021 and discover what organisations can do to stay ahead of the hackers. In this blog we highlight 4 key findings from the report and explore what they mean for business’ security in 2021 and beyond.

Many businesses are unwilling to admit the full extent of a data breach, even in anonymous polls.
Attacks Increase Graphic

What this stat really shows is that 14% of organisations don’t understand the very real risks their business will face in 2021. And with 33% of UK business admitting to losing customers after a data breach, it pays to take these risks seriously. It should be noted that the real figure will be much higher than 33%, as our experience shows that many businesses are unwilling to admit the full extent of a data breach, even in anonymous polls.

Hackers never stand still, and as we’ve seen in previous years, cyber threats will continue to increase in 2021 as technology naturally evolves. But there are additional challenges to factor in. The technological advances implemented in 2020 have provided boosts to remote working and productivity, but they’ve also introduced new vulnerabilities for hackers to exploit.

There’s also the human element to consider, as new technology and new ways of working introduce uncertainty and doubt into people’s security knowledge. Security awareness has already come on leaps and bounds in the past 5 years or so thanks to high-profile breaches, security vulnerabilities as their own brands (think Heartbleed, etc), and increased compliance – most notably the GDPR and Cyber Essentials. The 2020 refresh of Cyber Essentials has made the scheme more accessible, which should not only help raise awareness, but also help raise the bar of cyber security across the board. That doesn’t mean, however, that the battle is over. Getting cyber security spending on the agenda for people, processes and technology is an on-going struggle – something which we’ve talked about before.

Threat Intel Graphic

As ever, the threat landscape never stands still – cyber security is an arms race of sorts, as proven by the fact that only 1.5% of malicious IPs we detected were in the top commercial and open-source threat intel feeds. Cyber criminals pivot around different IP addresses as new hacked machines become available for them to launch attacks from. Whilst commercial threat intel feeds remain a useful resource, it shows that they can’t be relied upon on their own. The solution for businesses looking to proactively block attacks and /or have helpful oversight of the threat landscape is to find a trusted security partner and build a collaborative working relationship. For example, Bulletproof has set up a large honeypot network that allows us to get real-world intelligence on the tools and methods hackers are using in the wild, which we use to enhance our MDR service, managed SIEM.

The use of default credentials is a theme that is sadly ever-present: organisations aren’t getting the basics right.
Default Credentials Graphic

This alarming stat shows one thing: hackers continue to try these attacks because they continue to work for them. The use of default credentials is a theme that is sadly ever-present: organisations aren’t getting the basics right. The lack of simple – and I do mean simple – best practices like changing default credentials shows that it’s the fundamental basics that aren’t being met. This leaves an open door in your business for even the most casual, opportunistic hacker. Schemes like Cyber Essentials and more rigorous certification such as ISO 27001 can help – but compliance is only truly useful when you’re, well, compliant.

Critical Vulnerabilities Graphic

Our data shows that nearly 1 in 3 critical flaws found during penetration testing are down to outdated components. That’s down from being around 1 in 2 last year. So why the drop? Increased cloud adoption and homogenisation of underlying web technologies are the primary drivers behind this trend – something we cover in more detail in our 2021 annual report.

The fact that 1 in 3 critical vulnerabilities are still down to outdated components also paints another picture: one that’s a recurring theme right across the board, from our penetration testing engagements, to our Cyber Essentials compliance audits, to our MDR service managed SIEM. And that is a lack of patching. Software and hardware vendors regularly release patches – fixes for security flaws that are inherent and, so it seems, unavoidable in all modern technology. Yet thanks to a combination of lack of process, lack of resources and lack of awareness, patching is still hard for any organisation to get right. And in a world where an unpatched Adobe product is just as critical as unpatched Windows OS, this makes for varied opportunities for cyber criminals.

Summary card header

Be prepared

These stats point to a very clear instruction for staying secure in 2021: be prepared. Cyber attacks are only ever going to increase. The more you prepare, the easier it will be when (and it is a when, not an if) you’re attacked.

  • Pen test regularly

    Carry out full penetration tests at least annually, and run vulnerability scans every month

  • Follow industry best practices

    There’s no excuse for not getting the basics right – they’re best practices for a reason

  • Lean on a trusted security partner

    Work collaboratively and leverage their experience to help you get maximum security for minimum cost

  • Don’t treat compliance as a tick-box exercise

    Make compliance standards work for you by embedding security as a culture within the business

Stats as cited in the Bulletproof Annual Cyber Security Industry Report 2021
Oliver Pinson-Roxburgh Headshot

Meet the author

Oliver Pinson-Roxburgh CEO & Co-founder

Information security wizard, evangelist, and guru – not to mention co-founder of Bulletproof. Oli’s always sharing deeply interesting and insightful things on this blog and on his LinkedIn. With many years’ of experience in understanding information security and innovation, Oli’s blogs are always a highlight.

10 Steps to Cyber Security

Find out how to secure your business in 10 steps with our free best practice infographic.

Download now

Related resources

Trusted cyber security & compliance services from a certified provider

Get a quote today

If you are interested in our services, get a free, no obligation quote today by filling out the form below.

(1,500 characters limit)

For more information about how we collect, process and retain your personal data, please see our privacy policy.