The cyber security landscape rapidly changing. In the last few years, businesses have seen an increasing tide of risk facing their businesses. New factors like increased digitalisation and AI bring new dangers to the field, giving cyber criminals more opportunities to target your business.
As a result of this, no business is off the cards. Even small businesses are prime targets for malicious activity. It’s never been more crucial to protect your business thoroughly.
However, being able to protect yourself means knowing the risks you’re facing and best practice for addressing it. We’ve put together 11 cyber security stats that teach us exactly what businesses are facing, alongside actionable insight to help you defend yourself.
Stat #1: Half of all businesses experiences a cyber attack last year_
According to the Cyber Security Breaches Survey 2024, published in April 2024, 50% of businesses report having experienced some form of cyber security breach or attack in the last 12 months. This is an increase on attacks reported in 2023.
This highlights that every business is susceptible to cyber crime, big or small.
The most common threats faced were phishing attempts, impersonations and malware. These are all attacks that are often unsophisticated, telling us that they are preventable with the right measures.
Due to this, every business needs to invest time into their cyber security strategy. This means implementing robust protocols that minimise the risk of basic attacks.
Stat #2: 92% of organisations report having cyber security skills gaps_
Research from Microsoft found most businesses do not have the skills gaps they need to cover their cyber security needs.
Cyber security requires significant resource, especially with thousands of threats to monitor and address every day. So, skills gaps can leave many organisations vulnerable.
Without adequate resource, businesses are unable to implement the measures they need to stay protected regularly, increasing the chances of cyber attacks being successful.
It is crucial to ensure you have enough resource to prevent cyber security falling by the wayside. If this isn’t something you have in-house (as few organisations do!), you might wish to consider outsourcing your cyber security to external experts or looking into AI tools which can automate the workload.
Stat #3: Data theft accounted for 94% of all cyber attacks worldwide in 2024_
According to new research from IBM, 94% of all cyber attacks in 2024 were driven by data theft.
If your data is stolen by cyber criminals, it leaves you susceptible to GDPR non-compliance, costly fines, loss of IP and declining customer trust. This can have a significant impact on your business.
To avoid this happening, locking down your data is crucial. This means implementing:
- Encryption: Encrypt sensitive data at rest and in transit to render it unreadable to unauthorised parties, ensuring data confidentiality
- Identity and access management (IAM): Implement strict access controls, including multi-factor authentication and role-based permissions, to limit data access to authorised personnel only.
- Firewalls: Deploy and configure firewalls to filter network traffic, blocking malicious connections and preventing unauthorised access to internal systems
- Antivirus software: Install and maintain up-to-date antivirus and anti-malware software on all devices to detect and remove threats, preventing malware infections
- Staff training: Conduct regular cyber security training to educate employees on recognising and avoiding cyber threats, fostering a security-conscious culture.
You’ll also want to conduct regular patching across business devices, utilise threat detection technology and have a comprehensive incident response plan to further minimise the risk.
Stat #4: The average cost of a data breach jumped to USD 4.88 million from USD 4.45 million in 2023_
The research from IBM found that the average cost of a data breach has spiked by 10%. This is the highest increase since the pandemic.
The jump is costs is no surprise, given businesses have more data than ever before. Simultaneously, cyber criminals can use AI and digital attack points to steal data to sell on or use for blackmail, making it a more valuable target.
A data breach is a significant cost to any business, and especially a small business. This cost doesn’t consider additional issues, such as reputational damage and loss of revenue as a consequence.
Due to this rising cost associated with data breaches and the far-reaching damage, it’s in your best interest to do everything possible to secure data.
Stat #5: 66% of digital attack paths involve insecure identity credentials_
According to Microsoft’s 2024 State of Multicloud Security Report, 66% of digital attack paths involve insecure identity credentials. This means that a vast proportion of attacks can be avoided if accounts are better secured.
Strong identity and access management is crucial. Aim to apply zero trust principles across your organisation, with a focus on assuming everyone is a threat unless they have been explicitly authenticated.
As part of this, apply permissions on a role-based nature, giving people access to what they need to do their job and no more. This makes permissions simpler to manage long-term and limits who has access to sensitive information.
When it comes to authentication, you’ll want to apply two-factor authentication across applications, adding an extra layer of security on top of usernames and passwords. This typically includes verification codes, facial recognition or authentication apps.
By applying these measures, you can reduce unauthorised users gaining entry to your business and data.
Stat #6: The average organisation uses 80 tools to manager their cyber security_
A study from Microsoft found that an average organisation uses as many as 80 different tools to manage their cyber security.
Understandably, this leads to frustrations. Costs mount as you pay multiple subscriptions, while it becomes difficult to manage across your organisation or know where to get the insight you need.
Due to this, consolidated tools which cover larger proportions of your cyber security needs are crucial. Microsoft Defender is a good example, or you can also get packages from cyber security service providers.
Even more crucially, aim to utilise tools that can be connected, bringing data together for a more agile response to threats. Tools like Copilot for Security can work across multiple solutions, unifying your approach and streamlining processes.
By consolidating and connecting tools, you can also use less of them, driving down costs and make your cyber security commitment more sustainable.
Stat #7: There has been a 2.75x year-over-year increase in human-operated ransomware-linked encounters_
Research has detected 2.75 times increase in ransomware-linked encounters, led by humans, between 2022 and 2024. These are ransomware attacks where cyber criminals actively and manually control various stages of the operation, rather than relying solely on automated malware.
These types of attacks are a targeted, sophisticated and highly damaging threat. They involve human adversaries who are skilled at evading automated defences.
Businesses must invest in advanced threat detection tools and techniques, such as endpoint detection and response (EDR) and security information and event management (SIEM) systems, to identify and respond to suspicious activity.
This enables you to detect attack patterns in advance, giving you time to co-ordinate a response and limit the damage. This should alongside other cyber security best practices, such as access management and employee training to reduce the risk of ransomware reaching your business.
Stat #8: 77% of businesses are concerned about cyber security in the AI age_
As AI has exploded, many leaders have concerns about implementing it. Over three-quarters of respondents in a recent AI survey stated that they’re worried about cyber security and data privacy.
However, in the same survey, 71% stated they believe the reward outweighs the risk.
There needs to be a happy medium for your business to thrive with AI. That means using AI to boost productivity, supported by sensible measures to counteract risk.
This includes:
- Using secure AI tools that are private to your organisation, reducing the risk of data being leaked publicly
- Classifying data and preventing AI access to your most sensitive data
- Follow robust data governance frameworks for long-term management of data in line with regulation and best practice
By balancing your AI usage with good security practices, you can focus on gaining the rewards without any negative repercussions.
Stat #9: 18% of leaders state they’ve taken no action against employee use of public AI_
Despite prevalent concerns about AI and the impact on cyber security, 18% of business leaders state they’ve done nothing to date to prevent employees using public AI tools.
These tools can inadvertently expose sensitive business data through user inputs, as these platforms often retain and utilise data for model training. Additionally, the potential for AI-generated misinformation and manipulation poses risks to brand reputation and operational security.
The reality is, most of your employees want to use AI, especially when it makes their lives easier. Outlawing it completely is not an option. However, you can encourage them to use securer tools that better lock down organisational data and ground it in business-specific context. These give them the capabilities they want from AI, without putting your business in danger.
Create internal AI policies that recommend which tools should be used and how. This will give you control over AI usage while awarding teams the freedom to explore it and generate benefits.
Stat #10: Organisations implementing the Cyber Essentials controls are 92% less likely to make a claim on their cyber insurance_
Research from insurers show that organisations implementing the Cyber Essentials controls are 92% less likely to make a claim on their cyber insurance.
Cyber Essentials is a UK government-backed certification scheme designed to help organisations protect themselves against common cyber threats. It measures you against the cyber security provisions you have in place, over five core areas.
Many of the provisions in place have been created specifically to combat common cyber threats, so it’s not a surprise incidents are less likely to happen.
On top of this, organisations with Cyber Essentials certification often benefit from lower insurance premiums. This means that, alongside keeping your protected against common security risks, Cyber Essentials can also save you money.
Stat #11: Combined SIEM and XDR speeds up threat correlation by 50%
Looking into their cyber security provision across customers, Microsoft found that combining SIEM and XDR has delivered on average, 50% faster correlation among XDR, log data, custom detections, and threat intelligence. This is all with 99% accuracy.
The main takeaway from this is that your business needs SIEM and XDR – and ideally, unified.
SIEM (Security Information and Event Management) systems aggregate and analyse security logs from various sources to detect potential threats and provide alerts. XDR (Extended Detection and Response) goes further by integrating security data across endpoints, networks, cloud, and applications, enabling automated threat detection and response across the entire security ecosystem. Unifying the two provides a holistic security view, combining comprehensive log analysis with automated, cross-platform threat detection and response, for faster and more effective incident management.
A Forrester Consulting Total Economic Impact™ study found that Microsoft 365 Defender, a SIEM and XDR solution, helped organisations reduce the number successful attacks and recover faster, with productivity gains worth $6.7 million. This shows it’s well worth investing in a combined XDR and SIEM solution.
Learn how to secure your small-medium sized business_
These cyber security stats demonstrate how the cyber security landscape is rapidly evolving, with AI, ransomware, identity issues, skills gaps and data theft posing significant challenges.
Cyber risks are also mounting, leaving businesses of all sizes at risk. Small and medium businesses are often the most vulnerable, especially when they do not have robust security practices in place.
However, cyber security doesn’t need to be a costly burden on your business. With the right tools and resource, it can become a consistent part of your operations. This minimises the effort required, while giving you peace of mind.
Our video below highlights how to build an action plan for improving your cyber security and ending the danger, once and for all.
If you want additional cyber security guidance, our team are always happy to talk.
