As the world adjusts to a new normal, the cybersecurity landscape continues to evolve. New vulnerabilities and threats have opened up new doors for hackers, with the number of cyberattacks per year jumping 31% from 2020 to 2021. How businesses responded in 2021 made a big difference in their ability to withstand threats.

Let’s look at what we discovered in the last year with some cybersecurity statistics for 2022.

The Cost of Cybercrime

Cyberattacks are costly for businesses of all sizes. In 2021, the cost of a breach rose to $4.24 million, the highest it’s been in the last 17 years. That price is only going up — Cybersecurity Ventures expects the cost of global cybercrime to grow by 15% between 2020 and 2025. It also anticipates a global cost of $10.5 trillion by the end of that period.

While a breach’s financial impact is one of the most notable cybersecurity issues, there are many other problems associated with data breaches, including:

  • Reputational damage: Some companies that have experienced breaches have their names permanently dragged through the mud. Businesses’ biggest cyberattack concern in 2021 was a damaged reputation. 78% of companies said they were concerned about the reputational impact on the organization. 
  • Business disruptions: Supply chain disruption was another top concern for 49% of businesses. Other operations can also experience slowdowns during a data breach, which is especially troubling for essential organizations in the military, medical or energy industries. Almost 40% of a breach’s cost comes from lost business. The average time to identify and contain a breach in 2021 was 287 days, and faster responses delivered a significant 30% cost savings.
  • Loss of trade secrets: While finances and personal data are common targets for cyberattacks, so is proprietary business information. Almost a third of businesses cited proprietary trade secrets as a cyberattack concern. Companies can lose these trade secrets in the crossfire or through corporate espionage.

How Often Do Cyberattacks Occur in 2022?

It’s safe to assume that cyberattacks are always underway. Looking at cyberattack statistics by year, we see that the number of attacks has increased, up about 30% since 2020. With different ways of measuring cyberthreats, it can be tough to determine how many cyberattacks happen daily in 2022, but here are a few statistics that point us in the right direction:

  • A 2021 study showed that four in ten businesses reported cybersecurity breaches or attacks in the prior 12 months.
  • Ransomware alone has seen a significant spike in frequency in just the last five years. In 2016, estimates pointed to a ransomware attack on a business every 40 seconds. In 2019, that number jumped to every 14 seconds and in 2021, every 11 seconds.

How Many Data Breaches Have Happened in 2022?

Again, measuring the total number of data breaches can be challenging since many go unreported. Still, one study found 95 security incidents reported in January 2022 alone, compromising almost 66 million records.

cyber attacksCommon Cybercrime Attacks

Cybercrime attacks can come in many forms, but some of the most common ones are:

  • Malware: Malware is any malicious software that takes action on a device. Ransomware is a particularly destructive type of malware. It caused an estimated $20 billion in damages in 2021, 57 times more than just six years previously in 2015. Ransomware is also effective, with just 13% of organizations saying they experienced an attack or breach and did not pay a ransom.
  • Phishing: Phishing is one of the most prevalent cyberthreats out there. Phishing and its many variations made up most cybercrime attacks in 2020, with a massive spike from the previous year. Hackers most commonly target credentials in phishing attempts, seeking access to entire systems and datasets. Stolen credentials were the method of entry in 43% of ransomware attacks in 2021, and phishing emails accounted for a whopping 65% of the thefts.
  • Distributed denial of service (DDoS): DDoS attacks disrupt an organization’s traffic by overwhelming it with fake requests from compromised networks called botnets. Real users can’t access the network, bringing operations to a halt. The number of DDoS attacks reached record numbers in 2021, delivering 5.4 million attacks in one hour — an 11% increase from 2020.

Keep in mind that not all cyberthreats are cybercrimes. About 17% of breach incidents come from error actions, like miscellaneous misconfigurations, losses and oversights. Malicious insiders can also use their privilege to cause damage, as they did in about 70% of misuse breaches. Cybersecurity strategies must consider malicious and non-malicious threats alike and consider all angles of attack.

Small Businesses

Many small- and medium-sized businesses (SMBs) think they’re too small to be a target. Unfortunately, they make great targets because they can be particularly vulnerable to cyberthreats. They often lack the robust infrastructure that larger organizations have and may not withstand the effects of a cyberattack as easily. The cost of a breach has spiked a whopping 30% from 2021, making it more challenging for small businesses to deal with them.

Here are some small business cybersecurity statistics that tell us more about the threat landscape for SMBs:

  • Top patterns: Three patterns made up 80% of all SMB breaches — system intrusion, miscellaneous errors and basic web application attacks.
  • Data compromised: Hackers most often target SMBs’ credentials and personal data. SMB reported these as compromised in 44% and 39% of breaches, respectively. “Other” data is also involved in 34% of breaches and medical data in 17%.
  • Threat actors and motives: SMBs face more internal threats than large businesses, with external actors involved in 57% of breaches and internal actors in 44%. Financial motives were the driving factor in 93% of breaches. Espionage, the second most common motive, accounted for only 3%.

These numbers point to the importance of a strong cybersecurity environment for SMBs. They’re targets almost as often as large businesses are, with significant consequences for a breach. In 2021, the average cost of a breach for an organization with fewer than 500 employees was almost $3 million, the highest it’s been in several years.


The healthcare industry manages highly protected personal health information (PHI) and has critical operations that must stay running at all costs, making it a prime target for hackers. In the first month of 2022, hacking accounted for 96% of breached healthcare records. Ransomware was the source of five of the top 10 largest breaches. Across all industries, medical data was the second-most targeted type of data. It was involved in 43% of breaches, second only to personal data at 80%.

These breaches aren’t cheap, either. For the eleventh year in a row, the healthcare industry took the top spot for the highest cost of a breach — $9.23 million, to be exact, a nearly 30% jump from 2020. Cybersecurity Ventures estimates that the healthcare industry will spend $125 billion on cybersecurity by 2025. 

Below are some healthcare cybersecurity stats about the threat environment:

  • Top patterns: Errors such as misdelivery and misconfiguration are the top sources of data breaches for healthcare businesses. Other concerns include basic web application attacks and system intrusion. These three patterns made up 86% of breaches in 2021.
  • Compromised data: Unsurprisingly, medical data was a target in 55% of breaches. Personal data and credentials were the targets of 66% and 32% of breaches, respectively.
  • Actors and motives: Internal threats were a significant problem for the healthcare industry, which saw them in 40% of breaches versus the overall average of 17%. Financial gain inspired both external and internal threat actors in 91% of breaches where a motive was discernible. Other goals included “fun” and espionage.



Phishing and social engineering are the top cyberthreats in government. Phishing was responsible for virtually all social engineering breaches in this sector, illustrating the need for better access control and training. 

Miscellaneous errors and system intrusion are also common problems. 83% of threat actors came from outside the company. 80% of breaches involved compromised credentials, followed by personal data at 18%.

While data breaches in the public sector are some of the least expensive at $1.93 million, the average cost jumped almost 80% between 2020 and 2021. Despite lower costs, government is one of the most attacked industries, offering valuable PII in a data breach.


Like healthcare, the finance sector faces demands for regulation and securing highly sensitive data. Finance companies tend to be tech-heavy, with significant monetary gains for successful breaches, so these companies face a unique landscape of risk. In 2021, finance set a new record for the number of credential abuse attacks and saw a 110% year-over-year increase in DDoS attacks. Like many others, the biggest risk for this industry lies in phishing attempts, which 51% of finance businesses named their greatest threat.

With so much at stake, the finance industry is second only to healthcare in the average cost of a breach. In 2021, the typical breach cost a financial company $5.72 million. As you might expect, personal data was the most commonly compromised type of data, reported in 83% of breaches. Bank data and credentials were also common targets.

Although external actors were the most significant threat, miscellaneous errors like misdelivery were also a common internal problem. External actors typically turn to credentials, phishing and ransomware.

Retail and E-commerce

In 2020, the top four Google terms for the search “is ___ safe?” involved online purchasing. The retail and e-commerce spheres have also faced significant changes in 2021. They see threats from all angles, most notably system intrusion and social engineering. Along with basic web application attacks, these threats make up 77% of all retail breaches.

Almost all of the threats to retail and e-commerce businesses are financially motivated. They tend to target payment information, personal data and credentials, involved in 42%, 41% and 33% of breaches, respectively. 

System intrusion is the top method for these breaches. Interestingly enough, pretexting is the most common social engineering method in retail. Pretexting sets up a scenario, such as confirming one’s identity, to convince the victim to give out information that they typically wouldn’t release outside of the concocted scenario.

The silver lining for retail and e-commerce is that their breaches aren’t as costly as they are for some other industries. However, the number is rising significantly. While the average cost of a breach in 2021 was $3.27 million, one of the lowest on the list, that number is 63% higher than it was in 2020.


Is Cybersecurity Increasing?

Fortunately, businesses of all types have options for mitigating cybersecurity threats. Cybersecurity is increasing for many companies, with 82% of businesses increasing their IT security budgets. 

If a hacker has a successful phishing attempt, identity tools like single sign-on (SSO) and multifactor authentication (MFA) from the OptimalCloud can prevent them from ever accessing your system. Access controls can mitigate their reach if they manage to get in since they can only access certain parts of the system. These controls also prevent malicious employees from getting very far in their quests to cause damage.

What You Can Do

Two effective strategies include securing your cloud platform and implementing robust identity and access management:

  • Secure cloud platforms: Securely configuring your cloud platform creates a necessary reliable backdrop for your IT environment. Outside of social engineering, basic web application attacks and system intrusion were the top patterns in breaches. Thankfully, most DoS attacks are relatively mild and preventable with basic protections. A secure cloud platform can offer protection for these threats while providing the competitive benefits of the cloud.
  • Identity and access management: Even the best-laid system needs safeguards to prevent the damage that comes with unauthorized access and privilege misuse. Time and again, we see that phishing and social engineering are the most common types of cyberattack. Access and identity controls are a top recommendation for all industries we discussed. They can ensure that those working with company data are who they say they are while allowing users to access only the parts of the system they need to do their jobs.

Staying Ahead of the Curve With Optimal IdM

If these 2022 cybersecurity statistics have taught us anything, it’s that businesses need to take cyberthreats seriously. With social engineering hotter than ever and malware tearing through every industry, your cloud platform and its security tools play a large role in how much damage hackers can do.

The OptimalCloud offers affordable and scalable identity and access management with a wide range of security tools like SSO and MFA. With secure authentication for mobile devices and over 11,000 app integrations, the OptimalCloud works with nearly any system you have in place. It all comes at a flat, predictable monthly fee and includes extensive customization.

See the OptimalCloud in action and try it for free, or reach out to us to learn more!


  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.

Pin It on Pinterest