The information security industry generates so many statistics about cybersecurity threats you may have tuned them out. Many alarming claims are based on outdated data, taken out of context, or simply wrong. For example, 60% of small businesses do not fail within six months of falling victim to a cyberattack. Nevertheless, this widely misreported statistic from 2011 appeared in a Congressional hearing for the US Small Business Administration in 2023.
On the other hand, the Hiscox Cyber Readiness Report (2022) found that cyberattacks had almost bankrupted 20% of the 5,000+ businesses it surveyed across eight countries:
- The number of respondents laying off staff following an attack doubled – from 5% to 11%.
- One in five firms paid a substantial fine to a government agency, nearly twice as many as in 2022.
- 21% said the impact of a cyberattack was enough to threaten their solvency — an increase of 24% from 2022.
That’s a good source with good data presented in a meaningful context.
Where do our security statistics come from?
We do a lot of work at SolidWP to get our heads around the best sources of cybersecurity intelligence. We’ll always verify our security claims and data. Our products are valuable to people who build websites and work with WordPress because they address real threats.
Mark Twain said there are “lies, damned lies, and statistics.” In the information security industry, statistics are often sensational misinformation.
How many websites get hacked every day, on average? James Lyne, the former Global Head of Security Research at Sophos, is commonly cited for an answer to this question. It’s an old source, but it set a useful benchmark. “Hacked websites,” in Lyne’s research, meant those that became tools for spam and phishing by cybercriminals. This is a common fate for unmaintained WordPress installs. 30,000 continues to be cited as a ballpark estimate absent more recent data. It’s probably a much higher figure now.
Sources of Security Research
In recent years, many sources have reported about half (40-60%) of all cyberattacks target small to mid-sized businesses (SMBs). Smart, targeted phishing, pretexting, and spearphishing attacks are trending against key staff and leaders in smaller companies. Verizon’s annual Data Breach Investigations report is the best current source on this trend, but there are others:
- Half of all Canadian small businesses experienced cyberattacks in 2022. (CFIB)
- 46% of all cyber breaches impacted businesses with fewer than 1,000 employees in 2020. (Verizon)
- 61% of SMBs were the target of a Cyberattack in 2021. (Verizon)
- More than half of American SMBs experienced cyberattacks in 2022. (Verizon)
- 82% of ransomware attacks in 2021 targeted companies with fewer than 1,000 employees, and 37% of companies hit by ransomware had fewer than 100 employees. (Coveware)
- From a 2021 report: “Small businesses are hit by 62 percent of all cyberattacks, about 4000 per day.” (Cisco)
- 43% of cyberattacks are aimed at small businesses, but only 14% are prepared to defend themselves. (Accenture and Ponemon Cybercrime Studies)
Check Point Software Technologies released a report on cyberattack trends in 2022, showing a global increase of 38%. They also broke that data down to a 57% increase in the US, +77% in the UK, and +26% in Singapore. Average weekly attacks were highest in Africa, followed by Asia Pacific and Latin America. Those are helpful breakdowns that show how different contexts (in this case, geography) can vary greatly in their security data.
What about WordPress?
Numerous security research companies, like our partners at Patchstack, track the vulnerabilities emerging in the WordPress software ecosystem. Depending on the database you consult, there were 1,500-2,000 WordPress vulnerabilities in 2021 and 2022. The vast majority were in plugins. We’re already past 4,000 new vulnerabilities for 2023.
It’s not all bad news, though.
We want to emphasize not just the threats and risks but also the best solutions so our customers, subscribers, and Solid Academy community members can have the highest confidence that their sites and their clients’ sites are secure.
Solid security offers virtual patching in our firewall, user management tools that allow you to create and enforce group security policies, and strong forms of authentication like passkeys or 2FA. Used properly, these tools will reduce the risk of a WordPress site being hacked as close to zero as possible.
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed
