23 Cybersecurity Facts and Figures

You’ve probably heard a lot about the mounting threat of cyberattacks and the need for government organizations to safeguard their information environment against them. Recent events like the USIS breach only amplify anxiety over cybersecurity. But is all this hype really merited? You may be questioning whether the threat of cybersecurity is overinflated or fleeting. Well, we’re here to tell you it’s not.

How often is the U.S. government threatened by cyberattacks? What’s the impact of a government cyberattack? How much will the U.S. invest in cybersecurity? Check out our 23 facts and figures on cybersecurity to find out:

The Lay of the Cybersecurity Land

• 46,605 breaches of federal computer networks occurred in 2013, according to the S. Computer Emergency Readiness Team (US-CERT)
• 228,700 cyberincidents involving federal agencies, companies that run critical infrastructure like nuclear power plants, dams and transit systems, and contract partners occurred in 2013, also according to US-CERT
• 61% of experts in technology and policy predict a major cyberattack causing widespread harm will occur by 2025, according to a Pew Research Center report
• 37% of cyber intrusions aren’t detected by civilian agencies, according to testing reported in 2013 by the White House Office of Management and Budget (OMB)
• ~%50 of federal cyberincidents since 2010 were caused by federal employees or contractors, according to a Associated Press analysis of records
• 21% of federal breaches in 2013 originated from government workers who violated policies, according to an annual White House cybersecurity review

The Impact of Breaches

• $194 is the average cost per lost or breached record for government agencies, according to the Ponemon Institute’s 2011 findings.
• $445 billion is lost annually to cybercrime and espionage across the entire world economy, according to the Center for Strategic and International Studies
• 87 million sensitive or private records have been exposed through breaches of federal networks since 2006, according to the nonprofit Privacy Rights Clearinghouse
• 182,000 beneficiaries of Medicaid and the Children´s Health Insurance Program had their personal information stolen, and about 25,000 Social Security numbers were compromised in a 2012 breach of the Utah Department of Health
• 50 million people in North America were without power for as long as four days after an August 2003 cyberattack on the electrical grid, according to a study by the U.S. and Canadian governments
• 800,000 employees had their personal information exposed in a 2014 hack of the United States Postal Service system
• 6 million social security numbers were exposed in a 2012 data breach of South Carolina’s Department of Revenue
• 25,000 employee records were compromised in an attack on a firm that performs background checks for the U.S. government in 2014
• 0 personal records were exposed in the widely discussed summer 2014 breach of HealthCare.gov
• Between 104,000 and 150,000 individuals associated with the Department of Energy had their information stolen by the hacker group Anonymous by July 2013

The Battle for Security

• $65 billion is expected to be spent on U.S. cybersecurity contracts between 2015 and 2020, according to federal budget projections
• $23 million in DoD funds are already committed to cybersecurity efforts through fiscal year 2018
• $2 million is up for grabs in DARPA’s Cyber Grand Challenge, which is designed to accelerate development of automated security systems
• 133 teams comprising 6,000 people will staff the U.S. Cyber Command by 2016, according to the Department of Defense
• 5 functions, identified by the National Institute of Standards and Technology (NIST) Cybersecurity Framework, describe the lifecycle of an organization’s management of cybersecurity risk: identify, protect, detect, respond, and recover
• 356 informative references are provided by NIST’s Framework to help government organizations tackle cybersecurity