And most of them could have been avoided with basic cyber hygiene.
Companies around the world suffered nearly 160,000 cyberattacks and data breaches last year, despite the fact that a majority of them were avoidable, according to researchers.
A report from the Online Trust Alliance revealed that 2017 was “the worst year ever” in terms of cyber incidents, with the number of attacks nearly doubling from the previous year. Because many incidents go unreported, OTA estimates the actual number of attacks could exceed 350,000.
“Even organizations with substantial resources and expertise in data and technology can find themselves inappropriately defended and unprepared,” the report said. Researchers advised companies to “adopt an attitude of expectation” that breach attacks will happen “and develop the dual view of defense.”
Researchers attributed much of the dramatic growth to a sharp spike in ransomware attacks targeting businesses, which increased 90 percent from 2016. These incidents are also among the most damaging, they said, with attacks like WannaCry and NotPetya costing companies more than $5 billion in 2017.
Last year also saw an 18.2 percent increase in data breaches, with the average incident costing companies roughly $3.6 million, according to researchers. Nearly 7 billion records were exposed in the first three quarters of 2017 alone, due in part to massive data breaches at Equifax, Uber and Verizon.
However, OTA found 93 percent of those breaches could have been avoided with basic cyber hygiene, such as regularly scanning platforms for vulnerabilities and quickly patching them.
Researchers also recommended companies train employees to recognize phishing attempts that could launch ransomware or business email compromise attacks, and using best practices in regards to encrypting and safeguarding data.
Weak cybersecurity could also cost businesses a lot more than just public trust and recovery funds, OTA noted.
“Organizations that do not prioritize data protection may find themselves victimized by criminals, then also penalized by regulators and consumers in fines and lawsuits,” the report said.
Indeed, lawmakers introduced a number of bills in the aftermath of the Equifax breach that would severely penalize businesses that don’t take adequate steps to protect their customers’ data. One such bill, introduced by Sens. Elizabeth Warren, D-Mass., and Mark Warner, D-Va., would impose such severe penalties that had it been in place prior to the Equifax breach, the credit agency would’ve faced fines exceeding $21 billion.