Skip to content

You might love scary movies, haunted houses, floorboards that creak, and things that go bump in the night. Black cats? Cobwebs? Chills? All great.

But no one wants to see something scary happen to their company’s data. And with cyberattacks steadily increasing in 2022, we can’t hide under the covers. 

Just in time for Halloween, we’ve assembled a list of frightening cybersecurity statistics. We’ll illuminate the ghosts, ghouls, and goblins that are lurking in the cloud — and, no surprise, we’ll tell you how we can help you combat some of them.

1. The curse and cost of ransomware

According to the Verizon Business 2022 Data Breach Investigations Report, ransomware attacks have increased in frequency more this year than the last five years combined. 

If that wasn’t worrying enough, the cost of those attacks has also skyrocketed. The average ransomware payment in 2020 was over $312,000 — but that number shot up to $570,000 in 2021. No surprise, then, that Cybersecurity Ventures is predicting ransomware will cost the economy around $265 billion annually by 2031.

2. Monsters, mummies, and... MSPs

Cybercriminals are zeroing in on the managed service providers that handle computer systems for everyone from local governments to medical clinics. According to data collected by ConnectWise’s Cyber Research Unit, MSPs were the target of 39% of ransomware attacks in 2021

Even more worrying, these MSP attacks are often used as launchpads to infiltrate broader customer networks. For instance, the Maryland-based cybersecurity and software firm Huntress Labs gave ProPublica the example of a 2019 incident where 4,200 computers were infected by ransomware through a single MSP.

3. Don't go in there! The misconfigured bucket, that is.

Cloud misconfigurations are a major concern for companies — but some don’t realize how serious the issue is. According to a 2021 cloud security report by the cybersecurity company Fortinet, 67% of cybersecurity professionals believe that misconfiguration of cloud security is the biggest cloud security risk.

4. No, really.

A 2020 survey showed that misconfiguration of cloud services or resources was the second most common attack vector (42%) in successful cyberattacks. Even more alarming, misconfigurations are expected to cause 99% of all firewall breaches through 2023, according to Gartner research highlighted by the Harvard Business Review.

5. GDPR fines sink their fangs into businesses

The cost of non-compliance with the EU’s General Data Protection Regulation, or GDPR, can be in the millions of euros. As Tessian notes, organizations in breach of the GDPR can be fined up to 4% of their annual worldwide turnover or up to €20M, whichever is largest.

Hundreds of substantial fines have been issued in the last few years. The highest include €746 million for Amazon, €225 million for WhatsApp, €90 million for Google Ireland, and €60 million for Facebook.

6. Double, double toil and... extortion

As companies have begun implementing better ransomware prevention tactics, attackers have adapted. Now, more than 70% of ransomware attacks are double extortion attacks, meaning that criminals exfiltrate the encrypted data and threaten to release it if their ransom is not paid.

7. Who's afraid of the dark?

Everyone, that’s who. Or at least they will be, once they see the soaring cost of downtime and outages.

According to the Uptime Institute, over 60% of failures now result in at least $100,000 in total losses, up substantially from 39% in 2019. Meanwhile, 15% of outages now cost more than $1 million, up from 11% in 2019.

8. Brute force: not just Frankenstein

According to Google Cloud research, the most common threat vector for cloud service providers is brute-force attacks. These attacks comprised 51% of all attacks in the first quarter of 2022, and they make up 37% of all threat activity in the cloud.

9. Triple threat

Just when you thought ransomware couldn’t get scarier, cybersecurity experts have begun to document the rise of triple extortion ransomware, where attackers extend their demands beyond their initial victim to the victim’s customers.

Take, for instance, the 2021 ransomware attack that used the software supplier Kaseya’s network-management package to paralyze the networks of at least 200 US companies and 1500 companies worldwide. Or consider the 2020 attack on the Finnish psychotherapy company Vastaamo, where attackers stole the patient records of up to 30,000 people and then emailed those patients demanding €200 each to not publish their therapy session details.

10. Don't be a zombie - watch out for human error

We all make mistakes, but perhaps the biggest mistake is not acknowledging how often human error causes security incidents. Indeed, a 2014 study by IBM revealed that over 95% of these incidents had human error as a contributing factor.

The trend continues today. A 2020 Sophos survey found that 45% of ransomware incidents could be attributed to the basic error of employees falling prey to phishing attempts, while a 2021 report by Verizon found that a full 82% of data breaches involved human error.

Who you gonna call? ShardSecure

While we can’t defeat every bogeyman out there, ShardSecure is helping companies tackle many of the threats on this list.


We desensitize sensitive data in the cloud, rendering it unintelligible and of no value to unauthorized users — even if a storage location is left exposed.


Our self-healing data helps rebuild affected storage containers whenever they’re tampered with, deleted, or encrypted by ransomware. Because we desensitize data, exfiltration of that data (“double extortion”) is worthless to attackers. We can also protect encrypted data for deeper defense-in-depth.

Human error, outages, and downtime

We offer strong data resilience and high availability, allowing you to maintain your business continuity even in the face of security mistakes, power outages, and other disruptions.

GDPR compliance

Under the parameters of the “Schrems II” ruling (specifically Use Case 5, we constitute an acceptable supplementary measure to safeguard transfers of EU personal data. To support GDPR compliance, the number and geographic locale of ShardSecure storage locations are also user-configurable, meaning that data owners remain in ultimate control of who has access to their data.

To learn more about how ShardSecure can help with these use cases and more, contact us today.