2021/22 Cyberattack Trends & Projections

January 10, 2022 by Seb Guerriero

2021/22 Cyberattack Trends & Projections

Where we’ve been and where we are headed.

If a phrase is to be used to describe 2021 and projected 2022 cyberattack activity, no better collection of words could be gathered than rampant chaos. As the ever-evolving threat of cyberattacks continues to escalate, cybercriminals are finding new ways to adapt, learn and infiltrate smart devices, computers, systems, and network infrastructure with alarming precision and frequency. The end game - steal, manipulate, or destroy critical data, hold organizations and agencies ransom, or simply cause catastrophic upheaval. This is to say nothing about cybercriminals leveraging a compromised system to further launch attacks against other computers or environments.

From financial gains to swaying public opinion and cyber warfare, there’s a multitude of desired outcomes driving cyberattacks. Spanning the last three decades, cybercriminals have evolved from 1990’s script kids into sophisticated cybercriminals and groups with a war chest of technology, leverage, and resources in their arsenal.

Like a bully, cybercriminals hide in the shadows of digital infrastructure waiting to strike and exploit agencies, corporations, and individual weaknesses as IT and cybersecurity teams grapple to prioritize resources to combat the adaptive wave of advanced cyber threats. As the saying goes, forewarned is to be forearmed. Tyler Technologies Cybersecurity team has compiled the following 2021 cyberattacks data and statistics to provide greater insight into the cyberthreat landscape for 2022.

2021 Costs, Facts, and Outcomes of Cybercrime Incidents

2021 experienced a wave of devastating cyberattacks, leaving organizations vulnerable to hacker demands. With names like DarkSide and REvil, to Clop, Syrian Electronic Army, and FIN7 these online criminal organizations sound like super villains right out of Marvel Comics, and truthfully, they are worse. Cybercriminals pose devastating outcomes to national security, local governments, corporations, and individuals. The unfortunate situation is that no one entity or individual is immune to being attacked. Sadly, society has become a sitting target for cybercrime activity.

  • In three years, cybercrime costs have impacted the global economy by nearly $1 trillion annually— 50% more than in 2018. That’s more than 1% of total Global GDP
  • The average cost of ransomware attacks rose to $220,000 in 2021, up 43% from the fourth quarter of 2020
  • The average cost of a data breach in 2021 was $4.42 million, up from $3.86 million in 2020
  • A data breach compromising 1-10 million records costs an organization $50 million on average, compromising 50 million records can cost as much as $392 million
  • The average cost of a data breach was $2.45 million for organizations with fully deployed security automation, as compared to $6.03 million for those lagging security automation, detection, and protocols
  • Enterprises with efficient cyber-attack prevention strategies can save up to $1.4 million for each averted attack

2022, the Concerned State of Cyberthreat Preparedness

The staggering number of organizations still lacking effective incident response and prevention strategies and detection solutions is alarming. The question is, when is a firewall not enough? Short answer, it’s never enough. Like any criminal, the most effective means to evading a threat is one, by planning for it and two by detecting it before the threat becomes a breach.

Simply using a firewall, is akin to a lock on the front door of your house, it may stop an intruder momentarily, but will eventually get picked. Agencies and organizations that are prepared and armed with effective cybersecurity practices, detection solutions, and protocols with trained incident response (IR) teams are unquestionably at an advantage from an external threat becoming a full-on breach.

  • Only 24% of cybersecurity professionals invest in cyberattack detection and prevention
  • 56% of organizations do not have a cyber incident response plan
  • 32% of the remaining 44% are not confident in the plan’s effectiveness
  • 46% of professionals consider the lack of security protocols for third-party access to internal data as one of the biggest hindrances to an effective data breach response
  • 45% of IT professionals recognize account hijacking as their largest security concern
  • 74% of organizations are not aware of the total amount of digital keys and certificates they have
  • 70% of office workers use their work devices for personal tasks
  • 69% of employees use personal laptops or printers for work activities
  • 30% of remote workers have let someone else use their work device

Most Common Types of Cyberattacks and the Global Impact on Organizations

As cybercriminals evolve technologically, building upon an arsenal of tradecraft, skillset, and greed, 2022 is forecasted to surpass all records for cybercriminal activity. Based on trending cybercrime activity and organizational vulnerability, the most common threats projected to expose companies and their data for 2022 paint a landscape of genuine concern. Leading types of attacks for 2022 will include malware, ransomware, phishing, DDoS, and cryptocurrency attacks.


Malware, a blanket term for all kinds of malicious software, is designed to damage computer systems. Types of Malware can range from viruses and trojans to worms, ransomware, adware, spyware, botnets, and rootkits. Since the 1970s, malware has been used for causing disruptions, extortion, implementing cyber warfare strategies, and much more.

  • In 2021, 34% of organizations suffered from security incidents involving malware
  • Malware and spyware present the largest total cost damages for organizations, followed by data breaches
  • The cost of 50,000 records compromised by malware is approximately $6.3 million
  • Cybercriminals stole nearly 30 million user login credentials from almost a million websites through custom malware between 2019 and 2021


Ransomware, a type of malware that encrypts files in an infected system, often displays a message that specifies an amount that must be paid to retrieve the encrypted files. Dependent upon the type of ransomware, it may either be downloaded upon opening an email attachment or malicious file or can be self-propagating like a worm — making it even more difficult to contain.

  • Ransomware accounted for 27% of the data breaches involving malware infections
  • Damages incurred by ransomware reached $20 billion in 2021, 57 times higher than damages in 2015
  • The average ransom paid for organizations nearly tripled from $115,123 in 2019 to $312,493 in 2020
  • The FBI reported an increase of more than 225% in total losses from ransomware in the U.S. in 2020
  • 80% of organizations that paid a ransom were hit by a second attack, with nearly half being hit by the same threat group


One of the most prevalent forms of cyberattacks is phishing. It involves a malicious actor impersonating a trustworthy entity to obtain data. Such attacks are launched via websites, emails, or other means. Attackers either trick victims into providing sensitive information, like credit card information or passwords, or downloading malicious attachments.

  • 38% of cyberattacks on US companies involve phishing
  • 38% of end-users without cybersecurity awareness training fail phishing tests
  • Over 2 million phishing sites were detected by Google in 2021.
  • A new phishing site is launched every 20 seconds
  • Approximately 5% of all emails are phishing
  • Non-executive accounts are targeted 77% more than other accounts


A DDoS is a cyberattack that disrupts the availability of online systems or services, overwhelming servers with massive request traffic volume. To launch a DDoS attack, attackers take control of multiple computer systems, including IoT devices.

  • The number of DDoS attacks is expected to reach 14.5 million by 2022.
  • More than 90% of DDoS attacks in the third quarter or 2020 lasted less than four hours, indicating how DDoS attacks are becoming less prolonged but more frequent and intense.
  • The worldwide spending on IoT security is expected to reach $3.1 billion in 2021.
  • As many as 5,200 cyberattacks are launched against IoT devices each month.

Cryptocurrency Statistics

Cybercriminals are utilizing computing resources to mine cryptocurrency, also known as cryptojacking. Cybercriminals either infect a website with cryptomining code or simply convince a user to download or click on a malicious link.

  • Cryptojacking comprises 2.5% of all malware attacks
  • Approximately $1.4 billion in cryptocurrency was stolen in the first half of 2020
  • Cryptojacking escalated by 163% in Q2 of 2020, as compared to Q1

Most Impactful Cyberattacks and Data Breaches of 2021

As with every year, 2021 had its share of data breaches and security incidents, impacting many organizations globally. The Log4j vulnerability that became public on December 10 has quickly established itself as one of the most significant security threats of 2021. But, by far, it was not the only issue that security teams had to engage with.

For security teams defending their organizations against daily threats, the statistics do not come as much of a surprise. Even so, the data reinforces the challenges agencies, local governments, and organizations faced in 2021 — and without a doubt continue to face in 2022. Below are three of the most impactful breaches, attacks, and vulnerabilities of 2021.

  • The Colonial Pipeline attack is the most infamous of 2021. A Russia-based hacking group called DarkSide claimed responsibility for the attack. DarkSide successfully carried out their attack by focusing on Colonial Pipeline’s IT servers in its operational SCADA stack. Attackers infiltrated the network, sending compressed malware into the system resulting in the temporary shutdown of the pipeline. Ransomware was paid in the amount of $4.4m (75 bitcoin at the time of payment, although $2.3m was later recovered).

  • CNA Financial is one of the largest insurance companies in the United States. The company announced the attack in late March 2021, stating that it had fallen victim to a sophisticated cyberattack. The company negotiated its ransom to $40 million and paid for the decryption key that it needed to continue operations. A cybercrime syndicate used a type of malware called Phoenix CryptoLocker.

  • In May of this year, the computer manufacturer Acer was attacked by the REvil hacker group, the same group responsible for an attack on London foreign exchange firm Travelex. The $50 million ransom stood out as the largest known to date. REvil hackers exploited a vulnerability in a Microsoft Exchange server to get access to Acer’s files, leaking images of sensitive financial documents and spreadsheets.

What does the cybercrime future hold for 2022 and beyond?

As we enter into 2022, the question is not if an attack will happen, but how prepared is an organization when an attack does happen. Favored tools of cybercriminals will continue to focus on social engineering, hacking, and malware. In 2022, it is estimated that organizations will fall victim to a ransomware attack every 11 seconds. Threat readiness, detection, and response are the driving factors to protect organizations in today’s highly volatile digital environments.

  • Cyberattacks are expected to cost organizations $8 trillion globally in 2022, and estimated to cost $10.5 trillion by 2025
  • The sophistication and scale of cyberattacks will continue to break records and we can expect a rapid increase in the number of ransomware and mobile attacks
  • Global ransomware damage costs are predicted to surpass $20 billion in 2022, and reach $265 billion by 2031
  • Deepfake attacks will become a more-utilized method for hackers in 2022
  • Global spending on cybersecurity is forecasted to reach $133.7 billion in 2022

What to do and how to prepare.

The foreboding weight of concern heavily looms as 2022 cybercrime activity is forecasted to surpass record levels with indiscriminate threats - meaning no one is immune to the risk of a breach. Fortunately, there are ways organizations can protect themselves against escalating threats: like firewalls, anti-virus software, and intrusion detection solutions, along with advisory and assurance planning, testing, and employee training. The most effective approach is to not only adopt comprehensive security processes and protocols to every level of the IT stack but also include all business processes in that approach.

Tyler Technologies’ team of cybersecurity professionals offers the following suggestions to assist organizations in proactively addressing potential weaknesses before they can be leveraged by attackers.

Know your vulnerabilities and react proactively and quickly. Simply put, have a plan in place. For security teams operating in today’s environment, visibility, knowledge, and speed are critical to blocking attackers whose sole intent is to steal data and disrupt operations. Organizations must establish consistent visibility of all environments and actively be prepared to address potential vulnerabilities before they can be leveraged by attackers.

Protect staff identities and access. It is highly recommended for organizations to consider mandatory multifactor authentication (MFA) on public-facing employee services and portals. Additionally, dynamic privilege access management process limits damage if an organization is breached and reduces lateral movement. Adopt Zero Trust solutions to compartmentalize and restrict data access to high-value information.

Invest in threat detection solutions. Interactive attacks are designed to bypass automated monitoring and detection. Analyst surveillance, combined with artificial intelligence and machine learning is the most effective means to detect and prevent sophisticated or persistent attacks.

Stay a step ahead of attackers. Behind every attack is a human being. Understanding an attacker’s motivation and intent can be utilized to an organization's advantage to predict and prevent future attacks.

Make sure your cybersecurity policy, procedures, and protocols are current. Security policies need to be relative to ever-evolving cybercrime landscape. Make sure to address the use of personal devices, updated data privacy protocols and access to valued information, and include access management for remote workers.

Establish a cybersecurity-driven culture. Just as technology is critical in the fight to detect and stop intrusions, education and action of end-users play a critical role in effective cybersecurity practices. Inform and educate employees and inform again. Best-in-practice cybersecurity behaviors can be the difference between an attack and a breach.

In the midst of rapidly accelerating digital transformation that continues to reshape business and government processes in response to escalating cyberthreats, this year will again witness many familiar themes, working from home, supply chain, new ransomware, and mobile threats. Ultimately in 2022, cyberattacks will arrive with a vengeance, and in the end, it comes down to how well organizations are prepared to detect, respond, and thwart off cyberattacks before an attack becomes a catastrophic breach.

Related Content