From the Online Trust Alliance:
[Our emphasis] OTA’s annual analysis found that cyber incidents targeting businesses nearly doubled from 82,000 in 2016 to 159,700 in 2017. Since the majority of cyber incidents are never reported, OTA believes the actual number in 2017 could easily exceed 350,000.
OTA found that in 2017 there were 134,000 ransomware attacks on businesses, nearly doubling that of 2016. In mid-2017 another type of ransomware attack emerged—the ransom denial-of-service attack (RDoS). In this attack, criminals send an email to domain owners threatening a DDoS attack that will make a website inoperable unless a ransom (usually via Bitcoin) is paid.
As in past years, OTA found most breaches could have been easily prevented. It calculated that in 2017, 93 percent of all breaches could have been avoided had simple steps been taken such as regularly updating software, blocking fake email messages using email authentication and training people to recognize phishing attacks. Of the reported breaches in 2017, OTA found 52 percent were the result of actual hacks, 15 percent were due to lack of proper security software, 11 percent were due to physical skimming of credit cards, 11 percent were due to a lack of internal controls preventing employees’ negligent or malicious actions and eight percent were due to phishing attacks.
Direct to Full Text Report (11cpages; PDF)