Part 2: Key Global Cyber Trends, 2014-2022

Strategic CybersecurityCenter Analysis
Written By Dimitri Nilov

Key Takeaways

  • Analysis of the CISSM Cyber Events Database reveals that public sector entities, especially government agencies, are the most targeted organizations, with criminal actors being the biggest threat. The majority of attacks are financially motivated and the United States is the most targeted country in the world. Most of the cyber attacks in the observed time period came from Russia, China, and North Korea. 

  • These observations are useful for deciding how to prioritize scarce resources but better cyber incident reporting by countries is necessary to reduce existing data gaps.

Global Cyber Trends

Part 2 provides an overview of some high-level observations related to the the types of targets, malign actors and their motives, as well as the geographical distribution of attacks to illustrate the key trends from 2014-2022.

Public Sector is Targeted the Most

Various government agencies, both national and local, have been the biggest target of malign cyber actors around the world (Chart 1). Public Administration as a sector accounts for 20% of all cyber attacks reported from 2014-2022. 13% of cyber attacks were aimed at health care organizations and 11% at the IT industry.

Chart 1. Share of Total Attacks by Industry, 2014-2022

One explanation for this outcome might be that publicly funded entities tend to report cyber attacks more frequently. Another explanation is that such entities attract both criminal actors seeking access to large amounts of sensitive data for financial reasons and hacktivists along with nation-states that might seek to conduct disruptive attacks for various political reasons. This observation is corroborated by the data presented in Chart 2, which breaks down the attacks on each industry by the type of event, actor, and motive.

Criminal Actors with Financial Motives are the Biggest Threat 

Generally, criminal actors, such as hacker groups, are most active in conducting cyber attacks, followed by hacktivist organizations and nation-states (Chart 3). Construction, Accommodation and Food Services, and Health Care industries were mostly targeted by criminal actors who accounted for more than 80% of all attacks on these sectors. Hacktivists account for the largest share of attacks on the Mining and Oil and Gas Extraction industry and the second largest share of attacks on Public Administration (more than 30% in both cases). Finally, nation-states accounted for more than 25% of all attacks on the Mining and Oil and Gas Extraction industry as well as Management of Enterprises.

Chart 2. Global Cyberattacks by Sector, Event Type, Threat Actor, and Motive, 2014-2022

Most of the attacks reported were likely conducted for financial reasons. Other most common motives include protest and espionage. More than 80% of attacks on Construction, Accommodation and Food Services, and Health Care were financially motivated. Protest was the main motivation in more than 20% of attacks on Mining and Oil and Gas Extraction, Public Administration, and Agriculture and Forestry. Finally, the largest share of attacks motivated by espionage were conducted against Public Administration, Management of Enterprises, and Manufacturing industries.

When looking at the types of actors and their motives together, criminal actors with financial motives are most active by far. They are followed by hacktivists motivated by protest-related reasons and nation-states engaging in espionage. Understanding the motives of various actors can help identify potential targets and methods of attack. This knowledge can inform the implementation of appropriate security measures and help reduce the overall risk of cyber incidents. 

Geographical Distribution of Cyber Attacks

The United States is the most targeted country in the world (more than 5,000 attacks) that’s been attacked 8 times more frequently than the UK - the second most targeted country on the list. Most of the attacks on the US come from actors located in Russia, the US itself, Saudi Arabia, the UK, and China. The other countries in the top 5 most attacked are Canada, India, and Italy, respectively (Chart 3). 

The number of attacks can in part be explained by a country’s GDP. It looks like there’s a statistically significant association between these two variables that explains around 64% of the variance in the number of attacks (or 22% of the variance when the US, the biggest outlier, is excluded from the linear regression model).

As for the origins of cyber attacks from 2014-2022, the majority came from Russia (this includes state and non-state actors), followed by China, North Korea, United States, and Saudi Arabia (Chart 4). Most of the attacks that originated in Russia were targeted against the United States, Ukraine, and the United Kingdom.

Identifying where the attacks come from is useful for safeguarding entities against common tactics used by threat actors associated with such countries.

Conclusion

While these observations highlight the importance of taking necessary measures to secure digital technologies and mitigate cyber risks, they are still based on the scarcely available data. Improving the cyber incident reporting requirements in countries around the world can help researchers access better data and provide even more accurate conclusions to assist the public and private sectors become more resilient to cyber attacks.

Dimitri Nilov

Research Associate at the Center for Governance of Technology and Systems (GoTech) and the Center for International and Security Studies at Maryland (CISSM). Dimitri’s research focuses on Russia-related policy, cybersecurity, and the issues of nuclear arms control and nonproliferation.

Read Dimitri’s Bio

Previous

Sustaining Ukraine’s Military Capabilities
Next

Part 1: Key Global Cyber Trends, 2014-2022