Cybercrime Has Increased Dramatically. Is Your Data Truly Protected?

Since the onset of COVID-19, cybercrime has surged at an unprecedented scale, increasing by nearly 600% globally (1). This is not a temporary spike—it reflects a structural shift in how and where attacks occur. Organisations of all sizes are affected, and small and mid-sized businesses are particularly exposed, with nearly 43% of breaches involving smaller organisations (2). Many struggle to recover, not because of the attack itself, but because of inadequate preparedness.

The reality is stark: most organisations still lack a comprehensive, up-to-date approach to data protection. This is often not due to negligence, but uncertainty—uncertainty about priorities, architecture choices, and how to operationalise security effectively. As a result, cyber risk today extends well beyond technology companies and affects every industry that depends on data to operate.

This blog post examines why cyber threats continue to rise and why availability, recoverability, and security must be treated as a single architectural problem, not isolated controls.

What Cybersecurity Really Means in Practice

Cybersecurity is not simply about preventing breaches; it is about reducing exposure, limiting blast radius, and ensuring rapid recovery when incidents occur. One of the most common—and dangerous—gaps in enterprise environments is delayed or inconsistent patching. Every unpatched vulnerability represents a known entry point. Ironically, published security patches often accelerate attacks by revealing exactly which weaknesses are being addressed.

Security, therefore, cannot rely on reactive controls alone. It must be architected, automated, and continuously validated.

Why Cybersecurity Must Be Addressed Now

Industry data shows that only 5% of organisations consider themselves adequately protected (3). At the same time, the financial impact of breaches continues to rise. A single compromised email account can cost tens of thousands of dollars (4), while large-scale incidents frequently result in reputational damage, regulatory penalties, and measurable shareholder impact.

Importantly, cyber incidents are not just security failures—they are availability failures. When systems are encrypted, corrupted, or rendered unusable, the business impact is indistinguishable from a major outage.

This is where Oracle Maximum Availability Architecture (MAA) becomes critical. MAA is designed to minimise downtime, data loss, and recovery time—capabilities that also directly reduce the impact of ransomware and destructive attacks. When combined with Oracle Maximum Security Architecture (MSA), organisations gain defence in depth across data at rest, data in transit, and operational processes.

Key Cyber Threats Impacting Enterprises Today

COVID-19 sent many employees home to work remotely, many of whom remain even with the world opening back up. This puts them at risk for cyber hacks and data breaches, and even cloud breaches are increasing substantially. Cyber skills were not necessary for employees in the past years. Still, when cybercrime is rising, it’s essential to give employees the required knowledge to protect themselves, as almost 95% of cybersecurity breaches (in general, not only during the pandemic) were caused by human error (8). If your business employs remote workers, your company must protect them and their work, especially all possible interactions within your data or your network.

  • Ransomware
    Ransomware remains one of the most damaging threats (5), encrypting data and disrupting operations until payment is demanded. A common misconception is that storage replication or snapshots provide adequate protection. In reality, ransomware encrypts data at the source, meaning replicas and snapshots are often corrupted simultaneously. Without logical isolation, immutable backups, and tested recovery workflows, recovery becomes extremely difficult.
  • Network and Database Vulnerabilities
    Misconfigurations, unpatched software, and insecure interfaces continue to expose core systems. Once attackers gain access at the network level, databases are frequently the ultimate target.
  • Malware
    Email remains the dominant delivery mechanism for malware, accounting for the vast majority of incidents (6). Mobile malware is also increasing rapidly, extending the attack surface beyond traditional enterprise boundaries.
  • Social Engineering and Phishing
    Nearly all modern attacks involve some form of social engineering (7). These techniques exploit human behaviour rather than technical flaws, making awareness, controls, and architectural safeguards essential.
  • Remote Work and Human Error
    The shift to remote and hybrid work has expanded exposure significantly. Human error remains the leading cause of breaches, reinforcing the need for architectures that assume failure and limit impact, rather than relying solely on perfect user behaviour.

Between 2020 and 2025, IT analysts who cover cybersecurity expect that the spending forecast will reach well over 1 trillion dollars (9) on cybersecurity and services. This may seem like a high price, but when you consider what a breach does to share costs generally falling by 7.27% on average (10), it becomes clearer why this is so important.

Security and Compliance in Cloud Environments

Cloud adoption introduces shared responsibility models that require clear architectural ownership. Regulatory and industry standards such as PCI-DSS, HIPAA, APRA, and GDPR impose strict expectations on how data is protected, regardless of deployment model.

In addition to regulatory mandates, security-centric frameworks such as ISO 27001, ISO 27017, ISO 27018, SOC, NIST, and CIS Controls provide structured guidance for implementing consistent, auditable security practices. These frameworks align naturally with Oracle MAA and MSA principles, particularly in terms of isolation, least privilege, continuous validation, and recoverability.

Looking Ahead: Availability and Security Must Converge

Cybersecurity spending is projected to exceed USD 1 trillion globally over the next few years (9). This investment reflects a growing recognition that prevention alone is insufficient. Organisations must also plan for rapid detection, containment, and recovery.

In Part II of this series, we will explore how Oracle MAA and Oracle MSA collaborate to establish a resilient and secure foundation for mission-critical data, thereby reducing risk, enhancing recovery outcomes, and ensuring regulatory compliance without compromising performance or agility.

Want to learn more?

Check these amazing contents about Oracle MAA and MSA available for you:

References:

  1. https://purplesec.us/resources/cybersecurity-statistics/
  2. https://smallbiztrends.com/2019/05/2019-small-business-cyber-attack-statistics.html
  3. https://www.varonis.com/blog/cybersecurity-statistics
  4. https://www.verizon.com/business/resources/reports/2019-data-breach-investigations-report.pdf
  5. https://www.industryweek.com/technology-and-iiot/article/22026828/cyberattacks-skyrocketed-in-2018-are-you-ready-for-2019
  6. https://www.techrepublic.com/article/mobile-malware-is-on-the-rise-know-how-to-protect-yourself-from-a-virus-or-stolen-data/#:~:text=Mobile%20malware%2C%20as%20we%20have,in%20Europe%20(Figure%20A).&text=Image%3A%20Proofpoint.,malware%20detections%20in%20February%202022.
  7. https://www.triskelelabs.com/blog/recent-developments-in-social-engineering-attacks-you-need-to-know#:~:text=According%20to%20recent%20statistics%2C%20more,through%20various%20ransoms%20and%20threats.
  8. https://blog.threatcop.com/top-5-cyber-attacks-and-security-breaches-due-to-human-error/
  9. https://cybersecurityventures.com/top-5-cybersecurity-facts-figures-predictions-and-statistics-for-2021-to-2025/
  10. https://www.forbes.com/sites/sergeiklebnikov/2019/11/06/companies-with-security-fails-dont-see-their-stocks-drop-as-much-according-to-report/?sh=43afc0ee62e0