In researching a paper on defending against ransomware, I examined how statistics are frequently used in IT sales and marketing.
The problem with statistics
Multiple sources cite 86% in different contexts:
“86% of breaches are financially motivated, according to the 2020 Verizon Data Breach Investigations Report”
“Programs like the NIST framework or CIS Controls have been proven to substantially reduce cyber-attack risk by up to 86%.”
Impressive percentages often appear in headlines to attract readers and decision-makers. However, statistics can be misleading. During the COVID-19 pandemic, claims about vaccine efficacy (86% against Omicron) seemed straightforward but lacked clarity about what the measurement actually represented — serious illness, not infections or deaths.
The core issue
Statistics primarily support an author’s position rather than reveal objective truth. As Friedrich Nietzsche suggested, interpretations often outnumber facts. Many IT studies rely on observational data or surveys, making real-world applicability questionable.
Practical ransomware defence
Despite statistical debates, cybersecurity experts broadly agree on three essential steps:
- Maintain regular, offline data backups
- Apply security patches promptly and prioritise vulnerabilities
- Deploy and maintain antivirus software on all systems
Organisations struggle with steps two and three due to IT system complexity. Real-time solutions provide value given that ransomware attacks occur approximately every 11 seconds globally.
Conclusion
We advocate for straightforward, effective cybersecurity measures delivering genuine value over eye-catching statistics.