15 Cyber Security Myths and Facts

15 Cyber Security Myths and Facts

Want to avoid the most common pitfalls of cyber security?
Here are 15 myths and facts you need to know.

Cybersecurity is a topic that is not going away anytime soon. It continues to be a growing concern for everyone, from the individual to the largest global businesses. With so many people using the internet and social media, it is hard to keep up with all the new threats.

There are a lot of myths about cybersecurity that can be detrimental to your security. The only way to protect data from cyber threats is by understanding cybersecurity myths and developing appropriate cybersecurity maturity.

Cybersecurity maturity starts with knowing that cybersecurity myths are illusions and then implementing the appropriate measures to ensure proper protection of data from cyber threats.

Cybersecurity maturity starts with knowing that cybersecurity myths are illusions and then implementing the appropriate measures to ensure proper protection of data from cyber threats.

Security is complex, but you don’t have to be a cybersecurity expert. Start here

Myth 1. Security slows down work

It is a common misconception that security slows down your work.
The myth originated from poor implementation of security tools and the lack of understanding about how they work. With inadequate protection in place, you might experience downtime, data breaches, and a loss of productivity.

Truth: Enhanced cybersecurity can boost productivity

A modern cybersecurity approach uses security tools that integrate seamlessly into your system. It also leverages advanced tech intelligence and analytics for real-time detection and mitigation of threats.

The benefits of enhanced cybersecurity:

  • it allows developers to focus on what they do best without having to worry about security
  • it improves the productivity of the company
  • reduces the risk of data breaches.


  • Modern tools have improved the customer experience for 86% of enterprises and streamlined business processes for 77%.
  • Meat processing company JBS was the victim of a ransomware attack that shut down beef and poultry processing plants on four continents.

Myth 2. Cyber threats are only external

The idea that cyber threats are only external is not a new one. It is more soothing to think that bad guys are far away. But cyberattacks can also be caused by insiders who best understand the system and its weaknesses.

Truth: Inside threats are on the rise

The truth is that cyberattacks can very well start from someone you know.
The only way to protect yourself against cyber threats is to know what they are, how they work, and how you can protect yourself against them.


  • 60% of data breaches involve insiders
  • 90% of cyber-attacks result from human error.
  • 67% of accidental insider threats still come from phishing attacks.
  • More than 34% of businesses around the globe are affected by insider threats yearly.
  • 66% of organizations consider malicious insider attacks or accidental breaches more likely than external attacks.

Myth 3. Cyber hackers only target large businesses

Small and medium-sized businesses think they are immune to cyberattacks because of their size. It can’t be further from the truth.

This myth is constant because of headline news and the fact that hackers can potentially extort higher sums of money from larger businesses.

Truth: Hackers target small businesses just as often as they do large ones

Small and medium-sized businesses are just as vulnerable as larger companies because hackers rely on finding a way in – which can often happen through these smaller businesses’ networks.
That is why they must commit the necessary resources to protect themselves and their customers. Small businesses often lack advanced security software and skilled security teams, making them a softer target for cybercriminals.


  • 43% of all data breaches were against small businesses
  • 83% of small and medium-sized businesses are not financially prepared to recover from a cyber-attack
  • 60% of small companies close within six months of being hacked
  • 68% of business leaders feel their cybersecurity risks are increasing.

Myth 4. Antivirus or Anti-Malware Software is enough

As we all know, Antivirus software is a vital part of a cybersecurity strategy. However, it only secures one entry point. Hackers can bypass Antivirus software and infiltrate networks with attacks. They will have plenty of room to launch an attack on the system without being detected by the Antivirus.

Truth: Antivirus can protect from recognized cyber threats, but not from other emerging cyber threats

Just like an airbag is not a replacement for responsible driving, Antivirus is a safety measure that is no replacement for good user decisions.


  • The worldwide information security market is forecast to reach $366.1 billion in 2028.
  • Artificial intelligence provides the most concrete cost mitigation in data breaches, saving organizations up to $3.81 million per breach.
  • Organizations with a zero-trust approach saw average breach costs of $1.76 million less than other organizations.
  • On average, only five percent of companies’ folders are properly protected.

Myth 5. I will know straight away if I am attacked

Glitching screens, skull and crossbones, and other Hollywood theatrics have nothing to do with how the malware operates within a system.

Most malware wants to remain unnoticed by users. Exceptions are attacks like ransomware that will let you know that you’ve been compromised once your machine is already encrypted to demand payment.

Truth: It takes time to identify a breach

There used to be some easy signs, but scammers have become smarter. Hacking is a silent crime, and it is in criminals’ best interest to remain unnoticed for as long as possible. The longer they have access to your systems, the more data they can steal.


  • The average time to identify a breach in 2021 was 212 days.
  • The average lifecycle of a breach in 2021 was 286 days from identification to containment.

Myth 6. A secure HTTPS connection means a site is safe.

HTTPS is an extension of HTTP (the primary protocol used to connect to websites) and includes assigned certificates and data encryption in transit.

However, none of this means that the site is safe.

Truth: HTTPS doesn’t mean safe

An attacker can get a certificate from a CA for their domain.
With this in place, a browser will say a site has a valid/secure connection, even if the site is hosting malware or phishing credentials.
It can be especially tricky when combined with typosquatting attacks, where attackers use URLs that are similar to legitimate websites.


  • About 20% of malicious domains are new and used around one week after registration.
  • Around 26% of all web traffic is bad bot traffic.
  • 70% of malware campaigns in 2020 used some form of encryption.

Myth 7. Cybersecurity is too expensive

Even as malicious cyberattacks continue to make headlines and cost businesses millions, companies/individuals still wonder if cybersecurity investments are worth it. Data security is frequently overlooked and is only an afterthought.

Truth: The cost of a good cybersecurity solution is nothing compared to the price of a successful attack.

Companies/individuals who think like this are often not considering the downside costs. Data breaches will end up being much costlier to your business than making sure you have dedicated security solutions before they can happen.
You should consider the cost of detecting and escalating a breach, notifying those affected and the regulatory authorities, of lost business and reputational damage, and paying fines, legal fees, and other costs associated with making things right.


  • The average cost of a data breach in 2021 is $4.24 million.
  • Data breaches exposed 22 billion records in 2021.

Myth 8. I am unlikely to experience a security breach

You might be thinking that your security is strong enough because you have never had a cyberattack or data breach. But this doesn’t mean that you are safe. Just because you haven’t experienced one doesn’t mean that one won’t happen in the future.

Truth: Cyberattacks are becoming more and more common

Cyberattacks are a constant threat to businesses, governments, and individual organizations. The potential impact of these attacks can be devastating and the consequences can be long-lasting.


  • 2,244 – Average number of times hackers attack in a day
  • On average, a company falls victim to a ransomware attack every 11 seconds.

Myth 9. I have achieved total cybersecurity

Cybersecurity is a continuous process that needs to be constantly upgraded. Therefore, never stop working on securing your assets. Your organization will always be susceptible to existing and emerging threats.

Truth: There is no such thing as total or perfect cybersecurity against cyberattacks

A system that is properly configured, completely updated, and controlled by a user who makes the right decisions, can still be compromised by skilled attackers, especially on zero-day (previously unknown) vulnerabilities that come into play.

What to do

  • Review your security policies periodically
  • Conduct security audits
  • Monitor your critical assets continuously
  • Invest in the upcoming updates in security measures.

Myth 10. A difficult password to remember is difficult to guess

An important misconception about passwords is: adding capital letters, numbers, or special characters to your one-word password will make it uncrackable. This myth is supported by a lot of business accounts that have these requirements.

Truth: The best measure of password security is length

A short character combination password (capital letters, numbers, and punctuation; example: S3Zu%!t$) can easily be cracked by a computer.
On the other hand, a nonsensical passphrase of random words (carbaglespecialistfalsemeat) would take the same computer 100 times longer to guess – also add any capital letters, numbers, and punctuation to be sure.
Length greatly increases the difficulty of a password because computers generally must test every character in a password.


  • 81% of data breaches are due to weak, stolen, and default user passwords

Myth 11. My strong passwords are enough

A common misconception is that regular passwords are strong enough to keep the business safe. But a robust security system comes with a multi-layered defense.

Truth: Strong password practices are only the start

Using a long passphrase and 2FA/MFA will significantly strengthen the security of your credentials.
Two-factor and multifactor authentication requires you to set up an extra verification step. When logging in, you will be prompted to enter a security code.
When used with a secure password vault, you can securely manage hundreds of long unique random-generated passwords for all your sites and services.


  • Two-factor authentication became mandatory for 150 million Google users in 2021
  • 61% of people reuse the same password across multiple accounts
  • Microsoft Authenticator records 75 million installations

Myth 12. You can trust files hosted on legitimate websites

It’s known not to download files from unknown websites, but we all trust sites like Google, Dropbox, and iCloud.
The attackers target these popular places because they know that people trust them.

Truth: Always be careful when using files hosted on legitimate websites

Users trust legitimate sites and do not take the time to validate their downloads. Always be suspicious of anything they download, no matter where it is coming from.

Also, app stores take safety seriously – they employ stringent screening processes and use the latest security measures to keep malicious apps out of the store. But hackers continuously find new ways to hide their malicious code.

How to be safe:

  • Never trust files on the web unless you can confirm who put them there.
  • Do not trust that an app/extension is safe because it is hosted on a reputable site.
  • Avoid installing applications that are not necessary or created by lesser-known entities and one-off developers.


  • More than 300,000 Android users have downloaded banking trojan apps via the Google Play Store.

Myth 13. Mainstream websites and social media are safe

We always trust big companies to keep our data safe, but what if they’re hacked? This is a question that many people have started to ask themselves.
The Facebook scandal has made us think about the security of our data and how vulnerable it is. Social media and mainstream websites are not safe.

Truth: The internet is an easy target

The only way to be safe on the internet is to be careful with what you do all the time.
If you use social networking sites (Facebook, Twitter, LinkedIn) you should be careful when giving away your personal information.
Social media attacks can involve fake gift cards or survey scams, while trick error pop-ups can urge victims to call a number where they will be sold services or fooled into giving their bank details.


  • A 2021 LinkedIn data breach exposed the personal information of 700 million users or about 93% of all LinkedIn members.
  • An attack on Microsoft in March 2021 affected more than 30,000 organizations.
  • Nearly 48 million people had their personal information stolen in a 2021 T-Mobile data breach.
  • A 2020 Twitter breach targeted 130 accounts resulting in attackers swindling $121,000 in Bitcoin through nearly 300 transactions.

Myth 14. My data is not worth anything

It is not uncommon for people to say “I have nothing to hide” or “My information is not interesting to anyone”. But that’s not true because your data can be used for crimes such as theft, impersonation, and physical harm.

Truth: Your data is worth more than you think

Your data is worth more than you think. Your information can be used to steal your identity, impersonate you, or physically harm you.
If you know how valuable your data is, you will be able to take steps order to protect it.

Protect your data:

  • Encrypt your data
  • Backup your data
  • Use a firewall
  • Lock your smartphone and tablet devices
  • Use secure passwords
  • Be overly cautious when sharing personal information


  • Personal data was involved in 45 percent of breaches in 2021.
  • Identity theft rose 42%in 2020 compared to the year before.
  • Security breaches have increased by 11% since 2018 and 67% since 2014.

Myth 15. Scams and Phishing Are Obvious

Phishing schemes are a form of social engineering where the attacker tries to trick the user into giving up their personal information. The main misconception is that only a foolish person can fall for scams and phishing emails; “…it could never happen to me…” – until it does.

Truth: Scams and Phishing Attacks are Getting More Sophisticated

They are using the data they have gathered about you, such as your email address or password, to make their messages seem more legitimate. They often masquerade as services you are subscribed to and give “reminders” about privacy settings updates.

How to protect yourself:

  • Do not click on suspicious links or download attachments from unknown senders.
  • Be careful when opening emails, buying products or providing credentials for account access.
  • If you think an email could be fraudulent, do not open it! Delete it without opening it!
  • Good email filters/SPAM software can stop phishing scams at the gateway by denying malicious email access to users that should not receive them.


  • In 2021, nearly 40%t of breaches featured phishing.
  • 57% of organizations see weekly or daily phishing attempts.
  • After declining in 2019, phishing increased in 2020 to account for one in every 4,200 emails.
  • Phishing attacks account for more than 80%of reported security incidents.
  • $17,700 is lost every minute due to a phishing attack.