Home Topics Cybersecurity What is cybersecurity?
Explore IBM's cybersecurity services Subscribe to security topic updates
Illustration showing how cybersecurity helps protect critical systems and sensitive information from cyberattacks

Published: 27 October 2023

What is cybersecurity?

Cybersecurity refers to any technology, measure or practice for preventing cyberattacks or mitigating their impact. 

Cybersecurity aims to protect individuals’ and organizations’ systems, applications, computing devices, sensitive data and financial assets against computer viruses, sophisticated and costly ransomware attacks, and more.

Cyberattacks have the power to disrupt, damage or destroy businesses, and the cost to victims keeps rising. For example, according to IBM's Cost of a Data Breach 2023 report, 

  • The average cost of a data breach in 2023 was USD 4.45 million, up 15% over the last three years;

  • The average cost of a ransomware-related data breach in 2023 was even higher, at USD 5.13 million. This number does not include the cost of the ransom payment, which averaged an extra USD 1,542,333, up 89% from the previous year. 

By one estimate, cybercrime might cost the world economy USD 10.5 trillion per year by 2025 (link resides outside ibm.com).1

The expanding information technology (IT) trends of the past few years include:

  • a rise in cloud computing adoption,
  • network complexity,
  • remote work and work from home,
  • bring your own device (BYOD) programs,
  • and connected devices and sensors in everything from doorbells to cars to assembly lines.

All these trends create tremendous business advantages and human progress, but also provide exponentially more opportunities for cybercriminals to attack.

Not surprisingly, a recent study found that the global cybersecurity worker gap—the gap between existing cybersecurity workers and cybersecurity jobs that need to be filled—was 3.4 million workers worldwide.2 Resource-strained security teams are focusing on developing comprehensive cybersecurity strategies that use advanced analytics, artificial intelligence and automation to fight cyberthreats more effectively and minimize the impact of cyberattacks.

IBM Security X-Force Threat Intelligence Index 2023

The X-Force Threat Intelligence Index offers new insights into top threats to help you prepare and respond faster to cyberattacks, extortion and more.

Related content

Register for the Cost of a Data Breach report

Types of cybersecurity (cybersecurity domains)

A strong cybersecurity strategy protects all relevant IT infrastructure layers or domains against cyberthreats and cybercrime.

Critical infrastructure security

Critical infrastructure security protects the computer systems, applications, networks, data and digital assets that a society depends on for national security, economic health and public safety. In the United States, the National Institute of Standards and Technology (NIST) developed a cybersecurity framework to help IT providers in this area. The US Department of Homeland Security’ Cybersecurity and Infrastructure Security Agency (CISA) provides extra guidance.

Network security

Network security prevents unauthorized access to network resources, and detects and stops cyberattacks and network security breaches in progress. At the same time, network security helps ensure that authorized users have secure and timely access to the network resources they need.

Endpoint security

Endpoints—servers, desktops, laptops, mobile devices—remain the primary entry point for cyberattacks. Endpoint security protects these devices and their users against attacks, and also protects the network against adversaries who use endpoints to launch attacks.

Application security

Application security protects applications running on-premises and in the cloud, preventing unauthorized access to and use of applications and related data. It also prevents flaws or vulnerabilities in application design that hackers can use to infiltrate the network. Modern application development methods—such as DevOps and DevSecOps—build security and security testing into the development process.

Cloud security

Cloud security secures an organization’s cloud-based services and assets—applications, data, storage, development tools, virtual servers and cloud infrastructure. Generally speaking, cloud security operates on the shared responsibility model where the cloud provider is responsible for securing the services that they deliver and the infrastructure that is used to deliver them. The customer is responsible for protecting their data, code and other assets they store or run in the cloud. The details vary depending on the cloud services used.

Information security

Information security (InfoSec) pertains to protection of all an organization's important information—digital files and data, paper documents, physical media, even human speech—against unauthorized access, disclosure, use or alteration. Data security, the protection of digital information, is a subset of information security and the focus of most cybersecurity-related InfoSec measures.

Mobile security

Mobile security encompasses various disciplines and technologies specific to smartphones and mobile devices, including mobile application management (MAM) and enterprise mobility management (EMM). More recently, mobile security is available as part of unified endpoint management (UEM) solutions that enable configuration and security management for multiple endpoints—mobile devices, desktops, laptops, and more—from a single console.

Common cybersecurity threats

Malware—short for "malicious software"—is any software code or computer program that is written intentionally to harm a computer system or its users. Almost every modern cyberattack involves some type of malware.

Hackers and cybercriminals create and use malware to gain unauthorized access to computer systems and sensitive data, hijack computer systems and operate them remotely, disrupt or damage computer systems, or hold data or systems hostage for large sums of money (see Ransomware).

Read more about malware

Ransomware is a type of malware that encrypts a victim’s data or device and threatens to keep it encrypted—or worse—unless the victim pays a ransom to the attacker. According to the IBM Security X-Force Threat Intelligence Index 2023, ransomware attacks represented 17 percent of all cyberattacks in 2022.

“Or worse” is what distinguishes today's ransomware from its predecessors. The earliest ransomware attacks demanded a single ransom in exchange for the encryption key. Today, most ransomware attacks are double extortion attacks, demanding a second ransom to prevent sharing or publication of the victims data. Some are triple extortion attacks that threaten to launch a distributed denial of service attack if ransoms aren’t paid.

Read more about ransomware

Phishing attacks are email, text or voice messages that trick users into downloading malware, sharing sensitive information or sending funds to the wrong people. Most users are familiar with bulk phishing scams—mass-mailed fraudulent messages that appear to be from a large and trusted brand, asking recipients to reset their passwords or reenter credit card information. But more sophisticated phishing scams, such as spear phishing and business email compromise (BEC), target specific individuals or groups to steal especially valuable data or large sums of money.

Phishing is just one type of social engineering—a class of ‘human hacking’ tactics and attacks that use psychological manipulation to tempt or pressure people into taking unwise actions.

Read more about phishing
Insider threats

Insider threats are threats that originate with authorized users—employees, contractors, business partners—who intentionally or accidentally misuse their legitimate access, or have their accounts hijacked by cybercriminals. Insider threats can be harder to detect than external threats because they have the earmarks of authorized activity, and are invisible to antivirus software, firewalls and other security solutions that block external attacks.

One of the more persistent cybersecurity myths is that all cybercrime comes from external threats. In fact, according to a recent study, 44% of insider threats are caused by malicious actors, and the average cost per incident for malicious insider incidents in 2022 was USD 648,062.3 Another study found that while the average external threat compromises about 200 million records, incidents involving an inside threat actor resulted in exposure of one billion records or more.4

Read more about insider threats
Distributed denial of service (DDoS) attacks

A DDoS attack attempts to crash a server, website or network by overloading it with traffic, usually from a botnet—a network of multiple distributed systems that a cybercriminal hijacks by using malware and remote-controlled operations.

The global volume of DDoS attacks spiked during the COVID-19 pandemic. Increasingly, attackers are combining DDoS attacks with ransomware attacks, or simply threatening to launch DDoS attacks unless the target pays a ransom.

Read more about DDoS attacks
Common (and dangerous) cybersecurity myths

Despite an ever-increasing volume of cybersecurity incidents worldwide and ever-increasing volumes of learnings that are gleaned from them, some dangerous misconceptions persist.

  • Strong passwords alone are adequate protection. Strong passwords make a difference. For example, a 12-character password takes 62 trillion times longer to crack than a 6-character password. But because cybercriminals can steal passwords (or pay disgruntled employees or other insiders to steal them), they can’t be an organization’s or individual’s only security measure.

  • The major cybersecurity risks are well known. In fact, the risk surface is constantly expanding. Thousands of new vulnerabilities are reported in old and new applications and devices every year. Opportunities for human error—specifically by negligent employees or contractors who unintentionally cause a data breach—keep increasing.

  • All cyberattack vectors are contained. Cybercriminals are finding new attack vectors all the time—including Linux systems, operational technology (OT), Internet of Things (IoT) devices and cloud environments.

  • ‘My industry is safe.’ Every industry has its share of cybersecurity risks, with cyber adversaries exploiting the necessities of communication networks within almost every government and private-sector organization. For example, ransomware attacks are targeting more sectors than ever, including local governments, non-profits and healthcare providers. Threats on supply chains, ".gov" websites, and critical infrastructure have also increased.

  • Cybercriminals don’t attack small businesses. Yes, they do. For example, in 2021, 82 percent of ransomware attacks targeted companies with fewer than 1,000 employees; 37 percent of companies attacked with ransomware had fewer than 100 employees.5

Key cybersecurity technologies and best practices

The following best practices and technologies can help your organization implement strong cybersecurity that reduces your vulnerability to cyberattacks and protects your critical information systems without intruding on the user or customer experience.

Security awareness training

Security awareness training helps users understand how seemingly harmless actions—from using the same simple password for multiple log-ins, to oversharing on social media—increases their own or their organization’s risk of attack. Security awareness training combined with thought-out data security policies can help employees protect sensitive personal and organizational data. It can also help them recognize and avoid phishing and malware attacks.

Identity and access management

Identity and access management (IAM) defines the roles and access privileges for each user, and the conditions under which they are granted or denied their privileges. IAM technologies include multi-factor authentication, which requires at least one credential in addition to a username and password, and adaptive authentication, which requires more credentials depending on context. 

Attack surface management

Attack surface management (ASM) is the continuous discovery, analysis, remediation and monitoring of the cybersecurity vulnerabilities and potential attack vectors that make up an organization’s attack surface. Unlike other cyberdefense disciplines, ASM is conducted entirely from a hacker’s perspective, rather than the perspective of the defender. It identifies targets and assesses risks based on the opportunities they present to a malicious attacker.

Threat detection, prevention and response

Organizations rely on analytics- and AI-driven technologies to identify and respond to potential or actual attacks in progress because it's impossible to stop all cyberattacks. These technologies can include (but are not limited to) security information and event management (SIEM), security orchestration, automation and response (SOAR), and endpoint detection and response (EDR). Typically, these technologies are used as part of a formal incident response plan.

Disaster recovery

Disaster recovery capabilities often play a key role in maintaining business continuity in the event of a cyberattack. For example, the ability to fail over to a backup that is hosted in a remote location can enable a business to resume operations quickly following a ransomware attack (and sometimes without paying a ransom).

Related solutions
IBM Security® MaaS360®

AI-driven unified endpoint management (UEM) protects your devices, apps, content and data. This protection means you can rapidly scale your remote workforce and bring-your-own-device (BYOD) initiatives while building a zero trust security strategy. 

Explore MaaS360
Incident response services

Proactive threat hunting, continuous monitoring and a deep investigation of threats are just a few of the priorities facing an already busy IT department. Having a trusted incident response team on standby can reduce your response time, minimize the impact of a cyberattack, and help you recover faster.

Explore X-Force® incident response services
Data security and protection solutions

Implemented on premises or in a hybrid cloud, IBM data security solutions help you investigate and remediate cyberthreats, enforce real-time controls and manage regulatory compliance.

Explore data security and protection solutions
IBM Storage Defender

Proactively protect your organization’s primary and secondary storage systems against ransomware, human error, natural disasters, sabotage, hardware failures and other data loss risks.

Explore IBM Storage Defender
Resources Cost of a Data Breach 2023

Be better prepared for breaches by understanding their causes and the factors that increase or reduce costs. Learn from the experiences of more than 550 organizations that were hit by a data breach.

What is SIEM?

SIEM (security information and event management) is software that helps organizations recognize and address potential security threats and vulnerabilities before they can disrupt business operations.

IBM Security X-Force Threat Intelligence Index 2023

Know the threat to beat the threat—get actionable insights that help you understand how threat actors are waging attacks, and how to proactively protect your organization.

IBM Security Framing and Discovery Workshop

Understand your cybersecurity landscape and prioritize initiatives together with senior IBM security architects and consultants in a no-cost, virtual or in-person, 3-hour design thinking session.

What is threat management?

Threat management is a process used by cybersecurity professionals to prevent cyberattacks, detect cyber threats and respond to security incidents.

Definitive guide to ransomware 2023

Find insights for rethinking your ransomware defenses and building your ability to remediate an evolving ransomware situation more rapidly.

Take the next step

IBM cybersecurity services deliver advisory, integration and managed security services and offensive and defensive capabilities. We combine a global team of experts with proprietary and partner technology to co-create tailored security programs that manage risk.

Explore cybersecurity services