Cybersecurity issues have long been a daily threat to businesses. Staying up-to-date on the latest cybersecurity statistics, trends, and facts helps you understand the risks and what you should be vigilant about.
The cybersecurity landscape is constantly changing, but it is obvious that cyber threats are becoming more serious and happening more frequently.
Here is a summary of some of the most interesting and alarming cybersecurity statistics for 2023:
- The yearly global cost of cybercrime is estimated to exceed $20 trillion by 2026. (Cybersecurity Ventures)
- 2,244 cyberattacks are happening every single day. (University of Maryland)
- There were 236.1 million ransomware attacks in the first half of 2022. (Statista)
- 71% of organizations worldwide have been victims from ransomware attacks in 2022. (Cybersecurity Ventures)
- Organized crime is responsible for 80% of all security and data breaches. (Verizon)
- Ransomware attacks happen every 10 seconds. (InfoSecurity Group)
- 71% of all cyberattacks are financially motivated (followed by intellectual property theft, and then espionage). (Verizon)
and did you know that:
F-35 fighter jets face greater threats from cyber-attacks than from enemy missiles.
Source: Interesting Engineering ^
Thanks to its superior computing system, the F-35 stealth fighter jet is the most advanced plane in modern times. But its greatest feature becomes its greatest liability in a digitized world that’s under constant threat of cyber attack.
2023 Cybersecurity Statistics & Facts That You Need To Know
Here is a list of the latest up-to-date cybersecurity statistics to help you understand what is happening in the field of infosec, as well as what to expect in 2023 and beyond.
The yearly global cost of cybercrime is estimated to exceed $20 trillion by 2026.
Source: Cybersecurity Ventures ^
As if the 2022 cost of cybercrime ($8.4 trillion) wasn’t staggering enough, experts predict that this figure will reach an eye-watering $20 trillion by 2026. This is an increase of almost 120%.
2023 prediction of global cybercrime damage costs:
- $8 Trillion per YEAR
- $666 Billion per MONTH
- $153.84 Billion per WEEK
- $21.9 Billion per DAY
- $913.24 Million per HOUR
- $15.2 Million per MINUTE
- $253,679 per SECOND
Cybercrime is expected to be up to 5 times more profitable than global transnational crimes combined.
The world will need to cyber-protect 200 zettabytes of data by 2025. This includes data stored on both public and private servers, cloud data centers, personal computers and devices, and Internet of Things items.
To put that into context, there are 1 billion terabytes per zettabyte (and one terabyte is 1,000 gigabytes).
The cybersecurity industry was worth over $156.30 billion in 2022.
Source: Statista ^
The cybersecurity market was estimated to be worth $156.30 billion in 2022. By 2027 it is forecasted to be a staggering $403 billion with a CAGR of 12.5%.
The need to protect computing platforms and data becomes more important as the world relies more on technology and digital assets. This is good news for the infosec industry and tech-minded job seekers.
There are 2,244 cyberattacks per day, equating to over 800,000 attacks per year. That’s almost one attack every 39 seconds.
Source: University of Maryland & ACSC ^
It’s hard to find up-to-date or fully accurate figures on this statistic, and the only reliable report dates back to 2003.
A Clark School study at the University of Maryland from 2003 is one of the first to quantify the near-constant rate of hacking attacks. The study found that 2,244 attacks happened daily, breaking down to almost one cyberattack every 39 seconds, and “brute force” was the most common tactic.
For 2023, we do not know the exact figure for the number of daily cyberattacks, but it will be significantly more than this report’s findings.
A more recent study from the Australian government’s Australian Cyber Security Centre (ACSC) agency found that between July 2019 and June 2020, there were 59,806 cybercrime reports (crimes reported, not hacks), which is an average of 164 cybercrimes per day or approximately one every 10 minutes.
The world will have 3.5 million unfilled cybersecurity jobs in 2023.
Source: Cybercrime Magazine ^
As the threat and cost of cybercrime ramps up, so does the need for experienced professionals to tackle the problem. There are 3.5 million cybersec-related jobs forecasted to be unfilled in 2023.
This is enough to fill 50 NFL stadiums and is equivalent to 1% of the US population. According to Cisco, back in 2014, there were only one million cybersecurity openings. The current cybersecurity rate for unemployment is at 0% for experienced individuals, and it’s been this way since 2011.
Malicious URLs from 2021 to 2022 have increased by 61%, equating to 255M phishing attacks detected in 2022.
Source: Slashnet ^
The massive 61% increase in malicious URLs from 2021 to 2022 equates to 255 million phishing attacks.
76% of those attacks were found to be credential harvesting which is the top cause of breaches. High-profile breaches of large organizations included Cisco, Twilio, and Uber, all of which suffered from credential theft.
In 2022, the .com domain was the most common URL included in phishing email links to websites at 54%. The next most common domain was ‘.net’ at around 8.9%.
Source: AAG-IT ^
.com domains still reign supreme when it comes to being spoofed for phishing purposes. 54% of phishing emails contained .com links, while 8.9% of them had .net links.
The most commonly used brands for phishing are LinkedIn (52%), DHL (14%), Google (7%), Microsoft (6%), and FedEx (6%).
There were 236.1 million ransomware attacks in the first half of 2022. That’s 14.96 attacks each and every second.
Source: Statista ^
Ransomware is a type of malware that infects a user’s computer and restricts access to the device or its data, demanding money in exchange for freeing them (using cryptocurrency because it is hard to trace).
Ransomware is one of the most dangerous hacks because it allows cybercriminals to deny access to computer files until a ransom is paid.
Even though 236.1 million ransomware attacks in six months is a huge amount, it still doesn’t compare with 2021’s colossal number of 623.3 million.
71% of organizations worldwide have been victimized by ransomware attacks in 2022.
Source: Cybersecurity Ventures ^
A huge number of organizations have experienced ransomware attacks in 2022. 71% of businesses have fallen victim. This is compared with 55.1% in 2018.
The average ransomware demand is $896,000, down from $1.37 million in 2021. However, organizations typically pay around 20% of the original demand.
A study conducted by the Poneman Institute claims cyber attacks against US hospitals increase mortality rates.
Source: NBC News ^
Two-thirds of respondents in the Ponemon study who had experienced ransomware attacks said the incidents had disrupted patient care. 59% found they increased the length of patients’ stays, leading to strained resources.
Almost 25% said the incidents led to increased mortality rates. At the time of the study, at least 12 ransomware attacks on US healthcare affected 56 different facilities.
Did you know that in September 2020, the Duesseldorf University Clinic in Germany was hit by a ransomware attack that forced staffers to direct emergency patients elsewhere. The cyberattack took down the entire IT network of the hospital, which led to doctors and nurses who were unable to communicate with each other or access patient data records. As a result, a woman seeking emergency treatment for a life-threatening condition died after she had to be taken over an hour away from her hometown because there wasn’t enough staff available at local hospitals.
The breakout trend of 2022 was the rise in zero-hour (never seen before) threats.
Source: Slashnet ^
54% of threats detected by SlashNext are zero-hour attacks. This marks a 48% increase in zero-hour threats since the end of 2021. The increase in the number of detected zero-hour attacks shows how hackers are paying attention to what is effective and what gets stopped.
A network or data breach is the top security breach to impact an organization’s resilience and accounts. 51.5% of businesses were affected in this way in 2022.
Source: Cisco ^
While network and data breaches are the top types of security breaches, network or system outages come in a close second, with 51.1% of businesses affected. 46.7% had experienced ransomware, 46.4% had a DDoS attack, and 45.2% had accidental disclosure.
In July 2022, Twitter confirmed the data from 5.4 million accounts had been stolen.
Source: CS Hub ^
In July 2022, a hacker stole email addresses, phone numbers, and other data from 5.4 million Twitter accounts. The hack resulted from a vulnerability discovered back in January 2022 that Twitter subsequently ignored.
Other high-profile attacks included the attempted sale of 500 million stolen Whatsapp user details on the dark web, more than 1.2 million credit card numbers leaked on the hacking forum BidenCash, and 9.7 million peoples’ information stolen in a Medibank data leak in Australia.
Over 90% of malware comes through email.
Source: CSO Online ^
When it comes to malware attacks, email remains the favorite distribution channel of hackers. 94% of malware is delivered via email. Hackers use this approach in phishing scams to get people to install malware onto networks. Nearly half of the servers that are used for phishing reside in the United States.
30% of cyber security leaders say they can’t hire enough staff to handle the workload.
Source: Splunk ^
There’s a talent crisis within businesses, and 30% of security leaders say there’s insufficient staff to handle an organization’s cyber security. Furthermore, 35% say they cannot find experienced staff with the right skills, and 23% claim both factors are a problem.
When asked how they plan to tackle the issue, 58% of security leaders chose to increase funding for training, while only 2% picked to increase the use of cybersecurity tools with artificial intelligence and machine learning.
Nearly half of all cyberattacks target small businesses.
Source: Cybint Solution ^
While we tend to focus on cyber attacks on Fortune 500 companies and high-profile government agencies, Cybint Solutions found that small businesses were the target of 43% of recent cyber attacks. Hackers find that many small businesses haven’t adequately invested in cyber security and want to exploit their vulnerabilities for financial gain or to make political statements.
Malware emails in Q3 2022 rose to 52.5 million and accounted for a 217% increase compared to the same period the previous year (24.2 million).
Source: Vadesecure ^
When it comes to malware attacks, email remains the favorite distribution channel of hackers. 94% of malware is delivered via email. Hackers use this approach in phishing scams to get people to install malware onto networks. The method of choice for most malware attacks is impersonating well-known brands, with Facebook, Google, MTB, PayPal, and Microsoft being the favorites.
On average, a malicious Android app was published every 23 seconds in 2022.
Source: G-Data ^
The number of malicious apps for Android devices has decreased by a significant amount. From January 2021 to June 2021, there were around 700,000 new apps with malicious code. This is 47.9% less than the first half of 2021.
One of the key reasons for the 47.9% drop in malicious apps for Android devices has been the ongoing conflict in Ukraine. Another reason is that cybercriminals are targeting other devices, such as tablets and Internet of Things items.
On average, a malicious app was published every 23 seconds in 2022. In 2021 a malicious app was published every 12 seconds, which is a huge improvement. Malicious app development could remain lower or rise significantly depending on how things play out between Russia and Ukraine.
In 2022, the average cost of a data breach attack reached $4.35 million. This is an increase of 2.6% from the previous year.
Source: IBM ^
While data breaches are serious and cost businesses millions of dollars, it’s not the only problem they need to watch out for. Cybercriminals also have their attention on attacking SaaS (software as a service) and standalone 5G networks.
Selling cybercrime as a service is set to boom on the dark web, as are data-leak marketplaces where all of that stolen data ends up – for a price.
To add to the misery, the increased risks mean that cyber insurance premiums are set to soar, with premiums predicted to reach record levels by 2024. Additionally, any business suffering from a large security breach will face an equally large fine for not keeping its security tight enough.
In 2021, the FBI sub-division IC3 received a massive 847,376 internet crime complaints in the US, with $6.9 billion in losses.
Source: IC3.gov ^
Since the IC3 annual report began in 2017, it has amassed a total of 2.76 million complaints totalling $18.7 billion in losses. In 2017 the complaints were 301,580, with losses of $1.4 billion. The top five crimes recorded were extortion, identity theft, personal data breach, non-payment or delivery, and phishing.
Business email compromise accounted for 19,954 of the complaints in 2021, with adjusted losses of almost $2.4 billion. Confidence or romance scams were experienced by 24,299 victims, with a total of over $956 million in losses.
Twitter continues to be a key target for hackers after users’ data. In December 2022, 400 million Twitter accounts had their data stolen and put up for sale on the dark web.
Source: Dataconomy ^
The sensitive data included email addresses, full names, phone numbers, and more, with many high-profile users and celebrities included in the list.
This comes after another huge zero-day attack in August 2022, where over 5 million accounts were compromised, and the data was put up for sale on the Darkweb for $30,000.
In 2020 130 high-profile Twitter accounts were hacked, including the account of the current Twitter CEO – Elon Musk. The hacker gained around $120,000 in Bitcoin before scarpering.
Organized crime is responsible for 80% of all security and data breaches.
Source: Verizon ^
Despite the word “hacker” conjuring up images of someone in a basement surrounded by screens, the vast majority of cybercrime comes from organized crime. The remaining 20% consists of system admin, the end user, nation-state or state-affiliated, unaffiliated, and “other” persons.
One of the world’s largest security firms admits it was the victim of a sophisticated hack in 2020.
Source: ZDNet ^
The hack of IT security firm FireEye was quite shocking. FireEye consults with government agencies to improve the security of networks that store and transmit data related to U.S. national interests. In 2020, brazen hackers breached the company’s security systems and stole tools that FireEye uses to test government agency networks.
83% of businesses were exposed to phishing in 2022.
Source: Cybertalk ^
Phishing is the number one tactic that hackers use to get the data that they need for larger-scale attacks. When phishing is customized for a targeted person or company, the method is called “spear phishing,” and around 65% of hackers have used this type of attack.
Around 15 billion phishing emails are sent daily; this number is expected to rise by a further 6 billion in 2022.
According to Proofpoint’s “State of the Phish” 2022 report, there is a severe lack of cybersecurity awareness and training that needs to be addressed.
Source: Proofpoint ^
From a survey conducted with 3,500 working professionals across seven countries, only 53% could correctly explain what phishing is. Only 36% correctly explained ransomware, and 63% knew what malware is. The rest either said they didn’t know or got the answer wrong.
When compared to the previous year’s report, only ransomware had gained an increase in recognition. Malware and phishing dropped in recognition.
This proves that business owners really need to step up and implement training and awareness throughout their organizations. 84% of U.S. organizations said security awareness training had reduced phishing failure rates, so this shows it works.
Only 12% of organizations that allow corporate access from mobile devices use a Mobile Threat Defense solution.
Source: Checkpoint ^
Remote working has exploded in popularity bus organizations aren’t taking steps to protect their employees.
Considering that 97% of US organizations have faced mobile threats, and 46% of organizations have had at least one employee download a malicious mobile application, it seems unthinkable that only 12% of businesses have deployed security measures.
Furthermore, only 11% of organizations claim they don’t use any methods to secure remote access to corporate applications from a remote device. Nor do they carry out a device risk check.
In one of the largest data breaches reported in 2022, 4.11 million patient records were affected by a ransomware attack on the printing and mailing vendor OneTouchPoint.
Source: SCMedia ^
30 different health plans were targeted, with Aetna ACE bearing the brunt with over 326,278 compromised patient records.
Medical records are top-of-mind for hackers. Financial records can be canceled and reissued when cyberattacks are discovered. Medical records stay with a person for life. Cybercriminals find a lucrative market for this type of data. As a result, healthcare cybersecurity breaches and theft of medical records are expected to increase.
One out of three employees is likely to click on a suspicious link or email or comply with a fraudulent request.
Source: KnowBe4 ^
The 2022 Phishing by Industry Report that KnowBe4 published stated that a third of all employees failed a phishing test and are likely to open a suspicious email or click on a dodgy link. The education, hospitality, and insurance industries are most at risk, with insurance having a 52.3% failure rate.
Shlayer is the most prevalent type of malware and is responsible for 45% of attacks.
Source: CISecurity ^
Shlayer is a downloader and dropper for MacOS malware. It’s typically distributed via malicious websites, hijacked domains, and posing as a fake Adobe Flash updater.
ZeuS is the second most prevalent (15%) and is a modular banking trojan that uses keystroke logging to compromise victim credentials. Agent Tesla comes in third (11%) and is a RAT that logs keystrokes, captures screenshots, and withdraws credentials via an infected computer.
60% of businesses that experience ransomware attacks pay the ransom to get their data back. Many pay more than once.
Source: Proofpoint ^
Even though security agencies globally warned businesses to increase their online security, ransomware still managed to wreak particular havoc in 2021. Government and critical infrastructure sectors were particularly hard hit.
According to Proofpoint’s 2021 “State of the Phish” survey, over 70% of businesses dealt with at least one ransomware infection, with 60% of that amount actually having to pay up.
Even worse, some organizations had to pay more than once.
Ransomware attacks are common, and the lesson here is that you should expect to be the target of a ransomware attack; it’s not a matter of if but when!
In the US, the FTC (Federal Trade Commission) received 5.7 million total fraud and identity theft reports in 2021. 1.4 million of those were consumer identity theft cases.
Source: Identitytheft.org ^
Online fraud cases have increased by 70% since 2020, and the losses from identity theft cost Americans $5.8 billion. It is estimated that there is an identity theft case every 22 seconds and that 33% of Americans will experience identity theft at some point in their lives.
Credit card fraud is the most commonly attempted type of identity theft, and while it may cost you thousands, you’ll be shocked to hear that the average price for your data is only $6. Yep, that’s just six dollars.
Each time individuals have access to your personal data, you’re at risk of identity theft. Thus, you want to ensure that you’re always being smart with your data and protecting it from any potential hackers. You want to reduce any situation that may expose you and your personal data.
The United States suffers the most data breaches by location and receives 23% of all cybercrime attacks.
Source: Enigma Software ^
The United States has comprehensive breach notification laws, which drive up the number of reported cases; however, its 23% share of all attacks towers over China’s 9%. Germany is third with 6%; the UK comes fourth with 5%, then Brazil with 4%.
Frequently Asked Questions
How many cybersecurity attacks are there every day?
It is difficult to get exact figures; however, a Clark School study at the University of Maryland found that around 30,000 websites are attacked on a daily basis. And every 39 seconds, there is a new attack somewhere on the web, which accounts for around 2,244 attacks daily.
What is the most alarming security issue on the Internet today?
Ransomware is still the number one cybersecurity threat for 2023. Ransomware is one of the most dangerous types of hacks because it is relatively easy and cheap to carry out and gives cybercriminals the ability to deny access to computer files until a ransom is paid.
In second place is IoT (Internet of Things) attacks. As we introduce more web-connected devices into our homes, we can expect to see cybercriminals focusing more of their attention on this area.
How many cyber attacks happened in 2022?
Over 4,100 publicly disclosed data breaches occurred in 2022, equating to around 22 billion records being exposed. However, this figure is expected to be much higher since not all data breaches have been made public.
Additionally, an estimated 53.35 million US citizens were affected by cybercrime in the first half of 2022.
Where do most cyberattacks come from?
The US is responsible for 10% of all cyberattacks, followed by Turkey (4.7%) and Russia (4.3%).
The US prefers to send out phishing scams, website spoofing, and ransomware. In Turkey, banks and industry are the main targets.
Meanwhile, in Russia, hackers tend to target banks in the U.S. and Europe. Since the 20th century, Russia’s education system has encouraged the pursuit of scientific knowledge and curiosity in its students, which has had the side effect of fostering cybercriminals.
How long do cyber attacks take to detect?
On average, it takes about 287 days to detect and stop a cyberattack. It takes about 212 days for a typical organization to identify a threat and a further 75 days to contain it. However, some breaches can avoid detection for even longer. How long it takes for your company to remove a threat depends on how robust your security system is.
Companies that can subdue attacks in less time can save hundreds of thousands of dollars in recovery costs.
What are the best cybersecurity prevention techniques?
There are several cybersecurity prevention techniques that you can use to help protect your devices and data from cyber threats in 2023. Here are a few options:
Use a VPN (Virtual Private Network): VPN software creates an encrypted connection between your device and the internet, helping to protect your online activity and personal information from being intercepted by hackers.
Install antivirus software: Antivirus software helps to detect and remove malware from your devices. It is important to keep your antivirus software up to date to ensure it can protect against the latest threats.
Use a password manager: A password manager is a tool that helps you generate and store strong, unique passwords for all of your online accounts. This can help protect you from password-related security breaches.
Enable two-factor authentication: Two-factor authentication adds an extra layer of security to your online accounts by requiring you to enter a code sent to your phone or email in addition to your password when logging in.
Keep your operating system and software up to date: It is important to keep your operating system and software up to date with the latest security patches and updates. These updates often include important security fixes that can help protect your device against new threats.
Use caution when clicking links or downloading attachments: Be cautious when clicking on links or downloading attachments, especially if they come from unknown sources. These can often contain malware that can compromise your device.
Back up your data: Regularly backing up your data can help protect you in the event that your device is lost, stolen, or compromised.
Encrypt your data using cloud storage: If you store your data in the cloud, you can help protect it by using encryption. Encrypting your data helps to prevent unauthorized access, even if someone gains access to your cloud account. Many cloud storage providers offer encryption options, or you can use a separate encryption tool to secure your data before uploading it to the cloud.
Organizations are responsible for protecting customer data and keeping it from unauthorized access. As unsettling as these cybersecurity statistics might be, part of a company’s duty is to ensure its cybersecurity defense system has everything it needs to succeed.
Cybersecurity Statistics: Summary
Cybersecurity is a big issue, and it’s only getting bigger. As phishing attempts, malware, identity theft, and huge data breaches increase daily, the world is looking at an epidemic that will only be solved with worldwide action.
The cybersecurity landscape is changing, and it is obvious that cyber threats are becoming more sophisticated and harder to detect, plus they’re attacking with more frequency.
Everyone needs to do their part to prepare and combat cybercrimes. That means making INFOSEC best practices routine and knowing how to handle and report potential cyber threats.
Don’t miss this list of the best YouTube channels to learn about Cybersecurity.
If you are interested in more statistics, check out our 2023 Internet statistics page here.