Cyber security awareness is an everyday job, and it’s easy to fall into a false sense of security once you have a solid plan. Every year, statistics are a reminder that hackers and scammers never sleep. New trends and attack types pop up daily, making it difficult to keep track.
Here’s a rundown of the most important statistics for 2023, allowing you to get a good overview of threats to keep in mind. Traditional attacks like phishing are slowly moving to text messages as a new attack vector, and entirely new methods like crypto jacking are emerging as new dangers.
Cyber Attack Statistics for 2023
The overall cyber security trend is clear, attacks are on the rise, and most companies feel they don’t have the proper resources to face the threats. Most users still aren’t adequately educated and still practice behaviors that put the company at risk.
Cyber security awareness must be a top priority when a majority of users reuse passwords and use easily guessed phrases. Human error is still the leading cause of data breaches, and most people don’t know the safety steps to mitigate them, an easily fixed problem with proper education.
- 17% of cyber attacks target vulnerabilities in web applications. (source: Positive Technologies)
- 98% of web applications are vulnerable to attacks that can result in malware, redirection to malicious websites, and more. (source: Positive Technologies)
- 72% of vulnerabilities were due to flaws in web application coding. (source: Positive Technologies)
- The number of material breaches respondents suffered rose 20.5% from 2020 to 2021. (source: ThoughtLab)
- Cybersecurity budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80%. (source: ThoughtLab)
- 30% of executives said their budgets aren’t sufficient to ensure proper cybersecurity. (source: ThoughtLab)
- 31% of executives said their main cyber security challenge was improper identification of key risks. (source: ThoughtLab)
- 50% of companies outsource their cyber security operations center. (source: ThoughtLab)
- The most used cyber security framework was ISO 27001/27002 at 48% of companies. (source: ThoughtLab)
- 55% of companies run internal cyber security assessments. (source: ThoughtLab)
- Only 38% of companies say they have made notable improvements after a breach. (source: ThoughtLab)
- Only 23% of companies say their cybersecurity metrics are well understood by the board and senior executives. (source: ThoughtLab)
- The top cyber security investment is upskilling cybersecurity and IT staff, with 46% of companies reporting this. (source: ThoughtLab)
- 41% of cyber security executives report using Zero Trust architecture principles. (source: ThoughtLab)
- 63% of companies have some form of email security measure. (source: ThoughtLab)
- The average time to detect a data breach is 118 days. (source: ThoughtLab)
- Only 29% of companies reported using multi-factor authentication. (source: ThoughtLab)
- 26% of companies reported using AI and machine learning solutions to predict and handle breaches. (source: ThoughtLab)
- 66% of organizations expect their cyber security budget to grow in the coming year. (source: PwC Research)
- 46% of organizations test cyber incident response time and planning every quarter. (source: Deloitte)
- 41% of organizations identified hybrid IT situations as their biggest cyber security challenge. (source: Deloitte)
- 46% of companies have identified increased CEO support as a significant driver of cyber security-aware work culture. (source: PwC Research)
- 53% of users haven’t changed their passwords in the last 12 months. (source: LastPass)
- 57% of users reported having a password written down on a sticky note. (source: Keeper)
- 37% of employees use their employer’s name as a portion of their password. (source: Keeper)
- 44% of users reported recycling passwords across personal and business-related accounts. (source: Keeper)
- 62% of users have shared a password over email or text messages. (source: Keeper)
- 73% of companies in North America use browsers that are out of date. (source: Statista)
- The cybersecurity market is expected to grow to $300 billion by 2024. (source: DataProt)
- Global spending on cybersecurity exceeded $1 trillion in 2021. (source: DataProt)
- The average security budget of small businesses is 500$. (source: DataProt)
- 1 in 3 US companies has purchased data-breach insurance coverage or cyber liability insurance. (source: DataProt)
- The cyber insurance market is expected to be worth $20 billion by 2025. (source: DataProt)
- 1 in 10 small businesses suffers a cyberattack each year. (source: DataProt)
- The largest DDoS attack was 1.3 terabytes per second. (source: DataProt)
- 540 million accounts were affected in the latest Facebook breach. (source: DataProt)
- 60% of small businesses go out of business after being victims of a cyber attack. (source: worldr)
- 95% of data breaches are due to human error. (source: Mastercard)
- 93% of data breaches are motivated by financial gain. (source: Mastercard)
- 46% of all cyber breaches are done on companies with fewer than 1,000 employees. (source: Mastercard)
- 70% of cybersecurity professionals claim the cybersecurity skills shortage impacts their organization. (source: CSO)
- 56% of Americans do not know the steps to take after being a data breach victim. (source: Varonis)
- 38% of CISOs expect more serious attacks via the cloud in 2023. (source: PwC Research)
- A study has revealed that just 23% of security leaders monitor their partners and vendors in real time for cyber security risks. (source: AAG IT)
- By 2025, it is estimated that 60% of organizations will use cyber security risk as a key factor when determining transactions and business engagements with third parties. (source: AAG IT)
- The USA had 759% more victims of cyber crime in 2021 than the next-highest country, Canada. (source: AAG IT)
- 62% of incidents in the System Intrusion pattern involved threat actors compromising partners. (source: Verizon)
- 30% of small businesses consider phishing attacks to be the biggest cyber threat. (source: Verizon)
- 43% of SMBs do not have a cyber security plan in place. (source: Forbes)
- Cybersecurity Ventures tracked more than $23 billion in venture capital devoted to cybersecurity companies in 2021. (source: Forbes)
Ransomware is the greatest danger for enterprises according to Fortra’s Data Security Survey
Ransomware has significantly increased in recent years since it is one of the most lucrative hacks. Industries where technology access is mission critical such as healthcare and government, remain the top targets.
This type of attack has become one of the most well-known by consumers, and it’s top of mind to them because it often results in data leakage and service interruptions. Industries targeted by this attack should be wary since it is increasingly linked to the abandonment of services.
- Ransomware breaches have seen a 13% increase in the last 5 years. (source: Verizon)
- According to firewall maker SonicWall, ransomware attacks surged by 105% in 2021. (source: VentureBeat)
- 2022 saw 623.3 million ransomware attacks around the world. (source: SonicWall)
- The two most targeted industries for ransomware are healthcare and government, with 121% and 94% increases in 2021, respectively. (source: SonicWall)
- There were 20 ransomware attacks every second in 2020. (source: SonicWall)
- The average cost of a ransomware attack is 4.54 million, excluding the ransom itself. (source: IBM)
- The average downtime experienced after a malware attack is 21 days. (source: Statista)
- Ransomware is the #1 malware threat. (source: Datto)
- CryptoLocker is the leading ransomware variant affecting 52% of respondents to a survey. (source: Datto)
- 63% of cyber attacks against government agencies use ransomware. (source: Positive Technologies)
- 79% of attacks on the retail sector involve ransomware. (source: Positive Technologies)
- 45% of security and IT execs expect a further rise in ransomware attacks. (source: PwC Research)
- 59% of consumers said they would avoid doing business with a company that has suffered a data breach in the last year. (source: ArcServe)
- 70% of consumers believe companies aren’t doing enough to secure their personal data. (source: ArcServe)
- 25% of consumers will stop using a product or abandon it if it has been the target of a ransomware attack. (source: ArcServe)
Related reading: What is Ransomware?
Phishing is the most common security concern according to Fortra’s 2022 Pen Testing Report
Phishing is perhaps the most well-known cyber security threat, and statistics prove it is top of mind for most cyber security professionals. The goal is still mainly to steal credentials, and younger users seem to be less prepared for this attack.
- 7% of all end users who participated in the 2022 GPT clicked on the link in the phishing email. (source: Terranova Security)
- 96% of phishing attacks are delivered via email. (source: Verizon)
- 90% of data breaches are the result of phishing attacks. (source: CyberTalk)
- Phishing and business email compromise results in over 500 million dollars in losses per year, according to the FBI. (source: Internet Crime Complaint Center (IC3))
- In a recent survey, 77% said their main cybersecurity fear was a targeted phishing attack. (source: SonicWall)
- Credential theft is the top goal of phishing attacks at 51.8% in 2021. (source: Anti-Phishing Working Group (APWG))
- Phishing emails are the leading delivery method for ransomware attacks. (source: Datto)
- Security firm Slashnext estimates there will be 255 million phishing attacks in 2022. (source: SlashNext)
- 18-24 is the age group that fell for phishing emails the most in 2022. (source: Tessian)
- 50% of people who fell for a phishing email said it was because they were tired or distracted. (source: Tessian)
- 85% of mobile phishing attacks happen outside of email, whether through messaging apps, social networks, or games. (source: CyberNews)
- The financial services industry saw 5 times more phishing attempts than any other industry in 2022. (source: Cisco Umbrella)
- 682 brands were the target of spoofing phishing attacks in November 2033 alone. (source: APWG)
- 43% of spoofing attacks impersonated Microsoft. (source: CheckPoint)
- 32% of phishing attacks involve the impersonation of a social network. (source: Abnormal Security)
Related reading: What is Phishing?
Malicious software is still a common threat, with thousands of attacks recorded daily. Certain industries, like retail, are more often targeted, but malware is often coupled with other tactics, such as phishing. In most situations, adware is the target, but traditional data breaches are still something to look out for.
- There were 5.4 billion malware attacks in 2022. (source: SonicWall)
- The US sees the most malware attacks annually, 9x more than #2 the UK. (source: SonicWall)
- In a recent survey, 53% said they were victims of adware. (source: Datto)
- 71% of malware attacks have a specific target. (source: Positive Technologies)
- 17% of malware attacks target individuals. (source: Positive Technologies)
- 40% of malware attacks result in confidential data leakage. (source: Positive Technologies)
- The most common malware type used for individuals is spyware. (source: Positive Technologies)
- Cyber attacks on the retail sector increased by 117% in 2021. (source: Positive Technologies)
- 70% of attacks on the retail sector led to customer data theft. (source: Positive Technologies)
- A database of gift cards to multiple retailers totalling $38 million was put up for sale on the dark web in 2021. (source: Gemini Advisory)
- 5,520,908 mobile malware, adware, and riskware attacks were blocked. (source: SecureList)
- Adware accounted for 25.28% of all mobile threats detected. (source: SecureList)
- 405,684 malicious installation packages were detected in 2022, the leading type being mobile banking trojans. (source: SecureList)
- Iran was the leading target of malware attacks, accounting for almost 27% of all attacks in 2022. (source: SecureList)
- 70% of organizations have users being served malware ads on their browsers. (source: Cisco Umbrella)
- 48% of organizations experienced information theft via malware. (source: Cisco Umbrella)
- Ursnif/Gozi and IceID were the most popular trojans of 2022. (source: Cisco Umbrella)
Related reading: What is Malware?
Business Email Compromise (BEC) Statistics
One of the most potentially damaging hacks, BEC continues to cause billions of damages every year. Thankfully, it is one of the attacks that cyber security awareness solves the easiest.
- Gift card requests are the most common way to retrieve funds from an attack, constituting 68% of such attacks. (source: APWG)
- 19% of data breaches are the result of BEC. (source: IBM)
- 29% of companies have reported losing a client in 2022 due to a business email compromise. (source: Tessian)
- 52% of people who clicked on a phishing link did so because they thought it came from a senior executive in the company. (source: Tessian)
- BEC attacks led to $1.8 billion in damages in 2021. (source: Tessian)
Related reading: What is Business Email Compromise?
An evolution of phishing, text message scams is now a part of daily life for most people worldwide. This new channel of attack is more successful than email become security measures are lower than on a computer, and people often don’t know how to do security checks on their phones.
- The average American receives 14.7 spam texts per month. (source: Statista)
- Americans reported losing over 131 million dollars to spam text schemes in the last year. (source: Tableau Public)
- 59% of Americans have reported receiving spam text in the last year. (source: Truecaller)
- An estimated 587,557,653 robo-texts are sent every day. (source: Robokiller)
- 2021 saw a 58% increase in spam text messages. (source: Robokiller)
- 26% of scam texts were fake delivery notifications. (source: Robokiller)
- Scammers stole an estimated 10 billion dollars from victims worldwide in 2021. (source: Robokiller)
- According to the Federal Trade Commission, smishing accounted for 21% of all fraud reports. (source: Tableau Public)
- 36% of people who received a scam text message have complied with the demands or clicked on a link. (source: Tessian)
- Only 35% of people know they have been victims of a smishing attack before it is too late. (source: EarthWeb)
- The most common smishing scam involves promises of a tax refund. (source: Safety Detectives)
Related reading: What is Smishing?
This new attack has caught the world by storm and often goes unnoticed by its victims. This malicious software hijacks computing power secretly to mine cryptocurrencies in the background and is very hard to detect. It has become one of the most lucrative hacks and is often delivered via phishing attacks.
- Cryptojacking attacks increased by 19% in 2021, making it one of the rising threats worldwide. (source: SonicWall)
- 69% of organizations reported experiencing unsolicited crypto mining on their machines. (source: Cisco Umbrella)
- 48% of miners secretly gather cryptocurrency Monero(XMR) in attacks. (source: SecureList)
- Cryptojacking has become so lucrative that many groups known for ransomware have recently switched to it. (source: SecureList)
- Cryptojacking isn’t just propagated through malware but is also found in otherwise legitimate free software. (source: SecureList)
- 153,773 new modifications of crypto mining software have been identified in Q3 2022 alone. (source: SecureList)
- 38% of Ethiopians are affected by crypto jacking, making it the country with the highest proportion of this malware. (source: SecureList)
- Bitcoin wallets involved in crypto jacking receive 0.08BTC or $1,600 per month on average. (source: SecureList)
- 70 percent of cryptocurrency transactions will be for illegal activity by 2021. (source: Cybersecurity Ventures)
- com, Luna, and Cardano are the most commonly impersonated cryptocurrency-related companies. (source: Global Security Mag)
These cyber attack stats prove that cyber security still needs to be a top priority for all businesses across all industries. Hackers are constantly innovating to carry out attacks, and the most efficient way to remain ahead of the curve is to be aware and educated.
The dominating trend across these statistics is the lack of user knowledge and preparedness. Almost all cyber attacks can be entirely negated or severely mitigated with the right behaviors. Thankfully, many businesses see the need and are increasing budgets. With cyber security spending expected to exceed a trillion dollars this year, these statistics are bound to become more encouraging with time.
Check the current state of cyber security in organizations around the world in the full Global Phishing Benchmarking Report!
The results of the 2022 Gone Phishing tournament provide insight on:
- How many end users click on phishing email links
- Which region and sector have the lowest click rates
- Whether organization size influences cyber security strength
- CISO recommendations for a robust cyber culture