Security Audit

160 Cybersecurity Statistics 2023 – The Ultimate List of Stats and Trends

Updated on: January 5, 2023

160 Cybersecurity Statistics 2023 – The Ultimate List of Stats and Trends

The number of cyber attacks per year is 8,00,000

The cybersecurity landscape is continuously evolving. And now with COVID-19, remote work, and increasing cyber crimes in the picture, maintaining fool-proof security is becoming harder and harder.

8,00,000

Number of cyber attacks per year

Hackers are constantly trying out new ways to evade security and attack business assets. Hence, the need for cybersecurity among businesses is skyrocketing.

To give you a better view of what’s happening, we curated a list of 160 cybersecurity stats 2023. This will help you understand the cybersecurity market and plan a defense strategy against hackers.

cyber security statistics
cybercrime statistics
data breach statistics
healthcare data breaches statistics
phishing statistics
ransomware attack statistics
Small business cyber security statistics
3rd party data breaches
cyber insurance claims statistics

Top Cybersecurity Statistics 2023

Number of cyber attacks per day 2,200

  • Every 39 seconds there is a hacker attack.
  • 300,000 new malware is created every day.
  • Healthcare remains the top target of ransomware attacks.
  • 92% of malware was delivered via email.
  • 4.1 million websites have malware at any given time.
  • 49 days is the average time it took to identify a ransomware attack.
  • $29M was stolen from a fintech company by a hacker.
  • 97% of all security breaches exploit WordPress plugins.
  • $3 billion worth of cryptocurrency was stolen in hacks till now.

Interesting things happened in 2022

  • 2.8 billion malware attacks happened in the first half of 2022.
  • 255 million phishing attacks happened over six months in 2022.
  • 853,987 domain names were reported for phishing in 2022.
  • Around 71% of businesses became victims of ransomware in 2022.
  • 60% more malicious DDoS attacks occurred during the first 6 months of 2022.
  • 1.51 billion IoT breaches were reported in the first 6 months of 2022.
  • Over 500,000 users were affected by malicious mining software in Q1 2022.
  • $1.4 billion has been lost to breaches on cross-chain bridges this year.

Cybersecurity stats and trends 2022

  • 66% of CIOs say they plan to increase investment in cybersecurity. – WSJ
  • 74% of IT experts believe remote work poses an extreme threat to cybersecurity. – Tripwire
  • Global cybersecurity spending to hit $23bn in 2022. – Infosec
  • 54% of respondents in the ESG survey said their organization has a shortage of cloud/IT architecture skills. – Infosec
  • 300,000 new malware is created every day.
  • There is a hacker attack every 39 seconds. – Security Magazine
  • The global Security as a Service (SECaaS) market is projected to reach more than $22 billion in 2026. – Statista
  • 847,376 cybersecurity complaints in 2021, with potential losses exceeding $6.9 billion. – FBI’s Internet Crime Complaint Center

Information security statistics

  • Spending on information security and risk management will reach $188.336 billion in 2023. – Gartner
  • 60% of CISOs (Chief Information Security Officers) say they face stress due to their job. – Heidrick & Struggles
  • CISOs compensation in the United States has risen to $584,000 this year. – Heidrick & Struggles
  • 77% of the CISOs were in the same role for at least three years. – Heidrick & Struggles

Cybersecurity Statistics 2023 by Attack type

Malware:

  • 2.8 billion malware attacks happened in the first half of 2022. – Statista
  • 5,520,908 mobile malware, adware, and riskware attacks were blocked in Q2 2022. – Kaspersky
  • Iran is the most impacted country due to mobile malware attacks. – Kaspersky
  • VBA Trojan tops the malware variants ranking in 2022. – SecurityBrief Asia
  • 92% of malware was delivered via email. – Securityboulevard
  • The first half of 2022 saw a whopping 976.7% increase in Emotet detections compared to the first half of 2021 – Trend Micro
  • 67 active Ransomware-as-a-service (RaaS) were reported in the first six months of this year alone. – Techcirle

💡 Here are some ways to prevent malware attacks;

✅ Use security software.

✅ Create 2fa and strong passwords.

✅ Use up-to-date software.

✅ Never click a link from unknown sources.

Phishing statistics 2023:

  • The finance industry had the most phishing attacks during the first quarter of 2022 (23.6 percent). – Statista
  • 255 million phishing attacks happened over six months in 2022. – Security Magazine
  • 54% of all threats detected in 2022 were zero-hour threats. – Slashnext
  • Targeted spear-phishing credential harvesting attacks make up 76% of all threats. – Slashnext
  • 853,987 domain names were reported for phishing in 2022. – Interisle
  • 52% of impersonated brand phishing attacks happened all over the world in 2022. – CheckPoint
  • Phishing attacks ended up being the most expensive initial attack vector, costing USD 4.91 million. – IBM
  • Google blocked more than 231 billion spam and phishing emails in November 2022. – Google
  • Acorn Financial Services reported the biggest phishing attack of 2022. – JDSupra

💡 Here are some ways to prevent phishing attacks;

✅ Never share personal information on unsecured sites.

✅ Change passwords frequently.

✅ Don’t open emails that look spam.

✅ Purchase antivirus software.

✅ Avoid clicking links from unknown sources.

Ransomware statistics 2023:

  • 49 days is the average time it took to identify a ransomware attack. – IBM
  • Around 71% of businesses became victims of ransomware in 2022. – Statista
  • Austria had the highest ransomware attack among all countries in 2022. – Statista
  • 72% of IT professionals paid the ransom to recover from the ransomware attack. – Statista
  • Costa Rica’s Government faced the biggest ransomware attack of all time. – Cyber Management Alliance
  • Q3 2022 saw a decline in ransomware activity by 10.5% from the previous quarter. – Digital Shadows
  • The industrial goods and services sector was the most targeted by ransomware attacks in Q2 2022. – Digital Shadows

💡 Here are some ways to prevent ransomware attacks;

✅ Never use outdated software.

✅ Never click unsafe links.

✅ Never insert a USB that you don’t own.

✅ Use VPNs on public networks.

DDoS statistics 2023

60% more DDoS attacks in 2022
  • 60% more malicious DDoS attacks occurred during the first six months of 2022 – Govtech
  • The largest DDoS attack was a 2.5 Tbps launched by a Mirai botnet variant, aimed at the Minecraft server. – Cloudflare
  • HTTP DDoS attacks increased by 111% YoY. – Cloudflare
  • The gaming/Gambling industry was the most targeted by L3/4 DDoS attacks. – Cloudflare.

💡 Here are some ways to prevent DDoS attacks;

✅ Choose a DDoS mitigation service.

✅ Create a secure network infrastructure.

✅ Monitor your website traffic.

✅ Use Web Application Firewalls (WAF).

BEC attack

  • 34% out of all the attacks that happened in 2022 were business email compromise attacks. – Arctic Wolf.
  • 80% of organizations stated that protecting against BEC attacks in 2023 is of high importance. – Sonicwall
  • 80% of organizations where BEC occurred don’t have a Multi-Factor Authentication (“MFA”) solution in place. – Arctic Wolf.

💡 Here are some ways to prevent BEC attacks;

✅ Enable Multi-factor Authentication (MFA).

✅ Steer clear of free email domain creation.

✅ Use a password manager like LastPass.

✅ Train your team to identify unsafe emails.

IoT cybersecurity statistics

  • 1.51 billion IoT breaches were reported in the first 6 months of 2022. – Speartip
  • 51% of IT teams are unaware of the types of devices connected to their network. – Speartip
  • 32% of IoT companies have data security concerns due to the shortage of skilled personnel. Tech business news

💡 Here are some ways to prevent IoT attacks;

✅ Update firmware and stay up-to-date.

✅ Use Multi-Factor Authentication (MFA).

✅ Encrypt your devices properly.

✅ Connect IoT devices using secure Wi-Fi.

Cryptojacking

Over 500,000 users were affected by malicious mining software in Q1 2022. – Kaspersky

Monero (XMR) is the most popular cryptocurrency for malicious mining. – Kaspersky

Cryptojacking attacks in the financial sector have risen by 269% in 2022. – SonicWall

Cryptojacking cases went up to 66.7 million in the first half of 2022. – SonicWall

💡 Here are some ways to prevent crypto attacks;

✅ Install software updates and patches.

✅ Use a reputable crypto exchange and wallet.

✅ Use anti-crypto mining browser extensions like MinerBlock.

✅ Use managed detection and response (MDR) service.

Social engineering statistics 2023

  • 75% of security professionals say social engineering is the “most dangerous” threat. – CS Hub
  • 2,249 social engineering incidents were reported. – Verizon.
  • A hacker used social engineering attack on Twilio and gained access to the company’s internal systems and the data of 125 customers. – Venturebeat

💡 Here are some ways to prevent social engineering attacks;

✅ Use a secure Web Application Firewall (WAF).

✅ Enable MFA.

✅ Set high-level spam filters.

✅ Conduct a pentest to detect vulnerabilities.

Cybersecurity Statistics 2023 by Types

  • Website security
  • App Security
  • API security
  • Network security

Website security

  • 50K websites are hacked daily and every 39 seconds, there is an attack on the website. – DWG
  • 18% of websites are infected with critical severity threats. – Sitelock report
  • 4.1 million websites have malware at any given time. – Sitelock report
  • 75% of fraud and data theft involves e-commerce websites. – GM Security
  • Italy’s energy agency, Gestore dei Servizi Energetici SpA’s website suffered a malware attack in September 2022. – Bloomberg
  • Websites receive approx. 2603 bot traffic per week. – Sitelock report
  • 97% of all security breaches exploit WordPress plugins. – Hostinger
  • 22% of WordPress admins spend less than one hour per month on security. – Securityboulevard
  • 64% of WordPress admins use 2FA on their websites. – Securityboulevard
  • Over 280,000 WordPress sites were attacked using the WPgateway plugin zero-day vulnerability. – The Hacker News
  • Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. – ITthemes
  • 8% of WordPress sites are hacked due to weak passwords.
  • 25% of the targets were located in the US. – SecureList

💡 Here are some ways to protect your website;

✅ Use Web Application Firewall.

✅ Run regular website scans.

✅ Back up your website regularly.

✅ Avoid unsafe plugins and themes.

✅ Choose a secure web hosting service.

Mobile security

  • The most common threat to mobile devices was adware at 25.28%. – Kaspersky
  • 405,684 malicious installation packages were detected – Kaspersky
  • 75% of the phishing sites specifically targeted mobile devices. – Zimperium
  • 53% of mobile devices have access to more sensitive data. – Verizon
  • Google blocked 1.2 million suspicious applications. – Checkpoint
  • Apple blocked 1.6 million suspicious applications. – ZDNet
  • 44% of companies that suffered a mobile security breach noted user behavior as a contributing factor. – Verizon
  • 18% of phishing email clicks come from a mobile device.
  • The global mobile security market size is expected to reach $14.82 billion by 2028.
  • Users based in Australia had a 27% encounter rate with mobile app threats. – Statista
  • 24% of all mobile users in Iran were attacked by mobile malware in Q3 of 2021. – Statista
  • Magazines’ mobile apps had the largest number of trackers. – Statista
  • YouTube and TikTok had the largest number of trackers among the social media apps. – Statista
  • 41 percent allow employees to use their own phones to access corporate systems and data. – Verizon

💡 Here are some ways to protect your mobile;

✅ Keep your OS up-to-date.

✅ Connect only to secure Wi-Fi networks.

✅ Never download apps from unknown sources.

✅ Encrypt your personal data.

✅ Check the permissions you give to the apps.

API security

  • 41% of organizations had an API security incident in the last 12 months. – Venturebeat
  • 63% of those involved in a data breach or data loss. – Venturebeat
  • APIs account for 91% of all web traffic.
  • 34% of organizations have no API security strategy. – Salt Labs
  • 286% increase in API threats quarter over quarter. – Forbes
  • OWASP API8 (Injections) are a major threat – Forbes
  • Malicious API traffic increased by 681% in 2022 – Salt Labs
  • 62% of organizations slowed down new application rollout due to API security concerns. – Salt Labs
  • (35%) Lack of expertise or resources is the major roadblock to implementing API security. – Salt Labs
  • 91% of APIS were openly exposing PII and sensitive data to threat actors. – Venturebeat

Network security

  • 52% of malware can use USB drives to bypass network security. – Techcircle
  • Servers are the targets of 90% of security breaches. – Verizon
  • Cloud misconfigurations account for 15% of initial attack vectors in security breaches. – IBM
  • 51% of organizations have stated that phishing is the most common method that attackers use to steal cloud credentials.
  • 66% of organizations store 21%-60% of their sensitive data in the cloud. – Thales Group
  • 45% of businesses have experienced a cloud-based data breach. – Thales Group
  • 57% of organizations find it hard to protect data in multi-cloud environments. – Checkpoint
  • 56% of organizations struggle to get cloud security skills. – Checkpoint
  • 39% of organizations say maintaining regulatory compliance is a significant challenge. – Checkpoint
  • Attacks using Microsoft SQL Server increased by 56% in September 2022. – Kasperksy
  • AIMMS reported ransomware attacks on their server. – TOI
  • 80% of ransomware attacks are due to incorrect server configurations. – Microsoft Cyber Signal report
  • 41% of organizations that are affected by cloud cyber attacks are IT companies.

💡 Here are some ways to protect your network against attacks;

✅ Enable network firewall.

✅ Secure your router.

✅ Enable SSO.

✅ Use strong encryption techniques.

Cybersecurity Statistics by Industry Type

Crypto attacks

  • $3 billion worth of cryptocurrency was stolen in hacks till now. – TOI
  • $1.4 billion has been lost to breaches on cross-chain bridges this year. – Chainalysis
  • The biggest crypto cyber attack cost a record $615 million. – CNBC

Healhealthcare cybersecurity statistics 2023

1.9 million cyberattacks in Indian healthcare
  • 125 breaches happened in the first quarter of 2022. – CHE
  • Healthcare remains the top target of ransomware attacks. – GRIT Ransomware Report
  • NewYork-Presbyterian (NYP) Hospital notified approx. 12,000 data breaches in September 2022. – Health IT Security
  • Aveanna Healthcare agreed to pay $425,000 after several phishing-related healthcare data breaches. – Health IT Security
  • The Indian healthcare industry has faced 1.9 million cyberattacks this year till November 28. – Mint
  • The global healthcare cybersecurity market is expected to grow from $13.18 billion in 2021 to $15.70 billion in 2022. – Yahoo News

Third-party data breach statistics

  • Third-party data breach impacts 119 pediatric practices, and 2.2m patients. – Health IT Security

Education

  • The education sector had an average of almost 2,000 attacks per organization every week. – Checkpoint
  • ANZ region faced the most education cyberattacks in 2022. – Checkpoint
  • Phishing is a common attack vector affecting the education sector. – Pondurance.
  • Latin America saw a 62% increase in cyberattacks in July 2022.
  • 565 schools in New York have been affected by cyberattacks leading to exposed data of over 1 million current and former students. – The journal.

Finance cybersecurity statistics 2023

  • $29M was stolen from a fintech company named, Transit Finance by a hacker. – BIS
  • Financial firms have seen a 1,300% increase in ransomware attacks.
  • Phishing was the most prevalent cyberattack type used. – Security Boulevard
  • 80% of the organizations encountered at least one breach related to weak authentication.
  • The UK finance sector saw a 4% increase in DDoS attacks compared to last year. – Finextra.
  • 17.5 million credit card information sold on black markets. – SOCradar
  • Threat actors registered 10,000+ phishing domains impersonating financial institutions. – SOCradar
  • 71 percent of organizations were victims of payment fraud attacks or attempts.
  • MaliBot, a banking malware has reached third place in the most prevalent mobile malware list. – Checkpoint.
  • 20 million banking cyberattacks have been found and blocked. – Kaspersky.
  • 79% of IT professionals believe the banking sector is a soft target for darknet operators. – Trend Micro

Government

  • The government of Vanuatu’s official sites and online services were “compromised” by a cyberattack in November 2022. – NY Times
  • Colorado county lost $238K to hackers following a cyberattack. – Fox29.
  • Victoria state government invests $100,000 to train women in cybersecurity. – CSOonline
  • 72% of state and local government organizations attacked by ransomware had their data encrypted. – Sophos
  • Ransomware attacks on the US government cost over $70bn from 2018 to October 2022. – Comparitech

Small business cybersecurity stats 2023

52% of attacks on SMBs confirmed were due to human error.

  • 47% of SMBs have fallen victim to a cyberattack in 2022. – Electric.ai
  • 52% of the attacks confirmed were due to human error. – Electric.ai
  • 64% SMBs updated their cybersecurity practices in response to remote work. – Electric.ai
  • Phishing is one of the biggest cyberattacks that SMBs face.
  • Only 26% of small businesses consider cybersecurity a top priority. – Analytics Insight
  • Trojan-PSW (Password Stealing Ware) detections increased by almost a quarter. – Kaspersky
  • 35,400,000 Internet attacks were detected against SMBs in the first three months of 2022. – Kaspersky
  • The average cost of a claim for a small business increased to $139,000. – Claimsjournal
  • 46% of SMBs have no clue about managing cyber risks. – CyberPeace Foundation

Cybersecurity costs

Data breach

  • Data breach in the US costs over twice the global average. – IBM
  • $9.44M is the average cost of a data breach in the US. – IBM
  • $10.10M is the average cost of a data breach in the healthcare industry. – IBM

Ransomware:

  • $4.54M is the average cost of a ransomware attack. – IBM
  • $1 million is the average ransom payment.
  • 80% of organizations that paid a ransom are being threatened a second time. – Netapp.

Cyber insurance

  • Cyber insurance premiums increased by an average of 28% in the first quarter of 2022. – CNBC
  • 55% of businesses currently have cyber insurance. – Blackberry
  • 85% of businesses saw an increase in their cyber insurance premiums. – Blackberry
  • The largest ransom payouts by insurers in the last two years average $3.52m in the US.
  • $3.52m is the largest ransom payout made by U.S. insurers in the last two years. – Panaseer
  • 35% of IT professionals say their company is considering taking out cyber insurance. – Munichre

Hiring & budgeting

  • The average salary for a Cyber Security Engineer is $1,06,411 in the United States. – Glassdoor
  • Security analyst costs between $53,000 and $116,000 a year. – BitLyft
  • 769,736 job openings in the cybersecurity industry as of September 2022. – Cyberseek
  • Companies allocated an average of 12.8% of their IT budget to cybersecurity. – Nordlayer
  • 51% of small businesses say they are not allocating any budget to cyber security.
  • 77% of C-level executives plan to increase their zero trust spending over the next 12 months. – Venturebeat
  • 65% of Indian CXOs plan to spend more on cybersecurity in 2023.
  • Organizations will spend nearly $6.69 billion on cloud security in 2023. – Gartner

Was this post helpful?

Nivedita James

Nivedita is a technical writer with Astra who has a deep love for knowledge and all things curious in nature. An avid reader at heart she found her calling writing about SEO, robotics, and currently cybersecurity.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany