160 Cybersecurity Statistics 2023 [Updated]

Cybersecurity statistics indicate that there are 2,200 cyber attacks per day, with a cyber attack happening every 39 seconds on average. In the US, a data breach costs an average of $9.44M, and cybercrime is predicted to cost $8 trillion by 2023.

The cybersecurity landscape is continuously evolving. And now with COVID-19, remote work, and increasing cyber crimes in the picture, maintaining fool-proof security is becoming harder and harder.

To give you a better view of what’s happening with cybersecurity, we curated a list of 160 cybersecurity stats 2023.

300,000 new malware are created every day, 92% of which are delivered via email and have a detection period of 49 days. Statista reveals that the global Security as a Service (SECaaS) market is projected to reach more than $22 billion in 2026. 

Top Cybersecurity Statistics 2023

800,000

Number of cyber attacks per year

• Every 39 seconds there is a hacker attack.
• Healthcare remains the top target of ransomware attacks.
• 92% of malware was delivered via email.
• 4.1 million websites have malware at any given time.
• 49 days is the average time it took to identify a ransomware attack.
• $29M was stolen from a fintech company by a hacker.
• 97% of all security breaches exploit WordPress plugins.
• $3 billion worth of cryptocurrency was stolen in hacks till now.
• 66% of CIOs say they plan to increase investment in cybersecurity.
• Remote work cybersecurity statistics show that 74% of IT experts believe it poses an extreme threat to cybersecurity. – Tripwire

Interesting Facts About Cyber Attacks 2022

“Number of cyber attacks per day 2,200“

In the first six months of 2022, there were 2.8 billion malware attacks and 255 million phishing attacks reported.

While email providers do their best to filter out potential spam and phishing emails, they can’t catch everything, so it’s essential to be alert. 

In 2022, 71% of businesses reported falling victim to ransomware attacks

In the first six months of 2022, there was a 60% increase in malicious DDoS attacks, leaving many businesses vulnerable to disruptions and downtime. These attacks overload a server with traffic, causing it to crash or slow down significantly. 

On top of these, there were 1.51 billion IoT breaches reported and over 500,000 users affected by malicious mining software. 

Dive Deeper into Cybersecurity Stats

Currently, cross-chain bridges are among the most vulnerable areas for cyber attacks $2 billion has been lost to breaches on cross-chain bridges this year.

As a result, almost $1 billion worth of cryptocurrencies have been stolen just by North-Korean hackers in 2022 alone.

The architecture of blockchain technology itself is also presenting challenges for cybersecurity. While it’s designed to be secure, it still has weaknesses that hackers can exploit. 

With 300,000 new malware being created every day and a hacker attack occurring every 39 seconds, it’s difficult for organizations to protect themselves entirely.

The FBI’s Internet Crime Complaint Center reported 847,376 cybersecurity complaints in 2021, with potential losses exceeding $6.9 billion.

54% of respondents said their organizations have a shortage of cloud/IT architecture skills. CISOs, who are responsible for an organization’s cybersecurity, are feeling the stress of their job, with 60% reporting stress due to their role. 

On the flip side, the average compensation for CISOs in the United States has risen to $584,000 this year, and 77% have been in the same role for at least three years.

Cyber Security Trends 2022

• Spending on information security and risk management will reach $188.336 billion in 2023. – Gartner
• 66% of CIOs say they plan to increase investment in cybersecurity. – WSJ
• The global Security as a Service (SECaaS) market is projected to reach more than $22 billion in 2026. – Statista
• Global cybersecurity spending to hit $23bn in 2022. – Infosec

Cybersecurity Attack Statistics 2023 by Type

We have divided the attack stats based loosely on the medium of execution. 

Malware

Malware plays a pivotal role in almost every kind of hack from DDoS to ransomware attacks.

In the first half of 2022, 2.8 billion malware attacks occurred, and that’s not even counting the 5,520,908 mobile malware, adware, and riskware attacks that were blocked in Q2 2022.

Iran is the country most impacted by mobile malware attacks, and the VBA Trojan is the most common malware variant in 2022. It’s important to note that 92% of malware is delivered via email, and the first half of 2022 saw a massive 976.7% increase in Emotet detections compared to the first half of 2021.

Here’s what you can do to avoid malware attacks

• Use security software to detect and remove malicious programs.
• Create 2fa and strong passwords to make it harder for attackers to access your device or accounts.
• Use up-to-date software, as older versions may have vulnerabilities.
• Never click on links from unknown sources as this is a common way for attackers to spread malware.

Phishing Statistics 2023

In the first quarter of 2022, the finance industry was the most targeted, accounting for 23.6% of all phishing attacks. Over a six-month period in 2022, there were 255 million phishing attacks in total, according to Security Magazine.

Zero-hour threats, which are attacks that exploit vulnerabilities before they are known and patched, accounted for 54% of all threats detected in 2022, according to Slashnext. Targeted spear-phishing attacks designed to harvest credentials made up 76% of all threats. 

Phishing attacks often involve the use of fake websites or emails that impersonate legitimate organizations or brands. In 2022, over 850,000 domain names were reported for phishing, according to Interisle. 

The financial impact of phishing attacks can be significant, with IBM reporting that they were the most expensive initial attack vector, costing an average of USD 4.91 million. In November 2022, Google blocked over 231 billion spam and phishing emails, highlighting the scale of the problem.

Here are some ways to prevent phishing attacks

• Never share personal information on unsecured sites.
• Change passwords frequently.
• Don’t open emails that look spam.
• Purchase antivirus software.
• Avoid clicking links from unknown sources.

Ransomware Statistics 2023

According to a report by Statista, about 71% of businesses fell prey to ransomware attacks in 2022, causing significant losses. Austria was the most affected country by ransomware attacks, while Costa Rica’s government was the victim of the most massive ransomware attack in history, as reported by Cyber Management Alliance.

IT professionals often pay the ransom to recover from a ransomware attack, and according to Statista, 72% of them did so in 2022. IBM reports that it takes an average of 49 days to identify a ransomware attack, leaving businesses and organizations vulnerable for an extended period.

The industrial goods and services sector was the primary target of ransomware attacks in Q2 2022, as reported by Digital Shadows. However, Q3 2022 saw a decline in ransomware activity by 10.5% compared to the previous quarter. 

Ransomware-as-a-service (RaaS) is also a growing concern, with 67 active RaaS reported in the first six months of this year alone.

Here are some ways to prevent ransomware attacks

• Never use outdated software.
• Never click unsafe links.
• Never insert a USB that you don’t own.
• Use VPNs on public networks.

DDoS Statistics 2023

DDoS or Distributed Denial of Service attacks are often mounted as a decoy to distract the owners of the targeted website while the hacker tries to mount a second, more exploitative attack.   

The threat of DDoS attacks continued to grow in 2022, with a 60% increase in malicious attacks during the first half of the year, according to Govtech. Among the largest DDoS attacks was a 2.5 Tbps attack launched by a Mirai botnet variant, which targeted a Minecraft server, as reported by Cloudflare.

Cloudflare also noted a significant increase in HTTP DDoS attacks, which rose by 111% year over year. The gaming and gambling industry was the most targeted by L3/4 DDoS attacks, highlighting the vulnerability of these industries to such attacks.

Here are some ways to prevent DDoS attacks

• Choose a DDoS mitigation service.
• Create a secure network infrastructure.
• Monitor your website traffic.
• Use Web Application Firewalls (WAF).

BEC Attacks

In 2022, a staggering 34% of all attacks were launched as Business Email Compromise (BEC) attacks, according to Arctic Wolf. This type of attack became a major concern for businesses of all sizes, and organizations were struggling to keep up with the growing threat.

To make matters worse, a shocking 80% of organizations that fell victim to BEC attacks didn’t have a Multi-Factor Authentication (MFA) solution in place, making it easy for hackers to access sensitive data and systems.

In 2023, 80% of organizations surveyed by Sonicwall stated that protecting against these types of attacks was of high importance.

Here are some ways to prevent BEC attacks

• Enable Multi-factor Authentication (MFA).
• Steer clear of free email domain creation.
• Use a password manager like LastPass.
• Train your team to identify unsafe emails.

IoT Cybersecurity Statistics

There are nearly 24 billion IoT devices and Operations Technology units present in the world. It opens up a vast playing field for hackers as they create new and innovative malware to interfere with IoT. According to cybersecurity professionals, IoT and OT enlarge the attack surface for hackers. 

In the first six months of 2022 alone, a staggering 1.51 billion IoT breaches were reported, highlighting the scale of the challenge faced by organizations. Compounding this issue, 51% of IT teams are unaware of the types of devices connected to their networks, indicating a lack of visibility and control over potential vulnerabilities.

Moreover, the shortage of skilled personnel worsens data security concerns for 32% of IoT companies. 

Here are some ways to prevent IoT attacks

• Update firmware and stay up-to-date.
• Use Multi-Factor Authentication (MFA).
• Encrypt your devices properly.
• Connect IoT devices using secure Wi-Fi.

Cryptojacking

Cryptojacking attacks in the financial sector have risen by 269% in 2022

Over 500,000 users were affected by malicious mining software in Q1 of 2022 alone, with Monero (XMR) emerging as the most popular cryptocurrency for these types of attacks (Kaspersky). 

In the financial sector, cryptojacking attacks have surged by a staggering 269% this year, with reported cases reaching 66.7 million in the first half of 2022. These attacks have resulted in losses amounting to $3 billion worth of cryptocurrency. 

Cross-chain bridges have also been a prime target, with breaches causing losses of $1.4 billion in 2022. The biggest cyber attack in the crypto space to date cost a record $615 million, indicating the severity and sophistication of these security threats. 

Here are some ways to prevent crypto attacks

• Install software updates and patches.
• Use a reputable crypto exchange and wallet.
• Use anti-crypto mining browser extensions like MinerBlock.
• Use managed detection and response (MDR) service.

Social Engineering Statistics 2023

75% of security professionals consider social engineering the “most dangerous” threat. These concerns are not unfounded, as evidenced by the 2,249 social engineering incidents reported in a recent study by Verizon. 

The severity of the threat is further highlighted by a high-profile case where a hacker used a social engineering attack to gain access to Twilio’s internal systems and the data of 125 customers. 

Here are some ways to prevent social engineering attacks

• Use a secure Web Application Firewall (WAF).
• Enable MFA.
• Set high-level spam filters.
• Conduct a pentest to detect vulnerabilities.

Cybersecurity Statistics 2023 by Types or Targets

Website Security

Website security is a growing concern in today’s digital landscape, as evidenced by recent statistics. According to a report by DWG, 50K websites are hacked daily, and there is an attack on a website every 39 seconds.

18% of websites are found to contain critical severity threats, and 4.1 million websites contain malware at any given time. E-commerce websites are particularly vulnerable, with 75% of fraud and data theft involving them, as reported by GM Security. Websites also face significant bot traffic, receiving approximately 2603 bot traffic per week, according to Sitelock report.

97% of all security breaches exploit WordPress plugins

In the case of WordPress, vulnerabilities in plugins pose a significant risk, with 97% of all security breaches exploiting these plugins, as reported by Hostinger. Despite this, security measures are not always a priority, as 22% of WordPress admins spend less than one hour per month on security, as found by Security Boulevard. However, 64% of WordPress admins do use 2FA on their websites, according to the same report. 

In a recent high-profile incident, over 280,000 WordPress sites were attacked using the WPgateway plugin zero-day vulnerability, according to The Hacker News. Weak passwords are also a significant issue, contributing to 8% of WordPress sites being hacked. SecureList reports that 25% of the targets were located in the US. 

Here are some ways to protect your website

• Use Web Application Firewall.
• Run regular website scans.
• Back up your website regularly.
• Avoid unsafe plugins and themes.
• Choose a secure web hosting service.

Mobile Security

Adware accounted for 25.28% of incidents, according to Kaspersky. This is backed up by the detection of 405,684 malicious installation packages. 75% of phishing sites are specifically designed for mobile devices, according to Zimperium. This is concerning given that 53% of mobile devices have access to more sensitive data.

Mobile app stores are taking measures to combat this, with Google and Apple blocking 1.2 million and 1.6 million suspicious applications, respectively, as reported by Checkpoint and ZDNet. 

User behavior also plays a role in mobile security breaches, with 44% of companies that suffered a mobile security breach attributing it to user behavior, according to Verizon.

Interestingly, 18% of phishing email clicks come from a mobile device, underscoring the need for mobile security measures. 

The global mobile security market is expected to reach $14.82 billion by 2028. Mobile users in Australia and Iran face significant threats, with encounter rates of 27% and 24% with mobile app threats, respectively. 

Magazines’ mobile apps had the largest number of trackers, while YouTube and TikTok had the largest number of trackers among social media apps. It’s important to note that 41% of companies allow employees to use their own phones to access corporate systems and data, creating further challenges for mobile security.

Here are some ways to protect your mobile device

• Keep your OS up-to-date.
• Connect only to secure Wi-Fi networks.
• Never download apps from unknown sources.
• Encrypt your personal data.
• Check the permissions you give to the apps.

API Security

According to a report by Venturebeat, 41% of organizations had an API security incident in the last 12 months, with 63% of those involved in a data breach or loss. 

APIs account for 91% of all web traffic, making them a prime target for attackers. Malicious API traffic increased by 681% in 2022, according to Salt Labs and there has been a 286% increase in API threats quarter over quarter.

However, despite the increasing threats, many organizations have not implemented proper API security measures. A report by Salt Labs found that 34% of organizations have no API security strategy, and 62% of organizations slowed down new application rollout due to API security concerns. Lack of expertise or resources is the major roadblock to implementing API security, according to 35% of respondents.

One of the biggest concerns with API security is the exposure of sensitive data. According to Venturebeat, 91% of APIs were openly exposing PII and sensitive data to threat actors.

Here’s how to secure APIs against cyberattacks

• Secure authentication and authorization: Ensure that only authorized users have access to your API and limit their privileges.
• Input validation: Validate all user input to prevent injection attacks.
• Rate limiting: Implement rate limiting to prevent malicious actors from overwhelming your API with requests and causing denial of service (DoS) attacks.
• Data encryption: Encrypt all sensitive data transmitted between clients and servers.
• Regular testing and monitoring: Continuously test and monitor your API for vulnerabilities.

Network Security

One of the primary vectors for malware attacks is through USB drives. According to Techcircle, 52% of malware can use USB drives to bypass network security. Hence, the importance of strong security protocols such as the use of endpoint protection software and regular employee training cannot be stressed enough. 

Servers are also a major target for cyber attackers providing an attack surface for 90% of security breaches. This is a significant concern, especially as more and more organizations move their critical data and systems to cloud-based servers. Cloud misconfigurations can also lead to vulnerabilities, with IBM reporting that cloud misconfigurations account for 15% of initial attack vectors in security breaches.

Phishing attacks are another common method used by attackers to steal cloud credentials, with 51% of organizations citing it as the most common method. Additionally, as more organizations move their sensitive data to the cloud, the risks of data breaches increase. 

Thales Group reports that 66% of organizations store 21%-60% of their sensitive data in the cloud, and 45% of businesses have experienced a cloud-based data breach.

Protecting data in multi-cloud environments can be challenging, with 57% of organizations struggling to do so, according to Checkpoint. The same report also highlights that 56% of organizations struggle to get skilled cloud security professionals. Compliance with regulations is another challenge, with 39% of organizations citing it as a significant challenge.

Here are some ways to protect your network against attacks

• Enable network firewall.
• Secure your router.
• Enable SSO.
• Use strong encryption techniques.

Cyber Security Statistics by Industry Type

Healthcare Cybersecurity Statistics 2023

The healthcare industry faced 125 breaches reported in just the first quarter of 2022. Ransomware attacks, in particular, have been a major threat to healthcare organizations, with healthcare remaining the top target.

New York-Presbyterian (NYP) Hospital reported a data breach that affected approximately 12,000 people in September 2022. Similarly, Aveanna Healthcare was hit with several phishing-related data breaches, for which they agreed to pay $425,000 in settlements. 

The Indian healthcare industry has also faced 1.9 million reported attacks as of November 2022. 

Furthermore, third-party data breaches have also had severe consequences, with 119 pediatric practices and 2.2 million patients impacted by a single incident. The global healthcare cybersecurity market was predicted to grow from $13.18 billion in 2021 to $ 15.70 billion in 2022. 

Education

Educational institutions in the USA and Europe have been rigorously attacked by ransomware gangs like Hive and Lockbit in the past year. 

With an average of almost 2,000 attacks per organization reported every week in 2022, the education industry has had it rough. 

The ANZ region was the most heavily affected, with the highest number of attacks targeting schools and universities. 

Phishing has been a common attack vector affecting the education sector. According to a report by Pondurance, hackers often impersonate school officials, using fake emails and websites to trick students and staff into divulging their login credentials. Once obtained, these credentials can be used to access confidential data or to launch more sophisticated attacks on the school’s systems.

Latin America saw a 62% increase in cyberattacks in July 2022, with the education sector being one of the most heavily targeted. 

In the United States, cyberattacks on schools have led to the exposure of sensitive data of over 1 million current and former students. According to The Journal, 565 schools in New York have been affected by cyberattacks, highlighting the urgent need for stronger security measures to protect educational institutions from cyber threats.

Financial Services Cybersecurity Statistics 2023

17.5 million credit card information was sold on black markets

Reports indicate a 1,300% increase in ransomware attacks in recent years in the financial industry. Phishing remains the most prevalent form of cyberattack used, as hackers have registered over 10,000 phishing domains to impersonate financial institutions. 

Meanwhile, according to Security Boulevard, 80% of the organizations encountered at least one breach related to weak authentication.

In the UK, the finance sector has seen a 4% increase in DDoS attacks compared to last year. The threat actors are continuously evolving, with banking malware such as MaliBot reaching third place in the most prevalent mobile malware list, as identified by Checkpoint. Reports suggest that 79% of IT professionals believe that the banking sector is a soft target for darknet operators.

The impacts of these cyberattacks are massive, as evident from the Transit Finance incident where $29M was stolen by a hacker. Additionally, 71 percent of organizations were victims of payment fraud attacks or attempts. 

Government

Nothing cripples a government in 2023 like a series of cyber attacks. In the last six months of 2022, there was a 95% increase in cyber attacks on Government organizations. We can expect the trend to continue. 

In November 2022, the government of Vanuatu experienced a cyberattack that compromised its official sites and online services. The attack left the government vulnerable to data breaches and raised concerns about the safety of sensitive information.

A county in Colorado lost $238,000 to hackers following a similar cyberattack. The cost of these attacks can be staggering, with the US government alone losing over $70 billion to ransomware attacks from 2018 to October 2022.

Governments are now taking steps to mitigate the impact of cyberattacks. In Victoria, Australia, the state government is investing $100,000 to train women in cybersecurity. This move aims to increase the representation of women and ensure that the government is better equipped to handle cyber threats.

Despite these efforts, ransomware attacks remain a significant threat. A staggering 72% of state and local government organizations that fell victim to ransomware had their data encrypted. 

Small Business Cybersecurity Stats 2023

A lot of small and mid-sized businesses still operate under the assumption that cyberattacks are reserved for large corporations. Nothing could be farther from the truth. 43% of all cyber attacks are mounted on small businesses.

47% of SMBs fell victim to cyber-attacks in 2022

Shockingly, only 26% of small businesses consider cybersecurity a top priority, leaving many vulnerable to data breaches, ransomware, and other malicious cyber threats.

Human error is responsible for 52% of the confirmed attacks on SMBs. 

In response to the rise of remote work, 64% of SMBs updated their cybersecurity practices, but many still lack adequate measures to protect against cyber threats.

Phishing remains one of the biggest cyberattacks that SMBs face. Trojan-PSW detections, which are used to steal passwords and login information, increased by almost a quarter, and 35,400,000 attacks were detected against SMBs in the first three months of 2022.

The cost of these cyberattacks can be staggering, with the average cost of a claim for a small business increasing to $139,000. Despite the risks, 46% of SMBs have no clue about managing cyber risks, making them more vulnerable to attack.

Cybersecurity Costs

Data breach

The primary cost of data breaches comes in the form of penalties levied by regulating bodies like GDPR, PCI-DSS, and HIPAA. 

• Data breach in the US costs over twice the global average. – IBM
• $9.44M is the average cost of a data breach in the US. – IBM
• $10.10M is the average cost of a data breach in the healthcare industry. – IBM

Ransomware

Apart from the ransom amount you can also face penalties if regulatory authorities find faults on your part regarding the security of your files.

• $4.54M is the average cost of a ransomware attack. – IBM
• $1 million is the average ransom payment.
• 80% of organizations that paid a ransom are being threatened a second time. – Netapp.

Cyber insurance

Cyber insurance covers your back in case of an attack. But when you undergo attacks or when the overall rate of cybercrime increases, you end up paying a lot more in cyber insurance premiums.

• Cyber insurance premiums increased by an average of 28% in the first quarter of 2022. – CNBC
• 55% of businesses currently have cyber insurance. – Blackberry
• 85% of businesses saw an increase in their cyber insurance premiums. – Blackberry
• The largest ransom payouts by insurers in the last two years average $3.52m in the US.
• $3.52m is the largest ransom payout made by U.S. insurers in the last two years. – Panaseer
• 35% of IT professionals say their company is considering taking out cyber insurance. – Munichre

Hiring & budgeting

The harder it is to fight cybercrime, the more you will have to spend on security. Resource allocation becomes a big part of your cyber security strategy.

• The average salary for a Cyber Security Engineer is $1,06,411 in the United States. – Glassdoor
• Security analyst costs between $53,000 and $116,000 a year. – BitLyft
• 769,736 job openings in the cybersecurity industry as of September 2022. – Cyberseek
• Companies allocated an average of 12.8% of their IT budget to cybersecurity. – Nordlayer
• 51% of small businesses say they are not allocating any budget to cyber security.
• 77% of C-level executives plan to increase their zero trust spending over the next 12 months. – Venturebeat
• 65% of Indian CXOs plan to spend more on cybersecurity in 2023.
• Organizations will spend nearly $6.69 billion on cloud security in 2023. – Gartner

Conclusion

This article has detailed the top cybersecurity statistics for 2023 and 2022. With the cybersecurity landscape changing ever so constantly, knowing the figures and facts related to it, and its risks like phishing, ransomware, and other scams can give a deep insight. This article contains the top cyber risk statistics for different industries such as the educational sector, healthcare, financial services, government, and small businesses. 

FAQS