Blog

239 Cybersecurity Statistics (2023)

The world of cybersecurity is one of the fastest-moving industries in the world–and, with remote work continually on the rise, it’s never been more important to keep your finger on the pulse of current cybersecurity statistics.

In today’s blog, we cover 239 cybersecurity stats you need to know divided by year, industry, and overall significance. 

Let’s jump right in:

The Top Cybersecurity Statistics of 2023 (So Far)

  • There are an estimated 800,000 cyberattacks per year in 2023–with that number predicted to continue to rise annually

  • 97% of security breaches are exploiting WordPress plugins

  • Every 39 seconds, a threat actor targets a business’s cybersecurity infrastructure 

  • An estimated 300,000 new malware are created daily

  • 92% of malware is being delivered via email

  • In 2023, it’s taking organizations an average of 49 days to identify a cyberattack

  • Over 4.1 million websites on the Internet have malware 

  • 66% of interviewed CIOs plan to continue to increase their investment in cybersecurity

2022 Cybersecurity Stats in Review

How does this stack up against 2022’s cyber landscape?

Key highlights from this year included:

  • An estimated 2,200 cyberattacks per day

  • 255 million phishing attacks occurring in a six-month span, with over 853,987 domain names reported for attempted phishing 

  • 2.8 billion malware attacks launched in the first half of 2022 alone

  • 60% more malicious DDoS attacks occurring in the first six months of 2022 than the entirety of 2021

  • 1.51 billion IoT breaches were reported in the first six months of 2022

  • More than 500,000 users were negatively impacted by malicious mining software

  • Healthcare remained the #1 target for phishing and ransomware cyberattacks

  • 92% of malware was successfully delivered via email

  • 71% of organizations worldwide became victims of ransomware at least once

2021 Cybersecurity Stats in Review

  • Starting in 2021, cybercrime saw a 600% increase–largely attributable to the rise of remote work in the wake of the COVID-19 pandemic

  • In the same vein, remote work increased the cost of the average cybercrime to $137,000

  • Over half a million of Zoom user accounts were compromised in 2021 alone (with the bulk of these compromised accounts being sold on the dark web)

  • More than 77% of organizations did not have a cybersecurity incident response plan in place

  • 89% of healthcare organizations experienced a data breach between the start of 2020 and the end of 2021

  • Only 16% of polled executives stated that they felt well-prepared to handle cybersecurity risks

2020 Cybersecurity Stats in Review

  • Ransomware impacted over 70% of Canadian organizations in 2020

  • Over 25,000 malicious applications were detected on a daily basis

  • Hackers successfully targeted over 30,000 websites in 2020

  • Email was responsible for 95% of all malware attacks

  • 43% of all cyberattacks were focused on small businesses

  • Businesses were out a total of $20 billion in 2020 due to ransomware

  • More than half of all global data breaches this year were financially motivated 

  • Healthcare organizations reported three times more data breaches than in 2010

  • In 2020, over 20% of global organizations experienced at least one IoT device breach

  • 63% of all data breaches were the result of compromised passwords or other user credentials

  • The average time to detect and begin to fix a breach in 2020 was seven months

  • There were a reported 23,000 denial of service (DoS or DDoS) attacks every 24 hours in 2020

2019 Cybersecurity Stats in Review

  • The frequency of security breaches rose by 11%

  • Global cybercrime cost three million dollars per minute in 2019

  • Around 88% of organizations globally were targeted by spear-phishing attacks

  • Enterprise ransomware incidents increased by 19%, alongside a 56% increase in web attacks

The Ultimate List of Each Year’s Biggest Data Breaches

  • In 2023:

    • Ferrari has stated that their IT systems have suffered a breach this year, with customer emails, addresses, and phone numbers being exploited

    • Luxury brand BMW had contracts, financial information, and client documentations leaked on the dark web

    • The TV station Skylink was forced offline by a sophisticated DDoS attack

    • One of Spain’s largest pharmaceutical chains was the target of a two-week supply chain cyberattack

    • Public schools across Minneapolis had their employee and student data leak in a ransomware attack that involved payroll info, personal health information, union grievances, misconduct complaints, and much more

    • Canada’s retail giant, Indigo, suffered financial losses after being slow to recoup after a ransomware attack that shut down their website for close to a week

  • In 2022:

    • Twitter was accused of concealing data breaches that impacted millions of users’ data

    • More than 1.2 million credit card numbers were leaked on the hacking forum BidenCash

    • 11 million people were impacted by the Optus personal and medical cyberattack

    • Threat actors attempted to sell the data of 500 million WhatsApp users on the dark web

    • Both Uber and Rockstar had their internal servers compromised 

    • A student loan breach released 2.5 million social insurance numbers

    • Fintech start-up Revolut had the data of 50,150 user compromised (including names, home and email address, and credit card information)

    • Globally-popular clothing brand SHEIN were fined a staggering $1.9 million over a data breach that affected 39 million customers

    • 9.7 million peoples’ medical information was stolen in the infamous Medibank data leak

  • In 2021:

    • The Florida Water System was breached when a threat actor attempted to poison the water supply using remote access software

    • Microsoft’s on-premise Microsoft Exchange Servers were threatened by zero-day vulnerabilities, negatively impacting nine government agencies and over 60,000 global private companies

    • Computer manufacturer Acer in Taiwan were the victims of a $50-million dollar ransomware attack, of which they have publicly admitted to paying $10 million of

    • Bombardier, a Canadian airplane producer, had the confidential data of their suppliers, customers, and employees exposed 

  • In 2020:

    • The Marriott International suffered a data breach that impacted the personal information of 5.2 million guests

    • Australian broadcaster Channel Nine was the target of the country’s largest-ever attack on a media company

    • A supply chain hack (dubbed the “Solar Winds hack”) compromised a multitude of governments and private company systems across the globe 

    • Smartwatch manufacturer Garmin was forced to shut down several services in the wake of a ransomware attack

    • Software AG had employee passport scans, emails, financial documents, and internal directories leaked in a successful cyberattack

    • EasyJet was the target of a ransomware attack that exposed the personal details of over 9 million customers

  • In 2019:

    • Las Vegas’s MGM Grand resort had at least 142 million guest records compromised by cyberattacks

    • Two Texas towns were hit with a sophisticated, coordinated ransomware attack that targeted local governments

    • Facebook admitted to storing private user data in plain text, making it easily readable and exploitable by Facebook employees

    • WhatsApp reported a cybersecurity flaw that permitted threat actors to spy on users with government-grade surveillance

    • Contractor-related breaches impacted the United States Customs and Border Protection, as one of its contractors leaked a database of border traveler photos without permission

    • One of America’s largest title insurance companies, First American Title Insurance Co., mistakenly made over 885 million mortgage records available online

Notable Cybersecurity Predictions for 2023 and Beyond

  • Between the end of 2023 and the start of 2025, modern data privacy laws will cover the personal info of around 75% of the globe’s population

  • Organizations that adopt a strong cybersecurity network architecture by 2023 will reduce the financial costs of data breaches by an average of 90%

  • 30% of enterprises will begin to utilize cloud-based Secure Web Gateway (SWG), CLoud Access Security Brokers (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS)

  • By 2025, 80% of enterprises will unify web, cloud services, and private application access from a single SSE platform

  • Hybrid and remote work will continue to rise in frequency across all sectors

  • 70% of CEOs will mandate a culture of cybersecurity-focused awareness and resilience

  • Ahead of the end of 2026, around 50% of C-level executives will build performance requirements related to cybersecurity risk into their employment contracts

2023 Cybersecurity Statistics by Industry

Knowing the top cybersecurity stats for your industry is essential to determine where to place your proactive cybersecurity efforts.

We break them down for you below:

Healthcare Cybersecurity Stats You Need to Know

  • 38 million medical records were exposed in 2020 via a Microsoft PowerApps portal breach

  • 67% of polled individuals feel that hospital staff should be mandated to be trained on up-to-date cybersecurity measures

  • In over 39% of healthcare organizations, awareness of a breach only occurred months after the initial incident

  • Doctors are ranked as high-risk when it comes to phishing scams, with 50% deemed likely to click on suspicious emails

  • Unauthorized access in hospitals is up 162% since 2019

  • 47% of healthcare breaches originate from third-party insiders

  • Malicious data breaches are the #1 case of healthcare cyber insurance claims

  • 90% of healthcare-related organizations have suffered at least one security breach in the past three years, with 30% of said breaches happening in large hospitals

  • During the COVID-19 pandemic, both the US’s Centre for Disease and the UN’s World Health Organization were impersonated by threat actors 

  • 67% of healthcare organizations reported being attacked by lookalike domains

  • The National Health Service was the victim of $100 million dollars in financial losses in the wake of a WannaCry ransomware breach

  • 34% of healthcare-related breaches were due to unauthorized access

  • Pharmaceutical company Pfizer had a data leak that impacted U.S.’s prescription drug users, which was the result of unsecured cloud storage

  • The average cost of a data breach is over $10 million dollars in the healthcare industry

  • 95% of general identify theft is made up of stolen hospital records

  • Healthcare data breaches have had the highest security breach costs for over twelve consecutive years

  • 88% of polled healthcare employees have opened phishing emails

  • An HIMSS survey reported that 36% of non-acute care employees have said that their companies do not undergo phishing tests

  • Almost 24% of healthcare employees across the United States have not received Cybersecurity Awareness Training

  • Healthcare security breaches cost, on average, $408 per record

Education Cybersecurity Stats You Need to Know

  • Every week, the education sector is the target of nearly 2,000 cyberattacks

  • 82% of university representatives say that more funding is required to bolster their cybersecurity 

  • Phishing is the most common type of cyberattack targeting educational organizations

  • In the July of 2022 alone, Latin America’s school systems saw a 62% increase in cybercrime

  • 64% of polled representatives stated that they do not believe their existing cybersecurity framework is enough to ward off threats

  • In March 2018, more than 300 universities and colleges globally were exploited by a collective cyberattack that leaked more than 31 terabytes of confidential information 

  • Cyberattacks on the education industry are up 77% since 2021

  • Schools have a 53% likelihood of paying ransom in the wake of a ransomware attack

  • 40% of universities and colleges took over a month to recover from a data breach

  • With more and more educational institutions supporting multiple devices for students and staff alike, Cybersecurity Awareness Training has never been more vital

  • One-third of school districts do not utilize cloud security

  • 50% of polled schools do not have a cybersecurity plan in place

  • Educational records can go for as high as $254 each on the dark web

  • 87% of educational bodies have experienced at least one cyberattack that was successful

  • Almost 80% of universities have experienced reputational damage as the result of a cyberattack

  • 41% of higher education security incidents were triggered by successful social engineering attacks

  • Out of all 17 major industries, education ranked last in terms of preparedness for identifying and remediating cybersecurity threats

Fintech Cybersecurity Stats You Need to Know

  • 79% of financial CISOs have reported that threat actors are utilizing more sophisticated cyberattacks annually

  • Web attacks have made up almost 50% of the attacks launched on fintech organizations

  • 67% of baking institutions have said that they have faced an increase in cyberattacks since 2019

  • Credit card compromises have risen a staggering 212% year-over-year

  • 32% of fintech organizations have been the target of “island hopping” attacks

  • Credential leaks have seen a 129% increase over the past five years

  • Almost 50% of financial institutions have reported a sharp increase in wire transfer-based attacks and fraud

  • Threat actors using malicious apps to hijack fintech infrastructures has risen by 102%

  • 70% of polled financial institutions have announced that they are concerned about financially-motivated cyberattacks

  • Only 32% of CISOs state that they hunt cyberthreats on a monthly basis

  • 31% of finance-related institutions have reported an uptick in home equity loan fraud, with counter incident responses rising to 32%

  • Nearly 70% of CISOs say that they plan to increase their cybersecurity spending by a minimum of 10%

Law Cybersecurity Stats You Need to Know

  • Cybersecurity breaches in smaller firms (under 50 employees) have doubled since 2019

  • 31% of attorneys state that their clients have left following a data breach due to confidentiality concerns

  • The average data breach cost in small-to-medium sized law firms is $36,000

  • In 2020, celebrity law firm Grubman Shire Meiselas & Sacks paid out $365,000 due to a ransomware attack

  • Around 82% of cyber breaches in the law industry stemmed from phishing emails targeting employees

  • 25% of respondents in 2021 alone reported that their firm had suffered at least one successful cyberattack

  • The consequences of data breaches for law firms include, but aren’t limited to, the loss of billable hours (reported by 36% of interviewees), cybersecurity consulting fees (31%), and the replacement of hardware and software (18%)

Government Cybersecurity Stats You Need to Know

  • Globally, 72% of both state and local governments attacked by ransomware had had their data encrypted

  • After Australia’s Victoria state government invested $100,000 to train women in cybersecurity, the Australian federal government followed suite to launch their $9.9 billion REDSPICE initiative (Resilience, Effects, Defence, Space, Intelligence, Cyber Enablers) to bolster their national cyber infrastructure 

  • In 2022, the UK government announced new cybersecurity measures to protect their nuclear weapons systems

  • Vanatu’s official government sites and online services were compromised by a sophisticated cyberattack in 2022

  • The United States government is ranked as the #1 most-targeted government for cyberattacks, with a likelihood of 38%

Small-to-Midsize Business Cybersecurity Stats

Although we’ve provided a deep-dive of cybersecurity statistics for small-to-midsize businesses already, we’d be remiss if we didn’t recount some of the most important ones here:

  • 4 out of 5 SMBs state that their antivirus software has not stopped malware

  • Only 16% report feeling secure in their security posture

  • Nearly 70% of SMBs do not enforce password for multi-factor authentication policies

  • 68% of SMBs store confidential data like email addresses, whereas over half store phone numbers and store billing addresses

  • Web-based attacks make up most of cyberattacks against SMBs at 49%

  • Over half of small-to-midsize businesses go out of business within six months of being hit by a successful cyberattack

  • 58% of malware victims are SMBs

  • 70% of SMB owners report not feeling ready for a cyberattack if one hits

  • 43% of the world’s total cyberattacks are targeted at small-to-midsize businesses 

Enterprise Cybersecurity Stats

  • Companies are experiencing 31% more cyberattacks, with that percentage growing by the year

  • Only 4% of enterprises that pay demanded ransoms retrieve their stolen data

  • Many cybercrime victims are not reporting their cases, lowering the estimated cybercrime enforcement rate down to just 0.05%

  • 40% of polled CEOs reported that hybrid work IT infrastructures were the most difficult aspects of cybersecurity to implement

  • 66% of organizations are expecting to grow their cyber budget, with a third projecting a double-digit cybersecurity spending increase

  • Over 143 million consumers had their data stolen when Equifax was attacked in 2017, which costed the organization $4 billion in direct financial losses; part of which was, when they were found liable for the breach, being fined $425 million by the Federal Trade Commission

  • State-sponsored cyberattacks pose an increasing threat to large organizations

Cybersecurity Statistics by Country

Did you know that cybersecurity statistics range drastically from country to country?

Let's examine:

Canada Cybersecurity Stats

  • Over 6 in 10 Canadian businesses have at least one designated employee to oversee cyberthreats

  • 38% of organizations partnered with a contractor or consultant to manage cyber-related risks

  • Only 29% of Canadian businesses frequently patched or updated their operating systems

  • A mere 16% of Canadian organizations have cyber insurance

  • 39% of Canadian businesses in 2021 alone were impacted by a cyberattack where there was no clear motive

  • Canadian businesses are spending almost three billion dollars more on cybersecurity than ever before

  • Organizations in Canada that were previously targeted by hackers spent an average of $113,000 more to prevent cyberthreats than their counterparts, with small businesses that were impacted spending 120% than they’re non-impacted equivalents

  • Businesses that had previously heavily invested in cybersecurity where in markedly better positions to detect and report them vs. businesses that had no prior investment

  • More than 1 in 10 Canadian businesses have been impacted by ransomware as of 2023

  • As a country, Canada’s cybersecurity score places it 13th (out of 75)

  • More than 85% of Canadian businesses are affected by at least one successful cyberattack annually

  • 65% of Canadian employees anticipate being hit by a ransomware attack on their work email or device

  • On average, Canadian companies are paying $2 million dollars in remediation per cyberattack

  • In Canada it takes, on average, 168 days for organizations to identify a data breach

  • Over half of Canadians have been the victim of cybercrime

United Kingdom Cybersecurity Stats

  • The UK has the highest number of cybercrime victims per million Internet users

  • Cybercrime in the UK is up 40% since 2020

  • Over 80% of organizations in the UK suffered a successful cyberattack between 2021 and 2022

  • 11% of UK IT budgets are spent on cybersecurity

  • The average cost of a ransomware attack in the United Kingdom is just over one million dollars

  • 77% of UK organizations have cyber insurance

  • Out of 75 countries, the UK ranks eighth for cybersecurity

  • The average time for UK organizations to identify a data breach is 181 days

  • There were over 400,000 reports of cybercrime in 2021 alone

  • 82% of senior UK management see cybersecurity as a high priority

  • Only 19% of UK organizations issued Employee Awareness Training after a cyberattack

  • Less than a fifth of UK businesses have a formal incident response plan in place

  • Between March 2020 and March 2022, there was a 57% increase in consumer fraud

United States Cybersecurity Stats

  • The United States has the highest security breach costs in the world at $8.64 million on average

  • Washington has 8x the national average of cybersecurity professionals

  • 1 in 10 US organizations don’t have cyber insurance

  • The US was the victim of 46% of cyberattacks in 2020, which is more than double any other country 

  • In 2020, malware attacks skyrocketed by 359% compared to the year prior

  • 1 in 2 American employees had their Internet accounts breached in 2021

  • Losses due to cybercrime totalled more than $10.2 billion in 2022

Global Cybersecurity Stats

  • Worldwide, spending within the cybersecurity industry reached $40.8 billion in 2019

  • 2021 saw, on average, $787,671 in direct financial losses every hour due to security breaches

  • Between May 2020 and May 2021, cybercrime in the Asia-Pacific rose by 168%

  • Japan experienced a 40% increase in cyberattacks in 2021 compared to 2020

  • In Q3 2022, there was a 70% uptick in breached accounts compared to Q2 of the same year

  • Supply chain attacks are becoming a global trend in 2023

  • 54% of companies claim that their IT departments will not be able to handle cyberattacks

  • “Cybersecurity fatigue” impacts 42% of organizations

  • 43% of security breaches are insider threats

  • Nearly 40% of all security breaches in 2021 involved phishing

  • Out of all the email attachment types, the most malicious ones are .doc and .dot, at 37%

Cybersecurity Statistics by Type

(Concerned about the threats listed below? Download a copy of the Ransomware Prevention and Response Checklist here, or view our services list for other in-depth checklists.)

Ransomware Penetration Testing Sample Report

A wide variety of potential cyberthreats should be on your organization's radar.

Out of the most common, here are the numbers you should know:

Ransomware Statistics in 2023

  • The average ransomware payment is increasing by 82% year-over-year

  • 81% of cybersecurity experts believe that sophisticated ransomware attacks are on the rise

  • New variants of ransomware grew by 46% in 2019 alone

  • Businesses fall victim to a ransomware attack every 14 seconds

  • Ransomware has become one of the most popular forms of cyberattacks, growing 350% since 2018

  • The average cost of a ransomware attack in 2023 is $1.85 million

  • By 2031, a ransomware attack is predicted to happen every two seconds

  • Ransomware accounts for 10% of all security breaches worldwide

  • On average, ransomware-related breaches took 49 days longer than other types of breaches to identify and contain

  • In the first half of 2022 alone, organizations worldwide saw 236.7 million ransomware cyberattacks

Cloud Security Breaches Statistics in 2023

  • 82% of organizations report that managing cloud costs are their biggest cloud security challenge

  • 69% of organizations worldwide admitted to experiencing security breaches due to multi-cloud security configurations

  • More than 80% of all cloud security breaches are because of human elements such as social engineering attacks

  • 89% of businesses negatively impacted by cloud security incidents are startups

  • 81% of organizations in 2023 are using at least one private or public cloud

  • Over 70% of businesses that use cloud security lack confidence in their security posture

  • Nearly half of all data breaches in 2023 take place in the cloud

Supply Chain Attack Statistics in 2023

  • Only 36% of organizations report having vetted new and existing suppliers in the last year

  • 59% of organizations that were the target of a supply chain attack did not have an incident response plan in place

  • 58% of all supply chain attacks are focused on accessing confidential data

  • 50% of supply chain attacks have been attributed to notorious APT groups

  • In over 50% of supply chain attacks, malware was the chosen attack technique

  • 66% of threat actors focused on the suppliers’ code to compromise customers

Malware Attack Statistics in 2023

  • Over 92% of malware in 2023 is delivered via email

  • Close to 100% of mobile malware targets Android devices

  • MacOS malware has increased by 165% since 2021

  • Trojans make up over 51% of all malware

  • More than 18 million websites are infected malware at a given time every week

  • 34% of organizations impacted by malware took over a week to regain access to key data

  • Over 90% of financial organizations were targeted by malware in 2018 alone

Social Engineering Attack Statistics in 2023

  • There are 75x more phishing sites as malware sites in 2023

  • In 2020, phishing was the #1 complaint for both individuals and businesses

  • 72% of IT professionals reported experiencing smishing attacks in 2021, with that number only growing

  • The price of the average successful social engineering attack reached $4.1 million in 2022

  • Social engineering attacks are taking, on average, 270 days to identify and contain

  • 82% of data breaches contain a human element

  • 90% of social engineering attacks target employees vs. technology

  • CEOs are targeted 57 times per year on average by social engineering threats 

Avoid Becoming a Part of the Percentage With Packetlabs

Here at Packetlabs, our PTaaS services are 95% manual: this is a testament to our commitment to both quality and security. We strive to ensure that the best test results are delivered to our clients. Our in-depth testing ensures that no stone is left unturned, and even the most minute of weaknesses can be found and eliminated.

Our team comprises highly experienced professionals with some of the industry’s most sought-after certifications, such as CREST, OSCP, CEH, and CISSP.

Contact us today or join our newsletter for cybersecurity education and implementation that goes beyond the checkbox.

Featured Posts

See All

August 15 - Blog

Packetlabs at Info-Tech LIVE 2024

It's official: Packetlabs is a partner and attendee of Info-Tech LIVE 2024 in Las Vegas. Learn more about event dates and registration today.

August 01 - Blog

A Deep Dive Into Privilege Escalation

This article will delve into the most common techniques attackers use to transition from their initial breach to achieving their end goals: Privilege Escalation.

July 31 - Blog

What Is Attack Attribution?

Did you know? Attack attribution supports cybersecurity by providing contextual awareness for building an effective and efficient cybersecurity program. Learn more in today's blog.