Moneyzine
/Resources/16+ Alarming Cybersecurity Statistics That Will Keep You Up at Night

16+ Alarming Cybersecurity Statistics That Will Keep You Up at Night

Aleksandar Hrubenja
Author: 
Aleksandar Hrubenja
Karen Idorn
Editor: 
Karen Idorn
Ben Mendelowitz
Fact Checker: 
Ben Mendelowitz
14 mins
January 4th, 2024
Advertiser Disclosure

While cybersecurity experts may have a clearer picture of just how much of a problem cyberattacks have recently been, pretty much everyone else seems oblivious to the cybercrime plague we are living in. These cybersecurity statistics from the Moneyzineteam are meant to be a wake-up call and help you understand just what security teams in most enterprises face on an everyday basis. Read on for more information on cyberattacks and their negative impact on organizations.

Top 10 Cybersecurity Statistics and Facts

  • Globally, there were 7,858,705 DDoS attacks in the first half of 2023.

  • PDF files were the top malicious file format used in Q3 of 2023.

  • The most common malware attack type in 2023 was ransomware, accounting for 47% of intrusions.

  • The average cost of a ransomware attack in 2022, excluding the ransom, is $4.54 million.

  • SMEs with between 11 and 100 employees were targeted in 27.9% of the ransomware attacks in Q3 of 2023.

  • The average ransomware payment in Q3 of 2023 was $850,700.

  • The average total cost of a data breach in 2023 is at an all-time high, at $4.45 million.

  • The average cost of a data breach in the USA, at $9.48 million, is the highest in the world.

  • On average, organizations with fully deployed security AI and automation identify and contain data breaches in 214 days.

  • A total of 2,421 US local governments, schools, and health organizations were impacted by ransomware in 2022.

Cyberattack Statistics

PDF files were the top malicious file format used in Q3 of 2023.

Malicious PDF files accounted for 25% of all malware attacks in Q3 of 2023. Moreover, their use has increased five times since the beginning of the year. The attackers usually embedded malicious links into the PDF, sometimes masking them with QR codes. Other commonly used file formats in Q3 of 2023 were EXE files at 16%, ZIP archives at 15%, and plain text files at 11%.

(Netskope)

The most common malware attack type in 2023 was ransomware, accounting for 47% of the intrusions.

Hacking statistics from 2023 additionally reveal that the USA is the top region impacted by ransomware and extortion, with 47% of the ransomware attacks aimed at it. Italy is the second region on the list, with a considerably smaller intrusion volume of 8%. Meanwhile, other common desktop-oriented malware were scams at 51%, followed by phishing accounting for 25.6%.

(AAG, Avast)

Globally, there were 7,858,705 DDoS attacks in the first half of 2023.

According to the most recent global cyberattack statistics, the DDoS attack rate increased by 16% compared to the second half of 2022. The largest DDoS attack in H1 of 2023 used a bandwidth of 991 Gbps, while the most significant attack by throughput amounted to 658 Mpps. Furthermore, data reveals that an average of 6,082 daily DDoS attacks were happening in the USA in H1 of 2023. In comparison, the average number of daily DDoS attacks in Canada is over ten times smaller at 572.

(Net Scout)

65% of the DDoS attacks in North America lasted between five and 15 minutes.

Furthermore, cybersecurity data indicates that 12% of the attacks had a duration of between 15 and 30, while 17% were shorter than five minutes. TCP ACK floods became the most common DDoS attack vector in the NAMER region in H1 of 2023, with an increase of 15% compared to their number from H2 of 2022, totaling 377,566 attacks. Finally, wired telecommunications carriers remained the most targeted organizations of DDoS attacks for this region, as the share of attacks they suffered increased by 12%, from 434,731 to 485,985.

(Net Scout)

Statistics on Data Breaches

95% of the companies breached between March 2022 and March 2023 say this isn’t the first data breach they suffered.

A similar percentage of 76% of breached critical infrastructure organizations didn’t deploy a zero trust architecture. The latest stats further reveal that 39% of the data breaches occurring in this period were cloud-based, while 19% of data breaches started when a partner company was compromised. As a result of these breaches, 57% of the affected companies say they transferred incident costs to consumers, as opposed to the 51% that increased security investments.

(IBM, Beyond Trust)

The average total cost of a data breach in 2023 is at an all-time high, at $4.45 million.

Statistics on cyberattacks from previous years show that the average cost of a data breach increased 2.2% from 2022, when it was $4.35 million, on average. The total average cost of a data breach jumps to $4.82 million for organizations with critical infrastructure. Furthermore, data reveals that organizations with fully deployed security AI and automation lose 65.2% less money on a data breach than those that don’t.

(IBM)

The average cost of data breaches in hybrid cloud environments is 27.6% lower than the one in public cloud environments.

Cybercrime statistics reveal that the average cost of a data breach in a hybrid cloud environment is $3.80 million. In comparison, the average cost increases to $4.24 million for private cloud environments and $5.02 million for breaches in public cloud environments. Additionally, the average cost of a data breach is close to $1 million higher if remote working is a factor in the cause of the breach. On average, remote work-related breaches cost $4.99 million, while the remaining breaches cost $4.02 million.

(IBM)

The healthcare industry suffered the highest cost of a data breach for the thirteenth year in a row.

Data breach statistics for 2023 confirm that the cost of a healthcare data breach amounted to $10.93 million on average, which is a rise of a staggering 53.5% since 2021. Personal data continues to be the most frequently stolen information. The two most targeted data types were identifiable personal data of customers and employees, intellectual property, anonymized personal data, and information on earnings or clients.

(Security Intelligence)

The average cost of a data breach in the USA, at $9.48 million, is the highest in the world.

Cybersecurity stats show that the average cost of a data breach in the Middle East is the second-highest, at $7.46 million, while in Canada, it is $5.64 million, or the third-highest globally. By industry, the cost of a data breach in healthcare is by far the most expensive, at $10.10 million on average. In the financial sector, the average cost of a data breach is $5.97 million, and in pharmaceuticals, it is $5.01 million.

(IBM, Statista)

Having suffered a breach, only half of all affected organizations plan to boost their investments in security measures.

According to 2023 cybersecurity data, these organizations will focus on designing and testing incident response plans, educating their employees, and implementing technologies that detect and counter threats. Incident response planning proved a cost-effective data breach counter-measurement, as organizations that invested in this strategy saved $1.5 million more than those who didn’t apply this strategy.

(IBM)

Statistics on Ransomware

The average cost of a ransomware attack in 2022, excluding the cost of the ransom, is $4.54 million.

In comparison, the average cost of a ransomware attack, without the cost of ransom, was $4.62 million in 2021, indicating a slight decrease. However, in 2021, only 7.8% of data breaches were ransomware; in 2022, the percentage jumped to 11%. Stolen or compromised credentials were the most common primary vector, accounting for 19% of the data breaches in 2022, while phishing attacks were the second most common cause of a breach, with 16%.

(IBM)

SMEs with between 11 and 100 employees were targeted for 27.9% of the ransomware attacks in Q3 of 2023.

Malware statistics indicate that SMEs remain the primary target for ransomware in 2023, though a significant portion of slightly larger enterprises were also attacked. Namely, 32.6% of the victims were organizations with between 101 and 1,000 employees, while 22.5% of the attacked companies employed 1,001 to 10,000 workers. Furthermore, 3.9% of the victims were microenterprises with up to ten employees, 6.2% were large enterprises with between 10,001 and 25,000 employees, and organizations with over 100,000 employees were the target of 1.6% of the ransomware attacks.

(Coveware)

16.3% of the ransomware attacks in Q3 of 2023 were aimed at companies that provide professional services.

Data on recent cyberattacks reveals that most ransomware actors are industry agnostic and attack any company they believe to be profitable. However, organizations from certain sectors more commonly find themselves on the short end of the stick. Besides professional services, 14.0% of the victim companies provided consumer services, while healthcare organizations were targeted in 13.2% of the attacks. Furthermore, companies that provide software services were affected in 11.6%, and companies from the public sector were targeted in 8.5% of the attacks in Q3 of 2023.

(Coveware)

The average ransomware payment in Q3 of 2023 was $850,700.

Statistics on ransomware show a 15% increase in the average ransom paid to cyber attackers in the third compared to the second quarter of 2023. On the other hand, the median ransom amount paid has increased by 5% in the same period, and it currently stands at $200,000. Data further reveals that in most attacks, or 86% of the cases, cybercriminals threaten companies with leaking exfiltrated data. This quarter's most commonly observed ransomware variants are Akira, involved in 20.1%, and BlackCat, involved in 16.1% of the attacks of Q3 and the most frequent variant of the previous quarter.

(Coveware)

Cybersecurity Facts

On average, organizations with fully deployed security AI and automation identify and contain data breaches in 214 days.

The average time for companies that don’t rely on such security tech to protect themselves is 108 days longer, or 322 days. Data also shows that the percentage of organizations that deploy security AI and automation in 2023 is 60%, while in 2022, it was 70%. Finally, the average cost of a data breach for companies that rely on AI and automation to protect themselves is nearly $1.8 million lower than for those that are not protected in this way, making these technologies the most efficient cost-saver.

(IBM)

Q3 2023 saw record volumes of malware attacks.

Most recent malware statistics reveal that quarter-on-quarter malware volume increase reached 110%, from 60 million threats detected in Q2 to 125.7 million emails in Q3. This is one of the highest volumes recorded so far, topped only by Q4 2016 volumes totaling 126.8 million. Regarding activity, September and August were the busiest months, with 45.6 and 45.6 million threats, respectively. In turn, malware attacks in July amounted to a little over 34.5 million.

(Vade)

63% of companies increased their cybersecurity budgets in 2023.

Facts about cybersecurity show that 17% of this percentage increased their budget due to higher risks, and 15% reported it was a result of a digital transformation of the organization. The most frequent causes of budget increases were high-profile breaches Meanwhile, 37% of organizations made no changes or decreased their budget, which is a 76% YoY increase compared to 2022. The most substantial budget rises resulted from high-profile attacks, leading to an average spending surge of 27%. In turn, IT budgets reported an average growth of 11.6% in 2023, dedicating 38% of the security budget to employee-related expenses.

(SC Media)

A total of 2,377 US local governments, schools, and health organizations were impacted by ransomware in 2022.

More precisely, cybersecurity statistics show that 106 public offices were ransomware victims that year in the USA, and at least 27 of these incidents involved data breaches. The only local government that paid a ransom in the amount of $500,000 in 2022 was Quincy, M.A. Regarding the education sector, 45 school districts and 44 college and university campuses were attacked, which resulted in learning disruption in 1,981 schools, almost twice as many as in the previous year. Finally, the publicly available data reveals 25 registered attacks in the healthcare sector, negatively impacting the work of up to 290 hospitals.

(Emsisoft)

Over 1.35 million unique phishing sites were detected worldwide in Q4 of 2022.

Social engineering statistics further reveal that 30% of adults around the world fell victim to phishing scams, the most significant number of victims being internet users from Vietnam. The most common type of phishing attack in 2022 was bulk phishing, affecting 85% of companies globally. Three in four organizations suffered smishing attacks via mobile phones, and the highest share of credential theft victims was reported in Peru and the Bahamas. Finally, seven in ten organizations experienced so-called vishing or social media engineering attacks.

(Statista)

There were 493.2 million phishing threats in Q3 2023.

According to cybersecurity data, this is an increase of 173% compared to Q2 2023, when 180.4 million phishing attacks were detected. July saw 113.4 million phishing attacks, while nearly twice as many were detected in August, totaling 207.3 million, which was also the most active month for phishing threats in Q3 2023. The second most active month was September, with 172.6 detected emails.

(Vade)

FAQs on Cybersecurity Statistics

What percentage of cyberattacks are caused by human error?
How often do cyberattacks occur?
How many cyberattacks happen per day?
What is the most common way hackers find information?

The Summary

As per the cybersecurity data above, hackers keep raising the bar and reaching new heights of illicit activities yearly. Given that they are mainly motivated by financial gain, we shouldn’t expect them to slow down on their own any time soon. To end the article on an optimistic note, cybersecurity solutions can counter the vast majority of attacks or, at the very least, considerably mitigate the damages. As hackers always try to improve their methods, cybersecurity teams need support to match their efforts, and thankfully, stats reveal that more and more organizations finally realize the danger of risks and increase their cybersecurity budgets.

Related Content

  • Health insurance in the United States is a critical component of access to healthcare. A significant portion of the population remains uninsured despite various healthcare reforms and the expansion of government programs like Medicaid.
    March 7th, 2024
  • Debt by State Mapped for 2024
    This amount represents a 4.5% increase from Q2 2022, when the total consumer debt stood at $16.11 trillion. In turn, the period between Q2 2021 and Q2 2022 saw a higher increase of 7%.
    February 14th, 2024
  • Analysis of the Current Best Places to Buy a House
    According to the most recent estimations, around 100 million of these homes are single-family homes. They account for about 90% of all the housing units in the USA.
    December 21st, 2023
  • Fascinating Web3 Statistics You Ought to Know
    While the vast majority of Americans struggle with the meaning of Web3, seven in ten US Internet users also say that they don’t feel in control over how Web2 websites use their data. This suggests that users would like more autonomy, but ignorance is still an issue.
    January 31st, 2024
  • Managing debt is a critical aspect of financial well-being, and in today's dynamic economic landscape, having access to reliable and free debt management resources can make a significant difference. Fortunately, a plethora of invaluable tools and services are available online without costing a dime.
    December 7th, 2023

Contributors

Aleksandar Hrubenja
With a BA in English literature and linguistics, training provided by veteran licensed court interpreters, and direct content management experience, Aleksandar Hrubenja knows what good content looks like. He’s tackled any topic thrown his way, spending the last six years writing articles on finance, cryptocurrency, and digital marketing — just to name a few.
Karen Idorn
Karen Idorn is an experienced PR professional based in London. She is an established writer who always follows the latest trends in the finance industry and concentrates on delivering interesting, valuable content for audiences.
Ben Mendelowitz
Fact Checker
Ben Mendelowitz
Moneyzine 2024. All Rights Reserved.