16+ Alarming Cybersecurity Statistics That Will Keep You Up at Night

Malicious PDF files accounted for 25% of all malware attacks in Q3 of 2023. Moreover, their use has increased five times since the beginning of the year. The attackers usually embedded malicious links into the PDF, sometimes masking them with QR codes. Other commonly used file formats in Q3 of 2023 were EXE files at 16%, ZIP archives at 15%, and plain text files at 11%.

(Netskope)

Hacking statistics from 2023 additionally reveal that the USA is the top region impacted by ransomware and extortion, with 47% of the ransomware attacks aimed at it. Italy is the second region on the list, with a considerably smaller intrusion volume of 8%. Meanwhile, other common desktop-oriented malware were scams at 51%, followed by phishing accounting for 25.6%.

(AAG, Avast)

According to the most recent global cyberattack statistics, the DDoS attack rate increased by 16% compared to the second half of 2022. The largest DDoS attack in H1 of 2023 used a bandwidth of 991 Gbps, while the most significant attack by throughput amounted to 658 Mpps. Furthermore, data reveals that an average of 6,082 daily DDoS attacks were happening in the USA in H1 of 2023. In comparison, the average number of daily DDoS attacks in Canada is over ten times smaller at 572.

(Net Scout)

Furthermore, cybersecurity data indicates that 12% of the attacks had a duration of between 15 and 30, while 17% were shorter than five minutes. TCP ACK floods became the most common DDoS attack vector in the NAMER region in H1 of 2023, with an increase of 15% compared to their number from H2 of 2022, totaling 377,566 attacks. Finally, wired telecommunications carriers remained the most targeted organizations of DDoS attacks for this region, as the share of attacks they suffered increased by 12%, from 434,731 to 485,985.

(Net Scout)

A similar percentage of 76% of breached critical infrastructure organizations didn’t deploy a zero trust architecture. The latest stats further reveal that 39% of the data breaches occurring in this period were cloud-based, while 19% of data breaches started when a partner company was compromised. As a result of these breaches, 57% of the affected companies say they transferred incident costs to consumers, as opposed to the 51% that increased security investments.

(IBM, Beyond Trust)

Statistics on cyberattacks from previous years show that the average cost of a data breach increased 2.2% from 2022, when it was $4.35 million, on average. The total average cost of a data breach jumps to $4.82 million for organizations with critical infrastructure. Furthermore, data reveals that organizations with fully deployed security AI and automation lose 65.2% less money on a data breach than those that don’t.

(IBM)

Cybercrime statistics reveal that the average cost of a data breach in a hybrid cloud environment is $3.80 million. In comparison, the average cost increases to $4.24 million for private cloud environments and $5.02 million for breaches in public cloud environments. Additionally, the average cost of a data breach is close to $1 million higher if remote working is a factor in the cause of the breach. On average, remote work-related breaches cost $4.99 million, while the remaining breaches cost $4.02 million.

(IBM)

Data breach statistics for 2023 confirm that the cost of a healthcare data breach amounted to $10.93 million on average, which is a rise of a staggering 53.5% since 2021. Personal data continues to be the most frequently stolen information. The two most targeted data types were identifiable personal data of customers and employees, intellectual property, anonymized personal data, and information on earnings or clients.

(Security Intelligence)

Cybersecurity stats show that the average cost of a data breach in the Middle East is the second-highest, at $7.46 million, while in Canada, it is $5.64 million, or the third-highest globally. By industry, the cost of a data breach in healthcare is by far the most expensive, at $10.10 million on average. In the financial sector, the average cost of a data breach is $5.97 million, and in pharmaceuticals, it is $5.01 million.

(IBM, Statista)

According to 2023 cybersecurity data, these organizations will focus on designing and testing incident response plans, educating their employees, and implementing technologies that detect and counter threats. Incident response planning proved a cost-effective data breach counter-measurement, as organizations that invested in this strategy saved $1.5 million more than those who didn’t apply this strategy.

(IBM)

In comparison, the average cost of a ransomware attack, without the cost of ransom, was $4.62 million in 2021, indicating a slight decrease. However, in 2021, only 7.8% of data breaches were ransomware; in 2022, the percentage jumped to 11%. Stolen or compromised credentials were the most common primary vector, accounting for 19% of the data breaches in 2022, while phishing attacks were the second most common cause of a breach, with 16%.

(IBM)

Malware statistics indicate that SMEs remain the primary target for ransomware in 2023, though a significant portion of slightly larger enterprises were also attacked. Namely, 32.6% of the victims were organizations with between 101 and 1,000 employees, while 22.5% of the attacked companies employed 1,001 to 10,000 workers. Furthermore, 3.9% of the victims were microenterprises with up to ten employees, 6.2% were large enterprises with between 10,001 and 25,000 employees, and organizations with over 100,000 employees were the target of 1.6% of the ransomware attacks.

(Coveware)

Data on recent cyberattacks reveals that most ransomware actors are industry agnostic and attack any company they believe to be profitable. However, organizations from certain sectors more commonly find themselves on the short end of the stick. Besides professional services, 14.0% of the victim companies provided consumer services, while healthcare organizations were targeted in 13.2% of the attacks. Furthermore, companies that provide software services were affected in 11.6%, and companies from the public sector were targeted in 8.5% of the attacks in Q3 of 2023.

(Coveware)

Statistics on ransomware show a 15% increase in the average ransom paid to cyber attackers in the third compared to the second quarter of 2023. On the other hand, the median ransom amount paid has increased by 5% in the same period, and it currently stands at $200,000. Data further reveals that in most attacks, or 86% of the cases, cybercriminals threaten companies with leaking exfiltrated data. This quarter's most commonly observed ransomware variants are Akira, involved in 20.1%, and BlackCat, involved in 16.1% of the attacks of Q3 and the most frequent variant of the previous quarter.

(Coveware)

The average time for companies that don’t rely on such security tech to protect themselves is 108 days longer, or 322 days. Data also shows that the percentage of organizations that deploy security AI and automation in 2023 is 60%, while in 2022, it was 70%. Finally, the average cost of a data breach for companies that rely on AI and automation to protect themselves is nearly $1.8 million lower than for those that are not protected in this way, making these technologies the most efficient cost-saver.

(IBM)

Most recent malware statistics reveal that quarter-on-quarter malware volume increase reached 110%, from 60 million threats detected in Q2 to 125.7 million emails in Q3. This is one of the highest volumes recorded so far, topped only by Q4 2016 volumes totaling 126.8 million. Regarding activity, September and August were the busiest months, with 45.6 and 45.6 million threats, respectively. In turn, malware attacks in July amounted to a little over 34.5 million.

(Vade)

Facts about cybersecurity show that 17% of this percentage increased their budget due to higher risks, and 15% reported it was a result of a digital transformation of the organization. The most frequent causes of budget increases were high-profile breaches Meanwhile, 37% of organizations made no changes or decreased their budget, which is a 76% YoY increase compared to 2022. The most substantial budget rises resulted from high-profile attacks, leading to an average spending surge of 27%. In turn, IT budgets reported an average growth of 11.6% in 2023, dedicating 38% of the security budget to employee-related expenses.

(SC Media)

More precisely, cybersecurity statistics show that 106 public offices were ransomware victims that year in the USA, and at least 27 of these incidents involved data breaches. The only local government that paid a ransom in the amount of $500,000 in 2022 was Quincy, M.A. Regarding the education sector, 45 school districts and 44 college and university campuses were attacked, which resulted in learning disruption in 1,981 schools, almost twice as many as in the previous year. Finally, the publicly available data reveals 25 registered attacks in the healthcare sector, negatively impacting the work of up to 290 hospitals.

(Emsisoft)

Social engineering statistics further reveal that 30% of adults around the world fell victim to phishing scams, the most significant number of victims being internet users from Vietnam. The most common type of phishing attack in 2022 was bulk phishing, affecting 85% of companies globally. Three in four organizations suffered smishing attacks via mobile phones, and the highest share of credential theft victims was reported in Peru and the Bahamas. Finally, seven in ten organizations experienced so-called vishing or social media engineering attacks.

(Statista)

According to cybersecurity data, this is an increase of 173% compared to Q2 2023, when 180.4 million phishing attacks were detected. July saw 113.4 million phishing attacks, while nearly twice as many were detected in August, totaling 207.3 million, which was also the most active month for phishing threats in Q3 2023. The second most active month was September, with 172.6 detected emails.

(Vade)