Cybersecurity Statistics and Predictions for 2023

Niek has worked at Eftsure for several years and has developed a clear understanding of the cyber threat landscape and the controls Australian businesses put in place to combat these threats.

The past year saw a surge in cyber-crime, with numerous high-profile companies falling victim to sophisticated cyber-attacks and the proliferation of ransomware incidents. Businesses are also increasingly concerned with vulnerabilities in critical infrastructure and supply chain security.  

As we look ahead in 2023, cybersecurity experts expect cyber-crimes to become more sophisticated, driven by the use of artificial intelligence (AI). Experts are also anticipating continued rises in cyber insurance premiums. Business and IT leaders must work together to combat these evolving threats and implement best practices, incident response procedures and detection tools in the workplace. 

To get a comprehensive understanding of the threat landscape in 2023, we’ll delve into the latest cybersecurity statistics, along with insights into the changing face of cyber-crime and the measures needed to protect financial assets and maintain business resilience.  

Keep reading to explore the current state – and future outlook – of cybersecurity statistics in 2023.

Top Remote Working Statistics (Editor’s Choice)

  • Reaching an all-time high, the cost of a data breach averaged USD 4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was USD 4.24 million.
  • The size of the global cyber insurance market is expected to grow rapidly over the 5 years, with the total market size increasing from around $8B USD in 2020 to just over $20B USD by 2025.
  • According to research, 80% of companies employing at least 200 people will increase their cybersecurity spending in 2023. In 2022 that figure was 63%.
  • The cost of taking out cyber cover had doubled on average every year for the past three years. 80% rise in premiums in the last 12 months.
  • About 43% of external perpetrator cases were the result of hackers, and 28% were conducted by organised crime; both numbers reflect increases from the 2020 survey.

Cybersecurity statistics

1. Reaching an all-time high, the cost of a data breach averaged USD 4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was USD 4.24 million.

According to the 2022 cost of a data breach report by IBM, the global average total cost of a data breach is $4.35M, growing at a record high. If we investigate further, IBM indicates that stolen or compromised credentials were not only the most common cause of a data breach, but also took 327 days to identify one. Other methods involve phishing, business email compromise, vulnerability in third-party software and malicious insiders.

2. Over 67,500 cybercrime reports, an increase of nearly 13% from the previous financial year.

With the increasing amount of cybercrime reporting, one cyber attack is being reported every 8 minutes rather than 10 last year. The Australian Cyber Security Centre defines these as more substantial than previous ones.

3. The size of the global cyber insurance market is expected to grow rapidly over the 5 years, with the total market size increasing from around $8B USD in 2020 to just over $20B USD by 2025.

According to Statista, the global cyber insurance market is expected to grow tremendously over the next five years. Some factors that come into play as why the market is expected to grow is from the increase in cyber threats, awareness of cyber risks, regulatory requirements, lack of in-house expertise such as IT teams or internal processes and growth in technology.

4. According to research, 80% of companies employing at least 200 people will increase their cybersecurity spending in 2023. In 2022 that figure was 63%.

Cybersecurity spending is rocketing in 2023 according to cybersecurity statistics. Three hundred Australian executives were surveyed and research demonstrates that 80% of Aussie businesses who are employing at least 200 people will increase their cybersecurity spending.

With the rise of cybercrime across the globe, more businesses are prioritising their cybersecurity expenditure into detection and prevention tools, insurances, and awareness training.

5. The use of security AI and automation jumped by nearly one-fifth in two years from 59% in 2020 to 70% in 2022.

IBM research demonstrates the effective use of security AI and automation when combating cybercrime. For example, AI security and automation can assist businesses with threat detection and response. AI algorithms can be used to monitor network activity and detect unusual or suspicious behaviour that might indicate a cyber attack.

This provides businesses a quicker response time and improve incident resolution.

6. Identity fraud losses tallied a total of $56 billion, according to the "2021 Identity Fraud Study" Javelin Strategy & Research.

Identity theft can be exploited through various methods, like the use of someone’s name, credit card, address, etc. In response, organizations need to increase their defences against threats to minimise the risk of an attack and protect their critical infrastructure.

7. 95% of cyber security breaches are a result of human error.

All it takes is one successful breach and the cyber criminals will gain access to an organisation’s digital environment. Most cyber security breaches exist due to human error which involves employees clicking on a malicious website, email link or attachment.

8. 65% of organisations in the United States fell victim to a phishing attack.

Phishing is a type of social engineering tactic where criminals create a fake email or website to trick people into clicking on a dangerous link or giving away sensitive information, like passwords, login details, or financial information.

9. 60% of businesses targeted by a cyber attack go out of business within six months.

Adopting digital controls to facilitate continuous oversight and compliance monitoring should be a priority for small and medium sized companies, as 60% of small businesses that fall victim to data breaches or cyber attacks fail in less than six months.

10. Aussies aged 65 and over accounted for the greatest losses to these scams at $2.3 million.

Cyber criminals and scammers have been trying all sorts of tactics, so you can probably expect the number of victims to rise this year. According to the ACCC Australians aged 65 and over fall victim to all types of scams in 2022.

11. 93% cyber leaders and 86% business leaders believe geopolitical instability is moderately or very likely to lead to a catastrophic cyber event in the next 2 years.

According to the Global Cybersecurity Outlook 2023 report, business and cyber leaders believe global geopolitical instability is moderately or very likely to lead to a catastrophic cyber event in the next two years. So what changes will these leaders make in response to the risk?

72-73% of business/cyber leaders suggest that they will strengthen policies and practices for engaging direct-connection third parties with data access, followed by strengthening controls with third parties who process data.

12. The cost of taking out cyber cover had doubled on average every year for the past three years. 80% rise in premiums in the last 12 months.

Cyber insurance premiums have soared in the past year as claims surged in response to a rise in damaging attacks by cybercrime syndicates. One of the main causes of increase insurance premiums is the growth of ransomware claims. Ransomware is a form of malicious software attack used by cybercriminals to block an organisation’s network for a ransom.

13. AI and machine learning (20%), cloud technology (19%) and user identity and access management (15%) will have the greatest influence on cyber risk strategies over the next 2 years.

Cybersecurity statistics demonstrate the advances of technology. As technology continues to grow and improve overtime, it presents both benefits and challenges to organizations. While Artificial Intelligence (AI) security and automation can equip businesses with robust cybersecurity defenses, they can also be used against them.

It is therefore imperative for organizations to strike a balance between leveraging the advantages of new technology and effectively managing the associated risks through well-planned development strategies and robust risk management practices

Working from home statistics

14. Cyber crime Up 600% due to the COVID-19 Pandemic.

Because of the COVID-19 outbreak, businesses are experiencing an increase in high-level phishing email scams. They are aimed at duping and luring employees into taking some type of action, like clicking a malicious link or opening an attachment containing a virus. Cyber security should be a priority now that remote work is common for many businesses.

15. Statista reports that 64% of organisations worldwide were most likely to experience a data breach as a result of COVID-19.

Changes in workplace standards meant a higher number of employees working remotely. Cybercrime increased, with phishing being the most common method.

16. Remote work has increased the average cost of a data breach by $137,000.

The IBM Cost of a Data Breach report found that the COVID-19 pandemic has had a tremendous impact on the way many organisations do business. This has impacted SMEs with the average cost totaling $137,000.

17. More than half a million Zoom user accounts were compromised and sold on the dark web.

The more popular video conferencing software Zoom becomes with companies bringing employees into remote work, the more cyber criminals will adapt their techniques to that format. Recently, we’ve seen reports of cyber criminals selling compromised Zoom accounts on the dark web to increase their chances for more data breaches.

18. 24% of respondents had to spend money unexpectedly to resolve a security breach or malware attack following the WFH shift.

Working remotely for the first time due to the pandemic for many employees means not having easy access to important information about cyber security and how to be safe online, such as security and risk discussions within the company and advice that can be offered to co-workers in person.

19. 25% report an increase in fraudulent emails, phishing attempts and spam to their corporate email since the start of the COVID-19 crisis.

There has been an increased amount of concern with phishing and malware, so businesses must address these issues with staff by training them on data handling, and reminding them of the company code of conduct and rule breaches. Working from home introduces new cyber risks, so staff must be adequately trained in their responsibilities as well as become aware of cyberattacks.

20. 71% of security leaders lack sufficient visibility into remote employee home networks.

According to a recent study, more people are using cloud services and iot devices that were never before part of a company’s security perimeter. More cyberattacks and security breaches are now a result of this and IT managers are now struggling to keep up with managing all these new technologies.

DOS/DDOS statistics

21. In Q1 2022, our DDoS Intelligence system detected 91,052 DDoS attacks.

According to a securelist report, it’s reported that the DDOS Intelligence system detected 91, 052 DDoS attacks. DDoS also known as a Distributed Denial-of-Service is a malicious attempt to disrupt a computer or system networks.

22. 2.9 million DDoS attacks in Q1 of 2021, an increase of 31% over the same period in 2020.

Recent years have seen an increase in DDoS attacks to the point where business networks have been brought to their knees with work at a standstill for hours on end. We see tens of thousands of unannounced, undetected DDoS attacks per day. These attacks are the most destructive and costly.

23. Among the most significant DDoS attacks was a 1.5 TBps (terabytes per second) incident in June 2021, representing a 169% increase in attack bandwidth over the most substantial attack in the first half of 2020.

In 2021, an attacker deployed the most powerful Distributed Denial of Service attack on record. The bandwidth peaked at 1.5 Terabytes per second. The skirmish, which lasted for about 15-20 minutes, erupted.

24. The largest number of DDoS attacks (16.35%) come on Sundays.

According to Kaspersky, the largest share of DDoS attacks take place on Sunday and the fewest attacks occurred on Friday. These types of schedules in the way DDoS attacks occurred demonstrate a lot about the likely attackers.

25. In January 2022, over 17% of under-attack respondents reported being targeted by ransom DDoS attacks or receiving a threat in advance.

Much like a ransomware attack, a ransom DDoS attack is where the attacker threatens to carry out a DDoS attack unless the victim pays them a ransom. RDDoS attacks are popular with 1 in 5 customers becoming victims of these attacks according to the survey conducted by Cloudflare.

26. Finance, the target of over 25% of all attacks, became the most attacked sector in 2021.

The number of Distributed Denial of Service (DDoS) attacks is increasing every year, and the industry with the most targets is finance because they have the most amount of data and capital.

27. The longest DDoS attack in history occurred in 2018, shattering existing records by flooding the target’s systems with data for 329 hours.

Every year, the number of Distributed Denial of Service (DDoS) attacks increases, and the industry that receives the most targets is finance because they have the most amount of data and capital. These attacks can last from a minute to an hour depending on the company’s security controls.

28. More than 20% of attackers are using multi-vector DDoS attacks.

There are many types of cyberattacks in the cyber security industry, one being the ‘multi-vector cyber attack,’ which is a digital attack on a network with many entry points. It’s a more intricate type of cyber attack, making it difficult to protect against.

Mobile scam statistics

29. Mobile attacks dropped to 9.6 million -- their lowest level in nearly two years.

According to Kaspersky Lab, mobile attacks have plummeted from the second quarter of 2020 to the third quarter of 2021. This is surprising given that there were no major campaigns nor any newsworthy events that should have led to such a significant decline. This means that companies and individuals have to be on the lookout, as this is still a cyber security risk.

30. One in 36 devices used in organisations was classified as high risk.

Managing mobile device security is a challenging prospect. Symantec discovered that one in 36 devices used in organisations is classified as high risk. Included among these devices were either jailbroken or had some form of malware installed.

31. 97% of organisations faced mobile threats that used various attack vectors.

Remote working during the COVID-19 pandemic soared and led to the increased reliance on smartphones for remote employees to access corporate assets and work tasks. This poses a risk to businesses with a rise in security incidents through mobile related attacks.

32. 40% of all mobile gadgets are at the risk of becoming a target of cyber attacks.

Several frauds and scams are associated with cell phones. A cyber criminal may impersonate your manager or another business and ask for your personal information through a phone call or text. Scammers are careful to disguise their numbers and alter their locations, even worse is when they infect mobile devices leaving your employees at risk.

33. Australians have lost $63.6 million to scams involving unsolicited calls or text messages.

Australian authorities have seen the increased frequency of scams that come in the form of suspicious phone calls or text messages. These scams are conducted by scammers who pretend to be from popular organisations, providers and supply chains.

34. Australians aged 65 and over have reported losses of $20.5 million from phone scams.

For older Australians, their lack of understanding of mobile phones makes them vulnerable to mobile scams because they have less familiarity with modern technology. The advancement of technologies has only made it easier for scammers to target people like them.

35. Overall, Australian scam victims have lost an average of $11,000 in 2021.

All you need to activate a mobile scam is to click on a button or a link in an email. These scams appear to be coming from popular fake businesses. As soon as you click the link, malware will infect your device and will be able to attack your credit card information, sensitive data, text messages, and other important data stored on your mobile device.

Social engineering statistics

36. 33% of data breaches involved social engineering.

Social engineering is the hacking technique of seeking detailed information, typically confidential data like login information, to break into a company. This often involves emails, mobile, and social media communications such as Facebook/Instagram as well as Open-Source Intelligence (OSINT).

37. Over 70% of all data breaches are due to social engineering.

Cyber criminals often have high threat intelligence when it comes to social engineering. The method is much easier than infiltrating a secure computer system or a secured computer network. To succeed criminals require in-depth knowledge about the organisation, so they can succeed in deceiving the targeted staff member.

38. The average organisation faces 700 social engineering threats per year.

Many Accounts Payable staff are targeted in spear phishing attacks, as they have access to
financial information and the ability to process outgoing payments. For example, a Barracuda study examined that more than 12 million spear phishing and social engineering attacks impacted over 17,000 organisations from 2020 to 2021.

39. Social engineering attacks cost companies $130,000 on average.

The average cost of a cyberattack is substantial, especially for smaller or middle-sized businesses. As noted by Security Info Watch, an estimated average cost of a social engineering attack is $130,000. As a result, very few businesses can fully recover their funds.

40. The number one type of social engineering attack is phishing.

Phishing is a type of online fraud that seeks to steal sensitive information, such as financial or login credentials, from unsuspecting victims.

41. Over 80% of cyber attacks in 2022 are predicted to a result of a phishing scam.

While not exclusively worrying about cyber attacks, they also have to keep in mind how CFOs and accounts payable teams respond to emails and web link attachments that would induce phishing attacks.

42. LinkedIn phishing messages make up 47% of social media phishing attempts from faux LinkedIn messages.

Hackers are constantly evolving and looking for ways to circumvent security measures. Lately, they’ve used social media in new ways, like spoofing messages pretending to be an email from a well-known exec or trying to trick or scam them. This usually entails sending email attachments or asking to phone a customer service representative to acquire things like contact numbers.

43. Social engineering scams stole over $5 billion worldwide from 2013 to 2016.

Social engineering is a major problem nowadays. Cyber criminals find it necessary to use more low-level attacks like targeting employees instead of organisations as often now that the quality of anti-virus and malware software has gotten so good. As a result, the situation has turned dire in the extreme cases where a company’s highest-level executives or CEOs are attacked in the process known as ‘spear phishing’ or ‘whaling’.

Data breach statistics

44. About 43% of external perpetrator cases were the result of hackers, and 28% were conducted by organised crime; both numbers reflect increases from the 2020 survey.

It is frightening to see that data breaches can occur both externally and internally because it means that there are multiple avenues for sensitive information to be compromised. Whether it occurred externally from an organised cybercrime group or internally by an insider threat.

Internal breaches can cause greater business disruption compared to an external threat, often because they have privileged access to sensitive information like login credentials, credit card information and more. They may have a deeper understanding of the organisation’s security measures and weaknesses, making it easier for them to bypass safeguards and steal sensitive data.

45. 86% of data breaches were deliberate and motivated by financial gain.

According to the data breach investigations report, 50% of data breaches have been discovered to be financially motivated, showing evidence of the participation of malicious insiders, whether cooperating with a cyber crime syndicate or planting malware to infiltrate and take advantage of their company.

46. The LinkedIn breach exposed 700 million records in June-August 2021.

In 200-21, cyber criminals have accomplished the exposure of an astonishingly large data leak of over 700 million LinkedIn users, exposing their names, addresses, phone numbers, and email addresses, as well as their LinkedIn profiles. The hack followed the same method used in the extremely damaging April penetration of their users’ information that hackers also uploaded to the dark web for sale.

47. In 2020, the average time to identify a breach was 207 days.

Typically, a data breach in the healthcare sector has a 329-day lifecycle on average, which is longer than in the financial sector (at 233 days). Some organisations are only able to recover 50% following a data breach, but others may not recover at all. Businesses that prioritise their cybersecurity often fare better in the aftermath of a cyber attack than those that don’t.

48. 90% of all data breaches are linked to phishing attacks.

Cyber criminals continue to use phishing because it is cheap and effective. Ways that CFOs and AP teams can minimise the risk of phishing are by matching up the email name, address, logos, etc. It’s a good idea to follow up with the person you sent an email to or to use another form of communication, before opening an attachment or clicking on a link.

49. 30% of all large data breaches take place at hospitals.

Lots of confidential information is stored in hospitals, especially in the healthcare industry. Moreover, due to tight timelines, hackers have an easier time conning staff to elicit sensitive information.

50. The average per record (per capita) cost of a data breach increased by 10.3% from 2020 to 2021.

This is not new, data breaches are quite costly for businesses. The average cost of a data breach can be calculated by taking into account the direct and indirect expenses of the organisation.

51. An average of 4,800 websites a month are compromised with formjacking code .

Formjacking attacks are simple and lucrative to cyber criminals. This often involves hackers when they inject malicious JavaScript code to infect a website and take over the functionality of a website’s form page to collect sensitive information such as credit cards, names, addresses, etc.

52. At least four 2020 breaches involved over a billion leaked records.

The data breaches of 2021 were not as devastating as the previous year, but the biggest breaches this year were $1.5 billion for Comcast, the Largest ever data leak of Brazilian residents to date (660 million), Facebook (533 million), LinkedIn (500 million) and Byeka (400 million).

53. 2021 Data Breach Report, there were 1,862 data breaches last year, surpassing both 2020's total of 1,108.

The figures for the year reflect a rise in attacks on high-profile organisations in different industries such as the country’s largest oil pipelines and firms that hold the data of millions of American consumers. Since organisations of all sizes are unable to protect themselves, it is of the utmost importance for CFOs to prioritise data protection from cybercrime.

Cybersecurity Guide for CFOs 2023: 6th Edition
Without this strategy, CFOs risk seeing cyber threats materialise into serious financial losses, along with a wide range of indirect costs like reputational damage.

That’s why we’ve created the Cybersecurity Guide for CFOs 2023 to help you create and implement a cyber-crime strategy, one that protects your organisation’s finances from a new generation of fraudsters.


Every company and every person has sensitive data that needs protection. Luckily, it’s never too soon or too late to start protecting your business and or personal information from thieves and criminals. Cybersecurity is all about preventing unauthorised access to, use of, disclosure of or damage to an organisation’s assets (in this case, data) by malicious activity.

Every business needs to have cybersecurity as their top priority, particularly the CFO, who is most targeted. In order to stay ahead of cyber attacks, employees should be vigilant in the following:

– Regularly change passwords
– Examine carefully any emails that may contain a malicious link
– Limit access to sensitive data
– Update software regularly

With cyber crime presenting a large risk to their finances, a modern CFO cannot afford to be complacent. Being the Chief Financial Officer requires that a person have an extensive understanding of the risk involved with cyberspace and the consequences it may have on their duties.

Here is a list of cybersecurity tips and best practices to get you started:

– Use complex passwords across different devices and accounts
– Enable 2-factor or multi authentication
– Check for HTTPS on websites
– Back up data
– Avoid suspicious emails links or attachments
– Use VPNs

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.