Cybersecurity Statistics and Predictions for 2023

The past year saw a surge in cyber-crime, with numerous high-profile companies falling victim to sophisticated cyber-attacks and the proliferation of ransomware incidents. Businesses are also increasingly concerned with vulnerabilities in critical infrastructure and supply chain security.

As we look ahead in 2023, cybersecurity experts expect cyber-crimes to become more sophisticated, driven by the use of artificial intelligence (AI). Experts are also anticipating continued rises in cyber insurance premiums. Business and IT leaders must work together to combat these evolving threats and implement best practices, incident response procedures and detection tools in the workplace.

To get a comprehensive understanding of the threat landscape in 2023, we’ll delve into the latest cybersecurity statistics, along with insights into the changing face of cyber-crime and the measures needed to protect financial assets and maintain business resilience.

Keep reading to explore the current state – and future outlook – of cybersecurity statistics in 2023.

Top Remote Working Statistics (Editor’s Choice)

Reaching an all-time high, the cost of a data breach averaged USD 4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was USD 4.24 million.
The size of the global cyber insurance market is expected to grow rapidly over the 5 years, with the total market size increasing from around $8B USD in 2020 to just over $20B USD by 2025.
According to research, 80% of companies employing at least 200 people will increase their cybersecurity spending in 2023. In 2022 that figure was 63%.
The cost of taking out cyber cover had doubled on average every year for the past three years. 80% rise in premiums in the last 12 months.
About 43% of external perpetrator cases were the result of hackers, and 28% were conducted by organised crime; both numbers reflect increases from the 2020 survey.

Cybersecurity statistics

1. Reaching an all-time high, the cost of a data breach averaged USD 4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was USD 4.24 million.

According to the 2022 cost of a data breach report by IBM, the global average total cost of a data breach is $4.35M, growing at a record high. If we investigate further, IBM indicates that stolen or compromised credentials were not only the most common cause of a data breach, but also took 327 days to identify one. Other methods involve phishing, business email compromise, vulnerability in third-party software and malicious insiders.

Source: IBM

2. Over 67,500 cybercrime reports, an increase of nearly 13% from the previous financial year.

With the increasing amount of cybercrime reporting, one cyber attack is being reported every 8 minutes rather than 10 last year. The Australian Cyber Security Centre defines these as more substantial than previous ones.

Source: ACSC

3. The size of the global cyber insurance market is expected to grow rapidly over the 5 years, with the total market size increasing from around $8B USD in 2020 to just over $20B USD by 2025.

According to Statista, the global cyber insurance market is expected to grow tremendously over the next five years. Some factors that come into play as why the market is expected to grow is from the increase in cyber threats, awareness of cyber risks, regulatory requirements, lack of in-house expertise such as IT teams or internal processes and growth in technology.

Source: Statista

4. According to research, 80% of companies employing at least 200 people will increase their cybersecurity spending in 2023. In 2022 that figure was 63%.

Cybersecurity spending is rocketing in 2023 according to cybersecurity statistics. Three hundred Australian executives were surveyed and research demonstrates that 80% of Aussie businesses who are employing at least 200 people will increase their cybersecurity spending.

With the rise of cybercrime across the globe, more businesses are prioritising their cybersecurity expenditure into detection and prevention tools, insurances, and awareness training.

Source: The Motley Fool

5. The use of security AI and automation jumped by nearly one-fifth in two years from 59% in 2020 to 70% in 2022.

IBM research demonstrates the effective use of security AI and automation when combating cybercrime. For example, AI security and automation can assist businesses with threat detection and response. AI algorithms can be used to monitor network activity and detect unusual or suspicious behaviour that might indicate a cyber attack.

This provides businesses a quicker response time and improve incident resolution.

Source: IBM

6. Identity fraud losses tallied a total of $56 billion, according to the "2021 Identity Fraud Study" Javelin Strategy & Research.

Identity theft can be exploited through various methods, like the use of someone’s name, credit card, address, etc. In response, organizations need to increase their defences against threats to minimise the risk of an attack and protect their critical infrastructure.

Source: TechTarget

7. 95% of cyber security breaches are a result of human error.

All it takes is one successful breach and the cyber criminals will gain access to an organisation’s digital environment. Most cyber security breaches exist due to human error which involves employees clicking on a malicious website, email link or attachment.

Source: Cybint

8. 65% of organisations in the United States fell victim to a phishing attack.

Phishing is a type of social engineering tactic where criminals create a fake email or website to trick people into clicking on a dangerous link or giving away sensitive information, like passwords, login details, or financial information.

Source: Cloudwards

9. 60% of businesses targeted by a cyber attack go out of business within six months.

Adopting digital controls to facilitate continuous oversight and compliance monitoring should be a priority for small and medium sized companies, as 60% of small businesses that fall victim to data breaches or cyber attacks fail in less than six months.

Source: Cybersecurity Ventures

10. Aussies aged 65 and over accounted for the greatest losses to these scams at $2.3 million.

Cyber criminals and scammers have been trying all sorts of tactics, so you can probably expect the number of victims to rise this year. According to the ACCC Australians aged 65 and over fall victim to all types of scams in 2022.

Source: CyberSecurity Connect

11. 93% cyber leaders and 86% business leaders believe geopolitical instability is moderately or very likely to lead to a catastrophic cyber event in the next 2 years.

According to the Global Cybersecurity Outlook 2023 report, business and cyber leaders believe global geopolitical instability is moderately or very likely to lead to a catastrophic cyber event in the next two years. So what changes will these leaders make in response to the risk?

72-73% of business/cyber leaders suggest that they will strengthen policies and practices for engaging direct-connection third parties with data access, followed by strengthening controls with third parties who process data.

Source: WEF

12. The cost of taking out cyber cover had doubled on average every year for the past three years. 80% rise in premiums in the last 12 months.

Cyber insurance premiums have soared in the past year as claims surged in response to a rise in damaging attacks by cybercrime syndicates. One of the main causes of increase insurance premiums is the growth of ransomware claims. Ransomware is a form of malicious software attack used by cybercriminals to block an organisation’s network for a ransom.

Source: AFR

13. AI and machine learning (20%), cloud technology (19%) and user identity and access management (15%) will have the greatest influence on cyber risk strategies over the next 2 years.

Cybersecurity statistics demonstrate the advances of technology. As technology continues to grow and improve overtime, it presents both benefits and challenges to organizations. While Artificial Intelligence (AI) security and automation can equip businesses with robust cybersecurity defenses, they can also be used against them.

It is therefore imperative for organizations to strike a balance between leveraging the advantages of new technology and effectively managing the associated risks through well-planned development strategies and robust risk management practices

Source: WEF

Working from home statistics

14. Cyber crime Up 600% due to the COVID-19 Pandemic.

Because of the COVID-19 outbreak, businesses are experiencing an increase in high-level phishing email scams. They are aimed at duping and luring employees into taking some type of action, like clicking a malicious link or opening an attachment containing a virus. Cyber security should be a priority now that remote work is common for many businesses.

Source: PurpleSec

15. Statista reports that 64% of organisations worldwide were most likely to experience a data breach as a result of COVID-19.

Changes in workplace standards meant a higher number of employees working remotely. Cybercrime increased, with phishing being the most common method.

Source: Statista

16. Remote work has increased the average cost of a data breach by $137,000.

The IBM Cost of a Data Breach report found that the COVID-19 pandemic has had a tremendous impact on the way many organisations do business. This has impacted SMEs with the average cost totaling $137,000.

Source: IBM

17. More than half a million Zoom user accounts were compromised and sold on the dark web.

The more popular video conferencing software Zoom becomes with companies bringing employees into remote work, the more cyber criminals will adapt their techniques to that format. Recently, we’ve seen reports of cyber criminals selling compromised Zoom accounts on the dark web to increase their chances for more data breaches.

Source: CPO Magazine

18. 24% of respondents had to spend money unexpectedly to resolve a security breach or malware attack following the WFH shift.

Working remotely for the first time due to the pandemic for many employees means not having easy access to important information about cyber security and how to be safe online, such as security and risk discussions within the company and advice that can be offered to co-workers in person.

Source: Velocity Smart

19. 25% report an increase in fraudulent emails, phishing attempts and spam to their corporate email since the start of the COVID-19 crisis.

There has been an increased amount of concern with phishing and malware, so businesses must address these issues with staff by training them on data handling, and reminding them of the company code of conduct and rule breaches. Working from home introduces new cyber risks, so staff must be adequately trained in their responsibilities as well as become aware of cyberattacks.

Source: Deloitte

20. 71% of security leaders lack sufficient visibility into remote employee home networks.

According to a recent study, more people are using cloud services and iot devices that were never before part of a company’s security perimeter. More cyberattacks and security breaches are now a result of this and IT managers are now struggling to keep up with managing all these new technologies.

Source: CEPro

DOS/DDOS statistics

21. In Q1 2022, our DDoS Intelligence system detected 91,052 DDoS attacks.

According to a securelist report, it’s reported that the DDOS Intelligence system detected 91, 052 DDoS attacks. DDoS also known as a Distributed Denial-of-Service is a malicious attempt to disrupt a computer or system networks.

Source: Kaspersky

22. 2.9 million DDoS attacks in Q1 of 2021, an increase of 31% over the same period in 2020.

Recent years have seen an increase in DDoS attacks to the point where business networks have been brought to their knees with work at a standstill for hours on end. We see tens of thousands of unannounced, undetected DDoS attacks per day. These attacks are the most destructive and costly.

Source: Comptia

23. Among the most significant DDoS attacks was a 1.5 TBps (terabytes per second) incident in June 2021, representing a 169% increase in attack bandwidth over the most substantial attack in the first half of 2020.

In 2021, an attacker deployed the most powerful Distributed Denial of Service attack on record. The bandwidth peaked at 1.5 Terabytes per second. The skirmish, which lasted for about 15-20 minutes, erupted.

Source: TechTarget

24. The largest number of DDoS attacks (16.35%) come on Sundays.

According to Kaspersky, the largest share of DDoS attacks take place on Sunday and the fewest attacks occurred on Friday. These types of schedules in the way DDoS attacks occurred demonstrate a lot about the likely attackers.

Source: Kaspersky

25. In January 2022, over 17% of under-attack respondents reported being targeted by ransom DDoS attacks or receiving a threat in advance.

Much like a ransomware attack, a ransom DDoS attack is where the attacker threatens to carry out a DDoS attack unless the victim pays them a ransom. RDDoS attacks are popular with 1 in 5 customers becoming victims of these attacks according to the survey conducted by Cloudflare.

Source: Cloudflare

26. Finance, the target of over 25% of all attacks, became the most attacked sector in 2021.

The number of Distributed Denial of Service (DDoS) attacks is increasing every year, and the industry with the most targets is finance because they have the most amount of data and capital.

Source: F5

27. The longest DDoS attack in history occurred in 2018, shattering existing records by flooding the target’s systems with data for 329 hours.

Every year, the number of Distributed Denial of Service (DDoS) attacks increases, and the industry that receives the most targets is finance because they have the most amount of data and capital. These attacks can last from a minute to an hour depending on the company’s security controls.

Source: Comparitech

28. More than 20% of attackers are using multi-vector DDoS attacks.

There are many types of cyberattacks in the cyber security industry, one being the ‘multi-vector cyber attack,’ which is a digital attack on a network with many entry points. It’s a more intricate type of cyber attack, making it difficult to protect against.

Source: Link11

Mobile scam statistics

29. Mobile attacks dropped to 9.6 million -- their lowest level in nearly two years.

According to Kaspersky Lab, mobile attacks have plummeted from the second quarter of 2020 to the third quarter of 2021. This is surprising given that there were no major campaigns nor any newsworthy events that should have led to such a significant decline. This means that companies and individuals have to be on the lookout, as this is still a cyber security risk.

Source: Kaspersky

30. One in 36 devices used in organisations was classified as high risk.

Managing mobile device security is a challenging prospect. Symantec discovered that one in 36 devices used in organisations is classified as high risk. Included among these devices were either jailbroken or had some form of malware installed.

Source: TechTarget

31. 97% of organisations faced mobile threats that used various attack vectors.

Remote working during the COVID-19 pandemic soared and led to the increased reliance on smartphones for remote employees to access corporate assets and work tasks. This poses a risk to businesses with a rise in security incidents through mobile related attacks.

Source: Check Point

32. 40% of all mobile gadgets are at the risk of becoming a target of cyber attacks.

Several frauds and scams are associated with cell phones. A cyber criminal may impersonate your manager or another business and ask for your personal information through a phone call or text. Scammers are careful to disguise their numbers and alter their locations, even worse is when they infect mobile devices leaving your employees at risk.

Source: Digital Information World

33. Australians have lost $63.6 million to scams involving unsolicited calls or text messages.

Australian authorities have seen the increased frequency of scams that come in the form of suspicious phone calls or text messages. These scams are conducted by scammers who pretend to be from popular organisations, providers and supply chains.

Source: ABC

34. Australians aged 65 and over have reported losses of $20.5 million from phone scams.

For older Australians, their lack of understanding of mobile phones makes them vulnerable to mobile scams because they have less familiarity with modern technology. The advancement of technologies has only made it easier for scammers to target people like them.

Source: ABC

35. Overall, Australian scam victims have lost an average of $11,000 in 2021.

All you need to activate a mobile scam is to click on a button or a link in an email. These scams appear to be coming from popular fake businesses. As soon as you click the link, malware will infect your device and will be able to attack your credit card information, sensitive data, text messages, and other important data stored on your mobile device.

Source: 7News

Social engineering is the hacking technique of seeking detailed information, typically confidential data like login information, to break into a company. This often involves emails, mobile, and social media communications such as Facebook/Instagram as well as Open-Source Intelligence (OSINT).

Source: PurpleSec

Cyber criminals often have high threat intelligence when it comes to social engineering. The method is much easier than infiltrating a secure computer system or a secured computer network. To succeed criminals require in-depth knowledge about the organisation, so they can succeed in deceiving the targeted staff member.

Source: GlobalSign

Many Accounts Payable staff are targeted in spear phishing attacks, as they have access to
financial information and the ability to process outgoing payments. For example, a Barracuda study examined that more than 12 million spear phishing and social engineering attacks impacted over 17,000 organisations from 2020 to 2021.

Source: ZDNet

The average cost of a cyberattack is substantial, especially for smaller or middle-sized businesses. As noted by Security Info Watch, an estimated average cost of a social engineering attack is $130,000. As a result, very few businesses can fully recover their funds.

Source: GlobalSign

Phishing is a type of online fraud that seeks to steal sensitive information, such as financial or login credentials, from unsuspecting victims.

Source: Graphus

41. Over 80% of cyber attacks in 2022 are predicted to a result of a phishing scam.

While not exclusively worrying about cyber attacks, they also have to keep in mind how CFOs and accounts payable teams respond to emails and web link attachments that would induce phishing attacks.

Source: TechTarget

Hackers are constantly evolving and looking for ways to circumvent security measures. Lately, they’ve used social media in new ways, like spoofing messages pretending to be an email from a well-known exec or trying to trick or scam them. This usually entails sending email attachments or asking to phone a customer service representative to acquire things like contact numbers.

Source: Swiss Cyber Institute

Social engineering is a major problem nowadays. Cyber criminals find it necessary to use more low-level attacks like targeting employees instead of organisations as often now that the quality of anti-virus and malware software has gotten so good. As a result, the situation has turned dire in the extreme cases where a company’s highest-level executives or CEOs are attacked in the process known as ‘spear phishing’ or ‘whaling’.

Source: Cofence

Data breach statistics

44. About 43% of external perpetrator cases were the result of hackers, and 28% were conducted by organised crime; both numbers reflect increases from the 2020 survey.

It is frightening to see that data breaches can occur both externally and internally because it means that there are multiple avenues for sensitive information to be compromised. Whether it occurred externally from an organised cybercrime group or internally by an insider threat.

Internal breaches can cause greater business disruption compared to an external threat, often because they have privileged access to sensitive information like login credentials, credit card information and more. They may have a deeper understanding of the organisation’s security measures and weaknesses, making it easier for them to bypass safeguards and steal sensitive data.

Source: PwC

45. 86% of data breaches were deliberate and motivated by financial gain.

According to the data breach investigations report, 50% of data breaches have been discovered to be financially motivated, showing evidence of the participation of malicious insiders, whether cooperating with a cyber crime syndicate or planting malware to infiltrate and take advantage of their company.

Source: NordLayer

46. The LinkedIn breach exposed 700 million records in June-August 2021.

In 200-21, cyber criminals have accomplished the exposure of an astonishingly large data leak of over 700 million LinkedIn users, exposing their names, addresses, phone numbers, and email addresses, as well as their LinkedIn profiles. The hack followed the same method used in the extremely damaging April penetration of their users’ information that hackers also uploaded to the dark web for sale.

Source: Compatia

47. In 2020, the average time to identify a breach was 207 days.

Typically, a data breach in the healthcare sector has a 329-day lifecycle on average, which is longer than in the financial sector (at 233 days). Some organisations are only able to recover 50% following a data breach, but others may not recover at all. Businesses that prioritise their cybersecurity often fare better in the aftermath of a cyber attack than those that don’t.

Source: IBM

48. 90% of all data breaches are linked to phishing attacks.

Cyber criminals continue to use phishing because it is cheap and effective. Ways that CFOs and AP teams can minimise the risk of phishing are by matching up the email name, address, logos, etc. It’s a good idea to follow up with the person you sent an email to or to use another form of communication, before opening an attachment or clicking on a link.

Source: Cisco

49. 30% of all large data breaches take place at hospitals.

Lots of confidential information is stored in hospitals, especially in the healthcare industry. Moreover, due to tight timelines, hackers have an easier time conning staff to elicit sensitive information.

Source: Techjury

50. The average per record (per capita) cost of a data breach increased by 10.3% from 2020 to 2021.

This is not new, data breaches are quite costly for businesses. The average cost of a data breach can be calculated by taking into account the direct and indirect expenses of the organisation.

Source: IBM

51. An average of 4,800 websites a month are compromised with formjacking code .

Formjacking attacks are simple and lucrative to cyber criminals. This often involves hackers when they inject malicious JavaScript code to infect a website and take over the functionality of a website’s form page to collect sensitive information such as credit cards, names, addresses, etc.

Source: Norton

52. At least four 2020 breaches involved over a billion leaked records.

The data breaches of 2021 were not as devastating as the previous year, but the biggest breaches this year were $1.5 billion for Comcast, the Largest ever data leak of Brazilian residents to date (660 million), Facebook (533 million), LinkedIn (500 million) and Byeka (400 million).

Source: Comparitech

53. 2021 Data Breach Report, there were 1,862 data breaches last year, surpassing both 2020's total of 1,108.

The figures for the year reflect a rise in attacks on high-profile organisations in different industries such as the country’s largest oil pipelines and firms that hold the data of millions of American consumers. Since organisations of all sizes are unable to protect themselves, it is of the utmost importance for CFOs to prioritise data protection from cybercrime.

Source: CNET

Why Eftsure?

Why customers use Eftsure

Features

By role

Learn

Company

Why Eftsure?

Why customers use Eftsure

Features

By role

Learn

Company

Cybersecurity Statistics and Predictions for 2023

Table of Contents

Top Remote Working Statistics (Editor’s Choice)

Cybersecurity statistics

1. Reaching an all-time high, the cost of a data breach averaged USD 4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was USD 4.24 million.

Share statistics

Copy link

2. Over 67,500 cybercrime reports, an increase of nearly 13% from the previous financial year.

Share statistics

Copy link

3. The size of the global cyber insurance market is expected to grow rapidly over the 5 years, with the total market size increasing from around $8B USD in 2020 to just over $20B USD by 2025.

Share statistics

Copy link

4. According to research, 80% of companies employing at least 200 people will increase their cybersecurity spending in 2023. In 2022 that figure was 63%.

Share statistics

Copy link

5. The use of security AI and automation jumped by nearly one-fifth in two years from 59% in 2020 to 70% in 2022.

Share statistics

Copy link

6. Identity fraud losses tallied a total of $56 billion, according to the "2021 Identity Fraud Study" Javelin Strategy & Research.

Share statistics

Copy link

7. 95% of cyber security breaches are a result of human error.

Share statistics

Copy link

8. 65% of organisations in the United States fell victim to a phishing attack.

Share statistics

Copy link

9. 60% of businesses targeted by a cyber attack go out of business within six months.

Share statistics

Copy link

10. Aussies aged 65 and over accounted for the greatest losses to these scams at $2.3 million.

Share statistics

Copy link

11. 93% cyber leaders and 86% business leaders believe geopolitical instability is moderately or very likely to lead to a catastrophic cyber event in the next 2 years.

Share statistics

Copy link

12. The cost of taking out cyber cover had doubled on average every year for the past three years. 80% rise in premiums in the last 12 months.

Share statistics

Copy link

13. AI and machine learning (20%), cloud technology (19%) and user identity and access management (15%) will have the greatest influence on cyber risk strategies over the next 2 years.

Share statistics

Copy link

Working from home statistics

14. Cyber crime Up 600% due to the COVID-19 Pandemic.

Share statistics

Copy link

15. Statista reports that 64% of organisations worldwide were most likely to experience a data breach as a result of COVID-19.

Share statistics

Copy link

16. Remote work has increased the average cost of a data breach by $137,000.

Share statistics

Copy link

17. More than half a million Zoom user accounts were compromised and sold on the dark web.

Share statistics

Copy link

18. 24% of respondents had to spend money unexpectedly to resolve a security breach or malware attack following the WFH shift.

Share statistics

Copy link

19. 25% report an increase in fraudulent emails, phishing attempts and spam to their corporate email since the start of the COVID-19 crisis.

Share statistics

Copy link

20. 71% of security leaders lack sufficient visibility into remote employee home networks.

Share statistics

Copy link

DOS/DDOS statistics

21. In Q1 2022, our DDoS Intelligence system detected 91,052 DDoS attacks.

Share statistics