While cybersecurity experts may have a clearer picture of just how much of a problem cyberattacks have recently been, pretty much everyone else seems oblivious to the cybercrime plague we are living in. These cybersecurity statistics are meant to be a wake-up call and help you understand just what security teams in most enterprises face on an everyday basis. Read on to get more information on cyberattacks and details on the negative impact they have on organizations.
Top 10 Cybersecurity Statistics and Facts
Globally, there were 6,797,959 DDoS attacks in the second half of 2022.
In Q4 of 2022, an individual organization faced 1,168 cyberattacks per week.
There were 5.5 billion malware attacks worldwide in 2022.
The average cost of a ransomware attack in 2023, excluding the cost of the ransom, is $5.13 million.
Businesses with between 101 and 1,000 employees were targeted in 35.7% of the ransomware attacks in Q2 of 2023.
The average ransomware payment in Q2 of 2023 was $740,144.
The average total cost of a data breach in 2023 is at an all-time high, at $4.45 million.
The average cost of a data breach in the USA, at $9.48 million, is the highest in the world.
On average, organizations with fully deployed security AI and automation identify and contain data breaches in 214 days.
A total of 2,421 US local governments, schools, colleges, and health organizations were impacted by ransomware in 2022.
Cyberattack Statistics
In Q4 of 2022, an individual organization faced 1,168 cyberattacks per week.
During 2022, corporate networks saw 38% more attempted attacks than in 2021. The three most attacked sectors included Education and Research (2,314 attacks per week), Government and Military (1,661 attacks per week), and Healthcare (1,463 attacks per week). At 52%, North America saw the largest year-over-year increase in cyberattacks in 2022. Looking at individual countries, the UK recorded a massive 77% increase in cyberattacks compared to 2021, while the US was up by 57%.
(Check Point)
There were 5.5 billion malware attacks worldwide in 2022.
Hacking statistics from 2022 reveal malware attacks saw a 2.2% year-over-year increase — their first after three years of steady declines. The growth was primarily driven by a 43% increase in cryptojacking and an 87% rise in Internet of Things (IoT) malware attacks recorded in 2022. At 2.68 billion, the US accounted for 48.7% of all malware attacks globally. Looking at individual states, California saw the most malware attacks (320.69 million) in 2022, followed by Illinois (314.74 million), Florida (191.26 million), and New York (184.82 million).
(SonicWall)
Globally, there were 6,797,959 DDoS attacks in the second half of 2022.
According to the most recent global cyberattack statistics, the number of DDoS attacks increased by 13% compared to the first half of 2022. The largest DDoS attack in H2 of 2022 used a bandwidth of 978.5 Gbps, which is 2.15% higher than the largest attack in H1 of 2022. Furthermore, data reveals that a total of 956,443 DDoS attacks happened in the USA in H2 of 2022. In comparison, the number of DDoS attacks in Canada was less than a tenth of that at 90,535.
(Netscout)
52% of the DDoS attacks in North America lasted between five and 15 minutes.
Furthermore, cybersecurity data indicates that 15% of the attacks in H2 of 2022 had a duration of between 15 and 30, while 16% were shorter than five minutes. Additionally, there is a notable increase of 49% in the number of TCP ACK floods, compared to their number from H1 of 2022. With 328,789 such cases in H2 of 2022, TCP ACK was the most common DDoS attack vector in the North America region. Finally, wired telecommunications carriers remained the most targeted organizations of DDoS attacks for this region — the share of attacks they suffered increased by 8%, from 401,773 in H1 of 2022 to 434,731 in H2.
(Netscout)
Statistics on Data Breaches
51% of the companies breached between March 2022 and March 2023 plan to increase their security investment.
Despite the increasing global cost of data breaches, nearly half of the companies that have suffered such an incident don’t plan to spend more on cybersecurity. The latest stats further reveal that 82% of the data breaches occurring in this period were cloud-based, while 15% of data breaches started when a partner company was compromised. As a result of these breaches, 57% of the affected companies say they had to increase their prices, which ultimately affected their customers.
(IBM)
The average total cost of a data breach in 2023 is at an all-time high, at $4.45 million.
Statistics on cyberattacks from previous years show that the average cost of a data breach increased by 2.3% from 2022, when it was $4.35 million, and by 15.3% from 2020, when it was $3.86 million, on average. The total average cost of a data breach jumps to $5.04 million for organizations with critical infrastructure. Furthermore, data reveals that organizations with fully deployed security AI and automation lose 39.3% less money on a data breach than those that don’t.
(IBM)
The average cost of data breaches in hybrid cloud environments is 17.6% higher than the one in private cloud environments.
Cybercrime statistics reveal that the average cost of a data breach in a hybrid cloud environment is $4.75 million. In comparison, the average cost decreases to $4.57 million for public cloud environments and $3.98 million for breaches in private cloud environments. Hybrid cloud environments are also the most common targets of cyberattacks, with 39% of all cloud-based incidents targeting them. Meanwhile, 27% of attacks target public clouds, 18% target on-premises clouds, and 16% target private clouds.
(IBM)
The average cost of a data breach in the USA, at $9.48 million, is the highest in the world.
Cybersecurity stats show that the average cost of a data breach in the Middle East is the second-highest, at $8.07 million, while in Canada, it is $5.13 million, or the third-highest globally. By industry, the cost of a data breach in healthcare is by far the most expensive, at $10.93 million on average. In the financial sector, the average cost of a data breach is $5.90 million, and in pharmaceuticals, it is $4.82 million.
(IBM)
Statistics on Ransomware
The average cost of a ransomware attack in 2023, excluding the cost of the ransom, is $5.13 million.
In comparison, the average cost of a ransomware attack, without the cost of ransom, was $4.54 million in 2022, indicating a 13% year-over-year increase. Ransomware is the second-most common type of malicious attacks in 2023, responsible for 24% of such incidents. At 25%, destructive attacks are only slightly more prevalent; they also cost more at $5.24 million per incident, up 2.3% from $5.12 million in 2022.
(IBM)
Businesses with between 101 and 1,000 employees were targeted for 35.7% of the ransomware attacks in Q2 of 2023.
Malware statistics point to larger organizations as the primary ransomware targets in 2023, with 22.5% having 1,001–10,000 employees. A significant portion of SMEs were attacked as well — 25.6% of the targeted organizations had between 11 and 100 employees. Furthermore, 4.7% of the victims were microenterprises with up to ten employees, 3.9% were large enterprises with between 10,001 and 25,000 employees, 3.1% had 25,001–50,000 employees, and companies with between 50,001 to 100,000 employees were the target of 3.1% of the ransomware attacks.
(Coveware)
15.5% of the ransomware attacks in Q2 of 2023 were aimed at companies that provide professional services.
Data on recent cyberattacks reveals that most ransomware actors are industry agnostic and attack any company they believe to be profitable. However, organizations from certain sectors more commonly find themselves on the short end of the stick. Besides professional services, 14% of the targets were healthcare organizations, while companies from the materials industry were targeted in 11.6% of the attacks. Furthermore, 10.1% of victim companies were from the public sector, while software and financial services providers each attracted 7% of the attacks.
(Coveware)
The average ransomware payment in Q2 of 2023 was $740,144.
Statistics on ransomware show a staggering 126% increase in the average amount of ransom paid to cyber attackers in the second compared to the first quarter of 2023. At the same time, the median amount of ransomware paid has increased by 20%, and it currently stands at $190,424. The most commonly observed ransomware variants for this quarter are BlackCat and BlackBasta, each involved in 15.5% of the attacks, and Royal, which was used in 10.1% of the incidents.
(Coveware)
Cybersecurity Facts
On average, organizations with fully deployed security AI and automation identify and contain data breaches in 214 days.
The average time for companies that don’t rely on such security tech to protect themselves is 108 days longer, or 322 days. Data also shows that the percentage of organizations that deploy security AI and automation in 2023 is 61% — a considerable drop from 70% the previous year. Finally, the average cost of a data breach for companies that fully rely on AI and automation to protect themselves is $3.60 million, while it is $5.36 million for those relying solely on manual security inputs.
(IBM)
69% of companies increased their cybersecurity budgets in 2022.
Facts about cybersecurity show that most companies (25%) increased their cyber budgets by between 6% and 10%. At the same time, 18% grew their budgets by 1%–5%, 14% saw increases in the 11%–14% range, and 12% of companies increased their cybersecurity spending by 15% or more. With the increase in cyberattacks and their cost, it’s interesting to note that 12% of organizations kept their cybersecurity budgets the same as in 2021. Even more worrisome is the fact that 15% of companies saw their cyber budgets decrease in 2022.
(Statista)
A total of 2,421 US local governments, schools, colleges, and health organizations were impacted by ransomware in 2022.
More precisely, cybersecurity statistics show that 106 public offices were victims of ransomware that year in the USA, and at least 27 of these incidents involved data theft. Regarding the education sector, 45 school districts and 44 college and university campuses were attacked, which resulted in learning disruption in more than 1,981 schools. Meanwhile, the 25 attacks aimed at hospitals and multi-hospital systems affected close to 290 health organizations and resulted in at least 623,774 patients having their personal data compromised.
(Emsisoft)
An average of 13,814 phishing and scamming pages were detected daily in Q3 of 2022.
Social engineering statistics reveal that the total number of fraudulent websites detected during this quarter — 1,270,883 — marks a 15.8% increase from the 1,097,811 sites detected in the previous quarter and the highest-ever number of scamming sites detected in a quarter. According to research, DHL was the most frequently impersonated brand during 2022’s third quarter, used in 22% of all brand phishing attempts. Other brands often imitated in phishing attacks included Microsoft (16%), LinkedIn (11%), and Google (6%).
(Statista, Check Point)
FAQs on Cybersecurity Statistics
What percentage of cyberattacks are caused by human error?
How often do cyberattacks occur?
How many cyberattacks happen per day?
What is the most common way hackers find information?
The Summary
As per the cybersecurity data above, hackers keep raising the bar and continue to reach new heights of illicit activities yearly. Given that they are mainly motivated by financial gain, we shouldn’t expect them to slow down on their own any time soon. To end the article on an optimistic note, cybersecurity solutions can counter the vast majority of attacks or, at the very least, considerably mitigate the damages. As hackers always try to improve their methods, cybersecurity teams need support to match their efforts, and thankfully, stats reveal that more and more organizations finally realize the danger of risks and increase their cybersecurity budgets.
Sources:
