Cybersecurity Statistics – Facts, Threats, Cybercrime, Attack Types

Tajammul Pangarkar
Tajammul Pangarkar

Updated · Jun 20, 2023

SHARE: is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.
Advertiser Disclosure

At Scoop, we strive to bring you the most accurate and up-to-date information by utilizing a variety of resources, including paid and free sources, primary research, and phone interviews. Our data is available to the public free of charge, and we encourage you to use it to inform your personal or business decisions. If you choose to republish our data on your own website, we simply ask that you provide a proper citation or link back to the respective page on Scoop. We appreciate your support and look forward to continuing to provide valuable insights for our audience.

Cybersecurity Statistics – Cybersecurity has become an indispensable component of modern life, with technology increasing our risk of cyber threats exponentially. Organizations and individuals must take precautionary steps to secure digital assets and sensitive information proactively. Paragraph formats typically used when discussing cybersecurity typically include an introduction, followed by an explanation of its importance, potential threats and vulnerabilities, and measures that can be implemented to manage risks.

Additionally, this paragraph could discuss the roles played by individuals and organizations in maintaining cybersecurity, the significance of regular updates and patches, the need for robust authentication mechanisms, as well as raising cybersecurity awareness and education. Upon conclusion of this paragraph, it’s crucial to emphasize that cybersecurity is an ongoing process that demands constant vigilance and adaptation to an ever-evolving threat landscape.

Editor’s Choice

  • Every 39 seconds there’s an attack by hackers.
  • Healthcare is still the most targeted victim of ransomware attacks.
  • 92% of malware was distributed via email.
  • 4.1 million websites are infected by malware at any moment.
  • 49 days is the standard amount of time needed to spot a ransomware infection.
  • A total of $29M was snatched from the fintech firm by hackers.
  • 97% of security breaches are caused by WordPress plugins.
  • A total of $3 billion in cryptocurrency was stolen during hacks that have been ongoing to this day.
  • 66% of CIOs have said they intend to increase their investment in cybersecurity.
  • The statistics on cybersecurity for remote work indicate that 74% of IT experts believe that it is an extreme risk to cybersecurity.

(Source: Tripwire)

General Facts About Cyber Security

  • Cybersecurity investment is expected to surpass $188 billion by 2023.
  • In 2023, there will be roughly 3.5 million unfilled cybersecurity jobs.
  • 65% of board members believed their organization was vulnerable to a cyberattack.
  • Nearly 70% of firms reported a security team labor shortage.
  • Talent shortages affect 94% of security departments and 93% of research and development teams.
  • 77% of security professionals polled by ISC2 stated that they were pleased or highly satisfied with their jobs, up from 66% in 2019.
  • According to the same ISC2 poll, 55% of security-related workers began their careers in IT before moving into security.
  • According to 69% of MSPs, their clients suffer from compliance.
  • Google and Microsoft have pledged to invest more than $60 billion in cybersecurity technologies over five years.
  • By 2023, the global automotive cybersecurity industry is expected to reach $9.7 billion.
  • The Internet of Things (IoT) market is predicted to expand by 18% to 14.4 billion connections globally by 2022.
  • 44% of survey respondents state that they do not provide cybersecurity training to their employees about remote work concerns.

(Source: Seeking Alpha, Ventures in Cybersecurity, From CPO Magazine, ISACA, 2022 State of Pentesting Report, ISC2, Kaseya, CNBC, IoT for Everyone, Databasix, McKinsey)

Cybercrime Costs

Cybercrime will cost businesses globally an estimated $10.5 trillion per year by 2025, up from $3 trillion in 2015. Cybercrime constitutes the greatest transfer of economic value in history, according to Cybersecurity Ventures, with a year-over-year growth rate of 15%.

Small Business Cybersecurity Statistics 2023

Many small and mid-sized companies believe that cyberattacks only happen to big corporations. It’s not the reality. 43% of all cyberattacks target small-sized businesses.

47% of SMBs were attacked by cybercriminals in 2022.

Surprisingly that only 26% of small-sized businesses can prioritize cybersecurity as their top concern which leaves many at risk of data breaches, ransomware, and other malicious cyber-attack errors the cause of 52% of verified attacks against SMBs.

In response to the increasing use of remote work in the workplace, 64% of SMBs have updated their cybersecurity policies However, many are still not taking sufficient measures to guard against cyber-attacks.

Phishing remains among the most significant cyberattacks SMBs confront. Trojan-PSW attacks, which are used to steal login and password details, grew by almost 25%, and 35,400,000 malware attacks were discovered against SMBs during the three-the three months2022.

The costs of cyberattacks can be astronomical as the cost for a claim against small-sized businesses increases to $139,000. Despite the dangers that come with cyberattacks, 46% of SMBs do not have a clue about how to manage cyber risk and are therefore more susceptible to being targeted.

Attack Type Statistics 2023

Cybersecurity Statistics – Malware

Malware plays a key part in virtually every type of hack, from DDoS to ransomware-related attacks.

In the first quarter of 2022 2.8 million malware-related attacks were reported, and that’s not counting those 5,520,908 smartphone malware threats from adware and riskware that were blocked in the second quarter of 2022.

Iran is the which is the most impacted by malware that is mobile as well as VBA Trojan is the most common variant of mobile malware. VBA Trojan is the most popular malware variant for 2022. It is important to remember that 92 percent of malware is transmitted via email. In addition, the first half of 2022 witnessed the most significant 976.7 percent growth in the number of Emotet-related detections in comparison to the first half of 2021.

What you should do to ward off malware attacks?

  • Use security software to identify and stop malware. Use strong passwords that include two-factor authentication to make it challenging for criminals to get access to your account or device.
  • Additionally, ensure you’re running the most up-to-date edition of the software. older versions may contain security flaws that require patching.
  • Don’t click on links that come from unidentified sources, as this could aid in spreading malware.

Cybersecurity Statistics – Phishing 2023

The financial cost of phishing scams can be huge the financial cost of phishing attacks is significant. IBM declared that phishing attacks were the most expensive of the attack vectors with an average cost in the range of 4.91 million. In November 2022 Google blocked more than 231 million spam or phishing messages which highlights the magnitude of the problem.

Below are methods to avoid phishing attacks

  •   Don’t share your private information on insecure sites.
  •   Change passwords often.
  •   Do not open emails that appear to be spam.
  •   Buy antivirus software.
  •   Beware of clicking on links from untrusted sources.

Cybersecurity Statistics – DDoS 2023

In the first quarter of 2022, the financial sector was most targeted, resulting in 23.6% of all attacks involving phishing. In the six months between 2022 the number of attacks involving phishing as per Security Magazine.

Zero-hour attacks, which are attacks that exploit weaknesses before they’re identified and patched, comprised 54% of all malware discovered in 2022 according to Slashnext. Spear-phishing attacks targeted to steal credentials accounted for 76% of all attacks.

Phishing attacks typically include using fake sites or email addresses that mimic authentic brands or organizations. In 2022, a staggering 850,000 domain names have been deemed vulnerable to Phishing, according to Interisle.

 DDoS also known as Distributed Attacks on Denial of Services is usually employed as a cover to deceive the owners of the targeted site while hackers try to create an additional more destructive attack.

The danger of DDoS attacks grew in 2022, resulting in an increase of 60% in malicious attacks over the first quarter of this year as per GTECH. One of the biggest DDoS attacks was a 2.5 Tbps attack that was launched by the Mirai botnet that targeted a Minecraft server. This was revealed by Cloudflare.

Cloudflare also observed a rise in HTTP DDoS attacks, which increased by 111% from year to year. Gaming and gambling were among the industries most targeted by DDoS attacks of L3/4 and demonstrates the risk of these industries to attacks.

These are methods to stop DDoS attacks

  •   Choose a DDoS mitigation service.
  •   Establish a secure network infrastructure.
  •   Check the traffic on your website.
  •   Make use of Web Application Firewalls (WAF).

Cybersecurity Statistics – BEC Attacks          

In 2022, 34% of attacks were initiated by hackers as Business Email Compromise (BEC) attacks, as per Arctic Wolf. This type of attack has become an issue for companies of any size, and companies struggled to keep up with the increasing threat.

And to make matters even more difficult the shocking fact is that 80% of the companies which were hit by BEC attacks did not have a Multi-Factor Authentication (MFA) solution implemented, which makes it easier for hackers to gain access to sensitive information and systems.

In 2023, 88% of the organizations polled by Sonicwall said that securing themselves against such attacks was a high priority.

Here are some methods to avoid BEC attacks

  • Allow Multi-Factor Authorization (MFA).
  • Steer away from free email domain registration.
  • Use a password manager like LastPass.
  • Make sure your team is trained to spot untrue emails.

Cybersecurity Statistics – Ransomware 2023

According to a study by Statista around 71% of companies suffered from ransomware-related attacks by 2022 leading to substantial losses. Austria was the hardest hit nation by ransomware attacks and Costa Rica’s government was one of those who suffered the biggest ransomware attack ever according to Cyber Management Alliance.

IT professionals typically pay ransoms to get back from a ransomware attack and, according to Statista, 72% of them paid in 2022. IBM says it takes on average 49 days to detect an attack that is ransomware-related, leaving organizations and businesses vulnerable for a prolonged period.

The services and industrial goods sector was the most frequent attack victim in Q2 2022 according to Digital Shadows. But, Q3 2022 witnessed an overall decrease in ransomware activity by 10.5% when compared with the prior quarter.

Ransomware-as-a-service (RaaS) is also a growing concern, with 67 active RaaS reported in the first six months of this year alone.

Here are some methods to ward off ransomware attacks

  •   Don’t use outdated software.
  •   Beware of clicking on unsafe links.
  •   Never plug in a USB you don’t have.
  •   Use VPNs for public networks.

Cybersecurity Statistics – IoT

There are more than 24 billion IoT devices and Operations Technology units present in the world. It creates a wide game for hackers, who create new and novel malware to disrupt IoT. According to experts in cybersecurity, IoT and OT enlarge the vulnerability of hackers.

For the initial six months in 2022, several 1.51 billion IoT incidents were reported which highlights the magnitude of the threat facing enterprises. In addition, the majority of IT departments do not know the type of devices they have connected to their networks. This indicates an absence of awareness and control over vulnerabilities that could be uncovered.

Furthermore, the dearth of highly skilled workers exacerbates security concerns regarding data for 32% of IoT businesses.

Here are some methods to stop IoT attacks

  •   Stay up-to-date with the latest firmware and software.
  •   Use Multi-Factor Authentication (MFA).
  •   Encrypt your devices properly.
  •   Connect IoT devices with secure Wi-Fi.

Cybersecurity Statistics – Cryptojacking

Attacks on the financial industry have increased by 269% between 2022 and 2023.

Over 500,000 people were impacted by malware that was malicious in the first quarter of 2022 alone and Monero (XMR) became the most used cryptocurrency in these kinds of cyberattacks.

(Source: Kaspersky)

In the financial industry, the number of crypto-jacking attacks has increased by an astounding 269% in the past year, with reports of cases reaching 66.7 million during the first quarter of 2022. The attacks have led to the loss of up to $3 billion in cryptocurrency.

Bridges between chains have also been an area of concern and have resulted in damages of $1.4 billion by 2022. The most significant cyber-attacks in the crypto industry so far cost $615 million, which demonstrates the seriousness and complexity of security risks.

Here are a few ways to protect yourself from attacks on cryptography

  •   Install updates to software and patches.
  •   Make sure you use a trusted cryptocurrency trading platform and wallet.
  •   Use browser extensions that block crypto mining such as MinerBlock.
  •   Make use of managed detection and reaction (MDR). MDR is a service.

Social Engineering Statistics 2023

75% of security experts think that social engineering is the “most perilous” security threat. The concerns aren’t unfounded as shown by the 249 social engineering incidents cited in a study conducted by Verizon.

The seriousness of the threat is illustrated by a well-publicized incident where hackers used an attack using social engineering for accessing the internal systems of Twilio and also the information of 125 customers.

Here are a few ways to ward off cyber-attacks using social engineering

  •   Utilize an encrypted Web Application Firewall (WAF).
  •   Enable MFA.
  •   Set high-level spam filters.
  •   Conduct a pentest to detect vulnerabilities.

Cybersecurity Statistics by Industry

Certain industries are more susceptible to cyber-attacks than others simply because of what they do in their operations. Although any industry can be impacted by an attack on data, the ones most vulnerable are those who are in close contact with people’s lives.

Companies that have sensitive information or personal data are often targets for hackers. Some of the types of companies or organizations which are the most susceptible to cyber-attacks are:

  • Financial institutions and banks: Contain credit card information, bank account details, and personal customer or client information.
  • Institutions in the field of healthcare: The repository for medical records and clinical research data and patient records, such as the social security number, payment details, as well as insurance claims.
  • corporations: Includes data like ideas for products, intellectual property marketing strategies, employee and client databases, contract agreement pitches for clients, and much more.
  • Higher education Store information regarding enrolment data as well as academic research, financial records, as well as personally identifiable data such as addresses, names, and billing information.

Statistics on Cybersecurity Jobs

Cybersecurity professionals are highly sought-after. The rise in cybersecurity-related attacks has led to a growing demand for highly skilled cybersecurity specialists.

  • In reality, it’s believed that there’ll be 3.5 million cybersecurity jobs unfilled in 2025.
  • The market for jobs is expected to increase by 33% between 2021-2031 According to the Bureau of Labor Statistics.
  • The median wage for a cybersecurity professional is $102,600, as per the BLS.

(Source: BLS)

Most Dangerous Cybersecurity Threats & Trends

Companies are taking active steps to prepare themselves for what the near future brings and we should expect changes over the next several years.

  • Security for supply chain software has been significantly upgraded.
  • Ransomware will increasingly pose a threat to businesses.
  • Companies are moving toward zero-trust cybersecurity measures with tightened controls over third-party suppliers’ actions in terms of cybersecurity.
  • Enhance cyber insurance to provide additional protection to businesses.

Cybersecurity Costs

Data Breach

The main cost associated with data breaches is penalties that are imposed by regulatory bodies such as GDPR PCI-DSS and HIPAA.

  • Data breaches in the US is costlier than the amount of data breach that occurs globally.
  • $9.44M is the median cost of an incident involving data breaches within the US.
  • $10.10M is the median cost of a data breach within the health industry.

(Source: IBM)


Alongside the ransom payment, there are also penalties if regulatory authorities find a flaw in your actions regarding how secure your data is.

  • $4.54M is the median cost of a ransomware attack.
  • The average ransom payment is $ 1 million. median ransom amount.
  • 80% of companies that have paid ransom are now being targeted a second time.

(Source: IBM, Netapp)

Cyber Insurance

Cyber insurance protects you should you be attacked. However, when you experience attacks or the level of cybercrime rises and you pay much more in cyber insurance costs.

  • The cost of cyber insurance increased by 28% on average for the quarter that began in 2022.
  • 55% of businesses offer cyber security.
  • The majority of businesses reported an increase in cyber insurance costs.
  • The biggest ransom payments made by insurance companies in the past two years are $3.52m across the US.
  • $3.52m is the highest ransom payment made by U.S. insurers in the past two years.
  • 35% of IT experts say that their company may be contemplating taking out cyber insurance.

(Source: Munichre, Panaseer, Blackberry, CNBC)

Hiring & Budgeting

The more difficult it is to tackle cybercrime, the more will need to invest in security. Resource allocation is an integral component of your cybersecurity plan.

  • The median wage for a Cyber Security Engineer can be $1,064,411 within the United States.
  • Security analysts cost between $53,000 to $116,000 a year.
  • 769,736 job opportunities in the cybersecurity field at the time of September 2022.
  • Companies have allocated 12.8% of their IT budgets to cybersecurity.
  • 51% of small-sized businesses have said they don’t allocate any funds to cybersecurity.
  • 77% of executives at the C-level intend to increase their zero-trust spending in the next year.
  • 65% of Indian CXOs are planning to invest more in cybersecurity by 2023.
  • The industry will invest $6.69 billion in cloud security by 2023.

(Source: Gartner, Glassdoor, BitLyft, VentureBeat, Nordlayer, Cyberseek)


Cybersecurity has become an indispensable aspect of digital life. With technology constantly advancing and our reliance on interconnected systems increasing, cybersecurity measures have never been more essential. Cyber threats are constantly evolving and becoming more sophisticated and pervasive, posing significant threats to individuals, businesses, and nations alike. Protecting sensitive information, protecting privacy, and maintaining the integrity of our digital infrastructure is of utmost importance.

Individuals, organizations, and governments must remain vigilant and proactive, continuously adapting our cybersecurity practices to stay one step ahead of cybercriminals. Through investing in cutting-edge technologies, creating a cybersecurity-aware culture, and global collaboration, we can build a safer digital future. Cybersecurity is ultimately our collective responsibility; therefore, we must put forth effort in safeguarding its future.


What are the annual statistics regarding cyberattacks?

2023 is predicted to be the year we experience 33 billion accounts being compromised, and 850,000 cyber-attacks worldwide – approximately one every 39 seconds on average!

Can banks protect themselves from hackers?

According to Kaspersky Lab’s estimates, 20 million cyberattacks on banks have been identified and blocked since 2007. Furthermore, 79% of IT experts consider the banking industry to be an ideal target for dark net operators.

How many attacks occur daily?

Cybercrimes are estimated to occur somewhere around 23,28 times daily and, since 2001, have resulted in approximately 6.5 million victims and $26 billion worth of losses over this timeframe.

Tajammul Pangarkar

Tajammul Pangarkar

Tajammul Pangarkar is a CMO at Prudour Pvt Ltd. Tajammul longstanding experience in the fields of mobile technology and industry research is often reflected in his insightful body of work. His interest lies in understanding tech trends, dissecting mobile applications, and raising general awareness of technical know-how. He frequently contributes to numerous industry-specific magazines and forums. When he’s not ruminating about various happenings in the tech world, he can usually be found indulging in his next favorite interest - table tennis.