50 Cybersecurity Stats IT Professionals Should Know for 2023

Share :

When it comes to cybersecurity, knowledge is power. Understanding what threats exist, where trends are headed, and how cybercrime could affect your organisation is all critical to building up your defenses and improving your security posture.

For example, the cybercrime industry is now a $1.5 trillion industry — has your organisation contributed to that total? Is your organisation concerned about cyber attacks? It should be as cyber attacks are the number one most concerning risk to global commerce. Do you think your organisation is prepared if a threat occurs? On average it took organisations 277 days to identify and contain a breach in 2022. That’s a lot of (costly) downtime. 

Let’s explore other statistics that every organisation should consider when it comes to cybersecurity and the rising threat of cyber attacks. 

50 Cybersecurity Stats to Know

What Causes Data Breaches? 

1. 81% of breaches being caused by those external to the organisation. (8) 

2. 19% of data breaches are caused by internal errors. (8) 

3. 77% of data breaches are financially motivated. (1) 

4. 58% of data breaches target personal data. (1) 

5. Roughly 4 in 5 breaches can be attributed to organised crime. (1) 

6. Error continues to be a dominant trend and is responsible for 14% of breaches. (2)  

7. 81% see vulnerabilities and misconfigurations as the biggest weakness within their infrastructure. (2) 

Methods of Attack 

8. Human element involved in 95 percent of all breaches. (8) 

9. Compromised credentials were the most common attack vector exploited, followed by phishing and vulnerabilities. (1) 

10. Supply chain was involved in 61% of incidents this year. (1) 

11. Business Email Compromise (BEC) cases, 80% of the impacted organisations did not have multi-factor authentication (“MFA”) in place. (3) 

12. Stolen or compromised credentials were not only the most common cause of a data breach, but at 327 days, took the longest time to identify. (4) 

Ransomware 

13. There’s been a 435% increase in ransomware attacks since 2020. (8) 

14. 700M ransomware attacks in 2021 (1) 

15. $40M USD paid as the largest ransom to date (1) 

16. The median ransom demand across all ransomware incidents Tetra Defense responded to was USD$450,000 (3) 

17. Microsoft Exchange (ProxyShell) and VMWare Horizon (Log4J) remain the top two external exploits being leveraged to deploy ransomware. (3) 

18. Lockbit is rising as the dominant threat actor group in ransomware, accounting for more publicly disclosed ransomware incidents than the next three leading threat actor groups (BlackCat, Conti, and Quantum). 

19. Extortion demands have more than doubled in 2022. (6) 

Phishing 

20. 64% of organisations list phishing as their primary vector of concern. (2) 

21. 48% of organisations identify a need to learn more about phishing mitigation. (2) 

22. 90% of incidents analysed by Arctic Wolf include a targeted employee attack. (2) 

Security Spending 

23. Organisations spent $170B in 2022 on security products and services. (2) 

24. Venture capital funding for cybersecurity surpassed $20B in 2021 (2)  

25. Cost is the #1 factor organisations consider when establishing a security program. (2) 

26. Gartner predicts 45% of IT spend will be cloud outsourced by 2024. (2) 

27. 25% of small businesses spent less than $500 on their monthly cybersecurity plan Pre-COVID. 26% of users are now investing more heavily in cybersecurity with a monthly budget of $500-$1,499.

Cloud security 

28. 19% of companies have invested in Cloud Security Posture Management (CSPM) (2) 

29. 28% of organisations list cloud security as their top infrastructure concern. (2) 

30. 22% of organisations have plans to expand cloud security within the year. (2) 

31. 47% of incidents investigated by Arctic Wolf include the cloud. (2) 

Rising Data Breach Costs 

32. $9.44M is the average cost of a data breach in the United States. (4) 

34. $4.35M is the global average total cost of a data breach. (4)

35. The cost of a breach in the healthcare industry went up 42% since 2020.

Cybersecurity Staffing Issues 

36. 76% of organisations cannot achieve their security goals due to staffing concerns (2)

37. 56% of organisations distribute security responsibilities to their IT staff (2)

38. 70% of customer environments include latent threats (2)

39. 65% of cybersecurity employees are actively considering new positions (2)

40. 53% of companies are either currently using a service provider or will adopt one within a year (2)

41. It’s estimated that there will be 3.5 million unfilled cybersecurity positions globally by 2025. That’s approximately the same as in 2021. (6)

42. Overall, cyber-related claims seen by corporate insurer Allianz Global Corporate & Specialty increased from almost 500 in 2018 to more than 1,100 in 2020. (6)

Defense Strategies 

43. By 2025, 50% of organisations will be using MDR services for threat monitoring, detection, and response functions that offer threat containment and mitigation capabilities. (5)

44. 80% of threats can be prevented by implementing the top five CIS controls. (2)

45. Through 2023, government regulations requiring organsations to provide consumer privacy rights will cover five billion citizens and more than 70% of global GDP. (5)

46. 60% of organisations will embrace Zero Trust as a starting point for security by 2025. More than half will fail to realise the benefits (5)

47. 42% of respondents have revised their cybersecurity plan since the COVID-19 pandemic.

48. The cyber insurance market is expected to be worth $20 billion by (6)

49.  Most companies have business continuity plans, but less than 40% test them. (6)

50. By 2025, 60% of EDR solutions will include data from multiple security control sources, such as identity, cloud access security brokers (CASBs) and data loss prevention (DLP).  (5)

Sources: 

  1. Verizon Data Breach Investigations Report (DBIR) 2022 
  2. Arctic Wolf 2022 Trends: The State of Cybersecurity 
  3. 1H 2022 Incident Response Insights from Arctic Wolf Labs 
  4. IBM Cost of A Data Breach 2022 
  5. Gartner  
  6. Allianz Global Corporate & Specialty 
  7. Cybersecurity Ventures 
  8. World Economic Forum 
Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Categories