Every day, 4,000 cyber attacks occur worldwide, and every 14 seconds, a company falls victim to a cyber attack.
Currently, businesses are spending an average of 12% of their IT budgets on cybersecurity to protect themselves from these cyber attacks. Is that enough?
What types of attacks are the most common? How can you strengthen your online security?
Our detailed cybersecurity statistics will help you understand these points and act accordingly.
So, without further delay, let’s get into it.
Cybersecurity Statistics: Top Picks for 2023
- Over 1 million cyber-attacks are executed every year.
- Over 90% of cyber attacks begin with phishing.
- The cybersecurity market will be valued at $538.3 billion by 2030.
- Microsoft was the most spoofed brand in 2022.
- Small businesses spend 10% of their IT budget on cybersecurity.
- 55% of the businesses currently spend on cyber insurance.
- The cost of cyber insurance increased by 28% in 2023.
How many Cyber Attacks take place per day?
- Approximately 4,000 cyber attacks take place every day globally.
Over 560,000 malware pieces are detected every day.
|Time Frame||Number of cyber attacks|
|Per week||Over 28K|
|Per month||Over 120K|
|Per year||Over 1 million|
How often do Cyber Attacks occur?
- Every 14 seconds, a company falls victim to a ransomware attack, resulting in devastating financial losses.
In the first half of 2022 alone, 236.1 million ransomware attacks were recorded globally. The total damage from cyber-attacks was $7.08 trillion in the same year.
This is huge! Considering the increasing cyber-attack rate worldwide, these damages are predicted to increase as the years pass on.
- In 2022, ransomware was the most repeatedly witnessed cyberattack.
It accounted for 68% of the total attacks detected worldwide. Network breaches and data filtration were witnessed less frequently but were responsible for the second and the third most repeated attacks.
Here is the distribution of the detected cyberattacks worldwide.
|Type of cyber attack||Share of detected attacks|
Cyber attack trends
- The manufacturing industry witnesses the highest share of cyber attacks worldwide.
Almost 25% of the total cyber attacks are recorded in the manufacturing industry. The finance and insurance industry closely follows it.
Here is the further distribution of cyber attacks in different industries worldwide.
|Industry||Share of cyber attacks recorded in the industry|
|Finance and insurance||18.9%|
|Professional, business, and consumer services||14.6%|
|Retail and wholesale||8.7%|
|Media and telecom||0.5%|
- The cybersecurity market worldwide is predicted to reach $538.3 billion by the end of 2030.
This is due to the rising investments in the cybersecurity infrastructure worldwide, led by increasing awareness of cyber threats.
The following table displays the data about the cybersecurity market recorded in the past years as well as the forecasted data.
|Year||Cybersecurity market worldwide|
- 16% of the respondents to a survey stated that their company has realized the benefits of implementing cloud security, endpoint security, and security awareness.
However, over 51% of the companies have started investing in or are planning to invest in Third-party risk management processes and Zero trust.
Here is a table displaying the latest trends in the cybersecurity investments.
|Investment in||Started or planning to implement in the future||Companies that have realized the benefits||Companies implementing at scale|
|Third-party risk management processes||51%||12%||32%|
|Enterprise-wide information governance framework||50%||14%||32%|
|Real-time threat intelligence capabilities||49%||15%||33%|
|Enterprise identity and access management||48%||14%||32%|
|Consumer identity and access management||48%||14%||33%|
|disaster recovery planning||47%||15%||34%|
|Security awareness training||46%||16%||36%|
|Managed security services||46%||15%||33%|
Here are some detailed statistics related to Cyber Crime that occurred worldwide.
Phishing Attack Statistics
7.) 22% of all data breaches occur through phishing scams.
According to the FBI’s report, it is one of the most prevalent cybercrimes. At the same time, almost 83% of the companies reported witnessing Phishing attacks at some point of time in the same survey.
- According to cisa.gov, almost 90% of all cyber attacks begin with phishing.
- 3.4 billion phishing emails are sent every day.
This means 1.2% of all the emails sent every day globally are malicious.
- In 2022, Microsoft was the most spoofed brand.
The threat actors usually spread malicious URLs or files through fake job offers, money refund scams, and lottery messages.
Here is a list of the most spoofed brands as of 2022:
- Brand name
- Vietnam is the most targeted country by phishing attacks worldwide.
The phishing attack rate in the country as of 2022 was 17.03%.
Macau and Madagascar follow Vietnam in the list of most targeted countries by phishing attackers.
The following table displays the countries targeted the most in the phishing attacks in 2022:
|Country||Share of phishing attacks|
- Almost 57% of the users in Peru encountered a mobile phishing attack that had the purpose of credential theft.
On the contrary, the users in New Zealand had a lower encounter rate of mobile phishing attacks than the other markets and had lower risks of their credentials getting stolen.
- Apple was the most mimicked brand to target consumers for the financial phishing attacks that targeted online shoppers.
Apple was impersonated in almost 60% of the financial phishing attacks, and Amazon was the next most used, with a share of 15% of phishing attacks.
Here is a table displaying the most impersonated brands for phishing attacks worldwide:
|Brand||Percentage of the phishing attacks under their name|
|Amazon.com: Online shopping||14.81%|
|Luxottica Group S.p.A.||1.2%|
|Wal-Mart Stores, Inc.||1.11%|
- According to a report by Symantec, 65% of cyber-attacks are perpetrated through spear phishing.
- $4.91 million was the cost caused by the phishing breach attacks in the year 2022.
Did you know? Ecommerce companies lost 2.9% of their global revenue to ecommerce frauds in 2022.
- 5.5 billion malware were recorded in 2022.
This was an increase of 2% compared to the previous year.
Over 5 million of these malware attacks belonged to the education sector.
This table shows the number of malware attacks recorded over the past years:
|Year||The number of malware attacks|
- The worm was the most frequent type of malicious file blocked worldwide.
The malware detectors could block almost 206 million worm malware from the malicious files in 2022.
Here is a breakdown of the most frequently blocked malware in the malicious files:
|Malware type||Number of blocked malware|
- According to the security brief,86% of the malware is delivered through emails.
The share of global malware attacks via emails increased from 33% to 86% from 2018 to 2022.
In contrast, the percentage of web attacks decreased from 67% to 14% during the same time frame.
The following table displays the distribution of malware attacks that occurred through email and the web over the past years:
- 27.39% of the mobile malware attacks were detected from the RiskTool.
At the same time, Trojan was accountable for 15.56% of the mobile malware. Troyan-spy had a share of 4.55% in the mobile malware attacks.
Here are the details about mobile malware recorded worldwide:
|Type of mobile malware||Share of malware threats|
- More than 81% of the mobile users in Iran were attacked by mobile malware in 2022.
The second most affected country was Yemen with 62.46% of less share of users as compared to Iran.
Here are further details about the percentage of mobile users who were victims of mobile malware in 2022.
|Country||Percentage of mobile users attacked|
Password cracking attack
- Almost 25% of the individuals were affected by data breaches due to password cracking attacks in the past couple of years.
- 65% more passwords were attacked and compromised in the year 2022 as compared to 2020.
- More than 80% of fundamental web application attacks are due to stolen passwords.
According to Digital Darkshadows, the login credentials for banking and other financial accounts are sold for an average price of $70.91.
- It takes just 4 seconds to crack a 7-character password even when it includes numbers, upper case, lower case, letters, and symbols.
According to Hive Systems, if you need a secure password, you must include at least 12 characters, including numbers, letters, symbols, uppercase, and lowercase.
They could generate these estimates with the help of a hashing system, where they converted the passwords into hash values and calculated the time required to crack the passwords.
Here is a detailed breakdown of the passwords and the time required to crack them.
|Number of characters||Numbers only||Lowercase letters||Uppercase and lowercase letters||Numbers, uppercase and lowercase letters||Numbers, uppercase, lowercase and symbols|
|4||Instantly||Instantly||Instantly||1 sec||1 sec|
|5||Instantly||1 sec||19 secs||45 sec||1 min|
|6||Instantly||15 sec||16 mins||46 mins||2 hours|
|7||Instantly||7 min||14 hours||2 days||5 days|
|8||5 sec||3 hours||4 weeks||4 months||11 months|
|9||49 sec||3 days||4 years||21 years||63 years|
|10||8 min||3 months||225 years||1k years||4k years|
|11||1 hour||6 years||11k years||80k years||307k years|
|12||14 hours||148 years||607k years||5m years||21m years|
|13||6 days||3k years||31m years||311m years||1bn years|
|14||2 months||100k years||1bn years||19bn years||105bn years|
|15||2 years||2m years||85bn years||1tn years||7tn years|
|16||16 years||67m years||4tn years||74tn years||516tn years|
|17||156 years||1bn years||231tn years||4qd years||36qd years|
|18||1K years||45bn years||12qd years||284qd years||2qn years|
From the above table, it is evident that the length and the complexity of the password are the two major factors that affect the time required to crack a password.
- 1.7 million ransomware attacks are recorded every day.
This means that every 19 seconds, a ransomware attack takes place. And 10% of all the cyber attacks belong to the ransomware category.
However, only 41% of the victims of the attack pay the ransom.
- The ransomware ecosystem is continuously growing, and threat actors are switching between the malware they target.
For instance, according to Microsoft, the threat actors tracked as DEV-0569 were initially known as the access brokers for the ransomware gangs. Still, now they are working to abuse Google Ads through widespread advertising campaigns. Eventually, this will enable them to steal passwords and distribute malware to the infected devices.
- The ransomware attacks affect 72.7% of organizations worldwide as of 2023.
This figure is the highest by far, based on the data recorded over the past five years.
Over 50% of organizations worldwide have reported falling victim to ransomware attacks.
Here is the data recorded over the past years that indicate the number of organizations that have been victims of the ransomware attack.
|Year||Share of organizations|
- According to its impact, the WannaCry ransomware attack launched in 2017 was the most significant attack.
In this attack, the cyber actors stole more than 250 thousand user accounts of Microsoft Windows. As a result, Microsoft lost over four billion US dollars.
- 493.33 million ransomware attempts were detected by the organizations worldwide as of 2022.
However, this number decreased significantly by almost 130 million compared to the previous year.
The highest number of ransomware attack attempts were detected in the year 2021.
The following table displays the number of ransomware attacks recorded worldwide over the past years:
|Year||Number of ransomware attacks|
- Ransomware attackers were able to receive $457 million from the organizations in 2022.
The attackers were most successful during the pandemic, accumulating around $1.53 billion in 2020 and 2021.
The amount decreased in 2022 (when the pandemic restrictions eased down)
Here are further details about the amount collected by ransomware attackers worldwide over the years:
|Year||Ransomware amount received by the attackers.|
- BEC attacks, or business email compromise attacks, have grown by 81% in 2022.
The BEC attacks have grown by 175% in the past two years. This percentage growth is due to the failure of the employees to report the threat to the required authorities.
Source: SC Media.
- Employees open 28% of the BEC attacks and reply to 15%.
Source: Abnormal Security.
- 29.3 DDoS attacks were recorded per day in 2022.
This was an increase of 350% in the frequency of the attacks compared to the 8.4 attacks recorded daily in the year 2021.
- The number of DDoS attacks recorded in 2022 grew by 150% worldwide compared to last year.
At the same time, the number of attacks in America grew by 212%.
Over 50% of these attacks were targeted at EMEA, while the US was the target of 35% of attacks, and 7% of attacks were aimed at APAC.
- As of Q1 2023, 16% of the surveyed consumers reported facing Ransom DDoS attacks.
Apart from that, 20% of the DDoS attacks recorded in March 2023 were ransom DDoS attacks. While that recorded in January is 21% and February 2023 was 9%.
Here are further details about the RanSom DDoS recorded over the past quarters.
|Quarter||Percentage of Ransom DDoS attacks recorded|
- The longest DDoS attack lasted for 66 hours, and it ranged between 100 to 250Gbps.
- The largest DDoS attack in 2022 was 1.46Tbps and was 2.8 times larger than the most powerful attack recorded in 2021.
- 66.7 million cryptojacking attacks took place in the first half of 2022.
This number was recorded to be 30% higher as compared to that recorded in the first half of the year 2021.
The finance industry witnessed a 269% rise in cryptojacking cases. At the same time, the retail sector witnessed an increase of 63%.
- There was an increase of 43% in the year-over-year attack rates of cryptojacking.
According to the Sonic Wall cyber threat report, the cryptojacking attack volume passed the 100 million mark for the first time and set a new record of 139.3 million attacks in 2022.
Source: Social wall.
- 98% of the cyber-attacks rely on social engineering.
On average, business organizations face more than 700 social engineering attacks in a year. Almost 90% of data breach incidents target human errors to gain access to sensitive business information.
- Social engineering is the top attack type recorded in 2022.
According to an IBM report, the attack cost $4.1 Million in 2022. Their report added that the companies required 201 days to identify the breaches and 69 to contain them.
Cybersecurity Statistics by Target
The target of the cybercrimes differs according to the attacks the threat actor is planning. Hence, organizations and companies need to secure the main target of the attackers, like Websites, networks, APIs, etc.
This section will discuss the crimes targeted at different weak points on the internet.
- Web application attacks are involved in 26% of all breaches worldwide.
According to recent research done by Verizon, it is the second most common attack pattern.
- Websites experience 94 attacks daily and are visited by bots approximately 2,608 times a week.
According to SiteLock, Some of these bots are malicious and are used by cyber criminals to scan the website for vulnerabilities. These bots help the attackers in executing basic attack patterns.
The report also states that approximately 12.8 million websites worldwide are infected with malware, leading to the search engine blacklisting these websites. However, the existing tools are insufficient in detecting all the threats, as 88% of the websites remain unblacklisted, thus exposing users to malicious websites.
- The United States is the top country hosting most high-risk URLs.
Webroot has compiled this list based on keyloggers, botnets, malware sites, phishing, proxy avoidance, etc.
Here is a list of the top 10 countries hosting the most high-risk URLs worldwide.
- 1 in 10 malicious sites are hosted on non-malicious domains. Hence, it is difficult to predict whether the website you visit is malicious.
The manufacturing sector hosts the largest malicious URLs. 19.87% of the website URLs in this niche are malicious.
Shareware or torrents are the 2nd most malicious websites, while adult websites host the third most malicious websites.
Here is a distribution of the top site categories that host malicious websites.
|Category||Percentage of malicious websites|
|URL link modifier||5.81%|
- The corporate web security market is expected to reach 9.09 billion in 2026.
This segment includes appliances, cloud-based services, and software that protect users from malware. The web security segment also prevents data loss and helps the organization monitor employee activities.
The following table displays the revenue generated by the corporate web security market and the forecasted revenue generation for the following years.
|Year||Revenue generated by the corporate web security market|
- 52% of the drives can use USB drives to bypass network security.
USB drives are one of the primary vectors for malware attacks. Serves are also one of the major targets for cyber attackers. They provide an attack surface of 90% for security breaches.
- Cloud misconfigurations also expose the network to vulnerabilities.
According to IBM, cloud misconfigurations are accountable for 15% of the initial attack vectors in security breaches.
- 45% of the businesses that store sensitive data on the cloud have experienced data breaches.
According to Thales Groups, 66% of organizations store 21% to 60% of their sensitive data on the cloud, exposing it to data breach threats if not secured carefully.
Some ways to protect your network against attacks are to enable the network firewall, secure the router, use a strong encryption technique, and enable SSO.
- 18% of the clicks on phishing emails came from mobile devices in 2022.
- 46% of the organizations had suffered mobile-related breaches in 2022.
The main factor that contributed to the breaches was app threats.
- 18% of the successful company phishing attacks came from mobile devices.
According to the latest research, due to the rise in smartphone usage, mobile devices have become more vulnerable to cyber attacks, and almost 58% of the company mobile devices had atleast clicked one malicious URL. At the same time, 16% of the company’s mobile devices had at least one malware application installed.
- According to research conducted by the State of API Security, 94% of the respondents stated that they have experienced some security problems in the production of APIs in the past years.
At the same time, 17% of the respondents reported that they have experienced API-related breaches.
Here are further details about the security problems experienced by the people in producing APIs.
|Problem experienced in the production of APIs||Percentage of respondents|
|Sensitive data exposure/ privacy incident||31%|
|Brute forcing or credential stuffing||20%|
|Denial of service||19%|
|Account misuse/ other fraud||17%|
|Enumeration and scraping||11%|
- The global API security market size is expected to reach $ 3,034 million by the end of 2028.
The current market size recorded is $744 million.
The market is expected to witness a Compound Annual Growth Rate (CAGR) of 32.5% between 2023 and 2024.
Source: Global Wire.
- December 2022 recorded a huge increase of 400% in the number of attackers targeting the customer APIs.
According to Salt Security, the number of attackers targeting the customer APIs increased from 497 to 4,842.
Cybercrime statistics worldwide 2023
- 33 billion accounts are predicted to be breached in the year 2023.
This equals 2328 cybercrime attacks per day and 97 people falling victim to a cybercrime attack per hour.
- Over 6 million data records were exposed worldwide in the first quarter of 2023.
However, the highest number of exposed data was recorded in the fourth quarter of 2020.
Here are further details about the number of data exposed in the past quarters.
|Quarter||Number of records exposed|
|Q1 2023||6.41 million|
|Q4 2022||10.45 million|
|Q3 2022||14.78 million|
|Q2 2022||5.54 million|
|Q1 2022||3.33 million|
|Q4 2021||19.33 million|
|Q3 2021||14.1 million|
|Q2 2021||19.42 million|
|Q1 2021||95.58 million|
|Q4 2020||125.74 million|
|Q3 2020||10.09 million|
|Q2 2020||79.52 million|
|Q1 2020||68.99 million|
- Between 2001 and 2021, a minimum of 6.5 million people have fallen victim to cyber crimes.
According to national news, these cyber crimes have led to an estimated loss of $26 billion over the time period.
- Cybercrimes worldwide are expected to cause damage of $13.82 trillion by the end of the year 2028.
The estimated cost of cybersecurity is forecasted to increase by $5.7 trillion between 2023 and 2028.
The following table displays the estimated cost of cybercrime for the upcoming years. I have also listed the costs recorded over the past years.
|Year||Cost of cybercrime worldwide|
- Crypto crimes are expected to cost the world $30 billion annually by the end of 2025.
Source: Cybersecurity Ventures.
Social Media Cyber Crime Statistics
- 600,00 Facebook accounts are hacked daily.
- Facebook opened a $725 million settlement to the public.
In April 2023, users can apply for their share of the settlement package for the Cambridge Analytical scandal. The users could apply on the official website created until August 2023.
Source: Firewall times.
- In 2021, the personal data of 533 million Facebook users from 106 countries was listed online on a low-level hacking forum.
The data included phone numbers, full name, email address, and other biographical information. After the incident, security researchers warned that hackers could use this data to impersonate that person and commit fraud.
Source: Business Insider.
- Facebook removed 6.9 million pieces of content from Facebook that violated their policies as of 1st quarter of 2023.
The following table displays the number of content removed by Facebook over the past quarters under the charges of bullying and harassment.
|Quarter||Number of policy-violating content removed|
|2023 Q1||6.9 million|
|2022 Q4||6.4 million|
|2022 Q3||6.6 million|
|2022 Q2||8.2 million|
|2022 Q1||9.5 million|
|2021 Q4||8.2 million|
|2021 Q3||9.2 million|
|2021 Q2||7.9 million|
|2021 Q1||8.8 million|
|2020 Q4||5.7 million|
|2020 Q3||2.4 million|
|2020 Q2||1.4 million|
|2020 Q1||2.3 million|
- The personal information of more than 500 million WhatsApp users was sold on the dark web.
The data included the mobile numbers 0f the users from 84 countries.
The threat actors also claimed that they had collected the phone numbers of more than 32 million US WhatsApp users.
Source: Cyber News.
Cybersecurity by Industry
- Between November 2021 and October 2022, over 16 thousand cybercrime incidents were detected in all industries.
Among these, 700 cases were targeted at small companies.
The organizations in the public sector were most affected by cyber crimes.
Here is a breakdown of the cybercrime incidents between November 2021 and October 2022 according to industry and the organization’s size.
- 47% of small businesses were attacked by cyber attackers in 2022.
Only 26% of the small businesses stated that they consider cybersecurity as their priority, while the other businesses leave their data vulnerable to cyber crimes and attacks.
Source: get astra
- 52% of the attacks on small businesses were due to human errors.
During the rise of remote work, almost 64% of the small companies worked on the cybersecurity and invested in data protection. Still, the employees’ negligence and other work errors led to cyber attacks.
Around 35,400,000 attacks were recorded against small businesses in the first three months of 2022.
- In the second half of 2022, the cyber attacks on government organizations increased by 95%.
- Vanuatu’s government was targeted by major cyber attacks, leaving the official sites vulnerable to breaches and other attacks in November 2022.
This eventually raised safety concerns among the officials due to the huge damage caused and the data exposed to the vulnerabilities.
Use of VPN in cybersecurity
- 60% of internet users worldwide used their work applications remotely with the help of a VPN in 2022.
- Over 33% of the internet users use VPN services.
According to Surfshark, one-third of internet users prefer to use VPN for remote work, business transactions, or other purposes.
- The VPN industry is expected to be valued at $75.59 billion by the end of the year 2027.
Comparatively, it was valued at $44.6 billion in 2022 and $25.41 billion in 2019. This huge leap in the market took place with the increase in remote work during the spread of the pandemic.
- Small businesses spend around 10% of their annual budget on cybersecurity.
The amount various businesses spend on cybersecurity differs according to their budget. However, most companies spend around $2.5M on the cybersecurity of their servers and data.
- $9.44 million is the average cost of a data breach in the United States.
At the same time, the average cost of a data breach in the healthcare industry is $10.10 million.
- $1 million is the average ransomware payment.
$4.54 million is the average ransomware attack cost in the United States. Almost 80% of the organizations have reported paying the ransomware amount after being treated the second time.
- 55% of the businesses currently have cyber insurance.
Additionally, 35% of the IT professionals said their company looks forward to taking out cyber insurance. On average, $3.52m is the largest ransom payout by the insurers in the last two years.
- In the first quarter of the year 2022, cyber insurance increased by 28%.
Also, 85% of the businesses reported an increase in their cybersecurity premiums.
A cyber attack is an attempt by a hacker to damage or destroy a computer network or a system. In cyber attacks, the attackers usually attempt to steal, alter, expose, or dispose of the assets of another person through unauthorized access. It is a deliberate attack to infect the individual’s data or to breach the information.
Using VPN or encryption of your network through the control panel settings helps prevent cyber attacks. You can also use a firewall appropriately and encrypt the information wherever possible.
One of the biggest data breaches recorded in history is of Yahoo! The company suffered for several years due to its data breach. The breach cost 3 billion user accounts and this headline was covered by most of the news.