As cybersecurity leaders seek to allocate resources to their most pressing 2023 priorities, it can be challenging to determine which areas of business deserve the most attention — and budget.
To give you a better idea of the current state of overall security, we’ve compiled 80 cybersecurity statistics for 2023, ranging from data breaches and ransomware stats to third-party threats and Zero Trust implementations.
The cost of breaches continues to climb.
- The average cost of a data breach was $4.35M last year, the highest average on record, whereas the average cost of a ransomware attack was $4.54M. (IBM)
- The average cost of a ransomware recovery is nearly $2M. (Sophos)
- For the 12th year in a row, the United States holds the title for the highest cost of a data breach, $5.09M more than the global average ($9.44M total). (IBM)
- The average ransomware payment skyrocketed 518% in 2021 to $570,000. (GRC World Forums)
- Approximately 70% of breaches in 2021 were financially motivated, while less than five percent were motivated by espionage. (Verizon)
- GDPR fines totaled $1.2B in 2021. (CNBC)
- $17,700 is lost every minute due to a phishing attack. (CSO Online)
- Worldwide cybercrime costs will hit $10.5T annually by 2025. (Cybersecurity Ventures)
Cyberattacks and ransomware run rampant.
- In 2022, it took an average of 277 days — about nine months — to identify and contain a breach. (IBM)
- The share of breaches caused by ransomware grew 41% in the last year and took 49 days longer than average to identify and contain. (IBM)
- Last year, ransomware attacks increased by 93% year-over-year. (CyberTalk)
- The likelihood that a cybercrime entity is detected and prosecuted in the U.S. is estimated at around 0.05%. (World Economic Forum)
- 64% of Americans have never checked to see if they were affected by a data breach. (Varonis)
- 56% of Americans don’t know what steps to take in the event of a data breach. (Varonis)
- 54% of organizations have experienced a cyberattack in the last 12 months and 52% say there is an increase in cyberattacks compared to last year. (Ponemon Institute)
- 75% of respondents said they’ve experienced a significant increase in security incidents — most often due to credential theft, ransomware, DDoS, and lost or stolen devices. (Infosecurity)
- Globally, the threat of cyberattacks has increased by 16% since the Russia-Ukraine war began in February 2022. (Built In)
- Ransomware-as-a-service continues to gain popularity among threat actors, with ransomware breaches doubling in frequency in 2021. (Verizon)
- 86% of ransomware cases involve a threat of leaking exfiltrated data. (Coveware)
- More than half of all financial institutions were hit by ransomware within the last year — a 62% increase on the previous year. (Sophos)
- 43% of all breaches are insider threats, either intentional or unintentional. (Check Point) And 30% of data breaches involve internal actors. (Verizon)
- 94% of malware is delivered by email. (Verizon)
- On average, hackers attack 26,000 times a day, or every three seconds. (Forbes)
- The total number of predicted DDoS attacks worldwide this year is 15.4M. (Cisco)
Is working remotely a cause for worry?
- Remote work is growing. Gallup estimates more than 70M U.S. workers can successfully do their job working remotely and only 2% of those capable of working remotely choose to work onsite instead. (Gallup)
- 57% of organizations report that over half of their workforce works from home at least two days a week. (Check Point)
- When remote work is a factor in causing a data breach, the average cost per breach is $1.07M higher. (IBM)
- Remote work and lockdowns are driving a 50% increase in worldwide internet traffic, leading to new cybercrime opportunities. (World Bank)
- 47% of employees cited distraction as the reason for falling for a phishing scam while working from home. (Tessian)
- It takes organizations with a remote workforce 58 days longer to identify and contain the breach than office-based organizations. (CyberTalk)
- Remote workers have caused a security breach in 20% of organizations during the pandemic. (Malwarebytes)
Automation is the latest sensation.
- Artificial intelligence provides the most concrete cost mitigation in data breaches, saving organizations up to $3.81M per breach. (IBM)
- Organizations that had a fully deployed AI and automation program were able to identify and contain a breach 28 days faster than those that didn’t. (IBM)
- And organizations using AI were able to detect and contain data breaches 27% faster. (Teramind)
- The global artificial intelligence (AI) in cybersecurity market size was evaluated at USD 17.4B in 2022 and is expected to hit around USD 102.78B by 2032. (Precedence Research)
- It's poised to grow at a CAGR of 19.43% from 2023 to 2032. (Precedence Research)
- 51% of organizations have expanded the use of automation or AI into their cybersecurity strategy over the last two years. (Ponemon Institute)
- The average cost of performing a manual DSAR is around $1,500. (Gartner)
- North America has the highest revenue share of the AI market at about 38% in 2022. (Precedence Research)
Zero Trust gains popularity as privacy continues to be a priority.
- Modern privacy laws will cover the personal information of 75% of the world’s population by the end of the year. (Gartner)
- Organizations with a Zero Trust approach deployed saved nearly $1M in average breach costs compared to organizations without the methodology in place. (IBM)
- Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover five billion citizens and more than 70% of global GDP. (Gartner)
- Organizations with fully deployed Zero-Trust architecture saved 43% on data breach costs. (Teramind)
- The tech industry has spent more than $100M to fight antitrust measures and other bills in Congress that would create “significant risks for national security, user privacy and content moderation.” (Wall Street Journal)
- Gartner predicts that by 2023, 60% of enterprises will phase out their remote access VPN in favor of Zero Trust. (Forbes)
Third-party concerns are growing.
- Third-party attacks have increased from 44% to 49% year over year. (Ponemon Institute)
- Supply chain attacks are on the rise by 430%. (DarkReading)
- 39% of organizations expressed that a primary factor in improving security frameworks is vendor support issues. (Ponemon Institute)
- Forrester data reveals that 55% of security professionals reported their organization experienced an incident or breach involving supply chain or third-party providers in the past 12 months. (CSO Online)
- 49% of organizations have experienced a data breach caused by a third-party vendor in the last 12 months. (Ponemon Institute)
- 84% of survey respondents believe that software supply chain attacks could become one of the biggest cyber threats to organizations like theirs within the next three years. (CrowdStrike)
- 70% of organizations state that a third-party breach came from granting too much access, but only 52% said that breach changed their cybersecurity practices. (Ponemon Institute)
- 61% of organizations aren't confident that their third parties would notify them if they had a data breach involving your organization's sensitive and confidential information. (Ponemon Institute)
- Software publishers were the most common source of third-party breaches for a third consecutive year, accounting for 23% of related incidents. (Black Kite)
- 50% of organizations don’t monitor third parties with access to sensitive and confidential information. (Ponemon Institute)
- In 2021, 1.5B users' PII was leaked as a result of third-party breaches. (Black Kite)
- 43% of organizations are able to provide third parties with enough access to perform designated responsibilities and nothing more. (Ponemon Institute)
There’s room for cybersecurity posture improvement.
- More than 77% of organizations do not have an incident response plan. (ThriveDX)
- Only 59% of organizations say their cybersecurity strategy has changed over the past two years. (Ponemon Institute)
- More than half of super admins don't have MFA enabled. (Varonis)
- 80% of data breaches are the result of poor or reused passwords. (FinTech)
- 54% of companies say their IT departments are not sophisticated enough to handle advanced cyberattacks. (Sophos)
- Only 36% of organizations have visibility into the level of access and permissions both internal and external users have. (Ponemon Institute)
- 12,803 sharing links are open to all employees. (Varonis)
- On average, a company falls victim to a ransomware attack every 11 seconds. (Cybersecurity Ventures)
- 59% of organizations are not revoking credentials when appropriate. (Ponemon Institute)
- 81% of companies have exposed sensitive data. (Varonis)
- The average company is living with $28M in data breach risk with 157,000 sensitive records exposed. (Varonis)
- 60% of organizations cite lack of oversight and governance as a barrier to achieving strong security posture. (Ponemon Institute)
- The average breach cost savings at organizations with an IR team that tested their plan versus those who didn’t was $2.66M. (IBM)
- 10% of a company's SaaS data is exposed to all employees and 6% is open to the internet. (Varonis)
What’s beyond 2023?
- Gartner anticipates modern privacy laws will cover the personal information of 75% of the world’s population by the end of the year. Additionally, by 2025, the analyst firm predicts 40% of boards of directors will have a cybersecurity seat at the table. (Gartner)
- However, 60% of organizations will embrace Zero Trust as a starting point for security by 2025 yet more than half will fail to realize the benefits. (Gartner)
- 80% of organizations will unify web and cloud services from a single SSE platform by 2025. (Gartner)
- 60% of organizations will use cybersecurity risk as a primary determinant for third-party business transactions by 2025. (Gartner)
- Additionally, by 2025, 30% of nations will pass legislation on ransomware. (Gartner)
- 70% of CEOs will mandate a culture of organizational resilience by 2025. (Gartner)
- By 2026, 40% of organizations will have dedicated cyber committees and 50% will have performance requirements for C-level leaders. (Gartner)
- By year-end 2027, up to 40% of end-user organizations will use content disarm and reconstruction (CDR). (CSO Online)
- The worldwide information security market is forecast to reach $366.1B in 2028. (Fortune)
What you should do now
Below are three ways we can help you begin your journey to reducing data risk at your company:
- Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
- Download our free report and learn the risks associated with SaaS data exposure.
- Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Twitter, Reddit, or Facebook.
Megan is the content editor for Varonis and an avid fan of all things AP style. When Megan's not debating whether "cybersecurity" should be one word or two, she loves to travel with her husband and dote unhealthily on their pitbull, Bear.