As cybersecurity leaders seek to allocate resources to their most pressing 2023 priorities, it can be challenging to determine which areas of business deserve the most attention — and budget.
To give you a better idea of the current state of overall security, we’ve compiled 80 cybersecurity statistics for 2023, ranging from data breaches and ransomware stats to third-party threats and Zero Trust implementations.
Get a Free Data Risk Assessment
The cost of breaches continues to climb.
- The average cost of a data breach was $4.35M last year, the highest average on record, whereas the average cost of a ransomware attack was $4.54M. (IBM)
- The average cost of a ransomware recovery is nearly $2M. (Sophos)
- For the 12th year in a row, the United States holds the title for the highest cost of a data breach, $5.09M more than the global average ($9.44M total). (IBM)
- The average ransomware payment skyrocketed 518% in 2021 to $570,000. (GRC World Forums)
- Approximately 70% of breaches in 2021 were financially motivated, while less than five percent were motivated by espionage. (Verizon)
- GDPR fines totaled $1.2B in 2021. (CNBC)
- $17,700 is lost every minute due to a phishing attack. (CSO Online)
- Worldwide cybercrime costs will hit $10.5T annually by 2025. (Cybersecurity Ventures)
Cyberattacks and ransomware run rampant.
- In 2022, it took an average of 277 days — about nine months — to identify and contain a breach. (IBM)
- The share of breaches caused by ransomware grew 41% in the last year and took 49 days longer than average to identify and contain. (IBM)
- Last year, ransomware attacks increased by 93% year-over-year. (CyberTalk)
- The likelihood that a cybercrime entity is detected and prosecuted in the U.S. is estimated at around 0.05%. (World Economic Forum)
- 64% of Americans have never checked to see if they were affected by a data breach. (Varonis)
- 56% of Americans don’t know what steps to take in the event of a data breach. (Varonis)
- 54% of organizations have experienced a cyberattack in the last 12 months and 52% say there is an increase in cyberattacks compared to last year. (Ponemon Institute)
- 75% of respondents said they’ve experienced a significant increase in security incidents — most often due to credential theft, ransomware, DDoS, and lost or stolen devices. (Infosecurity)
- Globally, the threat of cyberattacks has increased by 16% since the Russia-Ukraine war began in February 2022. (Built In)
- Ransomware-as-a-service continues to gain popularity among threat actors, with ransomware breaches doubling in frequency in 2021. (Verizon)
- 86% of ransomware cases involve a threat of leaking exfiltrated data. (Coveware)
- More than half of all financial institutions were hit by ransomware within the last year — a 62% increase on the previous year. (Sophos)
- 43% of all breaches are insider threats, either intentional or unintentional. (Check Point) And 30% of data breaches involve internal actors. (Verizon)
- 94% of malware is delivered by email. (Verizon)
- On average, hackers attack 26,000 times a day, or every three seconds. (Forbes)
- The total number of predicted DDoS attacks worldwide this year is 15.4M. (Cisco)
Is working remotely a cause for worry?
- Remote work is growing. Gallup estimates more than 70M U.S. workers can successfully do their job working remotely and only 2% of those capable of working remotely choose to work onsite instead. (Gallup)
- 57% of organizations report that over half of their workforce works from home at least two days a week. (Check Point)
- When remote work is a factor in causing a data breach, the average cost per breach is $1.07M higher. (IBM)
- Remote work and lockdowns are driving a 50% increase in worldwide internet traffic, leading to new cybercrime opportunities. (World Bank)
- 47% of employees cited distraction as the reason for falling for a phishing scam while working from home. (Tessian)
- It takes organizations with a remote workforce 58 days longer to identify and contain the breach than office-based organizations. (CyberTalk)
- Remote workers have caused a security breach in 20% of organizations during the pandemic. (Malwarebytes)
Automation is the latest sensation.
- Artificial intelligence provides the most concrete cost mitigation in data breaches, saving organizations up to $3.81M per breach. (IBM)
- Organizations that had a fully deployed AI and automation program were able to identify and contain a breach 28 days faster than those that didn’t. (IBM)
- And organizations using AI were able to detect and contain data breaches 27% faster. (Teramind)
- The global artificial intelligence (AI) in cybersecurity market size was evaluated at USD 17.4B in 2022 and is expected to hit around USD 102.78B by 2032. (Precedence Research)
- It's poised to grow at a CAGR of 19.43% from 2023 to 2032. (Precedence Research)
- 51% of organizations have expanded the use of automation or AI into their cybersecurity strategy over the last two years. (Ponemon Institute)
- The average cost of performing a manual DSAR is around $1,500. (Gartner)
- North America has the highest revenue share of the AI market at about 38% in 2022. (Precedence Research)
Zero Trust gains popularity as privacy continues to be a priority.
- Modern privacy laws will cover the personal information of 75% of the world’s population by the end of the year. (Gartner)
- Organizations with a Zero Trust approach deployed saved nearly $1M in average breach costs compared to organizations without the methodology in place. (IBM)
- Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover five billion citizens and more than 70% of global GDP. (Gartner)
- Organizations with fully deployed Zero-Trust architecture saved 43% on data breach costs. (Teramind)
- The tech industry has spent more than $100M to fight antitrust measures and other bills in Congress that would create “significant risks for national security, user privacy and content moderation.” (Wall Street Journal)
- Gartner predicts that by 2023, 60% of enterprises will phase out their remote access VPN in favor of Zero Trust. (Forbes)
Third-party concerns are growing.
- Third-party attacks have increased from 44% to 49% year over year. (Ponemon Institute)
- Supply chain attacks are on the rise by 430%. (DarkReading)
- 39% of organizations expressed that a primary factor in improving security frameworks is vendor support issues. (Ponemon Institute)
- Forrester data reveals that 55% of security professionals reported their organization experienced an incident or breach involving supply chain or third-party providers in the past 12 months. (CSO Online)
- 49% of organizations have experienced a data breach caused by a third-party vendor in the last 12 months. (Ponemon Institute)
- 84% of survey respondents believe that software supply chain attacks could become one of the biggest cyber threats to organizations like theirs within the next three years. (CrowdStrike)
- 70% of organizations state that a third-party breach came from granting too much access, but only 52% said that breach changed their cybersecurity practices. (Ponemon Institute)
- 61% of organizations aren't confident that their third parties would notify them if they had a data breach involving your organization's sensitive and confidential information. (Ponemon Institute)
- Software publishers were the most common source of third-party breaches for a third consecutive year, accounting for 23% of related incidents. (Black Kite)
- 50% of organizations don’t monitor third parties with access to sensitive and confidential information. (Ponemon Institute)
- In 2021, 1.5B users' PII was leaked as a result of third-party breaches. (Black Kite)
- 43% of organizations are able to provide third parties with enough access to perform designated responsibilities and nothing more. (Ponemon Institute)
There’s room for cybersecurity posture improvement.
- More than 77% of organizations do not have an incident response plan. (ThriveDX)
- Only 59% of organizations say their cybersecurity strategy has changed over the past two years. (Ponemon Institute)
- More than half of super admins don't have MFA enabled. (Varonis)
- 80% of data breaches are the result of poor or reused passwords. (FinTech)
- 54% of companies say their IT departments are not sophisticated enough to handle advanced cyberattacks. (Sophos)
- Only 36% of organizations have visibility into the level of access and permissions both internal and external users have. (Ponemon Institute)
- 12,803 sharing links are open to all employees. (Varonis)
- On average, a company falls victim to a ransomware attack every 11 seconds. (Cybersecurity Ventures)
- 59% of organizations are not revoking credentials when appropriate. (Ponemon Institute)
- 81% of companies have exposed sensitive data. (Varonis)
- The average company is living with $28M in data breach risk with 157,000 sensitive records exposed. (Varonis)
- 60% of organizations cite lack of oversight and governance as a barrier to achieving strong security posture. (Ponemon Institute)
- The average breach cost savings at organizations with an IR team that tested their plan versus those who didn’t was $2.66M. (IBM)
- 10% of a company's SaaS data is exposed to all employees and 6% is open to the internet. (Varonis)
What’s beyond 2023?
- Gartner anticipates modern privacy laws will cover the personal information of 75% of the world’s population by the end of the year. Additionally, by 2025, the analyst firm predicts 40% of boards of directors will have a cybersecurity seat at the table. (Gartner)
- However, 60% of organizations will embrace Zero Trust as a starting point for security by 2025 yet more than half will fail to realize the benefits. (Gartner)
- 80% of organizations will unify web and cloud services from a single SSE platform by 2025. (Gartner)
- 60% of organizations will use cybersecurity risk as a primary determinant for third-party business transactions by 2025. (Gartner)
- Additionally, by 2025, 30% of nations will pass legislation on ransomware. (Gartner)
- 70% of CEOs will mandate a culture of organizational resilience by 2025. (Gartner)
- By 2026, 40% of organizations will have dedicated cyber committees and 50% will have performance requirements for C-level leaders. (Gartner)
- By year-end 2027, up to 40% of end-user organizations will use content disarm and reconstruction (CDR). (CSO Online)
- The worldwide information security market is forecast to reach $366.1B in 2028. (Fortune)
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.