2023 Cybersecurity Facts & Statistics: Protecting Your Digital World

25 Fascinating Cybersecurity Facts and Statistics for 2023
  • Small businesses with inadequate IT resources are increasingly targeted, comprising 43% of attacks.
  • 95% of breaches are enabled by employee errors like phishing vulnerability. Comprehensive security training is essential.
  • Most malware infiltrates networks via email, especially phishing scams. Advanced email security solutions can help filter threats.
  • Cybercrime is rampant and costly, with organizations losing an average of $2.9 million per minute.
  • Information security jobs are proliferating. The zero unemployment rate makes cybersecurity a promising career path.
  • COVID-fueled digital transformation led cyberattacks to spike 600% in 2020. Security must keep pace with digitization.
  • Implementing strong preventative measures saves companies millions. The average data breach now costs over $4 million.

Cyber threats are growing more sophisticated every day. As businesses become more digitized and people conduct more of their lives online, cyberattacks are increasing in frequency and impact.

To understand the scope of the issue, here are 25 fascinating statistics and facts about cybersecurity.

System administrator working on cyber security in data center
System administrator working on cyber security in data center

1. 43% of cyber attacks target small businesses

Small businesses often have fewer resources to dedicate to cybersecurity. Hackers are well aware of this vulnerability and direct 43% of attacks at small businesses with under 250 employees. Compared to previous years, this number has risen significantly, up from 18% just a few years ago.

When attacks do hit small businesses, the average cost per incident is a hefty $7.68 million.

2. 95% of breaches originate from human error

The vast majority of successful cybersecurity breaches can be traced back to human error inside an organization. Often, an employee unintentionally downloads malware or falls for a phishing scam, providing hackers with access to internal systems and data.

3. Only 5% of a company’s folders are protected

On average, companies leave 95% of their folders and files unprotected and accessible by all employees. More alarmingly, 22% of all folders are accessible to every employee, and over half of companies discovered that at least 1,000 sensitive files were available to all staff.

4. 94% of malware is delivered via email

Phishing scams sent via email are responsible for unleashing 94% of all malware. The most common scam, phishing, accounts for a massive 80% of reported security incidents.

Though we tend to associate phishing with foreign princes and long-lost relatives, 40% of phishing servers are based in the United States.

5. 2.14 million phishing sites were discovered in 2021

In 2021, Google discovered and took down 2.14 million unique phishing sites. This represents a 27% increase over 2020 numbers. For comparison, only 28,803 malware sites were identified in the same period, growing 32% year-over-year.

6. Windows executables make up 74% of malicious email attachments

Male Teenage Hacker Sitting In Front Of Computer Screens Bypassing Cyber Security

The most common malicious files sent via email are Windows executable files, making up 74% of cases. Other common sources are script files (11%), Office documents (5%), compressed files (4%), PDFs (2%), Java files (2%), and batch files (2%).

7. 60% of security professionals say phishing causes data loss

Across industries, 60% of security leaders report that successful phishing attacks commonly lead to data loss at their organization. 52% deal with compromised accounts and credentials. 47% are impacted by ransomware infections, while 29% fall victim to straightforward malware installation.

8. 80% of IT leaders believe their cybersecurity is inadequate

Despite increased spending and focus on cybersecurity, 80% of IT professionals report that their organization’s defenses are lacking. Only 57% of companies performed any kind of data security risk assessment in the past year.

9. 52% of SMBs lack in-house IT specialists

Over half of small and medium businesses operate without dedicated IT staff monitoring and managing their security protocols. Additionally, 1 in 5 SMBs forego endpoint security software, and only 14% consider cyberattacks and risk mitigation to be a high priority.

10. The U.S. government spends $15 billion per year on cybersecurity

In 2019, the U.S. federal cybersecurity budget was $15 billion, representing a 4.1% increase over 2018 spending. The Department of Defense received the largest portion at $8.5 billion, a $340 million increase.

11. The cybersecurity market will reach $403 billion by 2027

Fueled by escalating cyber threats and high-profile attacks, global spending on cybersecurity products and services skyrocketed to $176.5 billion in 2022.

Researchers forecast that worldwide cybersecurity spending will exceed $403 billion by 2027 as organizations continue to invest in proactive threat detection and prevention.

12. Cybercrime may cause over $6 trillion in damages annually by 2021

Male Teenage Hacker Sitting In Front Of Computer Screens Bypassing Cyber Security

The cost of cybercrime is growing exponentially larger each year. Experts predict global damages from malicious cyber activities will reach $6 trillion USD annually by the end of 2021, more than double the 2015 figure of $3 trillion.

These expenses encompass data destruction, theft, embezzlement, fraud investigations, restoration of hacked systems, and reputational harm.

13. 70% of cryptocurrency transactions may facilitate illegal activity

Cryptocurrencies like Bitcoin have quickly become the preferred payment method of cybercriminals. Researchers estimate that as much as 70% of all cryptocurrency activity involves illegal transactions, equating to roughly $76 billion per year.

To put this in perspective, illegitimate crypto-based transactions are approaching the scale of the combined illegal drug trade in the U.S. and Europe.

14. Cybercrime costs organizations $2.9 million per minute

Taken together, cybercrimes levy a staggering toll on the global economy. According to cybersecurity statistics, the total cost to companies amounts to a jaw-dropping $2.9 million lost every minute of every day.

In the United States, the average cost of a single data breach incident is $8.6 million.

15. Just 16% of executives say their firms can handle cyber risks

Despite naming cybersecurity as a top priority, only 16% of surveyed executives report that their companies are fully prepared to handle cyber risks and data breaches.

Among industries, banking and automotive express the most urgency in shoring up cybersecurity defenses.

16. Information security jobs are growing 31% per decade

Driven by a surge in cyber threats, the U.S. Bureau of Labor Statistics projects that demand for information security analysts will balloon by 31% between 2019 and 2029.

Similarly, employment for computer system designers and related fields is slated to grow by 56% over the same period.

17. The cybersecurity industry has 0% unemployment

With over 500,000 current job openings in the U.S. alone, cybersecurity is experiencing a severe talent shortage. In fact, the unemployment rate within the industry essentially sits at zero.

With high pay, growth opportunities, and abundant job openings, cybersecurity represents an appealing career path for technology professionals. The average salary for cybersecurity positions is $99,730 annually.

18. 88% of firms spend over $1 million on GDPR compliance

five reasons your business needs GDPR compliant surveys. GDPR letters
five reasons your business needs GDPR compliant surveys. GDPR letters

Though not a direct cyber solution, the E.U.’s GDPR regulations aim to strengthen personal data protection. Complying with GDPR has proven expensive, as 88% of affected companies invested over $1 million to achieve compliance, and 40% spent in excess of $10 million.

19. 77% lack an incident response plan

Despite growing threats, 77% percent of organizations do not have a cybersecurity incident response plan in place. Many falsely believe they are too small or obscure to be targeted.

20. COVID-19 led to a 600% rise in cyberattacks

Cybercrime spiked dramatically as the COVID-19 pandemic pushed more business and social activity online. Security teams reported as much as a 600% increase in cyberattack attempts since the start of the pandemic.

21. Data breach costs rose to $4.24 million in 2021

The average total cost of a data breach reached $4.24 million in 2021, the highest average in the 17 years researchers have been tracking. Companies that relied heavily on remote work during the pandemic saw costs that were $1.07 million higher per incident.

22. 530,000 Zoom accounts were sold on hacker forums

Video conferencing platform Zoom fell victim to a major data breach exposing 530,000 customer accounts, which quickly went up for sale on dark web hacker forums. The attackers apparently used a technique called credential stuffing to break into accounts.

23. WannaCry infected 230,000 computers across 150 countries

The WannaCry ransomware attack that started in May 2017 stands as the largest cyberattack on record. The self-replicating worm, which exploited weaknesses in Windows OS, compromised over 230,000 computers across 150 countries. WannaCry caused approximately $4 billion in losses.

24. DDoS attacks will reach 15.4 million by 2023

Distributed denial-of-service (DDoS) attacks overload servers with fake traffic to take down websites and webapps. Experts forecast that DDoS assaults will skyrocket from 10.9 million in 2018 to 15.4 million attacks by 2023, nearly doubling over 5 years.

Cropped photo of hosting platform for storage servers
Cropped photo of hosting platform for storage servers

25. Record-Breaking Data Breaches in 2023

  • In the first quarter of 2023, more than six million data records were exposed worldwide through data breaches.
  • In the second quarter of 2023, over 110 million accounts were leaked, which is 2.6 times the number of breaches in the first quarter of the year (43.2 million).
  • From January to September 2023, there were 2,116 data compromises in the U.S., surpassing the annual all-time high of 1,862 data compromises set in 2021. These compromises impacted 234 million victims


The scale and sophistication of cybersecurity threats continue to grow each year. As digital transformation accelerates across every industry, companies must make cybersecurity a top priority.

Implementing preventative safeguards like email security, access controls, security awareness training, and incident response plans reduces the risk of attacks succeeding. Though neglecting cybersecurity may seem like a short-term cost saver, it frequently leads to astronomically expensive data breaches down the road.

With thousands of unfilled positions, cybersecurity also represents an appealing career path for those looking to help businesses protect themselves. The statistics paint a sobering picture, but also lend urgency for organizations to invest in security.

By implementing robust defenses and following cybersecurity best practices, companies can substantially mitigate risks and protect themselves as threats loom ever larger. Though cyberattacks are inevitable, their impacts don’t have to be catastrophic.

Similar Posts