skip to Main Content
TrueFort deep violet horizontal logo with turquoise emblem

30 Sobering Cybersecurity Statistics for 2023

As we move further into 2023, cybersecurity threats continue to evolve, and the numbers show they are becoming increasingly sophisticated and complex 

Attackers constantly find new ways to breach security defenses, steal valuable data, and disrupt operations. To help us better understand the state of cybersecurity in 2023, we’ve compiled a list of 30 sobering cybersecurity statistics and offer some ideas for solutions. UPDATE: If you are looking for more recent facts and figures, while many of those below are still valid, please see our post on 2024 cybersecurity statistics.

  1. The average cost of a data breach is projected to reach $4.2 million by 2023 (IBM).
    Solution: Companies should invest in robust cybersecurity defenses to prevent data breaches from occurring. This includes implementing multi-factor authentication, conducting regular security audits, and providing regular training to employees to help them recognize and avoid phishing attacks.
  2. 33% of IT professionals surveyed foresee their organizations adopting “zero trust” models immediately (in 2023), while 28% said they will within six months (Armis).
    Solution: Microsegmentation is zero trust best practices and an important investment for the future. Zero trust has become standard practice – and all organizations should get onboard so that they’re not left with an obvious and easy to exploit vulnerability in the event of any breach. 
  3. Over 60% of businesses that experience a cyber attack close their doors within six months (National Cyber Security Alliance).
    Solution: Companies should have a comprehensive disaster recovery plan in place to ensure that operations can continue even in the event of a breach. This includes regularly backing up data to an air-gapped resource and having a plan for quickly restoring operations. 
  4. In 2023, it is estimated that cybercrime will cost businesses $10.5 trillion annually (Cybersecurity Ventures).
    Future Projection: As the cost of cybercrime continues to rise, companies will need to prioritize investing in cybersecurity defenses to protect their bottom line. 
  5. 91% of cyber attacks begin with a spear-phishing email (KnowBe4).
    Solution: Companies should provide regular training to employees to help them recognize and avoid phishing attacks. Additionally, companies can adopt lateral movement cybersecurity and adopt zero trust methodology to prevent the spread of attacks, plus implement email filtering tools that can identify and block malicious emails. 
  6. 53% of companies have experienced a third-party data breach in the past year (Ponemon Institute).
    Solution: Companies should conduct regular security audits of their third-party vendors and require them to implement comprehensive security measures to protect sensitive data. 
  7. This year there will be 300 billion passwords in use globally (Cybersecurity Ventures).
    Future Projection: Passwords continue to be a weak point in cybersecurity defenses. Companies should consider implementing multi-factor authentication and password managers to help reduce the risk of password-related breaches. 
  8. 70% of small businesses reported experiencing a cyber attack in 2021 (Keeper Security).
    Solution: Small businesses should prioritize investing in cybersecurity defenses, including firewalls, antivirus software, and employee training to help them recognize and avoid phishing attacks. If cyberattacks are going to happen, lateral movement protection and segmentation will be essential in 2023. 
  9. The average cost of a ransomware attack is projected to reach $11.5 million by 2023. (Cybersecurity Ventures).
    Solution: Companies should implement robust backup and disaster recovery plans to ensure that operations can continue even in the event of a ransomware attack. They should also use zero trust best practices and lateral movement protection to stop the spread of any breach, notably to service accounts, even if bad actors do get in. 
  10. 64% of businesses have already experienced web-based attacks (Ponemon Institute).
    Solution: Companies should invest in web application firewalls and regularly test their web applications for vulnerabilities. 
  11. 40% of cyber attacks are aimed at small businesses (Small Business Trends).
    Solution: Small businesses should prioritize investing in cybersecurity defenses, including employee training and regular security audits. See further advice for small businesses from the Federal Communications Commission. 
  12. In 2023, it is projected that there will be a shortage of 3.5 million cybersecurity professionals globally (Cybersecurity Ventures).
    Future Projection: As the demand for cybersecurity professionals continues to outstrip supply, companies must invest in automation, machine learning, and AI-powered security tools to help fill the gap. It will be important to have a solution that “behaviorally learns” and alerts only on anomalous actions to minimalize alert fatigue. 
  13. 48% of organizations have experienced a phishing attack in the past year (KnowBe4).
    Solution: Companies should provide regular training to employees to help them recognize and avoid phishing attacks. Additionally, companies can implement email filtering tools that can identify and block malicious emails. 
  14. Cyber attacks targeting healthcare organizations are projected to increase by 50% by 2023 (Cybersecurity Ventures).
    Future Projection: As healthcare organizations continue to digitize patient data, they will become an increasingly attractive target for cybercriminals. Healthcare organizations should prioritize investing in cybersecurity defenses, including encryption, access controls and behavioral solutions to protect sensitive patient data.  
  15. 67% of organizations believe that they are vulnerable to insider threats (Ponemon Institute).
    Solution: Companies should implement least access privileges and regularly monitor user activity to detect and prevent insider threats. They should protect service accounts from exploitation and provide regular training to employees to help them recognize and report suspicious behavior. 
  16. By 2023, it is projected that there will be 7.5 billion mobile devices in use globally (Cybersecurity Ventures).
    Future Projection: As the use of company and BYO mobile devices continues to grow, security teams must prioritize securing these devices “as standard” and implement relevant mobile device management solutions to protect against potential threats.  
  17. 60% of organizations do not have a cybersecurity incident response plan in place (Ponemon Institute).
    Solution: Companies should have a comprehensive incident response plan in place to ensure that they can quickly and effectively respond to zero day cyber attacks. This includes conducting regular security drills and relevant red team exercises to test the plan and ensure that all employees understand their role in the response process.  
  18. The average cost of a business email compromise attack is $130,000 (FBI).
    Solution: Companies should implement secure email (email encryption), multi-factor authentication and access controls to protect against business email compromise attacks. Additionally, companies can provide regular training to employees to help them recognize and report suspicious activity.  
  19. 90% of cyber attacks involve social engineering tactics (KnowBe4).
    Solution: Security is now everyone’s responsibility. Companies should provide employees with regular training and testing of the workforce for cybersecurity best practices to help them recognize and avoid social engineering tactics. This includes phishing attacks, pretexting, and baiting.  
  20. This year, 2023, it is projected that there will be 22.5 billion IoT devices in use globally (Cybersecurity Ventures).
    Future Projection: As the use of IoT devices continues to grow, companies will need to prioritize securing IoT devices and implementing IoT device management solutions to protect against threats.  
  21. 39% of organizations have experienced a malware attack in the past year (Ponemon Institute).
    Solution: Companies should invest in advanced threat detection and response tools to quickly identify and contain malware attacks. Additionally, companies can implement web application firewalls and regularly test their web applications for vulnerabilities. 
  22. In 2023, it is projected that cyber attacks will cause $6 trillion in damages (Cybersecurity Ventures).
    Future Projection: As the cost of cybercrime continues to rise, companies will need to prioritize investing in cybersecurity defenses to protect their bottom line. There is no avoiding the call for protection, and businesses need to see the obvious ROI of cyber protection or unfortunately suffer financial and reputational repercussions. 
  23. 68% of business leaders feel that their cybersecurity risks are increasing (Accenture).
    Solution: Companies should conduct regular security audits and risk assessments to identify vulnerabilities and prioritize investments in cybersecurity defenses 
  24. By 2023, it is projected that there will be 3.8 billion social media users globally (Cybersecurity Ventures).
    Future Projection: As the use of social media continues to grow, companies will need to implement social media security policies and provide regular training to employees to help them recognize and avoid social engineering tactics. See further advice for businesses on avoiding social engineering attacks from the Cybersecurity and Infrastructure Security Agency (CISA). 
  25. 41% of organizations have experienced a ransomware attack in the past year (Proofpoint).
    Solution: Companies should create a disaster recovery plan and back up all data to ensure that operations can continue even in the event of a ransomware attack. Additionally, companies can invest in advanced threat detection and response tools to quickly identify and contain threats, and in microsegmentation to limit the blast radius of any breach. 
  26. 66% of organizations believe that they will experience a cyber attack in the next year (Ponemon Institute).
    Solution: Companies should prioritize investing in cybersecurity defenses, including firewalls, antivirus software, adopting least access privileges, behavioral mapping, and the in understanding of application behavior and their connections, plus employee training to help them recognize and avoid phishing attacks. 
  27. By 2023, it is projected that cyber attacks will occur every 11 seconds (Cybersecurity Ventures).
    Future Projection: As cyber attacks continue to increase in frequency and sophistication, companies will need to prioritize investing in advanced threat detection and response tools, including reviewing least access privileges, behavioral mapping and understanding of applications and their connections,  to quickly identify and contain threats. 
  28. 79% of organizations believe that cyber attacks will become more frequent and more severe in the next year (Ponemon Institute).
    Solution: Companies should conduct regular security audits and risk assessments to identify vulnerabilities and prioritize investments in cybersecurity defenses. Additionally, companies can invest in pre-emptive solutions that can alert of block  anomalous activities, and advanced threat detection and response tools to quickly identify and contain threats. 
  29. 55% of respondents (to the “2022 State of Cybersecurity” report) experienced a lateral movement attack in the past 12 months, and 68% believe that lateral movement attacks will become more frequent in 2023 (Ponemon Institute).
    Solution: This highlights the need for companies to invest in lateral movement protection, such as microsegmentation, to limit the potential spread of an attack once it has breached the network. By segmenting the network and limiting access between different segments, companies can make it more difficult for attackers to move laterally and reduce the potential damage caused by an attack. 
  30. 37% of organizations that paid off a ransomware attack still did not recover their encrypted data (Sophos).
    Solution: Also considering, in the same report, that the average cost of remediating a ransomware attack in the previous year was $1.85 million, this is a clear call for businesses to maximize their efforts in ransomware protection – rather than recovery. 

As the cybersecurity landscape continues to shift, with attackers constantly finding new ways to breach security defenses and steal valuable data, to protect against these threats, companies must prioritize investing in robust cybersecurity defenses and providing regular training to employees. This includes implementing multi-factor authentication, conducting regular security audits, investing in zero trust, application mapping and microsegmentation, and advanced threat detection and response tools. 

By taking these steps, companies can help protect themselves against the sobering statistics that we have highlighted for the year to come.

In the words of Sun Tzu, “Do not depend on the enemy not coming, but depend on our readiness against him. Do not depend on the enemy not attacking, but depend on our position that cannot be attacked.” 

Share This

Facebook
Twitter
LinkedIn
Email

Related posts

DORA compliance

Preparing for DORA Compliance

In the quest for DORA compliance, we offer a solution for financial services before the January 2025 deadline DORA compliance is born of the financial…

Back To Top
TrueFort Emblem Logo

Truefort customer support

TrueFort customers receive 24×7 support by phone and email, and all software maintenance, releases, and updates

For questions about our support policy, please contact your TrueFort account manager or our presales team at sales@truefort.com.

Support Hotline

Email Support