Learn how Cobalt’s Pentest as a Service (PtaaS) model makes you faster, better, and more efficient.
Learn how Cobalt’s Pentest as a Service (PtaaS) model makes you faster, better, and more efficient.

Cybersecurity Statistics for 2023

Every year in security we hear about more cyberattacks. With ransomware, zero-day exploits, data breaches, and such impacting businesses more frequently, cybersecurity has quickly become more of a priority for companies than ever before.

To help better inform decision-makers against cyber threats, we’ve compiled a list of 123 cybersecurity statistics for 2023, broken down by category to help you quickly find the most useful statistic for your needs.

General Cybersecurity Statistics 

  1. Cybersecurity spending is estimated to exceed $188 billion in 2023. (Seeking Alpha)
  2. There will be nearly 3.5 million open cybersecurity jobs waiting to be filled in 2023. (Cybersecurity Ventures)
  3. 65% of board members felt that their organization was at risk of a cyberattack. (CPO Magazine)
  4. Nearly 70% of organizations reported a labor shortage for their security team. (ISACA)
  5. 94% of security teams and 93% of development teams report being impacted by talent shortages. (State of Pentesting Report 2022)
  6. 77% of security professionals surveyed by ISC2 reported they are either satisfied or extremely satisfied with their job which has risen from 66% in 2019. (ISC2)
  7. Also reported in the same ISC2 survey, 55% of security professionals transitioned from IT before working in security. 
  8. 69% of MSPs report their clients struggle with compliance. (Kaseya)
  9. Google and Microsoft pledge to invest more than $60 billion over a five-year period to improve cybersecurity systems. (CNBC)
  10. The global automotive cybersecurity market is estimated to grow to $9.7 billion by 2023. (McKinsey)
  11. In 2022, the Internet of Things (IoT) market is expected to grow 18% to 14.4 billion connections worldwide. (IoT for all)
  12. 44% of surveyed respondents note that they do not provide cybersecurity training to their staff regarding threats of remote work. (Databasix)
  13. 80% of organizations surveyed have adopted Zero Trust or are in the process of adopting it. (Statista)

Cost of Cyberattack Statistics 

  1. In 2022, the average cost of a data breach globally hit $4.35 million. (Statista)
  2. Forecasts show businesses will lose approximately $10.5 trillion in 2025 at an estimated $19,977,168 per minute due to cybercrime. (Cybercrime Magazine)
  3. Over the next 5 years, global cybercrime costs are predicted to grow by 23% per year, reaching $23.84 trillion annually by 2027. (Statista)
  4. By 2024, online payment fraud will cost the e-commerce industry $25 billion in losses annually. (Legal Jobs)
  5. 45.5% of respondents in a recent survey said that their organization endured between 1 and 5 successful cyber attacks during the past year. (Statista)
  6. A majority of cyberattacks are motivated by financial gain, nearly 86%. The second leading motivator of a cyberattack includes state espionage. (Verizon)
  7. Public companies lose an estimated 8.6% of their value after a cyber breach. (Comparitech)

Statistics by Attack Type


  1. Server Security Misconfigurations account for the most frequently discovered vulnerability category found in Cobalt’s State of Pentesting Report 2022, followed by Cross-Site Scripting and Broken Access Control.

Ransomware Statistics

  1. Ransomware is ranked as a top 10 concern that keeps security leaders up at night. (State of Pentesting 2022)
  2. Ransomware attacks on healthcare organizations were predicted to quadruple from 2017 to 2021 and 2022, and they are expected to continue trending up. (Cybercrime Magazine)
  3. Ransomware costs for 2023 are projected to cost $30 billion globally. (Business Insurance)
  4. Looking at the 3rd quarter of 2022, ransomware attacks actually fell by 8% worldwide compared to the previous year. (Checkpoint)
  5. A survey of over 300 security individuals showed an alarmingly high rate of ransomware impacting businesses, with 90% of organizations reporting they were impacted in 2022. (VentureBeat)
  6. A new organization gets hit by ransomware every 14 seconds. (Cloudwards)
  7. Ransomware infection rates continue to rise. Ransomware appears to be highest within populations heavily connected to the internet such as in the United States and Europe. (BlackFog)
  8. Average payment with a ransomware attack increased 71% in 2022 to reach $925,162. (Palo Alto Networks)
  9. Estimates suggest in 2022 a ransomware attack took place successfully every 40 seconds, with an attempt nearly every 11 seconds. (DataProt)
  10. Nearly 1% of all emails contain a suspicious link or file related to ransomware. (Avanan's Global Phish Report)
  11. 42% reported their cyber insurance did not cover all their losses from a ransomware attack. (Cybereason)
  12. French and Japanese companies are least likely to pay for a ransomware attack and also see fewer breaches. (Proof Point)

Malware Statistics 

  1. 560,000 new pieces of malware are discovered every day. (DataProt)
  2. There has been an 87% increase in malware infections over the last 10 years. (Legal Jobs)
  3. Malware attacks cause an average loss of 50 days in time for businesses. (Privacy Sharks)
  4. Research from CSO Online shows that nearly 95% of all malware attacks are delivered via email. (CSO Online)
  5. The majority of malware attacks took place in North America, with over 80% executed as automated bot attack. (Statista)

Zero Day Exploits & DDoS Attacks

  1. Nearly half of all zero-day exploits have taken place in the last decade, highlighting a growing trend. (CyberScoop)
  2. 50% of existing 0-day exploits from 2022 are variants of previously remediated vulnerabilities. (Google Project Zero)
  3. In the first half of 2022, Apple discovered seven zero-day exploits in their technology. (Dark Reading)
  4. In Q3 of 2022, Kaspersky’s DDoS Intelligence system detected nearly 60,000 attacks. (SecureList)
  5. Kaspersky also reported that the busiest day for DDoS attacks were on Friday and the slowest day was Thursday.
  6. In a Cloudflare survey, 1 out of every 5 survey respondents who experienced a DDoS attack reported the attack included a Ransom DDoS or other threat. (Cloudflare)

Social Engineering Attacks 

  1. The most common subject lines for phishing emails include words such as urgent, request, important, payment, or attention. (Tessian)
  2. Only 63% of adult respondents to a Proofpoint survey knew what phishing was. (ProofPoint)
  3. 90% of all data breaches are linked to phishing attacks suggesting a need for increased data security. (Cisco)
  4. 98% of attacks use social engineering. (Hosting tribunal)
  5. 96% of all phishing attacks use email as an attack vector, 3% come from malicious websites, and 1% from phones. (Tessian)
  6. Phishing is the second most expensive cause of all data breaches. (Tessian)
  7. LinkedIn phishing messages make up 47% of social media phishing attempts, mainly from fake direct messages. (Swiss Cyber Institute)

DevSecOps Statistics

  1. 90% of development teams claim to be following DevSecOps practices. (Gartner)
  2. 39% of developers feel fully responsible for security in their organization. (GitLab)
  3. 79% of security teams report it’s challenging to consistently monitor for vulnerabilities. (State of Pentesting Report 2022)
  4. By 2025, Gartner predicts 70% of organizations will use infrastructure automation tools within their DevOps processes. (Gartner)
  5. The DevSecOps market is expected to grow at a CAGR of 25.6% from $2.79 billion in 2020 up to $17.24 billion in 2028. (Research & Markets
  6. 57% of organizations suffered from a security incident related to exposures in DevOps. (ThycoticCentrify)
  7. Only 25% of Orgs with low-security integration can remediate a vulnerability within 1 day, compared to 45% of organizations with high levels of security integration. (Puppet Labs, 2020)
  8. 52% of organizations report sacrificing cybersecurity for speed-to-market. (PagerDuty)
  9. Only 33% of data breaches involved internal team members, of those 78% were from unintentional data loss or exposure. (Aberdeen Report)

Privacy Statistics 

  1. GDPR non-compliance fines hit nearly $100 million in the first half of 2022 alone. (AtlasVPN)
  2. An estimated 27% of companies have spent over half a million dollars to become GDPR compliant (LegalJobs)
  3. Half of Americans have decided not to use a product or service due to personal privacy concerns. (Pew Research Center)
  4. Estimates show that 65% of the world will be protected by Personal Data Regulations by 2023. (Gartner)
  5. 2 out of 3 adults in the world believe corporations have too much control over their personal data. (YouGov)

Industry-Specific Cybersecurity Statistics

Small Business Attacks

  1. Only 50% of small businesses have a cybersecurity plan in place. (UpCity)
  2. Small businesses account for 43% of cyber attacks. (Small Business Trends)
  3. Only 14% of small businesses are prepared to defend themselves against cyber attacks. (Embroker)
  4. The most common types of attacks on small businesses are phishing/social engineering, compromised/stolen devices, and credential theft. (Forbes)
  5. 60% of small business owners do not think their business is a target for cybercriminals. (Bull Guard)
  6. 80% of attacks were conducted by external actors as opposed to internal employees. (Verizon)
  7. 96% of attacks focused on monetary gain for all organizations but this drops to 71% for larger organizations, again reported by Verizon.


  1. Over 55% of medical device manufacturers report they do not have a dedicated security response team in place. (Cybellum)
  2. More than 90% of healthcare organizations reported at least one security breach in the last few years. (Becker’s Healthcare)
  3. 30% of all large data breaches take place at hospitals. (Techjury)
  4. Verizon identified misdelivery of personal information as the second most common data breach found in the healthcare sector (Verizon)
  5. According to a Cyderes survey, 70% of respondents reported a ransomware attack on a healthcare institution resulting in patients having to stay longer, delays in medical procedures, and delays to testing. (Cyderes)
  6. The pharmaceutical and biotech industries also suffer from breaches with 53% of survey respondents reporting malicious activity. (Forbes)


  1. 282 cyber breaches were reported last year specifically within the education sector in Verizon’s 2022 Data Breach Investigation, which analyzed 20 different sectors.
  2. A vast majority of attacks were with ransomware, accounting for over 30% of education industry breaches. (Verizon)
  3. Around 30% of education employees failed to pass a phishing test but this fell to around 5% after cybersecurity awareness training. (KnowBe4)
  4. 80% of about 7.2 million cases of malware reportedly came from the education industry in the last month of 2022. (Microsoft)

Financial Services 

  1. According to the 2022 Phishing report, over 43% of banking employees at large firms are poised to fail a phishing test. (KnowBe4)
  2. Only 71% of all attacks are financially motivated. (Foundly)
  3. The financial sector saw over 2,500 incidents with nearly 700 of those classified as a successful breach. (Verizon)


  1. The Security-as-a-Service sector is estimated to grow to be worth nearly $23 billion by 2026. (Mordor Intelligence)
  2. The leading cause of SaaS misconfigurations are reportedly due to a lack of visibility and access control. (Adaptive Shield)
  3. The same survey from Adaptive Shield showed that 63% of respondents had a SaaS misconfiguration which led to a security incident in the last year.
  4. 40% of respondents say they utilize SaaSOps products for “mission critical” or essential IT functions, reported in a BetterCloud survey. (Help Net Security)


What types of cyberattacks occur by percentage?

The most common cyberattack is a hacking breach and cyberattacks occurred with the following frequency:

  • 45% of breaches included hacking
  • 22% of breaches included errors as causal events
  • 22% included social attacks
  • 17% included malware
  • 8% involved misuse by authorized users


How many cyberattacks per day?

According to Security Magazine, there are over 2,200 attacks each day which breaks down to nearly 1 cyberattack every 39 seconds.

How many people get hacked each year? 

With around 2,220 cyberattacks each day, that equates to over 800,000 attacks each year.

What percentage of cyberattacks include a social engineering aspect versus a technical problem?

According to Cybint, nearly 95% of all digital breaches come from human error.

Which year had the worst cyberattacks in history?

Unfortunately, the worst attacks appear to be broken with each passing year. 

In 2021 though, there were two noteworthy large-scale cyberattacks that impacted the world which had a larger impact than anything we saw in 2022. 

First, the Colonial Pipeline ransomware attack shut down one of the largest oil pipelines in the United States. Second, the Log4J vulnerability also hit the world in 2021, which hit many large infrastructure providers such as AWS.

Explore more about the biggest hacker attacks in history.

How to prepare for a cyberattack?

This is a difficult question to answer without more context but in general, cybersecurity best practices should be followed such as strong passwords, 2-factor authentication, don’t click suspicious links, using antivirus software, backup your data, and limiting the personal information you share online. 

Read more about how to prepare for a cyberattack with a guide from FEMA.

Top Cybersecurity Statistic Reports 

  1. Gartner Forecast Analysis on Information Security (Premium)
  2. Verizon 2022 Breach Investigations Report
  3. Security Outcomes Report V3 by Cisco
  4. IBM X-Force Threat Intelligence Index 2022
  5. PwC 2022 Global Digital Trust Insights
  6. ISACA State of Cybersecurity Report 
  7. Cobalt State of Pentesting 2022

In closing, remember that knowing all the security statistics in the world won’t help you secure your assets. Instead, use these statistics to help receive buy-in from executives and team members trying to understand how investing in security pays dividends.

Pentesting at scale webinar CTA


Back to Blog
About Jacob Fox
Jacob Fox is a search engine optimization manager at Cobalt. He graduated from the University of Kansas with a Bachelor of Arts in Political Science. With a passion for technology, he believes in Cobalt's mission to transform traditional penetration testing with the innovative Pentesting as a Service (PtaaS) platform. He focuses on increasing Cobalt's marketing presence by helping craft positive user experiences on the Cobalt website. More By Jacob Fox
Why is Cybersecurity Important in the Fintech Industry?
Learn about the importance of cybersecurity for fintech companies with insights from the cybersecurity experts at Cobalt.
Feb 14, 2023
Women of the Core
Only 25% of the cybersecurity industry is women. We talked with our female pentesters about their journeys into this male-dominate field.
Jun 17, 2022