GITNUXREPORT 2026

Computer Security Statistics

Cyber threats surged dramatically in 2023, making attacks more frequent and costly than ever.

Min-ji Park

Min-ji Park

Research Analyst focused on sustainability and consumer trends.

First published: Feb 13, 2026

Our Commitment to Accuracy

Rigorous fact-checking · Reputable sources · Regular updatesLearn more

Key Statistics

Statistic 1

In 2023, ransomware attacks increased by 93% year-over-year, affecting over 2,200 organizations globally.

Statistic 2

Phishing remains the top initial access vector, involved in 36% of breaches according to the 2024 DBIR.

Statistic 3

DDoS attacks surged by 117% in 2023, with over 10 million incidents recorded.

Statistic 4

Supply chain attacks rose by 42% in 2023, impacting third-party vendors extensively.

Statistic 5

Cryptojacking incidents increased by 89% in Q4 2023 compared to previous quarters.

Statistic 6

Mobile malware samples grew to over 12.7 million in 2023, a 24% increase.

Statistic 7

IoT botnets like Mirai variants launched 65% more attacks in 2023.

Statistic 8

Zero-day exploits were used in 12% of attacks tracked in 2023.

Statistic 9

Insider threat incidents rose by 44% from 2022 to 2023.

Statistic 10

APT groups conducted 78% of state-sponsored cyber espionage in 2023.

Statistic 11

Malware-as-a-Service offerings proliferated, with 1,500+ new variants in 2023.

Statistic 12

Deepfake-related cyber fraud attempts increased by 300% in 2023.

Statistic 13

Cloud misconfigurations led to 19% of breaches in 2023.

Statistic 14

80% of organizations experienced at least one cyber attack in 2023.

Statistic 15

Ransomware payments averaged $1.54 million per incident in 2023.

Statistic 16

BEC scams caused $2.9 billion in losses in 2023.

Statistic 17

Vulnerability exploitation accounted for 29% of breaches.

Statistic 18

Over 5,200 vulnerabilities disclosed in Q1 2024 alone.

Statistic 19

Log4Shell (CVE-2021-44228) was exploited in 25% of attacks post-disclosure.

Statistic 20

MOVEit Transfer breach affected 2,700 organizations in 2023.

Statistic 21

In 2023, 74% of breaches involved stolen credentials.

Statistic 22

State-sponsored attacks targeted critical infrastructure 42% more.

Statistic 23

Fileless malware detections up 225% in 2023.

Statistic 24

Over 1.1 million phishing sites blocked daily.

Statistic 25

Colonial Pipeline ransomware halted fuel supply for days.

Statistic 26

The average time to identify a breach was 204 days in 2023.

Statistic 27

Healthcare sector saw average breach cost of $10.93 million in 2023.

Statistic 28

82% of breaches involved compromised identities.

Statistic 29

Financial services breach costs averaged $5.9 million.

Statistic 30

Over 3,200 data breaches reported in the US in 2023.

Statistic 31

Equifax breach exposed 147 million records in 2017, with ongoing impacts.

Statistic 32

SolarWinds breach compromised 18,000 organizations.

Statistic 33

Change Healthcare breach in 2024 disrupted payments for weeks.

Statistic 34

62% of breaches involved stolen credentials.

Statistic 35

Average breach notification time was 49 days.

Statistic 36

Retail sector breaches cost $3.36 million on average.

Statistic 37

83 million records exposed in US breaches in Q1 2024.

Statistic 38

Public sector breach costs hit $4.88 million average.

Statistic 39

95% of breaches involved human error or behavior.

Statistic 40

MGM Resorts breach in 2023 cost $100 million.

Statistic 41

2.6 billion personal records compromised globally in 2023.

Statistic 42

Energy sector saw 21% increase in breaches.

Statistic 43

Average containment time for breaches was 77 days.

Statistic 44

51% of breaches were ransomware-related.

Statistic 45

Average breach cost for critical infrastructure $5.1M.

Statistic 46

17.4 million records exposed in education breaches.

Statistic 47

Okta breach in 2022 affected 366 customers.

Statistic 48

43% of breaches from external actors.

Statistic 49

Yahoo breach 2013-2014 exposed 3 billion accounts.

Statistic 50

Manufacturing breach costs averaged $4.82M.

Statistic 51

88% of orgs had >1 breach in 2023.

Statistic 52

Twilio breach 2022 impacted 163 customers.

Statistic 53

Detection time down 4% but still 277 days total cycle.

Statistic 54

25% of breaches cost over $5 million.

Statistic 55

Phishing emails rose 58% to 3.4 billion in 2023.

Statistic 56

90% of breaches start with phishing.

Statistic 57

Spear-phishing success rate is 70% higher than generic.

Statistic 58

36% of users click phishing links in simulations.

Statistic 59

Vishing attacks increased 329% in 2023.

Statistic 60

Smishing incidents up 328% year-over-year.

Statistic 61

Average phishing campaign lasts 25 hours.

Statistic 62

84% of orgs faced phishing in 2023.

Statistic 63

BEC phishing caused $43 billion losses since 2016.

Statistic 64

1 in 10 emails contain phishing elements.

Statistic 65

Training reduces phishing susceptibility by 40%.

Statistic 66

MFA fatigue attacks succeeded in 55% cases.

Statistic 67

QR code phishing (quishing) up 51%.

Statistic 68

74% of ransomware starts with phishing.

Statistic 69

AI-generated phishing emails fool 60% more users.

Statistic 70

22% of breaches from phishing attachments.

Statistic 71

68% of users fail to report phishing.

Statistic 72

Phishing simulation click rate averages 27%.

Statistic 73

95% of cybersecurity issues from human error.

Statistic 74

1.2 million phishing kits available online.

Statistic 75

300,000 unique phishing attacks daily.

Statistic 76

83% of users recognize phishing after training.

Statistic 77

WhatsApp phishing up 1300%.

Statistic 78

16% of breaches from social engineering.

Statistic 79

Average BEC loss $120,000 per incident.

Statistic 80

47% of orgs hit by credential stuffing.

Statistic 81

Email open rate for phishing 42%.

Statistic 82

61% of C-level execs targeted by phishing.

Statistic 83

Global cyber investment reached $188 billion in 2023.

Statistic 84

93% of orgs increased security budgets in 2024.

Statistic 85

Zero-trust adoption grew to 81% of enterprises.

Statistic 86

EDR market size hit $10.2 billion in 2023.

Statistic 87

76% of orgs use AI in cybersecurity.

Statistic 88

Global MSSP market to reach $69 billion by 2028.

Statistic 89

87% plan to invest in cloud security.

Statistic 90

SOC spending up 15% to $52 billion.

Statistic 91

MFA adoption at 72% but bypasses common.

Statistic 92

SIEM market valued at $5.3 billion in 2023.

Statistic 93

65% of CISOs report budget increases.

Statistic 94

Ransomware defense spending doubled since 2020.

Statistic 95

94% of boards discuss cybersecurity quarterly.

Statistic 96

XDR adoption up 200% in two years.

Statistic 97

Cyber insurance premiums rose 25% in 2023.

Statistic 98

82% of orgs prioritize threat intelligence.

Statistic 99

Global cybersecurity workforce gap at 3.5 million.

Statistic 100

55% allocate >10% budget to training.

Statistic 101

CASB market to grow to $12.5 billion by 2027.

Statistic 102

70% of orgs invested in SASE in 2023.

Statistic 103

Global cybersecurity spending forecast $215B in 2024.

Statistic 104

89% of CISOs face budget constraints.

Statistic 105

Cloud security spending up 24%.

Statistic 106

67% invest in threat hunting tools.

Statistic 107

Cyber insurance market $14B in premiums.

Statistic 108

28,000 CVEs published in 2023, highest ever.

Statistic 109

23% of vulnerabilities rated critical (CVSS 9.0+).

Statistic 110

Heartbleed (CVE-2014-0160) affected 17% of HTTPS servers.

Statistic 111

EternalBlue (CVE-2017-0144) exploited in WannaCry, affecting 200k systems.

Statistic 112

97% of vulnerabilities unpatched after 90 days in orgs.

Statistic 113

Log4j vulnerability scanned 100 times per minute peak.

Statistic 114

Over 60,000 vulnerabilities in top 100 apps.

Statistic 115

75% of apps have high/medium severity vulns.

Statistic 116

Patch Tuesday fixed 67 flaws in March 2024.

Statistic 117

40% of breaches exploit known vulns >1 year old.

Statistic 118

Android vulns totaled 1,223 in 2023.

Statistic 119

Chrome zero-days exploited 8 times in 2023.

Statistic 120

NVD backlog hit 30,000 entries in 2023.

Statistic 121

85% of orgs have unpatched critical vulns.

Statistic 122

ProxyShell (CVE-2021-34473) exploited in 30k servers.

Statistic 123

1 in 5 Windows vulns are remote code execution.

Statistic 124

Java vulns average 300 per year.

Statistic 125

62% of critical vulns lack public exploits initially.

Statistic 126

iOS zero-days patched 14 in 2023.

Statistic 127

91% of orgs vulnerable to ransomware via unpatched systems.

Statistic 128

BlueKeep (CVE-2019-0708) could affect 1 billion devices.

Statistic 129

45% of vulns in open source components.

Statistic 130

Pwn2Own 2023 awarded $1M+ for exploits.

Statistic 131

78% of codebases have outdated libraries.

Statistic 132

Spectre/Meltdown affected nearly all CPUs.

Statistic 133

Average time to patch critical vuln: 18 days.

Statistic 134

9,000+ flaws in 2023 Microsoft patches.

Statistic 135

SSL/TLS vulns in 15% of sites.

Statistic 136

35% of exploits target web apps.

Statistic 137

Rowhammer attacks viable on DDR4.

Statistic 138

50% of orgs run unsupported software.

Statistic 139

Adobe Flash EOL led to 0-days surge.

Sources
Trusted by 500+ publications
Harvard Business ReviewThe GuardianFortune+497
With ransomware attacks nearly doubling, phishing scams evolving at an alarming rate, and data breaches costing companies millions, the alarming statistics from 2023 make it undeniably clear that cybersecurity is no longer a technical issue but a critical survival skill for every organization.

Key Takeaways

  • In 2023, ransomware attacks increased by 93% year-over-year, affecting over 2,200 organizations globally.
  • Phishing remains the top initial access vector, involved in 36% of breaches according to the 2024 DBIR.
  • DDoS attacks surged by 117% in 2023, with over 10 million incidents recorded.
  • The average time to identify a breach was 204 days in 2023.
  • Healthcare sector saw average breach cost of $10.93 million in 2023.
  • 82% of breaches involved compromised identities.
  • 28,000 CVEs published in 2023, highest ever.
  • 23% of vulnerabilities rated critical (CVSS 9.0+).
  • Heartbleed (CVE-2014-0160) affected 17% of HTTPS servers.
  • Phishing emails rose 58% to 3.4 billion in 2023.
  • 90% of breaches start with phishing.
  • Spear-phishing success rate is 70% higher than generic.
  • Global cyber investment reached $188 billion in 2023.
  • 93% of orgs increased security budgets in 2024.
  • Zero-trust adoption grew to 81% of enterprises.

Cyber threats surged dramatically in 2023, making attacks more frequent and costly than ever.

Cyber Threats

  • In 2023, ransomware attacks increased by 93% year-over-year, affecting over 2,200 organizations globally.
  • Phishing remains the top initial access vector, involved in 36% of breaches according to the 2024 DBIR.
  • DDoS attacks surged by 117% in 2023, with over 10 million incidents recorded.
  • Supply chain attacks rose by 42% in 2023, impacting third-party vendors extensively.
  • Cryptojacking incidents increased by 89% in Q4 2023 compared to previous quarters.
  • Mobile malware samples grew to over 12.7 million in 2023, a 24% increase.
  • IoT botnets like Mirai variants launched 65% more attacks in 2023.
  • Zero-day exploits were used in 12% of attacks tracked in 2023.
  • Insider threat incidents rose by 44% from 2022 to 2023.
  • APT groups conducted 78% of state-sponsored cyber espionage in 2023.
  • Malware-as-a-Service offerings proliferated, with 1,500+ new variants in 2023.
  • Deepfake-related cyber fraud attempts increased by 300% in 2023.
  • Cloud misconfigurations led to 19% of breaches in 2023.
  • 80% of organizations experienced at least one cyber attack in 2023.
  • Ransomware payments averaged $1.54 million per incident in 2023.
  • BEC scams caused $2.9 billion in losses in 2023.
  • Vulnerability exploitation accounted for 29% of breaches.
  • Over 5,200 vulnerabilities disclosed in Q1 2024 alone.
  • Log4Shell (CVE-2021-44228) was exploited in 25% of attacks post-disclosure.
  • MOVEit Transfer breach affected 2,700 organizations in 2023.
  • In 2023, 74% of breaches involved stolen credentials.
  • State-sponsored attacks targeted critical infrastructure 42% more.
  • Fileless malware detections up 225% in 2023.
  • Over 1.1 million phishing sites blocked daily.
  • Colonial Pipeline ransomware halted fuel supply for days.

Cyber Threats Interpretation

The threat landscape of 2023 resembles a chaotic, multi-front war where the enemy has not only multiplied its soldiers, diversified its weapons, and perfected its scams, but has also convincingly learned to wear our uniforms, all while we keep leaving the keys under the doormat and the back door wide open.

Data Breaches

  • The average time to identify a breach was 204 days in 2023.
  • Healthcare sector saw average breach cost of $10.93 million in 2023.
  • 82% of breaches involved compromised identities.
  • Financial services breach costs averaged $5.9 million.
  • Over 3,200 data breaches reported in the US in 2023.
  • Equifax breach exposed 147 million records in 2017, with ongoing impacts.
  • SolarWinds breach compromised 18,000 organizations.
  • Change Healthcare breach in 2024 disrupted payments for weeks.
  • 62% of breaches involved stolen credentials.
  • Average breach notification time was 49 days.
  • Retail sector breaches cost $3.36 million on average.
  • 83 million records exposed in US breaches in Q1 2024.
  • Public sector breach costs hit $4.88 million average.
  • 95% of breaches involved human error or behavior.
  • MGM Resorts breach in 2023 cost $100 million.
  • 2.6 billion personal records compromised globally in 2023.
  • Energy sector saw 21% increase in breaches.
  • Average containment time for breaches was 77 days.
  • 51% of breaches were ransomware-related.
  • Average breach cost for critical infrastructure $5.1M.
  • 17.4 million records exposed in education breaches.
  • Okta breach in 2022 affected 366 customers.
  • 43% of breaches from external actors.
  • Yahoo breach 2013-2014 exposed 3 billion accounts.
  • Manufacturing breach costs averaged $4.82M.
  • 88% of orgs had >1 breach in 2023.
  • Twilio breach 2022 impacted 163 customers.
  • Detection time down 4% but still 277 days total cycle.
  • 25% of breaches cost over $5 million.

Data Breaches Interpretation

These statistics depict a relentless and expensive game of digital whack-a-mole, where our own mistakes are the mallet and the breaches just keep popping up, costing millions, taking months to notice, and exposing billions of lives piece by piece.

Phishing

  • Phishing emails rose 58% to 3.4 billion in 2023.
  • 90% of breaches start with phishing.
  • Spear-phishing success rate is 70% higher than generic.
  • 36% of users click phishing links in simulations.
  • Vishing attacks increased 329% in 2023.
  • Smishing incidents up 328% year-over-year.
  • Average phishing campaign lasts 25 hours.
  • 84% of orgs faced phishing in 2023.
  • BEC phishing caused $43 billion losses since 2016.
  • 1 in 10 emails contain phishing elements.
  • Training reduces phishing susceptibility by 40%.
  • MFA fatigue attacks succeeded in 55% cases.
  • QR code phishing (quishing) up 51%.
  • 74% of ransomware starts with phishing.
  • AI-generated phishing emails fool 60% more users.
  • 22% of breaches from phishing attachments.
  • 68% of users fail to report phishing.
  • Phishing simulation click rate averages 27%.
  • 95% of cybersecurity issues from human error.
  • 1.2 million phishing kits available online.
  • 300,000 unique phishing attacks daily.
  • 83% of users recognize phishing after training.
  • WhatsApp phishing up 1300%.
  • 16% of breaches from social engineering.
  • Average BEC loss $120,000 per incident.
  • 47% of orgs hit by credential stuffing.
  • Email open rate for phishing 42%.
  • 61% of C-level execs targeted by phishing.

Phishing Interpretation

The sheer volume and sophistication of modern phishing attacks, from AI-generated emails to vishing calls, prove that the most critical vulnerability in cybersecurity isn't a software flaw but the human inbox, which remains stubbornly open for business.

Security Investments

  • Global cyber investment reached $188 billion in 2023.
  • 93% of orgs increased security budgets in 2024.
  • Zero-trust adoption grew to 81% of enterprises.
  • EDR market size hit $10.2 billion in 2023.
  • 76% of orgs use AI in cybersecurity.
  • Global MSSP market to reach $69 billion by 2028.
  • 87% plan to invest in cloud security.
  • SOC spending up 15% to $52 billion.
  • MFA adoption at 72% but bypasses common.
  • SIEM market valued at $5.3 billion in 2023.
  • 65% of CISOs report budget increases.
  • Ransomware defense spending doubled since 2020.
  • 94% of boards discuss cybersecurity quarterly.
  • XDR adoption up 200% in two years.
  • Cyber insurance premiums rose 25% in 2023.
  • 82% of orgs prioritize threat intelligence.
  • Global cybersecurity workforce gap at 3.5 million.
  • 55% allocate >10% budget to training.
  • CASB market to grow to $12.5 billion by 2027.
  • 70% of orgs invested in SASE in 2023.
  • Global cybersecurity spending forecast $215B in 2024.
  • 89% of CISOs face budget constraints.
  • Cloud security spending up 24%.
  • 67% invest in threat hunting tools.
  • Cyber insurance market $14B in premiums.

Security Investments Interpretation

The statistics paint a clear picture: we are frantically building a thicker, taller, and more expensive wall while knowing full well that the ladder factory next door can't keep up with demand.

Vulnerabilities

  • 28,000 CVEs published in 2023, highest ever.
  • 23% of vulnerabilities rated critical (CVSS 9.0+).
  • Heartbleed (CVE-2014-0160) affected 17% of HTTPS servers.
  • EternalBlue (CVE-2017-0144) exploited in WannaCry, affecting 200k systems.
  • 97% of vulnerabilities unpatched after 90 days in orgs.
  • Log4j vulnerability scanned 100 times per minute peak.
  • Over 60,000 vulnerabilities in top 100 apps.
  • 75% of apps have high/medium severity vulns.
  • Patch Tuesday fixed 67 flaws in March 2024.
  • 40% of breaches exploit known vulns >1 year old.
  • Android vulns totaled 1,223 in 2023.
  • Chrome zero-days exploited 8 times in 2023.
  • NVD backlog hit 30,000 entries in 2023.
  • 85% of orgs have unpatched critical vulns.
  • ProxyShell (CVE-2021-34473) exploited in 30k servers.
  • 1 in 5 Windows vulns are remote code execution.
  • Java vulns average 300 per year.
  • 62% of critical vulns lack public exploits initially.
  • iOS zero-days patched 14 in 2023.
  • 91% of orgs vulnerable to ransomware via unpatched systems.
  • BlueKeep (CVE-2019-0708) could affect 1 billion devices.
  • 45% of vulns in open source components.
  • Pwn2Own 2023 awarded $1M+ for exploits.
  • 78% of codebases have outdated libraries.
  • Spectre/Meltdown affected nearly all CPUs.
  • Average time to patch critical vuln: 18 days.
  • 9,000+ flaws in 2023 Microsoft patches.
  • SSL/TLS vulns in 15% of sites.
  • 35% of exploits target web apps.
  • Rowhammer attacks viable on DDR4.
  • 50% of orgs run unsupported software.
  • Adobe Flash EOL led to 0-days surge.

Vulnerabilities Interpretation

While our digital fortress logs a record number of new cracks each year, we remain a stubbornly porous society, patching slowly if at all, as old keys still open far too many doors.

Sources & References

Logos provided by Logo.dev