GITNUXREPORT 2026

Computer Security Statistics

Cyber threats surged dramatically in 2023, making attacks more frequent and costly than ever.

Written by Marcus Engström·Edited by Abigail Foster·Fact-checked by Claire Beaumont

Published Feb 13, 2026·Last verified Feb 13, 2026·Next review: Aug 2026

How We Build This Report

Primary Source Collection

Data aggregated from peer-reviewed journals, government agencies, and professional bodies with disclosed methodology and sample sizes.

Editorial Curation

Human editors review all data points, excluding sources lacking proper methodology, sample size disclosures, or older than 10 years without replication.

AI-Powered Verification

Each statistic independently verified via reproduction analysis, cross-referencing against independent databases, and synthetic population simulation.

Human Cross-Check

Final human editorial review of all AI-verified statistics. Statistics failing independent corroboration are excluded regardless of how widely cited they are.

Statistics that could not be independently verified are excluded regardless of how widely cited they are elsewhere.

Our process →

Statistic 1

In 2023, ransomware attacks increased by 93% year-over-year, affecting over 2,200 organizations globally.

Statistic 2

Phishing remains the top initial access vector, involved in 36% of breaches according to the 2024 DBIR.

Statistic 3

DDoS attacks surged by 117% in 2023, with over 10 million incidents recorded.

Statistic 4

Supply chain attacks rose by 42% in 2023, impacting third-party vendors extensively.

Statistic 5

Cryptojacking incidents increased by 89% in Q4 2023 compared to previous quarters.

Statistic 6

Mobile malware samples grew to over 12.7 million in 2023, a 24% increase.

Statistic 7

IoT botnets like Mirai variants launched 65% more attacks in 2023.

Statistic 8

Zero-day exploits were used in 12% of attacks tracked in 2023.

Statistic 9

Insider threat incidents rose by 44% from 2022 to 2023.

Statistic 10

APT groups conducted 78% of state-sponsored cyber espionage in 2023.

Statistic 11

Malware-as-a-Service offerings proliferated, with 1,500+ new variants in 2023.

Statistic 12

Deepfake-related cyber fraud attempts increased by 300% in 2023.

Statistic 13

Cloud misconfigurations led to 19% of breaches in 2023.

Statistic 14

80% of organizations experienced at least one cyber attack in 2023.

Statistic 15

Ransomware payments averaged $1.54 million per incident in 2023.

Statistic 16

BEC scams caused $2.9 billion in losses in 2023.

Statistic 17

Vulnerability exploitation accounted for 29% of breaches.

Statistic 18

Over 5,200 vulnerabilities disclosed in Q1 2024 alone.

Statistic 19

Log4Shell (CVE-2021-44228) was exploited in 25% of attacks post-disclosure.

Statistic 20

MOVEit Transfer breach affected 2,700 organizations in 2023.

Statistic 21

In 2023, 74% of breaches involved stolen credentials.

Statistic 22

State-sponsored attacks targeted critical infrastructure 42% more.

Statistic 23

Fileless malware detections up 225% in 2023.

Statistic 24

Over 1.1 million phishing sites blocked daily.

Statistic 25

Colonial Pipeline ransomware halted fuel supply for days.

Statistic 26

The average time to identify a breach was 204 days in 2023.

Statistic 27

Healthcare sector saw average breach cost of $10.93 million in 2023.

Statistic 28

82% of breaches involved compromised identities.

Statistic 29

Financial services breach costs averaged $5.9 million.

Statistic 30

Over 3,200 data breaches reported in the US in 2023.

Statistic 31

Equifax breach exposed 147 million records in 2017, with ongoing impacts.

Statistic 32

SolarWinds breach compromised 18,000 organizations.

Statistic 33

Change Healthcare breach in 2024 disrupted payments for weeks.

Statistic 34

62% of breaches involved stolen credentials.

Statistic 35

Average breach notification time was 49 days.

Statistic 36

Retail sector breaches cost $3.36 million on average.

Statistic 37

83 million records exposed in US breaches in Q1 2024.

Statistic 38

Public sector breach costs hit $4.88 million average.

Statistic 39

95% of breaches involved human error or behavior.

Statistic 40

MGM Resorts breach in 2023 cost $100 million.

Statistic 41

2.6 billion personal records compromised globally in 2023.

Statistic 42

Energy sector saw 21% increase in breaches.

Statistic 43

Average containment time for breaches was 77 days.

Statistic 44

51% of breaches were ransomware-related.

Statistic 45

Average breach cost for critical infrastructure $5.1M.

Statistic 46

17.4 million records exposed in education breaches.

Statistic 47

Okta breach in 2022 affected 366 customers.

Statistic 48

43% of breaches from external actors.

Statistic 49

Yahoo breach 2013-2014 exposed 3 billion accounts.

Statistic 50

Manufacturing breach costs averaged $4.82M.

Statistic 51

88% of orgs had >1 breach in 2023.

Statistic 52

Twilio breach 2022 impacted 163 customers.

Statistic 53

Detection time down 4% but still 277 days total cycle.

Statistic 54

25% of breaches cost over $5 million.

Statistic 55

Phishing emails rose 58% to 3.4 billion in 2023.

Statistic 56

90% of breaches start with phishing.

Statistic 57

Spear-phishing success rate is 70% higher than generic.

Statistic 58

36% of users click phishing links in simulations.

Statistic 59

Vishing attacks increased 329% in 2023.

Statistic 60

Smishing incidents up 328% year-over-year.

Statistic 61

Average phishing campaign lasts 25 hours.

Statistic 62

84% of orgs faced phishing in 2023.

Statistic 63

BEC phishing caused $43 billion losses since 2016.

Statistic 64

1 in 10 emails contain phishing elements.

Statistic 65

Training reduces phishing susceptibility by 40%.

Statistic 66

MFA fatigue attacks succeeded in 55% cases.

Statistic 67

QR code phishing (quishing) up 51%.

Statistic 68

74% of ransomware starts with phishing.

Statistic 69

AI-generated phishing emails fool 60% more users.

Statistic 70

22% of breaches from phishing attachments.

Statistic 71

68% of users fail to report phishing.

Statistic 72

Phishing simulation click rate averages 27%.

Statistic 73

95% of cybersecurity issues from human error.

Statistic 74

1.2 million phishing kits available online.

Statistic 75

300,000 unique phishing attacks daily.

Statistic 76

83% of users recognize phishing after training.

Statistic 77

WhatsApp phishing up 1300%.

Statistic 78

16% of breaches from social engineering.

Statistic 79

Average BEC loss $120,000 per incident.

Statistic 80

47% of orgs hit by credential stuffing.

Statistic 81

Email open rate for phishing 42%.

Statistic 82

61% of C-level execs targeted by phishing.

Statistic 83

Global cyber investment reached $188 billion in 2023.

Statistic 84

93% of orgs increased security budgets in 2024.

Statistic 85

Zero-trust adoption grew to 81% of enterprises.

Statistic 86

EDR market size hit $10.2 billion in 2023.

Statistic 87

76% of orgs use AI in cybersecurity.

Statistic 88

Global MSSP market to reach $69 billion by 2028.

Statistic 89

87% plan to invest in cloud security.

Statistic 90

SOC spending up 15% to $52 billion.

Statistic 91

MFA adoption at 72% but bypasses common.

Statistic 92

SIEM market valued at $5.3 billion in 2023.

Statistic 93

65% of CISOs report budget increases.

Statistic 94

Ransomware defense spending doubled since 2020.

Statistic 95

94% of boards discuss cybersecurity quarterly.

Statistic 96

XDR adoption up 200% in two years.

Statistic 97

Cyber insurance premiums rose 25% in 2023.

Statistic 98

82% of orgs prioritize threat intelligence.

Statistic 99

Global cybersecurity workforce gap at 3.5 million.

Statistic 100

55% allocate >10% budget to training.

Statistic 101

CASB market to grow to $12.5 billion by 2027.

Statistic 102

70% of orgs invested in SASE in 2023.

Statistic 103

Global cybersecurity spending forecast $215B in 2024.

Statistic 104

89% of CISOs face budget constraints.

Statistic 105

Cloud security spending up 24%.

Statistic 106

67% invest in threat hunting tools.

Statistic 107

Cyber insurance market $14B in premiums.

Statistic 108

28,000 CVEs published in 2023, highest ever.

Statistic 109

23% of vulnerabilities rated critical (CVSS 9.0+).

Statistic 110

Heartbleed (CVE-2014-0160) affected 17% of HTTPS servers.

Statistic 111

EternalBlue (CVE-2017-0144) exploited in WannaCry, affecting 200k systems.

Statistic 112

97% of vulnerabilities unpatched after 90 days in orgs.

Statistic 113

Log4j vulnerability scanned 100 times per minute peak.

Statistic 114

Over 60,000 vulnerabilities in top 100 apps.

Statistic 115

75% of apps have high/medium severity vulns.

Statistic 116

Patch Tuesday fixed 67 flaws in March 2024.

Statistic 117

40% of breaches exploit known vulns >1 year old.

Statistic 118

Android vulns totaled 1,223 in 2023.

Statistic 119

Chrome zero-days exploited 8 times in 2023.

Statistic 120

NVD backlog hit 30,000 entries in 2023.

Statistic 121

85% of orgs have unpatched critical vulns.

Statistic 122

ProxyShell (CVE-2021-34473) exploited in 30k servers.

Statistic 123

1 in 5 Windows vulns are remote code execution.

Statistic 124

Java vulns average 300 per year.

Statistic 125

62% of critical vulns lack public exploits initially.

Statistic 126

iOS zero-days patched 14 in 2023.

Statistic 127

91% of orgs vulnerable to ransomware via unpatched systems.

Statistic 128

BlueKeep (CVE-2019-0708) could affect 1 billion devices.

Statistic 129

45% of vulns in open source components.

Statistic 130

Pwn2Own 2023 awarded $1M+ for exploits.

Statistic 131

78% of codebases have outdated libraries.

Statistic 132

Spectre/Meltdown affected nearly all CPUs.

Statistic 133

Average time to patch critical vuln: 18 days.

Statistic 134

9,000+ flaws in 2023 Microsoft patches.

Statistic 135

SSL/TLS vulns in 15% of sites.

Statistic 136

35% of exploits target web apps.

Statistic 137

Rowhammer attacks viable on DDR4.

Statistic 138

50% of orgs run unsupported software.

Statistic 139

Adobe Flash EOL led to 0-days surge.

1/139

Sources

Trusted by 500+ publications

+497

With ransomware attacks nearly doubling, phishing scams evolving at an alarming rate, and data breaches costing companies millions, the alarming statistics from 2023 make it undeniably clear that cybersecurity is no longer a technical issue but a critical survival skill for every organization.

Key Takeaways

In 2023, ransomware attacks increased by 93% year-over-year, affecting over 2,200 organizations globally.
Phishing remains the top initial access vector, involved in 36% of breaches according to the 2024 DBIR.
DDoS attacks surged by 117% in 2023, with over 10 million incidents recorded.
The average time to identify a breach was 204 days in 2023.
Healthcare sector saw average breach cost of $10.93 million in 2023.
82% of breaches involved compromised identities.
28,000 CVEs published in 2023, highest ever.
23% of vulnerabilities rated critical (CVSS 9.0+).
Heartbleed (CVE-2014-0160) affected 17% of HTTPS servers.
Phishing emails rose 58% to 3.4 billion in 2023.
90% of breaches start with phishing.
Spear-phishing success rate is 70% higher than generic.
Global cyber investment reached $188 billion in 2023.
93% of orgs increased security budgets in 2024.
Zero-trust adoption grew to 81% of enterprises.

Cyber threats surged dramatically in 2023, making attacks more frequent and costly than ever.

Cyber Threats

1In 2023, ransomware attacks increased by 93% year-over-year, affecting over 2,200 organizations globally.

Verified

2Phishing remains the top initial access vector, involved in 36% of breaches according to the 2024 DBIR.

Verified

3DDoS attacks surged by 117% in 2023, with over 10 million incidents recorded.

Verified

4Supply chain attacks rose by 42% in 2023, impacting third-party vendors extensively.

Directional

5Cryptojacking incidents increased by 89% in Q4 2023 compared to previous quarters.

Single source

6Mobile malware samples grew to over 12.7 million in 2023, a 24% increase.

Verified

7IoT botnets like Mirai variants launched 65% more attacks in 2023.

Verified

8Zero-day exploits were used in 12% of attacks tracked in 2023.

Verified

9Insider threat incidents rose by 44% from 2022 to 2023.

Directional

10APT groups conducted 78% of state-sponsored cyber espionage in 2023.

Single source

11Malware-as-a-Service offerings proliferated, with 1,500+ new variants in 2023.

Verified

12Deepfake-related cyber fraud attempts increased by 300% in 2023.

Verified

13Cloud misconfigurations led to 19% of breaches in 2023.

Verified

1480% of organizations experienced at least one cyber attack in 2023.

Directional

15Ransomware payments averaged $1.54 million per incident in 2023.

Single source

16BEC scams caused $2.9 billion in losses in 2023.

Verified

17Vulnerability exploitation accounted for 29% of breaches.

Verified

18Over 5,200 vulnerabilities disclosed in Q1 2024 alone.

Verified

19Log4Shell (CVE-2021-44228) was exploited in 25% of attacks post-disclosure.

Directional

20MOVEit Transfer breach affected 2,700 organizations in 2023.

Single source

21In 2023, 74% of breaches involved stolen credentials.

Verified

22State-sponsored attacks targeted critical infrastructure 42% more.

Verified

23Fileless malware detections up 225% in 2023.

Verified

24Over 1.1 million phishing sites blocked daily.

Directional

25Colonial Pipeline ransomware halted fuel supply for days.

Single source

Cyber Threats Interpretation

The threat landscape of 2023 resembles a chaotic, multi-front war where the enemy has not only multiplied its soldiers, diversified its weapons, and perfected its scams, but has also convincingly learned to wear our uniforms, all while we keep leaving the keys under the doormat and the back door wide open.

Data Breaches

1The average time to identify a breach was 204 days in 2023.

Verified

2Healthcare sector saw average breach cost of $10.93 million in 2023.

Verified

382% of breaches involved compromised identities.

Verified

4Financial services breach costs averaged $5.9 million.

Directional

5Over 3,200 data breaches reported in the US in 2023.

Single source

6Equifax breach exposed 147 million records in 2017, with ongoing impacts.

Verified

7SolarWinds breach compromised 18,000 organizations.

Verified

8Change Healthcare breach in 2024 disrupted payments for weeks.

Verified

962% of breaches involved stolen credentials.

Directional

10Average breach notification time was 49 days.

Single source

11Retail sector breaches cost $3.36 million on average.

Verified

1283 million records exposed in US breaches in Q1 2024.

Verified

13Public sector breach costs hit $4.88 million average.

Verified

1495% of breaches involved human error or behavior.

Directional

15MGM Resorts breach in 2023 cost $100 million.

Single source

162.6 billion personal records compromised globally in 2023.

Verified

17Energy sector saw 21% increase in breaches.

Verified

18Average containment time for breaches was 77 days.

Verified

1951% of breaches were ransomware-related.

Directional

20Average breach cost for critical infrastructure $5.1M.

Single source

2117.4 million records exposed in education breaches.

Verified

22Okta breach in 2022 affected 366 customers.

Verified

2343% of breaches from external actors.

Verified

24Yahoo breach 2013-2014 exposed 3 billion accounts.

Directional

25Manufacturing breach costs averaged $4.82M.

Single source

2688% of orgs had >1 breach in 2023.

Verified

27Twilio breach 2022 impacted 163 customers.

Verified

28Detection time down 4% but still 277 days total cycle.

Verified

2925% of breaches cost over $5 million.

Directional

Data Breaches Interpretation

These statistics depict a relentless and expensive game of digital whack-a-mole, where our own mistakes are the mallet and the breaches just keep popping up, costing millions, taking months to notice, and exposing billions of lives piece by piece.

Phishing

1Phishing emails rose 58% to 3.4 billion in 2023.

Verified

290% of breaches start with phishing.

Verified

3Spear-phishing success rate is 70% higher than generic.

Verified

436% of users click phishing links in simulations.

Directional

5Vishing attacks increased 329% in 2023.

Single source

6Smishing incidents up 328% year-over-year.

Verified

7Average phishing campaign lasts 25 hours.

Verified

884% of orgs faced phishing in 2023.

Verified

9BEC phishing caused $43 billion losses since 2016.

Directional

101 in 10 emails contain phishing elements.

Single source

11Training reduces phishing susceptibility by 40%.

Verified

12MFA fatigue attacks succeeded in 55% cases.

Verified

13QR code phishing (quishing) up 51%.

Verified

1474% of ransomware starts with phishing.

Directional

15AI-generated phishing emails fool 60% more users.

Single source

1622% of breaches from phishing attachments.

Verified

1768% of users fail to report phishing.

Verified

18Phishing simulation click rate averages 27%.

Verified

1995% of cybersecurity issues from human error.

Directional

201.2 million phishing kits available online.

Single source

21300,000 unique phishing attacks daily.

Verified

2283% of users recognize phishing after training.

Verified

23WhatsApp phishing up 1300%.

Verified

2416% of breaches from social engineering.

Directional

25Average BEC loss $120,000 per incident.

Single source

2647% of orgs hit by credential stuffing.

Verified

27Email open rate for phishing 42%.

Verified

2861% of C-level execs targeted by phishing.

Verified

Phishing Interpretation

The sheer volume and sophistication of modern phishing attacks, from AI-generated emails to vishing calls, prove that the most critical vulnerability in cybersecurity isn't a software flaw but the human inbox, which remains stubbornly open for business.

Security Investments

1Global cyber investment reached $188 billion in 2023.

Verified

293% of orgs increased security budgets in 2024.

Verified

3Zero-trust adoption grew to 81% of enterprises.

Verified

4EDR market size hit $10.2 billion in 2023.

Directional

576% of orgs use AI in cybersecurity.

Single source

6Global MSSP market to reach $69 billion by 2028.

Verified

787% plan to invest in cloud security.

Verified

8SOC spending up 15% to $52 billion.

Verified

9MFA adoption at 72% but bypasses common.

Directional

10SIEM market valued at $5.3 billion in 2023.

Single source

1165% of CISOs report budget increases.

Verified

12Ransomware defense spending doubled since 2020.

Verified

1394% of boards discuss cybersecurity quarterly.

Verified

14XDR adoption up 200% in two years.

Directional

15Cyber insurance premiums rose 25% in 2023.

Single source

1682% of orgs prioritize threat intelligence.

Verified

17Global cybersecurity workforce gap at 3.5 million.

Verified

1855% allocate >10% budget to training.

Verified

19CASB market to grow to $12.5 billion by 2027.

Directional

2070% of orgs invested in SASE in 2023.

Single source

21Global cybersecurity spending forecast $215B in 2024.

Verified

2289% of CISOs face budget constraints.

Verified

23Cloud security spending up 24%.

Verified

2467% invest in threat hunting tools.

Directional

25Cyber insurance market $14B in premiums.

Single source

Security Investments Interpretation

The statistics paint a clear picture: we are frantically building a thicker, taller, and more expensive wall while knowing full well that the ladder factory next door can't keep up with demand.

Vulnerabilities

128,000 CVEs published in 2023, highest ever.

Verified

223% of vulnerabilities rated critical (CVSS 9.0+).

Verified

3Heartbleed (CVE-2014-0160) affected 17% of HTTPS servers.

Verified

4EternalBlue (CVE-2017-0144) exploited in WannaCry, affecting 200k systems.

Directional

597% of vulnerabilities unpatched after 90 days in orgs.

Single source

6Log4j vulnerability scanned 100 times per minute peak.

Verified

7Over 60,000 vulnerabilities in top 100 apps.

Verified

875% of apps have high/medium severity vulns.

Verified

9Patch Tuesday fixed 67 flaws in March 2024.

Directional

1040% of breaches exploit known vulns >1 year old.

Single source

11Android vulns totaled 1,223 in 2023.

Verified

12Chrome zero-days exploited 8 times in 2023.

Verified

13NVD backlog hit 30,000 entries in 2023.

Verified

1485% of orgs have unpatched critical vulns.

Directional

15ProxyShell (CVE-2021-34473) exploited in 30k servers.

Single source

161 in 5 Windows vulns are remote code execution.

Verified

17Java vulns average 300 per year.

Verified

1862% of critical vulns lack public exploits initially.

Verified

19iOS zero-days patched 14 in 2023.

Directional

2091% of orgs vulnerable to ransomware via unpatched systems.

Single source

21BlueKeep (CVE-2019-0708) could affect 1 billion devices.

Verified

2245% of vulns in open source components.

Verified

23Pwn2Own 2023 awarded $1M+ for exploits.

Verified

2478% of codebases have outdated libraries.

Directional

25Spectre/Meltdown affected nearly all CPUs.

Single source

26Average time to patch critical vuln: 18 days.

Verified

279,000+ flaws in 2023 Microsoft patches.

Verified

28SSL/TLS vulns in 15% of sites.

Verified

2935% of exploits target web apps.

Directional

30Rowhammer attacks viable on DDR4.

Single source

3150% of orgs run unsupported software.

Verified

32Adobe Flash EOL led to 0-days surge.

Verified

Vulnerabilities Interpretation

While our digital fortress logs a record number of new cracks each year, we remain a stubbornly porous society, patching slowly if at all, as old keys still open far too many doors.