Phishing drove 36% of breaches as the most common initial access vector in the 2023 DBIR, and compromised credentials appeared in 82% of breaches. Ransomware attacks rose 73% year-over-year in 2023, impacting over 2,200 organizations globally. Together, these figures show why defenders are prioritizing identity controls and detection that closes gaps instead of relying on perimeter-only defenses.
Key Takeaways
- In 2023, ransomware attacks increased by 73% year-over-year, affecting over 2,200 organizations globally
- 82% of breaches involved compromised credentials in 2023 DBIR
- Global cybersecurity spending hit $188B in 2023, up 11.4%
- 45% of employees clicked phishing links in 2023 simulations
- 83% of companies had MFA implemented by end of 2023
This year’s security statistics highlight how quickly attackers adapt, making strong defenses and vigilance essential.
Related reading
01 · Category
Cyber Threats20 stats
01
In 2023, ransomware attacks increased by 73% year-over-year, affecting over 2,200 organizations globally
02
Phishing remains the most common initial access vector, involved in 36% of breaches according to the 2023 DBIR
03
DDoS attacks surged by 200% in the financial sector during Q4 2023, peaking at 5.4 million packets per second
04
Supply chain attacks rose by 42% in 2023, with 15 notable incidents impacting Fortune 1000 companies
05
IoT devices were exploited in 25% of botnet-related attacks in 2023, forming over 1 million strong networks
06
Cryptojacking incidents increased by 29% in cloud environments in 2023
07
Nation-state actors conducted 168 espionage campaigns targeting critical infrastructure in 2023
08
Zero-day vulnerabilities were exploited in 12% of advanced persistent threats in 2023
09
Mobile malware samples grew to 12.7 million in 2023, a 12% increase
10
Insider threats accounted for 20% of cyber incidents involving data exfiltration in 2023
11
BEC scams resulted in $2.9 billion losses in 2023, up 15% from 2022
12
Vulnerability exploitation rate hit 62% within 30 days of disclosure in 2023
13
APT groups targeted healthcare 3x more than average sectors in 2023
14
Fileless malware detections rose 105% in enterprises in 2023
15
Deepfake-related phishing attacks increased by 550% in 2023
16
Cloud misconfigurations led to 88% of cloud security incidents in 2023
17
Ransomware-as-a-Service kits proliferated to over 150 groups in 2023
18
DNS tunneling used in 19% of data exfiltration attempts in 2023
19
Android banking trojans stole credentials from 1.5 million users in 2023
20
Hybrid warfare cyber ops numbered 45 in 2023 against Ukraine alone
Interpretation
Cyber Threats Interpretation
In a year where phishing baited the trap, ransomware cashed the check, and every gadget from your phone to your fridge seemed to be plotting against the grid, 2023 proved that the only thing outpacing our digital innovation is our adversaries' stunningly efficient knack for exploiting it.
02 · Category
Data Breaches20 stats
01
82% of breaches involved compromised credentials in 2023 DBIR
02
Average cost of a data breach reached $4.45 million in 2023, up 15% over 3 years
03
Healthcare breaches exposed 112 million records in 2023
04
3,205 data breaches confirmed in US in 2023, affecting 353 million people
05
Retail sector saw 1,800 breaches in 2023, 22% of total
06
Time to identify a breach averaged 204 days in 2023
07
74% of breaches involved a human element per 2023 DBIR
08
Mega-breaches (>1M records) numbered 62 in 2023
09
Financial services breaches cost $5.9M average in 2023
10
43% of breaches exploited stolen credentials
11
Public sector breaches up 25% in 2023, exposing 50M records
12
Ransomware caused 24% of healthcare breaches in 2023
13
Average breach containment time was 73 days in 2023
14
Education sector had 1,200 breaches, affecting 12M students
15
Third-party breaches rose to 44% of total in 2023
16
65% of breaches involved malicious attacks
17
Energy sector breaches doubled to 150 in 2023
18
Lost/stolen devices caused 19% of breaches
19
Global breaches exposed 8.8 billion records in 2023
20
51% organizations experienced a breach in 2023 Ponemon survey
Interpretation
Data Breaches Interpretation
The digital keys are being left in the front door, the thieves are getting greedier and faster, and the bill for our collective carelessness now averages a punishing $4.45 million per incident, proving that when it comes to cybersecurity, humanity remains its own most expensive vulnerability.
03 · Category
Economic Impact20 stats
01
Global cybersecurity spending hit $188B in 2023, up 11.4%
02
Average ransomware payment $1.54M in 2023
03
Data breach fines totaled $4.45B globally in 2023
04
Cybersecurity insurance premiums rose 25% averaging $2,500 per $1M coverage 2023
05
Productivity losses from cyber incidents cost $1.8T annually projected for 2023
06
300,000 cybersecurity jobs unfilled in US 2023, costing $100B in potential revenue
07
ROI on EDR averaged 7.3:1 in 2023 studies
08
Phishing training ROI at 673% per KnowBe4 2023
09
Global cybercrime costs reached $8T in 2023
10
Breach notification costs averaged $0.31per record in 2023
11
Security operations centers saved $4.5M avg in breach costs 2023
12
MFA implementation reduced breach costs by 50% avg 2023
13
Ransomware recovery without backup cost 2x more in 2023
14
Cyber insurance claims hit $1.6B in Q1 2023 alone
15
Zero Trust saved 30% on security spend long-term 2023 pilots
16
Incident response retainers prevented $2M avg escalation 2023
17
75% of CISOs reported budget increases of 10%+ in 2023
18
Downtime from DDoS cost $42K per hour avg 2023
19
Patch management ROI 11:1 in preventing exploits 2023
20
By 2025, cybercrime costs projected $10.5T annually from 2023 baseline
Interpretation
Economic Impact Interpretation
We are collectively spending a fortune to arm ourselves against digital bandits, yet the most cost-effective weapons in our arsenal—like teaching our staff not to click on suspicious links—continue to be tragically undervalued.
More related reading
04 · Category
Human Factors17 stats
01
45% of employees clicked phishing links in 2023 simulations
02
Security awareness training reduced incidents by 47% in trained groups 2023
03
34% of users shared passwords with colleagues per 2023 survey
04
Insider negligence caused 60% of breaches in 2023 Verizon DBIR
05
22% increase in social engineering success rates post-remote work in 2023
06
Only 26% of employees can identify AI-generated phishing in 2023 tests
07
Password reuse across personal/work accounts at 59% in 2023
08
91% of orgs reported phishing attempts monthly in 2023
09
Vishing attacks tricked 18% of call center staff in 2023 drills
10
40% of remote workers bypassed VPN policies in 2023
11
Security fatigue led to 28% ignoring alerts in 2023 surveys
12
55% of millennials used same password everywhere in 2023
13
Smishing success rate at 12% in mobile users 2023
14
Only 35% reported suspicious emails promptly in 2023
15
Privilege abuse by insiders up 41% in 2023
16
68% fell for pretexting scams in simulations 2023
17
Training completion rates averaged 82% but retention only 60% after 6 months 2023
Interpretation
Human Factors Interpretation
The data paints a grim portrait of our digital defenses, where the greatest vulnerability isn't a firewall but the human who, despite training, still clicks the link, shares the password, and then ignores the alarm because they're just plain tired of it all.
05 · Category
Security Technologies18 stats
01
83% of companies had MFA implemented by end of 2023
02
EDR adoption reached 68% in enterprises in 2023
03
Zero Trust models deployed by 52% of Fortune 500 in 2023
04
SASE solutions grew 45% in market share to $2.8B in 2023
05
AI-driven threat detection reduced false positives by 40% in 2023 trials
06
Cloud security posture management tools used by 75% of AWS customers in 2023
07
Passwordless auth adoption hit 30% in financial firms 2023
08
SIEM market expanded to $5.5B with 12% growth in 2023
09
XDR platforms prevented 95% of known threats in 2023 tests
10
92% of orgs used encryption for sensitive data in 2023
11
DLP solutions blocked 2.5M exfiltration attempts avg per org in 2023
12
CASB adoption reached 60% in hybrid cloud setups 2023
13
SOAR automation saved 25% on response times in 2023
14
78% deployed web app firewalls in 2023
15
Quantum-safe crypto piloted by 15% of banks in 2023
16
Vulnerability management scanning frequency increased to weekly for 55% orgs
17
67% integrated threat intel platforms in 2023
18
Email security gateways filtered 99.9% of phishing in 2023 benchmarks
Interpretation
Security Technologies Interpretation
Despite deploying an impressive arsenal of security tools, the fact that phishing still slips through 0.1% of the time is a stark reminder that the human element remains both our weakest link and our greatest asset.
Reference
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
APA
Nathan Caldwell. (2026, February 13). Information Security Statistics. Gitnux. https://gitnux.org/information-security-statistics
MLA
Nathan Caldwell. "Information Security Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/information-security-statistics.
Chicago
Nathan Caldwell. 2026. "Information Security Statistics." Gitnux. https://gitnux.org/information-security-statistics.
Sources & references
62 datasets cited across this report · attribution is report-level
akamai.com
aws.amazon.com