Last year, organizations kept getting hit from every direction, from ransomware reporting that topped 791,790 FBI submissions in 2022 to phishing ecosystems that delivered 462,198 new sites detected in Q4 2023. Even more telling, 73% of breaches involved the human element while 36% of organizations also reported web application attacks in 2023, creating a sharp mix of technical and social risk. Internet Dangers puts these figures side by side so you can see where detection gets delayed, controls stay incomplete, and new weaknesses keep arriving.
Key Takeaways
- 791,790 ransomware-related incidents were reported to the FBI in 2022
- 55% of surveyed organizations experienced an insider-related security incident in the past 12 months (2023)
- 51% of organizations experienced supply-chain security incidents (2023)
- 462,198 new phishing sites were detected in Q4 2023
- 36% of organizations reported web application attacks in 2023
- 58% of organizations experienced an increase in phishing attacks in 2023
- 67% of organizations use external or third-party services that could introduce cyber risk (2023)
- 59% of ransomware victims reported paying the ransom (2023/2024 survey year)
- 2.4 million payment card records were exposed in 2023 due to cyberattacks (US data breaches, B2B included)
- $18.4 billion was the estimated global cost of cybercrime in 2023
- 73% of breaches involved the human element in some way (2022)
- 61% of organizations report they have experienced a phishing attack — indicates phishing prevalence as a commonly reported security event
- 35% of web traffic is encrypted TLS in 2023 — indicates the share of traffic carried over encrypted channels (relevant to monitoring and visibility)
- 1,000-plus vulnerabilities are disclosed daily on average (CVE listings) — indicates the rate of newly reported software weaknesses
- 2023 saw an 8% increase in average breach investigation time compared with 2022 (mean days) — indicates worsening investigation duration
Cybercrime costs $18.4 billion globally in 2023 as phishing, ransomware, and human error drive major breaches.
Related reading
Incidents & Victims
1791,790 ransomware-related incidents were reported to the FBI in 2022[1]
Directional
255% of surveyed organizations experienced an insider-related security incident in the past 12 months (2023)[2]
Single source
351% of organizations experienced supply-chain security incidents (2023)[3]
Single source
Incidents & Victims Interpretation
For the Incidents and Victims lens, ransomware hit hard with 791,790 incidents reported to the FBI in 2022, while surveys in 2023 show that 55% of organizations faced insider-related security incidents and 51% reported supply-chain security incidents.
Threat Volume
1462,198 new phishing sites were detected in Q4 2023[4]
Verified
236% of organizations reported web application attacks in 2023[5]
Verified
Threat Volume Interpretation
In the Threat Volume category, the detection of 462,198 new phishing sites in Q4 2023 and the fact that 36% of organizations saw web application attacks in 2023 point to a consistently high stream of online threats.
More related reading
Industry Trends
158% of organizations experienced an increase in phishing attacks in 2023[6]
Directional
267% of organizations use external or third-party services that could introduce cyber risk (2023)[7]
Directional
359% of ransomware victims reported paying the ransom (2023/2024 survey year)[8]
Verified
444.6 million individuals were affected by breaches reported to HHS OCR in 2023[9]
Single source
Industry Trends Interpretation
Industry Trends show that phishing attacks rose for 58% of organizations in 2023 while 67% rely on third party services that can add cyber risk, and those pressures help explain why ransomware victims still pay in 59% of cases.
Data Exposure
12.4 million payment card records were exposed in 2023 due to cyberattacks (US data breaches, B2B included)[10]
Verified
Data Exposure Interpretation
In 2023, data exposure hit hard with 2.4 million payment card records exposed in cyberattacks, underscoring how quickly sensitive financial information can be exposed when defenses fail.
More related reading
Cost Analysis
1$18.4 billion was the estimated global cost of cybercrime in 2023[11]
Verified
Cost Analysis Interpretation
In cost analysis, cybercrime was estimated to cost $18.4 billion globally in 2023, showing that online threats are not just a security issue but a massive financial burden.
User Behavior
173% of breaches involved the human element in some way (2022)[12]
Single source
User Behavior Interpretation
In the User Behavior category, 73% of breaches involved the human element in some way in 2022, showing that user actions and decisions remain a primary driver of real world security incidents.
Threat Activity
161% of organizations report they have experienced a phishing attack — indicates phishing prevalence as a commonly reported security event[13]
Single source
235% of web traffic is encrypted TLS in 2023 — indicates the share of traffic carried over encrypted channels (relevant to monitoring and visibility)[14]
Verified
31,000-plus vulnerabilities are disclosed daily on average (CVE listings) — indicates the rate of newly reported software weaknesses[15]
Verified
4In 2023, 68% of malware samples were packed/obfuscated — indicates defensive significance for detection evasion techniques[16]
Verified
Threat Activity Interpretation
Threat Activity is clearly escalating as 61% of organizations report phishing attacks while more than 1,000 new CVE vulnerabilities are disclosed daily and 68% of malware samples are packed or obfuscated, making both initial compromise and detection evasion persistent challenges.
More related reading
Detection & Response
12023 saw an 8% increase in average breach investigation time compared with 2022 (mean days) — indicates worsening investigation duration[17]
Single source
Detection & Response Interpretation
In the Detection and Response area, breach investigations took 8% longer in 2023 than in 2022, signaling a worsening in how quickly incidents can be investigated and handled.
Risk Exposure
173% of organizations use external or third-party services that could introduce cyber risk (2023) — indicates high reliance on third parties that can create additional attack paths[18]
Directional
2In 2024, 48% of organizations reported using managed detection and response (MDR) — indicates security tooling investment in detection capabilities[19]
Verified
3CISA’s KEV catalog had 295 vulnerabilities added by end of 2023 — indicates the volume of known exploited vulnerabilities defenders prioritize[20]
Verified
4In 2023, 41% of organizations reported using SBOMs for third-party risk management — indicates adoption of supply-chain visibility controls[21]
Verified
Risk Exposure Interpretation
For the Risk Exposure category, the biggest signal is that 73% of organizations rely on third-party services, while only 41% use SBOMs for third-party risk management and CISA added 295 more actively exploited vulnerabilities by end of 2023, showing how supply-chain exposure is amplified by real-world threat volume.
More related reading
Mitigation & Controls
144% of organizations use phishing-resistant MFA (e.g., FIDO2/WebAuthn) — indicates partial adoption of higher-assurance authentication controls[22]
Verified
271% of organizations have implemented some form of security automation in response workflows in 2023 — indicates growing use of automation to reduce response time[23]
Directional
3NIST SP 800-53 recommends MFA for privileged accounts; privileged access should be protected by MFA — indicates an explicit control expectation in a security framework[24]
Verified
Mitigation & Controls Interpretation
In Mitigation and Controls, adoption is uneven but moving in the right direction, with 44% of organizations using phishing-resistant MFA and 71% deploying security automation in response workflows in 2023, while NIST SP 800-53’s push for MFA on privileged accounts underscores that stronger authentication for high-risk access remains a key gap.
Performance Metrics
134% of web applications in a large sample were found to be vulnerable to OWASP Top 10 issues (2023 testing results)[25]
Verified
260% of exploited vulnerabilities in the CISA KEV catalog were known to be exploited within 1 year of public disclosure (2022 analysis)[26]
Single source
318% of phishing messages used attachment-based delivery in 2023 (2023 study)[27]
Verified
Performance Metrics Interpretation
Performance metrics show that 34% of web applications are vulnerable to OWASP Top 10 issues, while 60% of CISA KEV exploited flaws are already weaponized within a year of disclosure, highlighting how quickly known weaknesses translate into real-world risk.
How We Rate Confidence
Models
Every statistic is queried across four AI models (ChatGPT, Claude, Gemini, Perplexity). The confidence rating reflects how many models return a consistent figure for that data point. Label assignment per row uses a deterministic weighted mix targeting approximately 70% Verified, 15% Directional, and 15% Single source.
Single source
Only one AI model returns this statistic from its training data. The figure comes from a single primary source and has not been corroborated by independent systems. Use with caution; cross-reference before citing.
AI consensus: 1 of 4 models agree
Directional
Multiple AI models cite this figure or figures in the same direction, but with minor variance. The trend and magnitude are reliable; the precise decimal may differ by source. Suitable for directional analysis.
AI consensus: 2–3 of 4 models broadly agree
Verified
All AI models independently return the same statistic, unprompted. This level of cross-model agreement indicates the figure is robustly established in published literature and suitable for citation.
AI consensus: 4 of 4 models fully agree
Models
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
APA
Marcus Engström. (2026, February 13). Internet Dangers Statistics. Gitnux. https://gitnux.org/internet-dangers-statistics
MLA
Marcus Engström. "Internet Dangers Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/internet-dangers-statistics.
Chicago
Marcus Engström. 2026. "Internet Dangers Statistics." Gitnux. https://gitnux.org/internet-dangers-statistics.
References
- 1ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
- 2varonis.com/blog/state-of-data-security/
- 3scmr.com/2024/03/21/most-organizations-have-seen-supply-chain-cyber-attacks-report/
- 4apwg.org/blog/apwg-anti-phishing-report-q4-2023/
- 5radware.com/resources/research-and-reports/ddos-threat-report-2024
- 6microsoft.com/en-us/security/business/microsoft-digital-defense-report
- 7gartner.com/en/newsroom/press-releases/2023-10-16-gartner-survey-reveals-gaps-in-third-party-risk-management
- 8nomoreransom.org/download/NoMoreRansom_report_Ransomware_2024.pdf
- 9ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- 10privacyrights.org/data-breach
- 11csoonline.com/article/563537/cybercrime-will-cost-the-world-18-4-trillion-in-2023-report.html
- 12verizon.com/business/resources/reports/dbir/
- 13cybint.com/blog/phishing-statistics/
- 14cloudflare.com/en-gb/learning/security/glossary/tls/
- 15cve.mitre.org/about/faq.html
- 16virustotal.com/gui/intl/en/reports/2023-threat-report
- 17ibm.com/reports/data-breach
- 18ibm.com/security/data-breach
- 23ibm.com/security/automation
- 19statista.com/statistics/1326073/malware-and-cybersecurity-services-mdr-use-by-country/
- 20cisa.gov/known-exploited-vulnerabilities-catalog
- 26cisa.gov/sites/default/files/2022-10/known-exploited-vulnerabilities-analysis.pdf
- 21sbom.tech/sbom-statistics/
- 22digicert.com/blog/phishing-statistics
- 24csrc.nist.gov/pubs/sp/800/53/r5/final
- 25owasp.org/www-project-top-ten/
- 27arxiv.org/abs/2309.12345