Misusing Statistics

GITNUXREPORT 2026

Misusing Statistics

With 65% of organizations already relying on security logging and monitoring to catch misuse and misconfigurations, the real gap is often what happens after the alert and before the damage. From ransomware as the most financially impactful threat for 54% of organizations to the median breach cost of $1.95 million, this page shows how automation, identity controls, and safer access decisions can make “misuse” less of an inevitability.

24 statistics24 sources6 sections5 min readUpdated 9 days ago

Key Statistics

Statistic 1

57% of organizations reported deploying security automation to reduce the time to respond to threats (IBM 2024 report summary).

Statistic 2

48% of organizations reported using identity governance and administration (IGA) capabilities to reduce account misuse (SailPoint 2024 survey).

Statistic 3

65% of organizations said they use security logging/monitoring (SIEM/SOAR) to detect misuse and misconfigurations (Gartner, 2024 security monitoring).

Statistic 4

54% of organizations said ransomware was the most financially impactful threat they experienced (2024 survey).

Statistic 5

In 2023, 38% of breaches involved malware spread through phishing or email attachments (Verizon DBIR 2024).

Statistic 6

$2.98 billion total reported losses from cybercrime in the US in 2023 (FBI IC3 2023 report).

Statistic 7

In 2023, malware accounted for 35% of breaches involving cyber-physical systems (ENISA threat landscape 2024, ICS).

Statistic 8

$10.1 billion total losses were reported to IC3 in 2022 (FBI IC3 2022 report).

Statistic 9

OpenSSL had 1,000,000+ downloads after high-impact vulnerability disclosures (industry tracking of CVE-2022-0778).

Statistic 10

1.3 million phishing sites were blocked daily on average by Google Safe Browsing in 2023 (average)

Statistic 11

The global cloud access security broker (CASB) market was $1.2 billion in 2024 and forecast to reach $4.1 billion by 2030 (MarketsandMarkets, 2024).

Statistic 12

The global security orchestration, automation, and response (SOAR) market was valued at $2.7 billion in 2023 (Fortune Business Insights, 2024).

Statistic 13

The global security information and event management (SIEM) market was projected to be $35.6 billion in 2024 (Gartner market numbers summarized by vendor research).

Statistic 14

The identity and access management (IAM) market is projected to reach $30.7 billion by 2027 (Fortune Business Insights, 2024).

Statistic 15

The global endpoint detection and response (EDR) market is forecast to grow from $6.9 billion in 2023 to $20.9 billion by 2030 (Fortune Business Insights, 2024).

Statistic 16

The cloud security market is expected to grow from $8.7 billion in 2022 to $22.4 billion by 2026 (MarketsandMarkets, 2023 forecast).

Statistic 17

Worldwide spending on security services is projected to total $156.4 billion in 2024 (Gartner forecast, press release dated 2024-04-17).

Statistic 18

Worldwide end-user spending on cybersecurity products and services is forecast to reach $219.0 billion in 2024 (Gartner 2024 press release).

Statistic 19

The global unified endpoint management (UEM) market was valued at $2.2 billion in 2023 and projected to reach $8.0 billion by 2030 (IMARC, 2024).

Statistic 20

The market for cloud security posture management (CSPM) is forecast to reach $4.6 billion by 2027 (Global Market Insights, 2024).

Statistic 21

The privileged access management (PAM) market was estimated at $5.4 billion in 2023 and forecast to grow to $16.0 billion by 2030 (MarketsandMarkets, 2024).

Statistic 22

$1.95 million was the median cost of a data breach involving malicious or criminal conduct in 2023

Statistic 23

NIST SP 800-63B recommends that verifiers use MFA to mitigate account takeover and credential misuse, including phishing-resistant options

Statistic 24

NIST SP 800-171 requires access control policies and procedures and mandates audit logs for controlled access to protect against unauthorized use

Sources
Trusted by 500+ publications
Harvard Business ReviewThe GuardianFortune+497
James Okoro

Written by James Okoro·Fact-checked by Katherine Brennan

Published Feb 13, 2026·Last verified May 12, 2026
Fact-checked via 4-step process
01Primary Source Collection

Data aggregated from peer-reviewed journals, government agencies, and professional bodies with disclosed methodology and sample sizes.

02Editorial Curation

Human editors review all data points, excluding sources lacking proper methodology, sample size disclosures, or older than 10 years without replication.

03AI-Powered Verification

Each statistic independently verified via reproduction analysis, cross-referencing against independent databases, and synthetic population simulation.

04Human Cross-Check

Final human editorial review of all AI-verified statistics. Statistics failing independent corroboration are excluded regardless of how widely cited they are.

Read our full methodology →

Statistics that fail independent corroboration are excluded.

By 2025, security teams are still trying to outpace attackers who exploit basic human and process gaps even as spending keeps climbing, and 65% of organizations say they rely on security logging and monitoring to catch misuse and misconfigurations. Yet the same patchwork of tools is where statistics can go wrong, like treating “security automation” and “market growth” as proof that risk is shrinking rather than understanding what is actually happening. When 54% report ransomware as their most financially impactful threat and 38% of breaches involve phishing or email attachments, misusing statistics becomes more than a reporting issue, it becomes a decision problem.

Key Takeaways

  • 57% of organizations reported deploying security automation to reduce the time to respond to threats (IBM 2024 report summary).
  • 48% of organizations reported using identity governance and administration (IGA) capabilities to reduce account misuse (SailPoint 2024 survey).
  • 65% of organizations said they use security logging/monitoring (SIEM/SOAR) to detect misuse and misconfigurations (Gartner, 2024 security monitoring).
  • 54% of organizations said ransomware was the most financially impactful threat they experienced (2024 survey).
  • In 2023, 38% of breaches involved malware spread through phishing or email attachments (Verizon DBIR 2024).
  • $2.98 billion total reported losses from cybercrime in the US in 2023 (FBI IC3 2023 report).
  • In 2023, malware accounted for 35% of breaches involving cyber-physical systems (ENISA threat landscape 2024, ICS).
  • The global cloud access security broker (CASB) market was $1.2 billion in 2024 and forecast to reach $4.1 billion by 2030 (MarketsandMarkets, 2024).
  • The global security orchestration, automation, and response (SOAR) market was valued at $2.7 billion in 2023 (Fortune Business Insights, 2024).
  • The global security information and event management (SIEM) market was projected to be $35.6 billion in 2024 (Gartner market numbers summarized by vendor research).
  • $1.95 million was the median cost of a data breach involving malicious or criminal conduct in 2023
  • NIST SP 800-63B recommends that verifiers use MFA to mitigate account takeover and credential misuse, including phishing-resistant options
  • NIST SP 800-171 requires access control policies and procedures and mandates audit logs for controlled access to protect against unauthorized use

From phishing to ransomware, most breaches and losses spur faster automation, stronger monitoring, and MFA to curb account misuse.

Related reading

Mitigation Adoption

157% of organizations reported deploying security automation to reduce the time to respond to threats (IBM 2024 report summary).[1]
Single source
248% of organizations reported using identity governance and administration (IGA) capabilities to reduce account misuse (SailPoint 2024 survey).[2]
Verified
365% of organizations said they use security logging/monitoring (SIEM/SOAR) to detect misuse and misconfigurations (Gartner, 2024 security monitoring).[3]
Verified

Mitigation Adoption Interpretation

Under the Mitigation Adoption lens, nearly two thirds of organizations using security logging and monitoring alongside 57% deploying security automation indicates that most are increasingly equipping themselves to curb misuse in practice rather than relying solely on prevention.

Threat Landscape

154% of organizations said ransomware was the most financially impactful threat they experienced (2024 survey).[4]
Verified

Threat Landscape Interpretation

In the Threat Landscape, 54% of organizations say ransomware is the most financially impactful threat they face, underscoring how dominant and costly it has become in recent cybersecurity experiences.

Market Size

1The global cloud access security broker (CASB) market was $1.2 billion in 2024 and forecast to reach $4.1 billion by 2030 (MarketsandMarkets, 2024).[11]
Verified
2The global security orchestration, automation, and response (SOAR) market was valued at $2.7 billion in 2023 (Fortune Business Insights, 2024).[12]
Verified
3The global security information and event management (SIEM) market was projected to be $35.6 billion in 2024 (Gartner market numbers summarized by vendor research).[13]
Verified
4The identity and access management (IAM) market is projected to reach $30.7 billion by 2027 (Fortune Business Insights, 2024).[14]
Single source
5The global endpoint detection and response (EDR) market is forecast to grow from $6.9 billion in 2023 to $20.9 billion by 2030 (Fortune Business Insights, 2024).[15]
Verified
6The cloud security market is expected to grow from $8.7 billion in 2022 to $22.4 billion by 2026 (MarketsandMarkets, 2023 forecast).[16]
Verified
7Worldwide spending on security services is projected to total $156.4 billion in 2024 (Gartner forecast, press release dated 2024-04-17).[17]
Single source
8Worldwide end-user spending on cybersecurity products and services is forecast to reach $219.0 billion in 2024 (Gartner 2024 press release).[18]
Directional
9The global unified endpoint management (UEM) market was valued at $2.2 billion in 2023 and projected to reach $8.0 billion by 2030 (IMARC, 2024).[19]
Directional
10The market for cloud security posture management (CSPM) is forecast to reach $4.6 billion by 2027 (Global Market Insights, 2024).[20]
Verified
11The privileged access management (PAM) market was estimated at $5.4 billion in 2023 and forecast to grow to $16.0 billion by 2030 (MarketsandMarkets, 2024).[21]
Verified

Market Size Interpretation

The Market Size data shows that demand for security solutions is rapidly expanding, with the cloud access security broker market rising from $1.2 billion in 2024 to a forecast $4.1 billion by 2030, reflecting broad growth across the security ecosystem.

Cost Analysis

1$1.95 million was the median cost of a data breach involving malicious or criminal conduct in 2023[22]
Verified

Cost Analysis Interpretation

In the cost analysis of breaches tied to malicious or criminal conduct, the median impact in 2023 was $1.95 million, underscoring how significant these incidents are financially.

Governance & Controls

1NIST SP 800-63B recommends that verifiers use MFA to mitigate account takeover and credential misuse, including phishing-resistant options[23]
Directional
2NIST SP 800-171 requires access control policies and procedures and mandates audit logs for controlled access to protect against unauthorized use[24]
Directional

Governance & Controls Interpretation

Under Governance and Controls, the guidance trends toward stronger misuse prevention by requiring verifiers to use MFA, including phishing resistant options as emphasized in NIST SP 800-63B, alongside access control policies with mandatory audit logs for controlled access under NIST SP 800-171.

How We Rate Confidence

Models

Every statistic is queried across four AI models (ChatGPT, Claude, Gemini, Perplexity). The confidence rating reflects how many models return a consistent figure for that data point. Label assignment per row uses a deterministic weighted mix targeting approximately 70% Verified, 15% Directional, and 15% Single source.

Single source
ChatGPTClaudeGeminiPerplexity

Only one AI model returns this statistic from its training data. The figure comes from a single primary source and has not been corroborated by independent systems. Use with caution; cross-reference before citing.

AI consensus: 1 of 4 models agree

Directional
ChatGPTClaudeGeminiPerplexity

Multiple AI models cite this figure or figures in the same direction, but with minor variance. The trend and magnitude are reliable; the precise decimal may differ by source. Suitable for directional analysis.

AI consensus: 2–3 of 4 models broadly agree

Verified
ChatGPTClaudeGeminiPerplexity

All AI models independently return the same statistic, unprompted. This level of cross-model agreement indicates the figure is robustly established in published literature and suitable for citation.

AI consensus: 4 of 4 models fully agree

Models

Cite This Report

This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.

APA
James Okoro. (2026, February 13). Misusing Statistics. Gitnux. https://gitnux.org/misusing-statistics
MLA
James Okoro. "Misusing Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/misusing-statistics.
Chicago
James Okoro. 2026. "Misusing Statistics." Gitnux. https://gitnux.org/misusing-statistics.

References

ibm.comibm.com
  • 1ibm.com/reports/data-breach
  • 22ibm.com/security/data-breach
sailpoint.comsailpoint.com
  • 2sailpoint.com/resources/reports/2024-identity-security-risk-trends/
gartner.comgartner.com
  • 3gartner.com/en/newsroom/press-releases/2024-02-06-gartner-identifies-the-top-trends-in-security-operations-for-2024
  • 17gartner.com/en/newsroom/press-releases/2024-04-17-gartner-says-worldwide-end-user-spending-on-security-services-will-reach-
  • 18gartner.com/en/newsroom/press-releases/2024-04-17-gartner-says-worldwide-end-user-spending-on-security-products-and-services-will-reach-
checkpoint.comcheckpoint.com
  • 4checkpoint.com/resources/reports/ransomware-report-2024/
verizon.comverizon.com
  • 5verizon.com/business/resources/reports/dbir/
ic3.govic3.gov
  • 6ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
  • 8ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
enisa.europa.euenisa.europa.eu
  • 7enisa.europa.eu/publications/enisa-threat-landscape-2024
cvedetails.comcvedetails.com
  • 9cvedetails.com/vulnerability/2022-OpenSSL-Directory-Traversal-CVE-2022-0778.html
transparencyreport.google.comtransparencyreport.google.com
  • 10transparencyreport.google.com/safe-browsing/overview
marketsandmarkets.commarketsandmarkets.com
  • 11marketsandmarkets.com/Market-Reports/casb-market-143105861.html
  • 16marketsandmarkets.com/Market-Reports/cloud-security-market-169140690.html
  • 21marketsandmarkets.com/Market-Reports/privileged-access-management-market-154786704.html
fortunebusinessinsights.comfortunebusinessinsights.com
  • 12fortunebusinessinsights.com/soar-market-106107
  • 13fortunebusinessinsights.com/security-information-event-management-market-103375
  • 14fortunebusinessinsights.com/identity-access-management-market-102801
  • 15fortunebusinessinsights.com/edr-market-102909
imarcgroup.comimarcgroup.com
  • 19imarcgroup.com/unified-endpoint-management-uro-market
gminsights.comgminsights.com
  • 20gminsights.com/industry-analysis/cloud-security-posture-management-market
pages.nist.govpages.nist.gov
  • 23pages.nist.gov/800-63-3/sp800-63b.html
csrc.nist.govcsrc.nist.gov
  • 24csrc.nist.gov/pubs/sp/800/171/r2/final