{"id":12315,"date":"2023-01-25T16:02:20","date_gmt":"2023-01-25T21:02:20","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=12315"},"modified":"2023-08-08T05:18:01","modified_gmt":"2023-08-08T09:18:01","slug":"cyber-security-statistics","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/cyber-security-statistics\/","title":{"rendered":"The Definitive Cyber Security Statistics Guide [2023 Edition]"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"from-t-mobile\u2019s-massive-data-breaches-to-rackspace\u2019s-sweeping-outages-2022-was-a-rough-year-for-businesses-and-consumers-alike-here\u2019s-your-list-of-40-of-the-most-current-cyber-security-stats-and-facts-you-should-know-for-2023-and-beyond\"><a>From T-Mobile\u2019s massive data breaches to Rackspace\u2019s sweeping outages, 2022 was a rough year for businesses and consumers alike. Here\u2019s your list of 40 of the most current cyber security stats and facts you should know for 2023 and beyond<\/a> &nbsp;<\/h2>\n\n\n\n<p>This type of article needs no introduction: It\u2019s a list of the top cyber security statistics and facts you need to know. We\u2019ll divvy up the content into categories that make sense \u2014 everything from total financial and data losses to how these attacks impact organizations and their IT\/cybersecurity staff (and everything in between).<\/p>\n\n\n\n<p>Rather than just throw a bunch of data together, we like to provide context with each item on our list of cultivated cyber security statistics. So, keep reading \u2014 we\u2019ve got all the cyber security stats you want to know (and those you didn\u2019t know you did).<\/p>\n\n\n\n<p><em>Note: This article is one that we\u2019ll periodically update with new cyber security stats as they become available<\/em>.<\/p>\n\n\n\n<p>Let\u2019s hash it out.<span id=\"newline\"><\/span><\/p>\n\n\n\n<div class=\"wp-block-yoast-seo-table-of-contents yoast-table-of-contents\"><h2>Table of contents<\/h2><ul><li><a href=\"#from-t-mobile\u2019s-massive-data-breaches-to-rackspace\u2019s-sweeping-outages-2022-was-a-rough-year-for-businesses-and-consumers-alike-here\u2019s-your-list-of-40-of-the-most-current-cyber-security-stats-and-facts-you-should-know-for-2023-and-beyond\" data-level=\"2\">From T-Mobile\u2019s massive data breaches to Rackspace\u2019s sweeping outages, 2022 was a rough year for businesses and consumers alike. Here\u2019s your list of 40 of the most current cyber security stats and facts you should know for 2023 and beyond \u00a0<\/a><\/li><li><a href=\"#our-choice-of-the-top-40-cyber-security-statistics-and-facts-for-2023-so-far\" data-level=\"2\">Our Choice of the Top 40 Cyber Security Statistics and Facts For 2023 (So Far)<\/a><ul><li><a href=\"#cyber-security-statistics-the-growing-costs-of-cyber-security-attacks-crimes-and-breaches\" data-level=\"3\">Cyber Security Statistics: The Growing Costs of Cyber Security Attacks, Crimes and Breaches<\/a><\/li><li><a href=\"#cyber-security-statistics-other-impacts-of-cyber-attacks-amp;-data-breaches-in-2022-and-2023\" data-level=\"3\">Cyber Security Statistics: Other Impacts of Cyber Attacks &amp; Data Breaches in 2022 and 2023<\/a><\/li><li><a href=\"#cyber-security-statistics-data-on-cyber-attacks-and-data-breaches\" data-level=\"3\">Cyber Security Statistics: Data on Cyber Attacks and Data Breaches<\/a><\/li><li><a href=\"#cyber-security-statistics-a-look-at-the-state-of-the-industry-as-a-whole\" data-level=\"3\">Cyber Security Statistics: A Look at the State of the Industry as a Whole<\/a><\/li><li><a href=\"#cyber-security-statistics-insights-from-the-top\" data-level=\"3\">Cyber Security Statistics: Insights from the Top<\/a><\/li><li><a href=\"#cyber-security-statistics-a-look-at-cyber-security-and-tech-industry-employment\" data-level=\"3\">Cyber Security Statistics: A Look at Cyber Security and Tech Industry Employment<\/a><\/li><li><a href=\"#cyber-security-statistics-a-look-at-the-human-side-of-cyber-security\" data-level=\"3\">Cyber Security Statistics: A Look at the Human Side of Cyber Security<\/a><\/li><\/ul><\/li><li><a href=\"#final-thoughts-on-these-2023-cyber-security-stats\" data-level=\"2\">Final Thoughts on These 2023 Cyber Security Stats<\/a><\/li><\/ul><\/div>\n\n\n\n<p>Before we get started, there&#8217;s one quick thing I&#8217;d like to mention. Something that\u2019s always important to consider when you\u2019re looking at any list of cybersecurity statistics is that:<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"our-choice-of-the-top-40-cyber-security-statistics-and-facts-for-2023-so-far\">Our Choice of the Top 40 Cyber Security Statistics and Facts For 2023 (So Far)<\/h2>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\">\n<li>The data is going to vary by source, and<\/li>\n\n\n\n<li>Not all cyber incidents and cybercrimes are reported.<\/li>\n<\/ol>\n\n\n\n<p>Various organizations use different qualifiers and methodologies in their reporting in terms of what may qualify as a cyber incident or data breach. Furthermore, the research is typically based on their own internal systems data, customers monitoring data, or information reported by victims of cybercrimes or survey responses from people within specific industries. And considering it can take weeks, months, or even years for some breaches or cyber attacks to be discovered \u2014 if they\u2019re discovered at all \u2014 it means that the actual numbers may actually be higher (or lower) than what\u2019s reported.<\/p>\n\n\n\n<p>These are just some of the reasons why you\u2019ll often see different information from one company to the next. With these things in mind, here are your top cyber security statistics for 2022 and 2023:<\/p>\n\n\n<span style=\"--tl-form-height-m:150.25px;--tl-form-height-t:121.4583px;--tl-form-height-d:121.4583px;\" class=\"tl-placeholder-f-type-shortcode_12753 tl-preload-form\"><span><\/span><\/span>\n\n\n<h3 class=\"wp-block-heading\" id=\"cyber-security-statistics-the-growing-costs-of-cyber-security-attacks-crimes-and-breaches\"><a><\/a><a>Cyber Security Statistics: The Growing Costs of Cyber Security Attacks, Crimes and Breaches<\/a><\/h3>\n\n\n\n<p>Let\u2019s start with the big impact that most of you really want to know: the financial costs. This section will provide a general overview of some of the increasing costs we\u2019re seeing across virtually all industries and geographic regions. It definitely isn\u2019t a pretty picture, but it\u2019s information that everyone \u2014 cybersecurity experts, executives, and consumers alike \u2014 should know. &nbsp;<\/p>\n\n\n\n<p><strong>1. Reported Potential Losses Exceeded $6.9 Billion for Americans in 2021<\/strong><\/p>\n\n\n\n<p>We\u2019re coming out swinging with this heavy stat from the FBI\u2019s Internet Crime Complaint Center (IC3). Their <a href=\"https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2021_IC3Report.pdf\">2021 Internet Crime Report<\/a> shares data relating to cyber crimes reported by the American public. These reported losses were based on 847,376 reported complaints, which equates to an average loss of more than $8,140 per complaint.<\/p>\n\n\n\n<p>This 2021 ported total marks an increase of 7% over the complaints reported in 2020. For a little clarity, that\u2019s 791,790 complaints totaling $4.2 billion in total losses (or what amounts to more than $5,300 per complaint).<\/p>\n\n\n\n<p>Here\u2019s a quick comparison graphic to show the substantial jump in total reported losses over the past five years to the IC3:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"974\" height=\"583\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/fbi-ic3-reported-losses-2021-shadow.png\" alt=\"A bar chart that shows the losses reported to the FBI's Internet Crime Compliant Center in 2021\" class=\"wp-image-16051\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/fbi-ic3-reported-losses-2021-shadow.png 974w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/fbi-ic3-reported-losses-2021-shadow-300x180.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/fbi-ic3-reported-losses-2021-shadow-768x460.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/fbi-ic3-reported-losses-2021-shadow-698x419.png 698w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/fbi-ic3-reported-losses-2021-shadow-400x240.png 400w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/fbi-ic3-reported-losses-2021-shadow-460x276.png 460w\" sizes=\"auto, (max-width: 974px) 100vw, 974px\" \/><figcaption class=\"wp-element-caption\"><em>Data source: FBI Internet Crime Complaint Center\u2019s Internet Crime Report 2021.<\/em><\/figcaption><\/figure>\n\n\n\n<p><strong>2. The Cost of a Data Breach for U.S. Organizations Tops $9.4 Million<\/strong><\/p>\n\n\n\n<p>As many know, the U.S. isn\u2019t a country that likes to be outdone \u2014 apparently, even when it comes to unfavorable rankings. So, for the 12th consecutive year, IBM ranks the U.S. #1 on the list of countries with the highest average data breach costs. This is according to data from <a href=\"https:\/\/www.ibm.com\/reports\/data-breach\">IBM\u2019s 2022 Cost of a Data Breach report<\/a>.<\/p>\n\n\n\n<p>When you compare the U.S.\u2019s $9.44 million price tag to the global average is $4.35 million, the costs are more than double. &nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>3. The Average Cost of Data Loss Resulting From a Disruptive Cyber Incident Surpasses $1 Million<\/strong><\/p>\n\n\n\n<p>Data from <a href=\"https:\/\/www.delltechnologies.com\/asset\/en-nz\/products\/data-protection\/industry-market\/global-data-protection-index-key-findings.pdf\">Dell\u2019s Global Data Protection Index 2022 key findings report<\/a> shows that the average cost of data loss due to various disruptions, including cyber incidents, was $1,057,895 in 2022. This number is more than the estimated costs of $959,4930 in 2021 and $1,013,075 in 2019.<\/p>\n\n\n\n<p><strong>4. The Price of Insider Threat Incidents Jumps to $15.38 Million Per Incident<\/strong><\/p>\n\n\n\n<p>It\u2019s no secret that external threats aren\u2019t your only concern. Some threats originate inside your organization\u2019s network, too \u2014 and those threats are increasing at an alarming rate. In collaboration with Proof Point, the <a href=\"https:\/\/www.proofpoint.com\/us\/resources\/threat-reports\/cost-of-insider-threats\">Ponemon Institute\u2019s 2022 Cost of Insider Threats Global Report<\/a> shows that the number of insider threats has jumped nearly 45% over the past two years, surpassing $15 million per incident.<\/p>\n\n\n\n<p>Insider threats include everyone in your organization who causes harm through malicious or even negligent actions and behaviors. Someone doesn\u2019t have to do something intentionally bad to fall into the category of insider threats.<\/p>\n\n\n\n<p><strong>5. Australia\u2019s Average Cybercrime Costs Nearly $90,000 for Medium-Size Businesses<\/strong><\/p>\n\n\n\n<p>Crikey! The <a href=\"https:\/\/www.cyber.gov.au\/acsc\/view-all-content\/reports-and-statistics\/acsc-annual-cyber-threat-report-july-2021-june-2022\">Australian Cyber Security Centre (ACSC)<\/a> says that cybercrime reports increased 13%, receiving more than 76,000 cybercrime reports between July 2021 and June 2022. This equates to nearly nine cybercrime reports every hour. The average cost of one of these cybercrime reports varies depending on organizational size, and the amounts may surprise you:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>$39,000 for small businesses,<\/li>\n\n\n\n<li>$88,000 for medium-sized businesses,<\/li>\n\n\n\n<li>$62,000 for large businesses.<\/li>\n<\/ul>\n\n\n\n<p><strong>6. BEC Attacks lead to \u2018Hundreds of Thousands of Dollars\u2019 in Fraudulent Food Purchases<\/strong><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/bec-food-purchase-scams.png\" alt=\"An illustration that talks about the reported losses (largely in powdered milk)\" class=\"wp-image-16056\" width=\"323\" height=\"411\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/bec-food-purchase-scams.png 479w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/bec-food-purchase-scams-236x300.png 236w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/bec-food-purchase-scams-75x94.png 75w\" sizes=\"auto, (max-width: 323px) 100vw, 323px\" \/><figcaption class=\"wp-element-caption\">Data source: The joint cyber security advisory released by the FBI, FDA OCI, and USDA.<\/figcaption><\/figure>\n<\/div>\n\n\n<p>With looming concerns about <a href=\"https:\/\/www.yahoo.com\/now\/food-shortages-may-even-worse-172038909.html\">economic recessions and food shortages<\/a>, some cybercriminals are targeting more basic needs via <a href=\"https:\/\/www.thesslstore.com\/blog\/how-to-spot-protect-against-business-email-compromise-bec-attacks\/\">business email compromise (BEC)<\/a>. At the end of December 2022, the FBI, Food and Drug Administration Office of Criminal Investigations (FDA OCI), and U.S. Department of Agriculture (USDA) shared in a <a href=\"https:\/\/www.ic3.gov\/Media\/News\/2022\/221216.pdf\">joint cybersecurity advisory<\/a> that cybercriminals used BEC attacks to steal \u201chundreds of thousands of dollars\u201d in food products and ingredients \u2014 namely, powdered milk and other ingredient products.<\/p>\n\n\n\n<p>When you calculate the amounts listed in their advisory, it totals more than $1 million in losses for those targeted suppliers and distributors. Of course, this amount only reflects the reported losses; there may be other instances of other similar BEC attacks with losses that have gone unreported or haven\u2019t been discovered.<\/p>\n\n\n\n<p>Looking for more <a href=\"https:\/\/www.thesslstore.com\/blog\/33-alarming-cybercrime-statistics-you-should-know\/\">cyber crime statistics<\/a>? Check out this linked article.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cyber-security-statistics-other-impacts-of-cyber-attacks-amp;-data-breaches-in-2022-and-2023\"><a><\/a><a><\/a><a>Cyber Security Statistics: Other Impacts of Cyber Attacks &amp; Data Breaches in 2022 and 2023<\/a><\/h3>\n\n\n\n<p>Not all costs of data breaches are strictly financial. Your business and customers can be impacted in other ways as well. This section of our cyber security stats list will explore some of the other impacts cyber attacks and data breaches have on businesses.<\/p>\n\n\n\n<p><strong>7. 33% of Companies Aren\u2019t Taking Cyberwarfare Threats as Seriously as They Should<\/strong><\/p>\n\n\n\n<p>Many organizations and their employees have a lot of uncertainty in the global landscape regarding the ongoing Russia-Ukraine war. But data from the <a href=\"https:\/\/www.armis.com\/cyberwarfare-report\/\">Armis State of Cyberwarfare and Trends Report 2022-2023<\/a> survey of 6,021 IT and cyber security professionals shows that a surprising number of global organizations aren\u2019t concerned that the situation will impact their organizations.<\/p>\n\n\n\n<p><strong>8. Organizations Globally Are Racking Up GDPR Non-Compliance Fines, Which Top <\/strong>\u20ac<strong>2.7 Billion<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/www.enforcementtracker.com\/?insights\">Enforcementtracker.com<\/a>, a website that tracks fines imposed relating to the European Union\u2019s General Data Protection Regulation (GDPR), says that the reported 1,435 GDPR fines have come with a price tag of \u20ac2,772,289,077 leading up to January 2023.<\/p>\n\n\n\n<p>The highest individual GDPR non-compliance fine to date? According to enforcementtracker.com, Amazon takes the title with \u20ac746 million in July 2021. It\u2019s followed by Meta, which has received multiple individual penalties since 2021.<\/p>\n\n\n\n<p>To learn more about <a href=\"https:\/\/www.thesslstore.com\/blog\/cybersecurity-compliance-statistics\/\">cybersecurity compliance statistics<\/a>, be sure to check out our other article on that related topic.<\/p>\n\n\n\n<p><strong>9. 47% of Consumers Stop Doing Business With Companies That Lose Their Trust<\/strong><\/p>\n\n\n\n<p>Whether you\u2019re asking for advice, lending money, or choosing a physician, trust is an essential element. It helps determine your actions and make informed decisions. When that trust is damaged or lost, it can change relationships and cause someone to walk away. According to DigiCert, that\u2019s exactly what <a href=\"https:\/\/www.digicert.com\/campaigns\/digital-trust-survey\">nearly half of the consumers the certificate authority surveyed<\/a> said they did with companies that betrayed their trust previously. They halted any business dealings with them and walked away.<\/p>\n\n\n\n<p>DigiCert\u2019s research also shows that if they lost trust in a company:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>84% would consider moving their business to another company<\/li>\n\n\n\n<li>57% would most likely make the switch<\/li>\n<\/ul>\n\n\n\n<p>Now, ask yourself: If 47-84% of your customers were at least considering walking away in the event of, say, a data breach, what would that mean for your business and its bottom line? How long would you last before having to close your doors for good?<\/p>\n\n\n\n<p><strong>10. 50%+ Would Reconsider Their Employment If Their Company Has Been Breached<\/strong><\/p>\n\n\n\n<p>What is the perception of staff in organizations that have experienced cyber attacks and data breaches? Research from ENCORE and Censuswide (in their report <a href=\"https:\/\/www.encore.io\/the-true-cost-of-cyber-ebook\">The True Cost of Cyber<\/a>) shows that more than half indicated they\u2019d \u201creconsider working for a business that had recently experienced a cyber breach.\u201d<\/p>\n\n\n\n<p>Their U.S. and U.K. survey of 100 c-level execs, 100 chief information security officers, and 500 office workers to see where discrepancies may lie in perceptions about cybersecurity.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cyber-security-statistics-data-on-cyber-attacks-and-data-breaches\"><a><\/a><a>Cyber Security Statistics: Data on Cyber Attacks and Data Breaches<\/a><\/h3>\n\n\n\n<p>In this section of our cyber security stats list for 2023, we\u2019ll go over some of the top cyber attack statistics and data breach statistics that we found that we think would be of interest to you. We thought this would be additional useful information to follow the financial costs of cyber attack events and breaches we already talked about. &nbsp;<\/p>\n\n\n\n<p><strong>11. Leaked Accounts Decreased Nearly 68% YOY From 2021 to 2022<\/strong><\/p>\n\n\n\n<p>Surfshark, a VPN service provider, reports that their <a href=\"https:\/\/surfshark.com\/blog\/data-breach-recap-2022\">analysis of 2022 data breaches and account leaks<\/a> shows that there were 310,855,487 accounts leaked in 2022. This is a substantial decrease from the 959,327,963 leaked accounts reported in 2021.<\/p>\n\n\n\n<p>Based on these estimates, it means that roughly 852,000 accounts were breached per day in 2022, or what equates to 591 accounts per minute.<\/p>\n\n\n\n<p><strong>12. &gt;85% of Cyber Attacks in 2022 Were Carried Out via Encrypted Channels<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-encryption\/\">Encryption<\/a> is an incredible attribute for security. It\u2019s a process that takes plaintext (readable) information and uses highly complex math to transform it into gibberish. (This typically involves using one or two cryptographic keys, depending on the type of encryption involved.) This way, only the appropriate party (i.e., the decryption key holder) can access the encrypted data. But what happens when people use encryption to do bad things?<\/p>\n\n\n\n<p><a href=\"https:\/\/www.zscaler.com\/blogs\/security-research\/2022-encrypted-attacks-report\">Zscaler\u2019s ThreatLabz State of Encrypted Attacks 2022 Report<\/a> shows that more than four in five cyber attacks used encryption to deliver malicious payloads and to access sensitive data. Unfortunately for you and me, these attacks are becoming increasingly sophisticated and more common as well. Threats using encrypted communication channels have increased by 20% year over year.<\/p>\n\n\n\n<p>But what was the most popular type of payload delivered through encrypted channels?<\/p>\n\n\n\n<p><strong>13. Malware Takes the Lead, Serving as the Threat in Nearly 90% of Encrypted Traffic Cyber Attacks<\/strong><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/cyber-attack-methods-encrypted-channels.png\" alt=\"An illustration that shows how malware outpaces ad spyware and phishing in encrypted channel cyber attacks, according to data from Zscaler\" class=\"wp-image-16055\" width=\"348\" height=\"320\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/cyber-attack-methods-encrypted-channels.png 640w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/cyber-attack-methods-encrypted-channels-300x276.png 300w\" sizes=\"auto, (max-width: 348px) 100vw, 348px\" \/><figcaption class=\"wp-element-caption\"><em>Data source: Zscaler&#8217;s ThreadLabz State of Encrypted Attacks 2022 report.<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p>Cybercriminals have a few cards up their sleeves when it comes to carrying out encrypted traffic attacks. According to Zscaler\u2019s report, which analyzed billions of encrypted traffic threats between October 2021 and September 2022, using encrypted channels isn\u2019t all they do. Zscaler\u2019s data of 24 billion blocked attacks shows that attackers would use other methods of attack: malware, ad spyware, and\/or phishing.<\/p>\n\n\n\n<p>Of those three, malware is the biggest threat by far, representing 90% of the threats.<\/p>\n\n\n\n<p><strong>14. Red Flags Were Seen Ahead of Time in 83% of Ransomware Attacks<\/strong><\/p>\n\n\n\n<p>When it comes to securing your cyber defenses, you always need to be on the lookout for anything out of the ordinary. Even something seemingly small or unimportant can have a major impact on the security of your organization. In their 2023 Threat Report, <a href=\"https:\/\/www.sophos.com\/en-us\/content\/security-threat-report\">Sophos reports<\/a> that eight in 10 survey respondents indicated seeing signs of trouble ahead leading up to ransomware incidents.<\/p>\n\n\n\n<p>The issue here isn\u2019t always a matter of ransomware or cyber threat detection. It\u2019s a matter of recognition. If organizations don\u2019t recognize these issues for what they are and fail to take steps to rapidly mitigate them, then they\u2019re going to find themselves in some hairy situations.<\/p>\n\n\n\n<p>Looking for more ransomware-related data? Be sure to check out our article on <a href=\"https:\/\/www.thesslstore.com\/blog\/ransomware-statistics\/\">ransomware statistics<\/a>.<\/p>\n\n\n\n<p><strong>15. Paying For Cybercrime Can Cost Evil-Doers as Little as $6 For a Phishing Kit<\/strong><\/p>\n\n\n\n<p>Who knew that causing havoc could come at such a cheap price tag? For bad guys, it\u2019s all in a day\u2019s business. Much like vendors at the local market, cybercriminals are on the dark web, hocking their cyber wares and services at low prices to other bad guys. <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/microsoft-digital-defense-report-2022\">Data from Microsoft\u2019s 2022 Digital Defense Report<\/a> shows that cybercrime-as-a-service (CaaS) sellers offer phishing kits for as little as you\u2019d pay for a Taco Tuesday special at a local Mexican restaurant. &nbsp;<\/p>\n\n\n\n<p>Yup. A bad guy can pay only $6 and use the kit to get information they can use to hack your organization. Forget the tacos \u2014 that knowledge alone is enough to give you indigestion.<\/p>\n\n\n\n<p><strong>16. 78% of Schools in the United Kingdom Have Experienced One or More Cyber Incidents<\/strong><\/p>\n\n\n\n<p>In the U.K., the situation doesn\u2019t look pretty for the school system. In a new report <a href=\"https:\/\/drive.google.com\/file\/d\/1NxRBtx9901kPVN6CDTLsSiSI1gYpHjgB\/preview\">\u201cCyber Security Schools Audit 2022\u201d<\/a> by the U.K.\u2019s National Cyber Security Centre and LGfL, participating schools shared that three-quarters had at least one cyber incident since the previous survey in 2019. Of those, \u201conly\u201d 7% reported experiencing significant disruptions as a result of those incidents. (Yes, we know 7% isn\u2019t great, but it sure beats 15%, 20%, or any other higher statistic.)<\/p>\n\n\n\n<p>But what kinds of incidents are we talking about here? The answer varies from one school to the next, but among the most commonly reported were:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Phishing impersonation emails (26%) and<\/li>\n\n\n\n<li>Malware infections (26%), including viruses and ransomware, and<\/li>\n\n\n\n<li>Preventing access to important data and information (18%)<\/li>\n<\/ul>\n\n\n\n<p><strong>17. 62% of Incidents Involving System Intrusions Occurred Through Compromised Partners<\/strong><\/p>\n\n\n\n<p>There\u2019s a phrase from J. R. R. Tolkien\u2019s poem from <em>The Fellowship of the Ring<\/em> that you\u2019ll commonly see in memes and inspirational quotes online: \u201cNot all those who wander are lost.\u201d When it comes to cybersecurity incidents and attacks, I\u2019ve come up with a variation of it that I think is fitting: \u201cNot everyone who gets compromised is the true target.\u201d Research from <a href=\"https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/\">Verizon\u2019s 2022 Data Breach Investigations Report<\/a> (DBIR) shows that nearly two in three cybersecurity incidents involving system intrusions compromised the organization\u2019s partners in order to get to them.<\/p>\n\n\n\n<p>Think back to the <a href=\"https:\/\/www.thesslstore.com\/blog\/2013-target-data-breach-settled\/\">2013 Target data breach<\/a>. Rather than trying to hack or attack Target directly, the cybercriminals instead focused their attention on <a href=\"https:\/\/krebsonsecurity.com\/2014\/02\/target-hackers-broke-in-via-hvac-company\/\">attacking an HVAC company<\/a> that had a contract with Target. They then used the HVAC company\u2019s compromised network credentials to gain access to Target\u2019s systems, where they were able to upload malware to the retail giant\u2019s point-of-sale (PoS) systems.<\/p>\n\n\n\n<p>Now, take a moment and think of a contractor or partner that has been granted access to your network or other IT systems. What were to happen if their account was to become compromised?<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cyber-security-statistics-a-look-at-the-state-of-the-industry-as-a-whole\"><a><\/a><a>Cyber Security Statistics: A Look at the State of the Industry as a Whole<\/a><\/h3>\n\n\n\n<p>In this section of our cyber security statistics list, we thought it would be helpful to get a high-level perspective of the industry as a whole. Here are some of the most useful and latest cyber security stats we could find:<\/p>\n\n\n\n<p><strong>18. The Global Industrial Cyber Security Market Is Expected to Surpass $49.5 Billion by 2023<\/strong><\/p>\n\n\n\n<p>It shouldn\u2019t come as a surprise that the cyber security market is a booming industry. Between 2023 and 2030, Meticulous Research expects the <a href=\"https:\/\/www.meticulousresearch.com\/product\/industrial-cybersecurity-market-5316\">industrial cyber security market to increase<\/a> at a compound annual growth rate (CAGR) of 14.8% between 2023 and 2030. What\u2019s thought to be the driving force of this change? According to the report, it\u2019s \u201cdisruptive digital technologies and the increasing frequency &amp; sophistication of cyberattacks.\u201d<\/p>\n\n\n\n<p>\u201cDisruptive digital technologies\u201d sure seems like a nebulous term. Some things that it\u2019s referring to would be advancements in the realms of artificial intelligence, machine learning (ML), and industrial IoT (IIoT). While these technologies can be great for your organization\u2019s productivity and efficiency, they also present risks with zero day vulnerabilities and cybercriminals using them to attack your organization. &nbsp;<\/p>\n\n\n\n<p>Looking for more <a href=\"https:\/\/www.thesslstore.com\/blog\/20-surprising-iot-statistics-you-dont-already-know\/\">IoT statistics<\/a>-related data? Look no further!<\/p>\n\n\n\n<p><strong>19. Privacy Regulations Will Apply to 75% of the World Population\u2019s Personal Data by 2024<\/strong><\/p>\n\n\n\n<p>By 2024, Gartner predicts that three in four people\u2019s personal data will be protected under some type of privacy regulation. This is great for consumers but presents a nightmare for businesses that aren\u2019t prepared. The research company, which reports that the average privacy budget for large organizations hit $2 million in 2021, anticipates that large organizations will more than double that number to <a href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2022-02-15-privacy-predicts-2022-press-release\">$2.5 million annually by 2024<\/a>.<\/p>\n\n\n\n<p>According to their press release, this change represents a shift from \u201ccompliance ethics to competitive differentiation.\u201d This move really shouldn\u2019t come as a surprise as we\u2019ve seen several privacy regulations crop up over the last several years:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>European Union\u2019s General Data Protection Regulation (GDPR)<\/li>\n\n\n\n<li>Brazil\u2019s General Personal Data Protection Act (LGPD)<\/li>\n\n\n\n<li>California\u2019s Consumer Protection Act (CCPA)<\/li>\n\n\n\n<li>Turkey\u2019s Personal Data Protection Act (KVKK)<\/li>\n<\/ul>\n\n\n\n<p>To learn more about privacy and encryption regulations, check out our article \u201c<a href=\"https:\/\/www.thesslstore.com\/blog\/10-data-privacy-and-encryption-laws-every-business-needs-to-know\/\">10 Data Privacy and Encryption Laws Every Business Needs to Know<\/a>.\u201d<\/p>\n\n\n\n<p><strong>20. 91% of Organizations Report Experiencing At Least One Significant Security Event<\/strong><\/p>\n\n\n\n<p>Nine in 10 organizations surveyed in <a href=\"https:\/\/www.deloitte.com\/global\/en\/services\/risk-advisory\/content\/future-of-cyber.html\">Deloitte\u2019s 2023 Future of Cyber report<\/a> indicate experiencing at least one big cyber security incident or data breach. This is up from the 88% who reported the same in Deloitte\u2019s 2021 survey.&nbsp;<\/p>\n\n\n\n<p>But let\u2019s look at the numbers a little more closely. In this year\u2019s report, more than half (52%) of the respondents said they experienced anywhere between six and 15 of these incidents or breaches. Their survey focused on understanding how cyber has evolved since their 2021 report was released.<\/p>\n\n\n\n<p><strong>21. 60% of the GAO\u2019s 335 Public Recommendations Haven\u2019t Been Implemented<\/strong><\/p>\n\n\n\n<p>According to its <a href=\"https:\/\/www.gao.gov\/products\/gao-23-106415\">Jan. 23 report<\/a>, the U.S. Government Accountability Office\u2019s made 335 public recommendations since 2010. In that time, only one-third of the 335 comprehensive cybersecurity strategy and oversight recommendations were implemented as of December 2022.<\/p>\n\n\n\n<p>If everything had gone according to plan, this means that nearly an average of 28 recommendations have been put into action per year. However, what this shows is that just shy of 12 such recommendations were actually implemented each year. &nbsp;<\/p>\n\n\n\n<p><strong>22. Healthcare &amp; Public Health Organizations Were the #1 Ransomware Attack Targets in 2021<\/strong><\/p>\n\n\n\n<p>The IC3\u2019s 2021 Internet Crime Report indicates that public health and healthcare organizations took the brunt of ransomware attacks in 2021. Of the 649 ransomware attack complaints across 14 critical infrastructure sectors that experienced one or more ransomware attacks, healthcare and public health claimed 148 of them.<\/p>\n\n\n\n<p>Here\u2019s an overview of how these critical infrastructure sectors\u2019 ransomware attacks broke down in 2021:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"832\" height=\"501\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/critical-infrastructure-ransomware-attacks.png\" alt=\"A bar chart showcasing data relating to the 14 critical infrastructure categories that reported ransomware attacks in 2021\" class=\"wp-image-16052\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/critical-infrastructure-ransomware-attacks.png 832w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/critical-infrastructure-ransomware-attacks-300x181.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/critical-infrastructure-ransomware-attacks-768x462.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/critical-infrastructure-ransomware-attacks-698x419.png 698w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/critical-infrastructure-ransomware-attacks-400x240.png 400w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/critical-infrastructure-ransomware-attacks-460x276.png 460w\" sizes=\"auto, (max-width: 832px) 100vw, 832px\" \/><figcaption class=\"wp-element-caption\"><em>Data source: The FBI IC3&#8217;s 2021 Internet Crime Report. <\/em><\/figcaption><\/figure>\n\n\n\n<p><strong>23. 87% of Cyber Security Teams Report Security Tool Integration Issues<\/strong><\/p>\n\n\n\n<p>The same Force Point\/Cybersecurity Insiders research also shows that gaining full visibility of the security landscape continues to elude almost 90% of cyber security professionals. It\u2019s not uncommon for companies to have to utilize a slew of different tools because they don\u2019t integrate. This creates a host of security issues.<\/p>\n\n\n\n<p><strong>24. API-Based Attacks on Automotive Smart Mobility Technologies Increases 380%<\/strong><\/p>\n\n\n\n<p>Data from <a href=\"https:\/\/upstream.auto\/reports\/global-automotive-cybersecurity-report\/\">Upstream\u2019s 2023 Global Automotive Cybersecurity Report<\/a> shows that API makes for an increasingly attractive attack vector for attackers. API attacks accounted for 12% of the total incidents they reported.<\/p>\n\n\n\n<p>With the industry\u2019s growth of smart mobility APIs, we can expect to see more cybercriminals taking advantage of this growing attack vector across the industry.<\/p>\n\n\n\n<p><strong>25. 44% of Small &amp; Mid-Size Businesses Lack Current Cybersecurity Incident Response Plans<\/strong><\/p>\n\n\n\n<p>More than two in five SMBs don\u2019t have a comprehensive, updated IRP in place, according to Devolutions\u2019 State of Cybersecurity in SMBs report for 2022-2023. While this may not seem like a big deal on the surface, it really is. Cyber security incident response plans are critical resources every organization should have in place regardless of size. It\u2019s what will help you know what to do when (not if) smelly things eventually hit the fan.&nbsp;<\/p>\n\n\n\n<p>It&#8217;s no secret that many small businesses march to the beat of their own drums. For some, they don\u2019t follow industry best practices because they lack the personnel and financial resources required for implementation. For others, they think that because of their small size, they aren\u2019t a target for cybercriminals. But regardless of the reasons why they \u201ccan\u2019t,\u201d there are millions of reasons (think of the costs we mentioned earlier) why they should.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cyber-security-statistics-insights-from-the-top\"><a><\/a><a>Cyber Security Statistics: Insights from the Top<\/a><\/h3>\n\n\n\n<p>It\u2019s always useful to have a clearer idea of what your leadership might be thinking when it comes to your organization\u2019s cyber security measures and policies. This way, you can understand their expectations and misconceptions. This section of cyber security stats will explore some of those insightful takeaways.<\/p>\n\n\n\n<p><strong>26. 20% of Cyber Security Executives and Pros Wouldn\u2019t Bet a Chocolate Bar on Their Cyber Security<\/strong><\/p>\n\n\n\n<p>Ivanti takes a slightly humorous approach to asking an important question: do you trust your organization\u2019s cyber defenses and team to stand up against real cyber threats? According to the company\u2019s <a href=\"https:\/\/www.ivanti.com\/lp\/security\/assets\/s1\/2023-cybersecurity-status-report\">2023 Cybersecurity Status report<\/a>, one in five respondents wouldn\u2019t even bet a chocolate bar on their organization\u2019s security capabilities.<\/p>\n\n\n\n<p>If you\u2019re not willing to wager the value of a basic vending machine item, then you shouldn\u2019t think your organization is equipped to secure trade secrets, customer information, and other sensitive data against cyber attacks. While this number is depressing, it certainly shows the lack of confidence employees have in their organizations\u2019 cyber defenses\u2026<\/p>\n\n\n\n<p><strong>27. 67% of IT Decision Makers Don\u2019t Think Their Cyber Defenses Can Stand Up to Malware Threats<\/strong><\/p>\n\n\n\n<p>Oh, boy. Two in three IT decision makers surveyed by Dell Technologies (in the global data protection report we mentioned earlier) between August and October 2022 lack confidence in their organizations\u2019 data security measures when it comes to malware and ransomware.<\/p>\n\n\n\n<p>A whopping 69% of survey respondents are so concerned, they fear that their organizations will experience a big cyber security incident within the next 12 months. This is fewer than the 86% who say their organizations already have experienced \u201cat least one\u201d such disruption within the past year. But still \u2014 both numbers are disconcerting and reflect the growing threats within the industry.<\/p>\n\n\n\n<p>Of course, all of these reports require context&#8230; as you\u2019ll see, there are some very different sentiments expressed by respondents of various surveys. &nbsp;<\/p>\n\n\n\n<p><strong>28.<\/strong> <strong>92% of CISOs and C-Level Execs Are Overly Confident in Their Organizations\u2019 Security<\/strong><\/p>\n\n\n\n<p>Research from ENCORE and Censuswide (i.e., <a href=\"https:\/\/www.encore.io\/the-true-cost-of-cyber-ebook\">The True Cost of Cyber<\/a> report we mentioned earlier) shows that nine in 10 chief information security officers and other top-level executives feel confident that their organizations are secure \u201cat any given moment.\u201d<\/p>\n\n\n\n<p><strong>29. 52% of Organizations Report Having \u201cHigh Visibility\u201d of Their Networks<\/strong><\/p>\n\n\n\n<p>Having visibility of the application, devices, and services running on your network is crucial to cybersecurity initiatives. After all, how can you secure what you don\u2019t know you have? Ivanti\u2019s 2023 Cybersecurity Status report shares data executives and cybersecurity professionals. The insight we want to highlight here is that slightly more than half of their survey respondents believe they have \u201chigh visibility\u201d of such things.<\/p>\n\n\n\n<p>Of course, this response makes me wonder whether public key infrastructure (PKI) digital certificates and keys were included in respondents\u2019 considerations when answering the question. <a href=\"https:\/\/www.keyfactor.com\/state-of-machine-identity-management-2022\/\">Keyfactor reports<\/a> that 55% of survey respondents for their 2022 State of Machine Identity Management report say they don\u2019t know how many digital certificates and keys they have within their IT environments.<\/p>\n\n\n<span style=\"--tl-form-height-m:937.938px;--tl-form-height-t:1002.97px;--tl-form-height-d:1002.97px;\" class=\"tl-placeholder-f-type-shortcode_16294 tl-preload-form\"><span><\/span><\/span>\n\n\n<p><strong>30. 70% of Organizations Report That Cyber is a Frequent Boardroom Discussion<\/strong><\/p>\n\n\n\n<p>Deloitte\u2019s Future of Cyber 2023 report shares that seven in 10 boards discuss cyber-related concerns regularly, either on a monthly or quarterly basis. On the surface, that\u2019s great! It, ideally, means that boards are having regular discussions about a truly important topic that intimately affects their businesses and customers alike.<\/p>\n\n\n\n<p>The question, though, is how <em>effective<\/em> these conversations are with regard to bringing about any positive changes. This brings us to our next bit of data\u2026.<\/p>\n\n\n\n<p><strong>31. 59% of Directors Don\u2019t Think Their Boards Fully Understand Security Risk Factors<\/strong><\/p>\n\n\n\n<p>Data from a <a href=\"https:\/\/www.pwc.com\/us\/en\/services\/consulting\/cybersecurity-risk-regulatory\/library\/global-digital-trust-insights.html\">2023 PwC survey<\/a> of more than 3,500 business, security and technology execs shows that nearly three in six directors aren\u2019t confident their boards really \u201cget it\u201d when it comes to cyber risks. The concern is that these leaders don\u2019t have the necessary understanding of the relationships between certain factors and the cyber risks they result in.<\/p>\n\n\n\n<p>But how can someone make changes to improve situations they don\u2019t understand? Simply put, they can\u2019t. But this is where CISOs, CIOs, and other cyber security leaders can step up and help make a change for the better.<\/p>\n\n\n\n<p><strong>32. 49% of Breached Organizations\u2019 Top Dogs Want CISOs to Take the Wheel on Security<\/strong><\/p>\n\n\n\n<p>CEOs from organizations that have suffered data breaches want CISOs to play a leading role and to \u201cdrive collaboration\u201d regarding security initiatives in 2023. Data from the aforementioned PwC survey indicates a shifting preference for inviting chief information security officers to have a seat at the table rather than being the outsider to the conversation.<\/p>\n\n\n\n<p>The idea here is that by having CISOs lead and partner with other leaders, organizations can pave a better path forward through collaboration and more effective security.&nbsp;<\/p>\n\n\n\n<p><strong>33. 62% of Risk &amp; Legal Leaders View Cyber Security and Data Disputes as Risks<\/strong><\/p>\n\n\n\n<p>Baker McKenzie, a globally renowned law firm, <a href=\"https:\/\/www.bakermckenzie.com\/en\/newsroom\/2023\/01\/new-survey-from-baker-mckenzie\">surveyed 600 senior risk and legal leaders<\/a> from companies with annual revenues surpassing $500 million in multiple countries. Their findings show that cybersecurity and disputes regarding data security are among the top-of-mind concerns for these leaders globally.<\/p>\n\n\n\n<p>Their report includes a meaningful quote from Cyrus Vance, Baker McKenzie\u2019s Global Chair of Cybersecurity:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cWe are in a global cybersecurity pandemic, but without a vaccine. Unfortunately, the current forecast in cybersecurity [favors] the criminal and state-sponsored actor over society\u2019s ability to fight them. And it&#8217;s not just about extracting money or data. These attacks serve to diminish trust in our most important institutions and sow fear and uncertainty across our population &#8211; one of the principal goals of our adversaries.\u201d<\/em><\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cyber-security-statistics-a-look-at-cyber-security-and-tech-industry-employment\"><a><\/a><a>Cyber Security Statistics: <\/a>A Look at Cyber Security and Tech Industry Employment<\/h3>\n\n\n\n<p>This section will talk about the topic some of you are most interested in reading: everything relating to hiring, retention, and general employment-related information.<\/p>\n\n\n\n<p><strong>34. 2023 Kicks Off With a Bang \u2014 Tech Companies Say They\u2019ll Eliminate ~50,000 Positions<\/strong><\/p>\n\n\n\n<p><em>Happy New Year! \u2026You no longer have a job.<\/em> This is the brutal news tens of thousands of employees find themselves facing in the early weeks of 2023. It\u2019s a genuinely unsettling time to be working in the tech industry.<\/p>\n\n\n\n<p>Here are a few examples of some of the big tech company layoffs announced since the start of the 2023 year:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Amazon.<\/strong> In Fall 2022, the distribution company originally reported that it would be reducing its workforce by 10,000. But on Jan. 4, <a href=\"https:\/\/www.aboutamazon.com\/news\/company-news\/update-from-ceo-andy-jassy-on-role-eliminations\">Amazon CEO Andy Jassy shared even more dire news<\/a>: its plans to eliminate more than 18,000 jobs largely from Amazon Stores and its People, Experience and Technology organization.&nbsp;<\/li>\n\n\n\n<li><strong>Coinbase. <\/strong>The <a href=\"https:\/\/www.coinbase.com\/blog\/a-message-from-ceo-and-co-founder-brian-armstrong-to-coinbase-employees\">cryptocurrency company announced on Jan. 10<\/a> that more layoffs (in addition to the ones announced in 2022) would be coming down the pike. They estimate that 950 people would be let go as a result of the crypto market\u2019s downward trend and the overarching global economy issues. As part of the transition, Coinbase says it\u2019ll provide a minimum of 14 weeks\u2019 base pay (more for those with additional years worked), health insurance, and other unspecified benefits.<\/li>\n\n\n\n<li><strong>Google. <\/strong>In a <a href=\"https:\/\/blog.google\/inside-google\/message-ceo\/january-update\/\">Jan. 20 blog post<\/a>, Alphabet\u2019s CEO (Alphabet is Google\u2019s parent company) announced that the company will be eliminating 12,000 roles in the U.S. and abroad. They\u2019ve announced that they\u2019ll provide pay to employees during the notification period and various severance packages.<\/li>\n\n\n\n<li><strong>Microsoft.<\/strong> On Jan. 18, <a href=\"https:\/\/www.sec.gov\/ix?doc=\/Archives\/edgar\/data\/0000789019\/000119312523009934\/d447690d8k.htm\">the tech giant announced<\/a> its plans to reduce its workforce by \u201capproximately 10,000 employees\u201d by the end of fiscal Q3 2023.<\/li>\n\n\n\n<li><strong>Salesforce. <\/strong><a href=\"https:\/\/www.sec.gov\/Archives\/edgar\/data\/1108524\/000110852423000003\/ex991-lettertoemployees.htm\">Salesforce announced<\/a> Jan. 4 that it would cut 10% of its workforce (just shy of 8,000 positions based on the full-time equivalent headcount published in its <a href=\"https:\/\/investor.salesforce.com\/press-releases\/press-release-details\/2022\/Salesforce-Announces-Solid-Third-Quarter-Fiscal-2023-Results\/default.aspx\">Q3 2022 fiscal report<\/a>), saying it bit off more than it could chew by hiring \u201ctoo many people.\u201d For U.S. employees, this means employees with receive \u201ca minimum of nearly five months of pay, health insurance, career resources, and other benefits\u201d to help while they seek new employment.<\/li>\n<\/ul>\n\n\n\n<p>In the fall, Google and other companies like Twitter and <a href=\"https:\/\/about.fb.com\/news\/2022\/11\/mark-zuckerberg-layoff-message-to-employees\/\">Meta (formerly Facebook)<\/a> also announced their plans to reduce their workforces.<\/p>\n\n\n\n<p><strong>35. 60% of Enterprises Struggle With Retaining Qualified Cyber Security Experts<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/www.isaca.org\/go\/state-of-cybersecurity-2022\">ISACA\u2019s 2022 State of Cybersecurity Survey<\/a> states that retention of high-quality cyber security employees is a major concern. It\u2019s not just about getting people to continue working at your company; the more important thing is ensuring that you\u2019re keeping the <em>right<\/em> butts in the right seats.<\/p>\n\n\n\n<p>There\u2019s massive competition within the industry as companies are seeking the best and brightest talent. Employees having high wage expectations certainly doesn\u2019t help from a hiring perspective, but, historically, prospective talent have had a lot of options to choose from when it comes to selecting their next employer.<\/p>\n\n\n\n<p>But hiring and retention issues aren\u2019t a problem only for hiring managers. They\u2019re a big issue for organizations\u2019 cybersecurity teams as well.<\/p>\n\n\n\n<p><strong>36. 63% of Cybersecurity Teams Are Significantly or Somewhat Understaffed<\/strong><\/p>\n\n\n\n<p>Much like how it is for other industries, turnover is an issue in cyber security as well. Data from ISACA\u2019s State of Cybersecurity 2022 report shows how bad the situation has gotten for the people on the ground:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>15% of organizations report their cybersecurity teams are significantly understaffed, and<\/li>\n\n\n\n<li>47% say their teams are somewhat understaffed.<\/li>\n<\/ul>\n\n\n\n<p>To make matters worse, 63% of ISACA\u2019s survey respondents indicate that they have open cybersecurity positions available that they\u2019ve been unable to fill.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cyber-security-statistics-a-look-at-the-human-side-of-cyber-security\"><a>Cyber Security Statistics: A Look at the Human Side of Cyber Security<\/a><\/h3>\n\n\n\n<p>There\u2019s more to the \u201chuman\u201d aspect of your employees than just hiring, retaining, and firing them. Here are some of the other factors you should consider when making policies and decisions that will affect your IT and cyber security employees.<\/p>\n\n\n\n<p><strong>37. Stress Is One of the Top Five Reasons Cyber Security Professionals Quit<\/strong><\/p>\n\n\n\n<p>People aren\u2019t only leaving jobs because they\u2019re getting laid off or fired. There are plenty of good reasons why someone would seek out a new role. ISACA\u2019s data shows that being recruited (59%) is the top reason, followed by a lack of financial incentives (48%).<\/p>\n\n\n\n<p>But aside from the most glaring reasons why cyber security pros leave their jobs, there are three other reigning reasons why they\u2019re abandoning their positions and seeking opportunities elsewhere:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A dearth of development or promotion opportunities (47%),<\/li>\n\n\n\n<li>Increasingly high stress levels (45%)<\/li>\n\n\n\n<li>A Lack of support from managers and leadership (34%)<\/li>\n<\/ul>\n\n\n\n<p><strong>38. 67% of Cybersecurity Incident Responders Say Anxiety and Stress Crop Up During Incidents<\/strong><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/mental-impact-of-cyber-security-incidents.png\" alt=\"A basic graphic that illustrates the toll cyber security incidents take on incident responders' personal lives and relationships in the forms of stress and anxiety\" class=\"wp-image-16054\" width=\"265\" height=\"339\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/mental-impact-of-cyber-security-incidents.png 458w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/mental-impact-of-cyber-security-incidents-234x300.png 234w\" sizes=\"auto, (max-width: 265px) 100vw, 265px\" \/><figcaption class=\"wp-element-caption\"><em>Data source: The IBM Security Incident Responder Survey (from IBM and Morning Consult).<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p>Cyber security incidents are far reaching with their effects extending far beyond the business world for employees. Two in three (67%) cyber security incident responders <a href=\"https:\/\/www.ibm.com\/downloads\/cas\/XKOY5OLO\">surveyed by Morning Consult (on behalf of IBM)<\/a> say their mental health is impacted, resulting in increased stress and anxiety. But those are not the only effects of responding to cybersecurity incidents:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>29% of cybersecurity incident responders report impacts on their relationships and social lives outside of work.<\/li>\n\n\n\n<li>30% report experiencing burnout from responding to these incidents.<\/li>\n<\/ul>\n\n\n\n<p>Here\u2019s a quick overview of the data from Morning Consult\/IBM:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"930\" height=\"556\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/ibm-impacts-cybersec-incidents-incident-responders-shadow.png\" alt=\"A bar chart graphic that showcases the types of impacts cyber security incident responders face over time as a result of the stress and anxiety expeirenced in their roles\" class=\"wp-image-16053\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/ibm-impacts-cybersec-incidents-incident-responders-shadow.png 930w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/ibm-impacts-cybersec-incidents-incident-responders-shadow-300x179.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/ibm-impacts-cybersec-incidents-incident-responders-shadow-768x459.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/ibm-impacts-cybersec-incidents-incident-responders-shadow-400x240.png 400w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/ibm-impacts-cybersec-incidents-incident-responders-shadow-460x276.png 460w\" sizes=\"auto, (max-width: 930px) 100vw, 930px\" \/><figcaption class=\"wp-element-caption\"><em>Data source: The IBM Security Incident Responder Survey (from IBM and Morning Consult).<\/em> <\/figcaption><\/figure>\n\n\n\n<p><strong>39. 33% of Organizations Don\u2019t Provide Cyber Awareness Training to Remote Users<\/strong><\/p>\n\n\n\n<p>Many companies blame increasing cyber security risks on remote workers and their increasing reliance on remote connectivity. However, instead of doing something to address the situation, <a href=\"https:\/\/www.hornetsecurity.com\/us\/press-releases-us\/1-in-3-organizations-does-not-provide-any-cybersecurity-training-to-remote-workers\/\">Hornetsecurity reports<\/a> that one-third of companies don\u2019t even bother providing cyber awareness training to their remote users. This is despite the fact that three in four employees who work remotely have access to sensitive and critical data.<\/p>\n\n\n\n<p>To learn more about cyber <a href=\"https:\/\/www.thesslstore.com\/blog\/19-security-awareness-statistics-you-should-know-before-offering-training\/\">security awareness statistics<\/a>, check out our other related article on the topic.<\/p>\n\n\n\n<p>Hornetsecurity\u2019s data shows that many IT professionals don\u2019t have a lot of confidence in their organizations\u2019 remote security measures. One of the biggest issues? Uncontrolled file sharing.<\/p>\n\n\n\n<p><strong>40. 84% of Cyber Security Pros Are Overwhelmed By Increasing Security Alerts<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/cloudsecurityalliance.org\/blog\/2022\/06\/24\/four-reasons-for-alert-fatigue-and-how-to-make-it-stop\/\">Alert fatigue<\/a> \u2014 ever heard of it? The term typically refers to the issue of becoming desensitized to alerts to the point that professionals fail to appropriately respond to them. In IT and cybersecurity, security alerts are unnerving and require a lot of time, mental focus, and patience for individuals and teams to handle. New research from <a href=\"https:\/\/www.cybersecurity-insiders.com\/portfolio\/2023-state-of-security-report-forcepoint\/\">Force Point and Cybersecurity Insiders<\/a> shows that eight in 10 cybersecurity teams receive too many security alerts and that those alerts are taking a toll on their team members.<\/p>\n\n\n\n<p>Too many alerts can lead to feelings of being overwhelmed, which can affect productivity and make people feel like they\u2019re being pulled in too many directions. According to survey respondents, the issue of being overwhelmed only gets even worse with the more security tools they rely on.<\/p>\n\n\n<span style=\"--tl-form-height-m:150.25px;--tl-form-height-t:121.4583px;--tl-form-height-d:121.4583px;\" class=\"tl-placeholder-f-type-shortcode_12753 tl-preload-form\"><span><\/span><\/span>\n\n\n<h2 class=\"wp-block-heading\" id=\"final-thoughts-on-these-2023-cyber-security-stats\"><a>Final Thoughts on These 2023 Cyber Security Stats<\/a><\/h2>\n\n\n\n<p>Were you expecting a massive list like last time? Quality over quantity, my friend. We hope that this list of cyber stats provides you with a plethora of useful information about what\u2019s shakin\u2019 within the cybersecurity industry and related considerations.<\/p>\n\n\n\n<p>We\u2019ve seen the damage that intentionally malicious human actions can cause. But threats and security incidents also can result from mere human ignorance, mistakes, and errors. The U.S. <a href=\"https:\/\/www.faa.gov\/newsroom\/faa-notam-statement\">Federal Flight Administration (FFA) recently released a statement<\/a> regarding the January Notice to Air Missions (NOTAM) systems outage that halted thousands of flight departures around the country. Their preliminary review said that contract personnel accidentally deleted files that led to the widespread outage.<\/p>\n\n\n\n<p>While cyber security incidents are ever-increasing concerns, it\u2019s not all doom and gloom. There are things you can do to help protect your organization from many of these growing threats:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Follow industry best practices to secure your IT infrastructure, network, and data repositories.<\/li>\n\n\n\n<li>Be realistic about your capabilities and vulnerabilities and recognize that your organization isn\u2019t infallible.<\/li>\n\n\n\n<li>Implement the use of defense technologies and resources from reputable vendors.<\/li>\n\n\n\n<li>Offer in-house or third-party cyber awareness training to reduce employee ignorance and apathy.<\/li>\n<\/ul>\n\n\n\n<p>Do you have other current cyber security statistics that you\u2019d like to share with me and your fellow readers? I\u2019d love to see them! Be sure to share them in the comments section below.<\/p>\n\n\n\n<p><em>This article was originally written in May 2020 and has been updated in January 2023 with the latest cyber security statistics.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>From T-Mobile\u2019s massive data breaches to Rackspace\u2019s sweeping outages, 2022 was a rough year for businesses and consumers alike. Here\u2019s your list of 40 of the most current cyber security&#8230;<\/p>\n","protected":false},"author":17,"featured_media":12322,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":1,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16,10200],"tags":[175,10177,10083],"class_list":{"0":"post-12315","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","6":"hentry","7":"category-hashing-out-cyber-security","8":"category-monthly-digest","9":"tag-cybersecurity","11":"tag-statistics","12":"post-with-tags"},"views":64313,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2020\/05\/cyber-security-statistics.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/12315","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=12315"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/12315\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/12322"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=12315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=12315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=12315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}