The threat landscape is constantly changing. As attackers become smarter and faster, businesses must stay alert. Knowing the numbers behind modern cyberattacks is more than interesting — it’s essential. These 30 stats are your window into what’s happening right now in cybersecurity. Each one tells a story, and behind every number is a lesson that can help protect your business from becoming the next headline.
1. 95% of cybersecurity breaches are caused by human error
Most people think of hackers using high-tech tools to break into systems.
But the truth is, in most cases, it’s a simple mistake by someone inside the organization. Maybe someone clicked a link they shouldn’t have. Or sent sensitive data to the wrong person. These small slip-ups can lead to massive consequences.
To reduce these errors, train your team regularly. Don’t just do one workshop a year — make it part of the culture.
Use real-world examples to explain how phishing works or what a suspicious email looks like. Also, simulate attacks to see how employees respond. It’s not about catching them; it’s about teaching them.
Creating a clear reporting system helps too. If someone does click a bad link, they should know who to call immediately. That fast reaction can stop a small mistake from becoming a full-blown breach.
2. Ransomware attacks increased by 93% year-over-year in 2022
Ransomware is growing like wildfire. In a ransomware attack, criminals lock up your files and demand money to unlock them. It’s like someone stealing your house keys and charging you to get back inside.
Why the huge jump? These attacks work. Companies often pay the ransom because downtime costs more. Attackers also don’t need to be experts anymore. There are ready-made ransomware kits available on the dark web.
What can you do? First, keep backups — not just once a month, but daily. Store them in a location that attackers can’t reach, like offline or in a different cloud account.
Second, use strong antivirus tools that can detect ransomware before it spreads. And always keep your software up to date. Many ransomware attacks come through known software flaws.
Finally, create a ransomware response plan. Know exactly who does what if an attack happens. Practice that plan just like you would a fire drill.
3. The average cost of a data breach reached $4.45 million in 2023
A single breach can break the bank. Between legal fees, customer loss, downtime, and fixing the issue, the bills add up fast. And it’s not just big companies — smaller ones face these same costs, but with fewer resources to handle them.
The smartest move? Invest early in protection. Think of cybersecurity spending like insurance. It may seem expensive now, but it’s far cheaper than a breach. Prioritize protecting customer data. Encrypt it, limit who can access it, and watch for strange behavior around it.
Another tip: know your weak spots. Conduct regular audits to find holes before hackers do. Whether it’s outdated software or overused passwords, fixing small problems now can save you millions later.
4. Phishing accounts for over 80% of reported security incidents
Phishing is the low-hanging fruit for cybercriminals. It works because it’s simple — trick someone into handing over info or clicking a link. And when it works, it often opens the door to bigger attacks.
To combat phishing, you need more than spam filters. Teach your team what phishing really looks like. Show them how attackers copy logos, use fake names, or create urgency like “your account is about to be closed.”
Add two-factor authentication (2FA) wherever possible. Even if someone’s password gets stolen, the attacker still needs that second code. Also, set up rules in your email system to block messages with suspicious attachments or strange links.
5. 60% of small companies go out of business within six months of a cyberattack
Cyberattacks aren’t just a big company problem. In fact, small businesses are often easier targets because they don’t have strong security.
A single attack can wipe out cash flow, destroy customer trust, and force companies to shut their doors. The worst part? Many of these businesses didn’t even know they were at risk.
So if you run a small business, don’t assume you’re too small to be targeted. Start with the basics: use firewalls, keep software updated, and use strong passwords.
Don’t rely on default settings. And most importantly, have a plan. If something goes wrong, know who to call, what systems to shut down, and how to notify customers.
6. 43% of cyberattacks target small businesses
Hackers know that smaller businesses usually don’t have dedicated IT teams or full-time security staff. That makes them easier to break into.
To protect yourself, take advantage of free or low-cost tools designed for small businesses. Use services that offer built-in security like Google Workspace or Microsoft 365. Turn on all security features, including 2FA, data loss protection, and suspicious activity alerts.
Also, don’t forget about physical security. A lost laptop or stolen USB drive can lead to a data leak. Encrypt all devices and require passwords or biometrics to access them.
7. 70% of organizations report having suffered at least one ransomware attack
Ransomware isn’t rare anymore. It’s becoming the norm. If you haven’t been hit yet, chances are, you will be.
You can’t ignore ransomware. Assume that one day it might happen, and prepare now. Run frequent backup tests. Make sure you can actually recover from your backups, not just store them. Review your backup retention — one copy isn’t enough.
Also, look into ransomware-specific protection tools. These tools watch for signs of ransomware, like files being locked rapidly or renamed.
Make sure your insurance policy covers cyber incidents. Not all do. Check what’s included and update your coverage if needed.
8. The average downtime after a ransomware attack is 21 days
Three weeks without access to your systems can crush a business. You may not be able to serve customers, ship products, or even pay employees.
That’s why having a recovery plan is critical. It’s not just about avoiding the attack, but knowing how to get back on your feet quickly.
Test your backups to make sure you can recover key systems in hours, not weeks. Keep offline copies of your most important data. And don’t store backups on the same network — attackers often go after backups too.
9. Cybercrime is projected to cost the world $10.5 trillion annually by 2025
This number is massive for a reason. Cybercrime doesn’t just hit companies — it affects hospitals, governments, and individuals too. It’s one of the fastest-growing criminal industries in the world.
Every business, no matter how big or small, needs to take cybersecurity seriously. You may not control the global economy, but you can protect your piece of it.
Start by making cybersecurity part of your business strategy. Set clear goals for protecting your data, train your staff, and work with partners who take security seriously.
10. Only 50% of businesses have a cybersecurity incident response plan
That means half of all businesses are flying blind when an attack happens. Imagine having no plan during a fire. That’s what it’s like during a cyberattack without a response plan.
Creating a plan isn’t hard, and it doesn’t have to be perfect. Start by listing out your most critical systems. Then decide who’s in charge if something goes wrong — IT, leadership, legal, and PR should all be involved.
Write clear steps for reporting an incident, stopping the spread, and notifying customers if needed. Test this plan with tabletop exercises. Even a few hours of preparation can make all the difference.
11. 94% of malware is delivered via email
Email remains one of the easiest ways for malware to sneak in. It’s fast, cheap, and most people aren’t suspicious of a well-crafted message.
The solution is to treat email like a major attack surface. Use email filtering tools that scan attachments and links. Block macros in Office documents unless they’re absolutely necessary. And never allow unknown apps to be installed through links.
Train your team to hover over links, check email addresses, and question unexpected messages — even if they seem to come from a coworker.
12. 68% of business leaders feel their cybersecurity risks are increasing
Leaders aren’t just paranoid — the threat really is getting worse. As businesses move more operations online, the number of attack surfaces grows. Add remote work, more connected devices, and growing use of cloud apps, and it’s easy to see why the pressure is rising.
What should leaders do? First, shift the mindset. Cybersecurity isn’t just an IT problem — it’s a business priority. Leaders should set the tone from the top by taking ownership of digital risk.
Start with regular security briefings at the executive level. Understand what data is at risk, what systems are most important, and what defenses are in place. Allocate budget for cybersecurity based on risk, not just cost.
Also, make sure your security team has the authority and resources to act fast. A quick decision during a breach can save you millions. And finally, consider bringing in external experts to audit your current setup and spot blind spots.
13. 1 in 36 mobile devices had high-risk apps installed in 2022
Phones and tablets are just as vulnerable as computers — maybe even more so because they’re everywhere and always on. That stat shows how many devices are walking around with risky apps that could be stealing data, tracking users, or opening backdoors.
Mobile security can’t be ignored. Start by managing the devices that access your business systems. Use Mobile Device Management (MDM) tools to control what apps are installed, push updates, and wipe lost devices remotely.
Encourage your team to only install apps from trusted sources like the official app stores. And if your business uses custom apps, make sure they’re tested for vulnerabilities before deployment.
Also, set rules for connecting to public Wi-Fi. Using unsecured networks is an easy way for hackers to eavesdrop. Provide VPN access for safer browsing.
14. 30% of users open phishing emails, and 12% click on the malicious links
Even with all the warnings, phishing still works — and it works often. That 12% click rate might seem small, but in a company of 500 people, that’s 60 people putting your business at risk.
One bad click can give attackers a foothold. So what can you do? Keep training, but make it interesting. Avoid boring slideshows. Instead, use real-life phishing examples, short videos, or interactive games.
Also, use email banners to warn when messages come from outside the organization. Color-coding helps employees recognize risky emails. Enable link scanning in your email system and delay message delivery for a minute or two to allow extra checks.
And when someone reports a phishing email, reward them. It reinforces the right behavior and makes everyone more alert.
15. 64% of companies worldwide have experienced at least one form of cyberattack
More than half of businesses have already faced a cyberattack. The odds are no longer “if,” but “when.” That means preparation is no longer optional.
So what should you focus on first? Start with visibility. You can’t protect what you can’t see. Know what devices, apps, and users are on your network. Map out your digital environment clearly.
Then, focus on patching. Most attacks still use known vulnerabilities. Regularly update software, firmware, and plugins. Automate updates when possible.
Finally, monitor your network in real time. Set up alerts for strange activity. If someone logs in from another country, transfers large amounts of data, or accesses files they shouldn’t — you want to know right away.
16. 53% of attacks are financially motivated, while 21% are espionage-related
Most attackers want money. Whether it’s through ransomware, stolen credit cards, or fraudulent transactions, the goal is often profit. But for some, the goal is information — stealing trade secrets, spying on business deals, or gaining access to intellectual property.
That means your business needs to protect both money and ideas. Secure your financial systems with strong authentication and transaction monitoring. Watch for signs of insider threats, too — employees who might misuse their access.
For intellectual property, encrypt everything — from designs and blueprints to source code and research files. Limit who has access and monitor file transfers closely.
Also, be cautious with vendors. If someone else is handling your sensitive data, make sure they follow strict security standards too.
17. On average, it takes 277 days to identify and contain a breach
That’s over nine months. Imagine someone sneaking around your systems for that long, watching your emails, collecting passwords, or slowly moving data out. That’s what can happen when you don’t have proper detection tools.
Speed is everything in cybersecurity. The faster you detect a breach, the less damage it causes. So focus on detection and response, not just prevention.
Use endpoint detection tools that track user behavior and flag anything suspicious. Consider a managed security service provider (MSSP) if you don’t have a full in-house team.
Create an alerting system that filters the noise but doesn’t miss real threats. And once a breach is found, act fast — isolate the affected systems, shut down access, and start your incident response plan immediately.
18. 45% of breaches involve hacking, 22% involve social attacks, and 17% involve malware
These numbers show that no single defense is enough. Hackers use a mix of techniques — some technical, some psychological.
A strong defense layers multiple protections. Start with patching and strong passwords to reduce hacking. Then train your team to resist social engineering. And finally, use malware detection tools to stop viruses, worms, and ransomware.
Don’t rely too much on one layer. For example, antivirus alone won’t stop phishing. And employee training won’t help if your software is full of holes. Build a balanced security strategy that covers all the main threat types.
19. 33% of organizations experience insider threats annually
Insider threats come from people who already have access. It could be an angry employee, a careless contractor, or even someone unintentionally exposing data.
First, limit access to what’s truly needed. Don’t give blanket permissions. Use role-based access controls, and regularly review who can access what.
Second, watch for red flags. A sudden spike in file downloads, logging in at odd hours, or transferring data to personal email accounts can all be warning signs.
Use data loss prevention (DLP) tools to block sensitive information from being copied, printed, or sent outside your network.
20. Supply chain attacks increased by 742% between 2020 and 2022
That’s not a typo — nearly eight times more supply chain attacks in just two years. Why? Because attackers realized it’s easier to go after a vendor than a well-protected company. If your partner has access to your systems or data, that’s an entry point.
So what should you do? Start by knowing who your suppliers are and what level of access they have. Review all third-party vendors — software providers, cloud services, IT contractors — and understand their security posture.
Demand proof of their cybersecurity practices. Do they encrypt data? Do they patch regularly? Have they had any recent incidents?
Add clauses to your contracts that require vendors to notify you of breaches within a specific time frame. Also, limit their access. Just because a vendor needs to work on one part of your system doesn’t mean they should access everything.
And if you’re using third-party software, keep it updated. Many supply chain attacks exploit outdated software libraries or unsecured integrations.
21. 55% of organizations have experienced one or more third-party breaches
More than half of all breaches involve someone outside your company. That’s a wake-up call: your security is only as strong as your weakest partner.
To reduce risk, perform regular security reviews of third parties. Ask for SOC 2 reports, penetration test results, or details on how they secure their infrastructure.
Use a vendor risk management process. Rate vendors by risk level, and apply different levels of scrutiny based on what they handle. A company that stores your customer data should go through a more detailed review than someone supplying office furniture.
If possible, use secure portals or platforms for third-party data sharing. Avoid email attachments and uncontrolled file exchanges. And always monitor vendor activity — if someone logs in from an unusual location or tries to access too much data, you want to catch it quickly.
22. DDoS attacks rose by 60% in the past year
A DDoS (Distributed Denial of Service) attack overwhelms your systems with traffic until they crash. These attacks can make your website, app, or even internal tools completely unusable.
Many companies aren’t ready for this type of attack. That’s a problem — DDoS is often used as a distraction while hackers sneak in through other methods.
To stay ahead, work with your hosting provider or use services like Cloudflare or Akamai that can absorb and block large amounts of traffic. These tools automatically detect when traffic is abnormal and filter out the fake users.
Also, consider rate limiting. If a user is sending hundreds of requests in seconds, they should be blocked or slowed down. Keep emergency contact numbers for your cloud or web service providers in case you need fast help.
And always monitor your systems during busy periods like product launches or holidays. These times are prime targets for DDoS attacks.
23. 80% of breaches involve data stored in the cloud
The cloud is convenient, scalable, and fast — but it’s also a favorite target. That’s because many companies don’t configure cloud settings correctly. Misconfigurations lead to open storage buckets, exposed APIs, and weak access controls.
If you’re using cloud services, make sure your setup follows security best practices. Use access logs to track who is doing what. Enable encryption at rest and in transit. Use strong identity and access management (IAM) policies.
Regularly audit your cloud permissions. Many users and apps have way more access than they need. Remove unused accounts and rotate credentials often.
Finally, use cloud security posture management (CSPM) tools. These can scan your environment for risky settings or exposed data.
24. Only 5% of company folders are properly protected
That means 95% of folders could be accessed by too many people, sometimes even everyone in the company. That’s a huge problem, especially if sensitive data — like customer records or financial info — is in those folders.
Start with a data discovery scan. Find out where your sensitive files are. Then review who can access them. Create a system where only the right departments can see certain folders.
Also, don’t leave old folders hanging around. If a project is over, archive or delete the data. The more files you have, the harder they are to protect.
Set up automatic permission reviews. Once a quarter, check to see if someone’s access is still needed. If not, remove it. The fewer people with access, the lower the risk.
25. 48% of malicious email attachments are Office files
Cybercriminals love Office files — Word docs, Excel sheets, PowerPoint slides — because they’re common and trusted. These files often come with macros that, when enabled, can run malicious code and infect your systems.
To stay safe, disable macros by default. Only allow them in files from trusted sources. Most email security platforms can scan Office attachments and block suspicious ones.
Also, train your team to treat attachments with caution. Just because a file says “invoice” or “proposal” doesn’t mean it’s safe. Make it company policy to verify unusual attachments directly with the sender before opening.
And avoid downloading Office files from unknown websites. Even if the site looks professional, the file could be rigged.
26. The healthcare sector sees an average of 1,410 attacks per week
Hospitals and healthcare providers are among the most targeted industries. They store valuable personal data, and during emergencies, they can’t afford downtime — making them prime ransomware victims.
If you’re in healthcare, focus on resilience. Encrypt all patient data, both in storage and during transmission. Use endpoint protection on every device, including those used by staff remotely.
Segment your network so that if one part is compromised, attackers can’t move freely. Also, back up everything — not just patient records, but also the systems used to run day-to-day operations.
Make sure your staff, from front desk to IT, are trained to recognize phishing attempts. One clicked email can take down an entire hospital system.
27. Financial services experience 300 times more cyberattacks than other industries
Banks, investment firms, and fintech companies are constantly under siege. That’s because they deal directly with money and identity — two things cybercriminals crave.
If you’re in finance, security must be at the center of everything you do. Use real-time fraud detection systems that flag unusual behavior instantly. Enforce multi-factor authentication (MFA) across all customer and employee accounts.
Monitor your APIs and mobile apps for vulnerabilities. These are often targeted by attackers trying to bypass the front door. Also, ensure compliance with regulations like PCI DSS or SOC 2, which can help keep your defenses strong.
And always keep customer communication secure. Use end-to-end encryption, secure portals for document sharing, and regular reminders for customers about phishing.
28. 40% of IT leaders say cybersecurity is their top concern
IT leaders are feeling the heat. With so many threats out there, security is no longer a side project — it’s front and center.
To tackle this, make cybersecurity a team-wide mission. Give your IT leaders the tools and support they need. That includes budget, people, and time.
Invest in tools that automate threat detection, patching, and monitoring. Reduce manual work so your IT team can focus on strategy and improvement.
Also, encourage communication between IT and other departments. Cybersecurity decisions affect everyone — from HR to marketing. Make sure all teams understand the risks and play their part in protecting the company.
29. The average ransomware payment in 2023 was over $1 million
That’s a staggering amount. And it’s only going up. Criminals know companies are willing to pay to get their data back, especially when backups fail or downtime is too costly.
Never assume paying the ransom will fix everything. Some victims don’t get their data back. Others get hit again months later.
Instead, focus on prevention. Back up data frequently and store it offline. Test your recovery process regularly. And invest in endpoint protection tools that can detect ransomware early.
Also, make sure your cyber insurance covers ransomware payments, legal costs, and recovery. Not all policies do, so read the fine print.
30. 90% of security professionals report skills shortages in their cybersecurity teams
There just aren’t enough skilled people to meet the demand. That means many companies are understaffed and vulnerable.
If you’re building a security team, consider hiring for potential, not just experience. Train people from within your organization. Offer courses, certifications, and career paths in cybersecurity.
Also, look into managed security services. These providers offer 24/7 monitoring, threat detection, and incident response — often for less than hiring full-time staff.
Finally, simplify your tools. Too many platforms can confuse your team and slow response time. Choose integrated solutions that work well together and reduce complexity.
wrapping it up
The cyber threat landscape isn’t just changing — it’s accelerating. Every stat we explored paints a clear picture: attacks are more frequent, more sophisticated, and more damaging than ever before.
But here’s the good news — most threats can be reduced or even prevented with the right awareness, planning, and action.
