Every year we see an increase in cyber attacks globally and 2023 was no exception. This year we saw an increase in data breaches, phishing attacks, business email compromise attacks and more. The theme in the news and beyond was around organisations of all sizes starting to tighten their belts when it comes to cyber security, as tactics are becoming more refined and evolving faster than ever before.
In 2024, we can expect to see more of a focus on improving security when it comes to cloud services and digital infrastructure. Last year, with an increase in cloud computing came a steady increase in cyber attacks in this space. Within the cloud and IoT space, organisations will be fighting against possible data breaches, disruptions or even data loss this year.
Another trend we predict will become a theme in 2024 is the introduction of passwordless authentication. At the end of last year, Google launched Passkey as secure way for users to access their accounts without having to remember their passwords. Instead, this feature allows the user to login with a fingerprint, face scan or pin. The technology relies on cryptography, making it more secure and phishing resistance than previous measures.
At the end of 2023, we saw a stir of conversations related to generative AI usage, especially as it pertains to cyber criminals using it for financial gain at the expense of political figures and celebrities. We can expect to see governments investing time and resources into trying to monitor and regulate generative AI usage. Which ties into our final prediction, captured in a recent article by Chuck Brooks from Forbes. The article highlights an expected increase in cyber security regulations specifically focused on mitigating space attacks.
His article states “the security risk management of satellites and space will emerge as a top priority among both the public and private sectors.” There’s been a clear gap identified in the level of protection surrounding satellites and spaced-based communication and sensing. We can expect this to be a key conversation topic in the media this year.
And with that, we leave you with the latest, greatest (and most alarming) cybersecurity statistics to know in 2024:
Top 2024 Cyber Statistics (Editor’s Choice)
- Cybercrime costs are predicted to reach $9.5 trillion USD in 2024.
- Among leading industries, manufacturing continues to rank as the most highly targeted on a global scale.
- The projection for global spending on security and risk management in 2024 has increased by 14.3%, totalling $215 billion.
- According to McAfee’s latest Global Scam Message Study, Australian’s spend an average of 63 minutes per week trying to assess the legitimacy of scam texts and emails.
- The largest reported data leakages remain the Cam4 breach in March 2020, which exposed more than 10 billion data records, followed by the 2013 Yahoo data breach, where three billion data records were leaked.
Cybersecurity statistics
1. Cybercrime costs are predicted to reach $9.5 trillion USD in 2024.
The cost of cybercrime is continuously snowballing as cyber criminals get smarter and governments work to find ways to keep up with new strategies and tactics. This research also included the compounded consideration with the rising costs of damages associated with cybercrime, forecasting this cost could read $10.5 trillion by 2025.
Source: Cybersecurity Ventures
2. Among leading industries, manufacturing continues to rank as the most highly targeted on a global scale.
Our team at Eftsure cross referenced this data with our own and in 2023 we successfully identified and stopped more cyber attacks against construction and manufacturing customers than those in other industries.
Source: Statista
3. As of 2023, the global average cost per data breach rose to 4.45 million U.S. dollars. An increase from the 2022 reported $4.35 million.
A key theme we saw at the end of 2023 was executives discussing the things that keep them up at night: data breaches and security. It’s no surprise seeing the rising cost of data breaches. Not to mention, this dollar value doesn’t account for the reputational damages incurred as well.
Source: Statista
4. The projection for global spending on security and risk management in 2024 has increased by 14.3%, totalling $215 billion.
Companies are feeling the pressure to implement improved controls and tighter security measures in an attempt to protect their own data and the data of their suppliers or customers. In finance departments, CFOs are looking to protect their teams from phishing attacks, BEC attacks, and more.
Source: Gartner
5. In Australia, the ASD recorded 94,000 reports of cyber scams were made to law enforcement this year. They estimate this means one every six minutes.
In the ASD Cyber Threat Report 2022-2023, a number of emerging trends were identified with the growing number of attacks. These include cybercriminal continuously adapting tactics to increase the max payment from victims, data breaches which left millions of Australians impacted, and an increase in cybercrime costs.
Source: ASD
6. An F-35 fighter jet could be taken down easier by cyber attacks than a missile attack.
An interesting statistic, which ties into a forecasted trend we will hear more about in 2024: space cybersecurity. In a recent Forbes article, Chuck Brookes backs this by stating “The economic sustainability of the free world depends on space-based global communications and sensing. Unfortunately, many of the platforms lack adequate protection, and hence, space cybersecurity will play a significant role in protecting key infrastructure.”
We expect to see more conversations at government levels about space and cyber security, especially closely tied to conversations about local militaries.
Source: Interesting engineering
7. A recent study of 500 Australian CFOs found that 50% say their business’s security concerns are higher heading into 2024 than the year prior.
In the same survey, 98% of CFOs said they feel cyber-crime is growing globally, adding a layer of anxiety as finance professionals tend to be one of the top targets for phishing scams within organisations.
Source: Eftsure
8. 77% of organisations don’t have an incident response plan when it comes to cyber attacks.
Given these numbers, it’s highly likely most of these companies haven’t considered proactive protection measures to mitigate the risk of an incident. Regardless of levels of preparedness, it’s always important to have a response plan in place, especially when we consider some cyber attacks can take a matter of minutes to successfully compromise systems or extract data.
Source: Cybint
9. The size of the global cyber insurance market is expected to grow rapidly over the 5 years, with the total market size increasing from around $8B USD in 2020 to just over $20B USD by 2025.
According to Statista, the global cyber insurance market is expected to grow tremendously over the next five years. Some factors that come into play as why the market is expected to grow is from the increase in cyber threats, awareness of cyber risks, regulatory requirements, lack of in-house expertise such as IT teams or internal processes and growth in technology.
Source: Statista
10. 45% of experts said cyber incidents causing business interruption is their number one fear above anything else.
This includes ongoing concerns and fears around ransomware attacks, cloud outages, IT system failures and threats of cyber war.
11. In the healthcare industry alone, there has been a 239% increase in hacking data breaches over the last four years.
The healthcare industry runs the highest costs for data breaches, with the average cost of a single data breach sitting at 11 million USD.
Source: Chief Healthcare Executive
12. 1 in 10 US organisations have no insurance against cyber attacks
Which doesn’t pair well with the associated costs on the rise when it comes to these attacks.
Source: Statista
13. According to the Javelin 2023 identity fraud survey, the number of adult victims remained nearly identical year-over-year, however the dollar losses fell in amount.
The report notes the reduction in financial losses can be attributed to the increased efforts from financial institutions to keep criminals from attacking their customers. However, the numbers are still glaring and there’s still plenty of space for improvement.
Source: Javlin
14. Researches from a top cyber security organisation and Stanford University say 88% of data breaches are caused by human error.
It only takes one person to accidentally become the driving force behind a breach large enough to take down an entire organisation. This could be as simple as an employee clicking on a malicious link. Which is why organisations are increasingly investing in cyber awareness training for their employees to reduce the risk of a successful attack.
Source: KnowBe4
15. The likelihood of a cybercrime entity being prosecuted in the US is estimated to be 0.05%
Adding even more emphasis on the need for people to become aware and vigilant, seeking protective measures rather than relying on reactive resolutions.
Source: World Economic Forum
Working from home statistics
16. The average cost per breach is $173,074 higher when the breach occurs on remote workers.
Despite the evolving cybersecurity challenges in an office setting, it’s evident remote working can costs organisations a lot more in comparison.
Source: IBM
17. 53% if adults have said remote working makes it easier for cybercriminals to take advantage of people.
Changes in workplace standards meant a higher number of employees working remotely. Cybercrime increased, with phishing being the most common method.
Source: Norton
18. More than half a million Zoom user accounts were compromised and sold on the dark web.
The more popular video conferencing software Zoom becomes with companies bringing employees into remote work, the more cyber criminals will adapt their techniques to that format. Recently, we’ve seen reports of cyber criminals selling compromised Zoom accounts on the dark web to increase their chances for more data breaches.
Source: CPO Magazine
19. 70% of organisations report allowing access to corporate assets from personal laptops or mobile devices, while only 17% report limiting access to corporate laptops only.
These statistics show the risks many companies are taking when it comes to potential data breaches. Unsafe device access is an easy way for attackers to find an entry into company servers and access private data. At the very least, organisations should be looking to tighten their access requirements to be on corporate devices only.
Source: Cybertalk
20. 71% of security leaders lack sufficient visibility into remote employee home networks.
According to a recent study, more people are using cloud services and iot devices that were never before part of a company’s security perimeter. More cyberattacks and security breaches are now a result of this and IT managers are now struggling to keep up with managing all these new technologies.
Source: CEPro
DOS/DDOS and IoT statistics
21. 75% of CISO respondents rank cloud and IoT as the biggest technology risks in the next five years.
This statistic is also mentioned by several tech experts in their 2024 forecast as their biggest area of concern. Cloud adoption was huge in 2023, and with great acceleration comes even greater risk. This will be an area where CISOs and other security professionals turn to improved procedures, security and automation.
Source: EY
22. In 2023, a new record was set by Google Cloud for the largest DDos attack ever
Up until this year, the largest DDoS attack on record was in 2018, but Google’s latest Distributed Denial of Service Attacks were said to be 7.5 times bigger than any other on record. Attacks can last from minutes to hours.
Source: zdnet
23. Based on historic data, Cisco predicts DDoS attacks will double from 7.9 million in 2018 to 15.4 million in 2023
Cisco’s data also pinpoints the United States as the most frequently targeted region, generally focused on Microsoft-based systems and services.
Source: StationX
24. In 2023, IBM recorded 82% of breaches involved data stored in the cloud.
Once again enforcing the increased focus on cloud security in 2024.
Source: IBM
25. The finance sector is the most targeted year after year. Last year, attacks in the finance sector increased 121% higher than attacks in 2021.
The finance industry has the most data and capital, making them a highly sought after target.
Source: StationX
26. The longest DDoS attack in history occurred in 2018, shattering existing records by flooding the target’s systems with data for 329 hours.
Every year, the number of Distributed Denial of Service (DDoS) attacks increases, and the industry that receives the most targets is finance because they have the most amount of data and capital. These attacks can last from a minute to an hour depending on the company’s security controls.
Source: Comparitech
Mobile scam statistics
27. 29.8 Billion USD was lost to phone scams in America in 2021
With this number only on the incline, we can expect to see higher numbers in 2024. These scams are also known as vishing (voice phishing) scams.
Source: Earth Web
28. Australians aged 65 and over have reported losses of $20.5 million from phone scams.
For older Australians, their lack of understanding of mobile phones makes them vulnerable to mobile scams because they have less familiarity with modern technology. The advancement of technologies has only made it easier for scammers to target people like them.
Source: ABC
29. Scams are most prevalent over mobile, with 33% if all scams in Australia coming from text messages.
The data shows Australian’s lost a reported $28 million to phone scams in 2022. Following closely behind text phishing scams were over phone calls (29%), where Australian’s reportedly lost the most, landing at $141 million dollars.
Source: ACCC
30. Consumers are 6-10 times more likely to fall for an SMS phishing attack than email based phishing.
There’s more awareness when it comes to email phishing, making it a bit harder to trick the end recipient as they are naturally more critical now than years before. However, with the rise of SMS phishing, there’s still work to be done.
Source: Zimperium
31. According to McAfee’s latest Global Scam Message Study, Australian’s spend an average of 63 minutes per week trying to assess the legitimacy of scam texts and emails.
The same study said 54% of Australian survey respondents said they would prefer to deal with the stress of monthly tax filings than cope with scam messages all year long.
Source: McAfee
Social engineering statistics
32. Phishing remains the most common form of cyber crime worldwide, with recent data suggesting nearly 1.2% of all emails sent are malicious.
1.2% equates to 3.4 billions phishing emails being sent daily. Because of the nature of phishing emails, and cyber scammers growing increasingly clever, it’s no wonder even the most savvy of people can fall victims to these attacks.
Despite organisations having tactics such as segregation of duties in place, things can still slip through the cracks without proper process or automation in place.
Source: Earth Web
33. Phishing attacks tend to fly under the radar and can take upwards of 295 days to identify.
IBM’s 2022 Data Breach Report noted phishing scams tend to take the third longest mean time to be identified. As a result, these breaches can cost organisations the most, with an average of 4.91 million USD.
Source: IBM
34. Losses for small and micro businesses associated with scams doubled in 2022.
Scamwatch data reported losses amounted to $13.7 million in 2022, which was a 95% increase from the year before. It’s said the biggest contributor to these losses were through payment redirection scams, known as business email compromise.
If you’re a small or micro business owner and you haven’t considered adding payment protection for your business, have a chat with our team at Eftsure to see why businesses Australia wide trust our payment technology.
Source: ACCC
35. 98% of all cyber attacks are social engineering attacks.
In the FBI’s latest report, Phishing, Vishing, Smishing and Pharming account for the largest number of attacks.
Source: FBI
36. Facebook is the leading social media platform for cybercriminals to use social engineering to scam users.
Between April and September 2020, there were over 4.5 million phishing attempts made. More recently in 2023, WhatsApp scams are growing in popularity along with other instant messaging platforms such as Telegram.
Source: Phishlabs
37. Every minute, $17,700 is lost due to a phishing attack.
Which explains why the costs associated with phishing and scam attacks continue to rise year over year. Individuals, organisations and governments are constantly trying to stay alert, aware and vigilant when it comes to phishing.
Source: CSO
Data breach statistics
38. The largest reported data leakages remain the Cam4 breach in March 2020, which exposed more than 10 billion data records, followed by the 2013 Yahoo data breach, where three billion data records were leaked.
Although we’ve successfully closed another year without a record setting data breach, several companies still became victims to data breach attacks and data ransom. Companies include Microsoft, MOVEit, ChatGPT, US Department of Transportation and more.
Source: CNET
39. 90% of data breaches occur because of spear phishing emails.
Spear phishing emails are more tailored than regular phishing emails. Meaning they appear to be more realistic to the reader. When the reader clicks the link, the scammer is able to access the device to retried personal identifiable information.
Source: Earth Web
40. 43% of data breaches are insider threats.
However, not always intentional. Many data breaches are caused due to human error, but regardless a staggering realisation to know many data leaks are caused from internal sources.
Source: Checkpoint
41. 30% of all large data breaches take place at hospitals.
Lots of confidential information is stored in hospitals, especially in the healthcare industry. Moreover, due to tight timelines, hackers have an easier time conning staff to elicit sensitive information.
Source: TechJury
42. The LinkedIn breach exposed 700 million records in June-August 2021 (93% of Linkedin members).
In 2021, cyber criminals have accomplished the exposure of an astonishingly large data leak of over 700 million LinkedIn users, exposing their names, addresses, phone numbers, and email addresses, as well as their LinkedIn profiles. The hack followed the same method used in the extremely damaging April penetration of their users’ information that hackers also uploaded to the dark web for sale.
Source: Compatia
43. Notable 2023 database hacks include X (formerly Twitter), where 220 million users email addresses were leaked.
Alongside X (formerly Twitter) was the 2023 AT&T breach which exposed approximately 9 million customers personal data. These are just noteworthy breaches, as of October 2023 there were hundreds of other publicly disclosed incidents.
Source: IT Governance
AI scam statistics
44. A study of +350 senior security electives found 70% believe AI benefits attackers more than defenders, yet 35% are still experimenting with it for cyber defence strategies.
Although the world of AI is moving at a rapid pace, there’s still much to be explored. As much as we expect to see acceleration with AI, we can also predict several attempts for government agencies to add improved regulations.
Source: Splunk
45. Organisations deploying security measures leveraging AI or automation spend on average 3.05 million USD, which is more than 50% lower than the spend associated with organisations without automated protective measures in place.
Although the cost of investing in cyber security is on the rise, data shows it pays to get on board with early adoption. This also includes encouraging organisations to consider streamlining their paid vendors, to ensure a cluttered list of apps and services don’t end up becoming an additional risk factor in itself.
Source: IBM
46. Generative AI has dominated the AI conversation in 2023, leading 7 in 10 Australian’s to express concern about how their information will be handled after engaging with AI tools.
Generative AI is not only adding concern on consumers, but it’s a massive driver for businesses and governments to monitor and be mindful of as videos surface where key political figures have been manipulated into falsified statements. These videos can look so realistic, even the people in the videos have had to take a double take on if the events happened or not.
Source: IT Brief
47. In 2023, we saw the rise of AI used to replicate human voice, also known as a “voice print” which was used to replicate familiar voices to friends and loved ones in an attempt to prompt theft and fraud.
A reputable security company said it picked up a 135% increase in sophisticated scam attacks leveraging AI in the first month of 2023.
Source: ABC News
Sources
- Cybersecurity Ventures
- Statista
- Gartner
- ASD
- Interesting engineering
- Eftsure
- Cybint
- Allianz
- Chief Healthcare Executive
- Javlin
- KnowBe4
- World Economic Forum
- IBM
- Norton
- CPO Magazine
- Cybertalk
- CEPro
- EY
- zdnet
- StationX
- Comparitech
- Earth Web
- ABC
- ACCC
- Zimperium
- McAfee
- FBI
- Phishlabs
- CSO
- CNET
- Checkpoint
- TechJury
- Compatia
- IT Governance
- Splunk
- IT Brief
- ABC News