Cyber professionals at all levels need to stay alert to evolving threats, which is why it’s so important to keep up with cyber security breach trends.
The latest cyber security breach statistics are especially valuable as a reference point. Up-to-date facts and figures can give you key insights on the prevalence of cyber attacks, preferred targets, evolving attack methods, the areas where expertise is most in-demand, and more.
With this in mind, here’s our roundup of the latest cyber security breach stats. Hopefully, this information should help to flesh out your understanding of what’s happening right now in cyber - and the trends to look out for in the near future…
Cyber Security Breach Trends
The latest figures show how cyber security breaches are becoming more prevalent across all regions of the globe.
Global Cyber Security Breach Trends
1. Check Point Research data illustrates how cyberattacks are becoming more prevalent worldwide. Cyberattacks increased by 38% in 2022 compared to 2021.
2. All global regions saw an increase in cyberattacks in 2022 compared to 2021. North America (+52%), Latin America (+29%) and Europe (+26%) showed the largest increases.
3. According to SonicWall, there were 6.3 trillion intrusion attempts in 2022. This included 5.5 billion malware attacks.
4. 2022 saw a 87% year-on-year increase in IoT malware attacks: the largest increase of any security breach type. Much of this spike was focused in North America, where the number of attacks increased by 145%. The trend is thought to be driven by the ubiquity of connected devices and networks, where limited security measures offer up easy pickings for hackers.
5. Ransomware was the most common type of cyberattack in 2022.
6. Ransomware is by far the most frequently detected cyberattack type worldwide. However, between 2021 and 2022, the global volume of ransomware attacks decreased by 23% (SonicWall).
7. 2022 also saw a significant (43%) rise in cryptojacking. This is a form of extortion that does not involve use of ransomware. Using various tactics (e.g. social engineering, vulnerability exploits, or stolen credentials), threat actors breach networks, extract data and then threaten to leak it if victims don’t pay up. Its growth in popularity is attributed to the fact that cryptojacking is harder to trace and defend against compared to traditional ransomware attacks.
8. Evidence points to a resurgence in ransomware attacks in 2023 compared to 2022. SonicWall Capture Labs Threat Researchers recorded 88.9 million attacks, a quarterly rise of 74%.
9. In H1 2023, Chainalysis calculated that ransomware attackers successfully extorted at least $449 million - $176 million more than the same period in 2022.
10. Experts predict that by 2031, ransomware will attack an organization, consumer, or device every 2 seconds.
Regional Cyber Security Breach Trends and Variances
11. The United States is the country most often hit with cyber security breach attempts. An estimated 46% of global cyberattacks are targeted against Americans.
12. 847,376 complaints were logged by the FBI’s Internet Crime Complaint Center (IC3) in 2021, an all-time high. Combined financial losses from these complaints totaled $6.9 billion.
13. 1 in 2 North American internet users had their accounts breached in 2021.
14. In 2022, IC3 received 800,944 complaints linked to cyber security breaches - a 5% year-on-year decrease.
15. Despite the number of complaints decreasing, dollar loss was up by 49% to ~$10.3 billion.
16. Phishing schemes were the number one breach type in the US in 2022, with 300,497 IC3 complaints.
17. Victims aged 30-39 were the largest reporting group for internet crime in 2022, while the greatest dollar loss was incurred by individuals aged 60 and over.
18. IBM’s analysis suggests that in 2022, an estimated 31% of global cyber security breach attempts were aimed at APAC-based targets.
19. In Q2 2023, there was a 22% year-on-year increase in the weekly average number of cyberattacks against APAC targets.
20. 59% of all APAC organizations reported experiencing cyberattacks in 2022.
21. 47% of APAC-based respondents said they had experienced an increase in the number of attacks in the previous year.
22. A July 2023 survey of 4,000 cyber security managers APAC-based showed that 78% of respondents had experienced at least one cyber security breach incident in the previous 12 months. Of those, 80% had seen four or more incidents, and half had seen 10 or more.
23. According to an August 2023 Cyber Security Hub Survey, APAC-based cyber security professionals rank DDoS attacks, malicious code commits, key employee/role targeting (phishing), and malware as the biggest threats facing their organizations in 2023.
24. According to the IBM Security X-Force Intelligence Report, in 2022, 28% of cyber security incidents were against targets in Europe.
25. Of the cyber security breach cases observed by X-Force in Europe in 2022, 38% were extortion-related. Europe was the region hardest hit by extortion, accounting for 44% of extortion cases globally.
26. The United Kingdom was the most attacked country in Europe, accounting for 43% of cases. Germany accounted for 14%, Portugal 9%, Italy 8%, and France 7%.
27. In the 12 months to June 2023, ENISA found that ransomware was the most common cyber threat type, accounting for 31.32% of cyber incidents in Europe.
Cyber Security Breach Targets
The USA is the most frequently-attacked country both in terms of volume and per-head of the population. On a regional basis, APAC experiences the highest number of attacks.
Regions and Countries Most Targeted
28. IBM data indicates that for the second year in a row, APAC was the most attacked region in 2022. The region accounted for 31% of all incidents to which X-Force IR responded in that year.
29. There were 100.8 million cyber security breaches globally in Q2 2023, with 855 online accounts leaked per-minute.
30. The United States had the highest number of cyber security breaches in Q2 2003, with 547,508 breaches per-day.
31. The United States also had the highest breach density of any country at 147 (this refers to the number of breaches per 1,000 residents)
32. Top 10 Most Attacked Countries in Q2 2023 by Breach Density
|Country||Breach Density (per-1000 residents)||Total Number of Breaches per-day|
Industry Sectors and Organizations Targeted
33. In 2022, the manufacturing sector experienced the highest incidence of cyber attacks for the second year running, accounting for 24.8% of all attacks (up slightly from 23.2% a year earlier).
34. 61% of all cyber security breaches affecting the manufacturing sector occurred in the APAC region.
35. In finance and insurance, 44% of cyber security breaches in 2022 were attributable to internal threat actors. Of these breaches, 55% were attributed to mistakenly sending information to unintended recipients.
36. The proportion of cyber security breaches affecting the professional services sector has risen steadily over the last three years, from 8.7% in 2020, 12.7% in 2021, to 14.6% by the end of 2022.
37. Almost half (47%) of cyber security breaches affecting professional services occurred in Europe.
38. In 2021 and 2022, energy was the fourth most attacked sector, accounting for 10.7% of attacks in 2022 (up from 8.2% in 2021). Social engineering was used in 86% of attacks targeted against this sector in 2022.
Cyber Security Breach Attackers
Most threat actors responsible for cyber security breaches are in it for the money. However, the last couple of years have also seen a spike in attacks that are politically or ideologically driven.
Cyber Breach Attacker Motivations and Locations
39. Verizon’s 2023 Data Breach Investigations Report suggests that the vast majority (94.6%) of cyber security breaches are driven by financial motivations. Espionage is the motivator for approximately 3% of attacks. ‘Ideology’ and ‘Grudge’ are the motivators of around 1% of attacks each.
40. An estimated 65% of threat actors are thought to be linked to organized crime. Around 15% fall into the ‘Other’ category (e.g., lone wolf attackers).
41. Around 10% of threat actors are end-users (i.e., internal malicious activity).
42. Around 5% of threat actors are nation-state or state-affiliated attackers.
Geographic Origins of Attacks
43. Top 10 Countries of Origin for Cyber Attacks in 2021
|Country||Share of Cyber Attacks|
44. Russia was the most significant source of malicious emails in 2022, accounting for ~30% of all spam sent. Mainland China is the second most common source of malicious spam (14%), followed by the United States (10.71%)
45. China is the top source of DDoS bots.
46. The top countries hosting DDoS bots are as follows:
- China: 2,105,044
- USA: 1,846,075
- South Korea: 1,328,823
- Italy: 974,011
- Russia: 809,978
- Rest of World: 8,333,728
Recent Hacktivism and State-Sponsored Cyber Security Breach Trends
Politically and ideologically motivated cyber attacks usually comprise a very small percentage of cyber security breaches. However, recent statistics point to an increase in this type of activity.
47. In 2021 and 2022, hacktivist groups were responsible for around 1% of attacks globally. However, there was a significant spike in the first quarter of 2023, so that by April, this type of activity accounted for 35% of total attacks.
48. Hacktivist groups targeted 67 countries in Q1 2023. India was the most targeted, followed by Israel, Poland, Australia and Pakistan.
49. The government sector was most frequently targeted by these hacktivist attacks, followed by non-profits, education, automobile, finance & banking, and energy.
50. Of the cyber attacks investigated by Thales in 2022, 61% were perpetrated by pro-Russian hacktivist groups. Prominent actors included Anonymous Russia, KillNet, and Russian Hackers Teams.
51. At the start of the conflict (Q1 2022), 50.4% of attacks in Europe affected Ukraine in isolation. By Q3 2022, this had reduced to 28.6%.
52. In Q1 2022, these attacks were divided more or less equally between DDoS attacks, espionage, data leaks and theft, influence campaigns, intrusion, and ransomware.
53. As the war has progressed, DDoS has gradually emerged as the favored attack method. As of March 2023, DDoS made up 75% of all attacks against companies and governments.
54. In the summer of 2022, there were almost as many conflict-related incidents in EU countries as there were in Ukraine (85 versus 86).
55. By Q1 2023, the largest share of incidents (80.9%) have been inside the EU.
56. Distribution of Ukraine Conflict-Related across the EEA in 2022
|Location||Number of Attacks|
|Baltic (Estonia, Latvia, Lithuania)||157|
|Scandinavia (Sweden, Norway, Denmark, Sweden)||95|
57. Google’s Threat Analysis Group (TAG) reports that from January to March 2023, Ukraine received ~60% of the phishing attacks originating from Russia. Top campaign goals include intelligence collection and operational disruptions against critical infrastructure.
Cyber Security Breach Methods
The last couple of years have seen an increase in the rate of phishing, MOTM, and DDoS attacks.
Phishing and Spear-Phishing Campaigns
58. Around 36% of all data breaches involve phishing.
59. 84% of organizations were the targets of at least one phishing attempt in 2022 - a 15% increase on the year before.
60. In Q4 2022, APWG observed 1,350,037 total phishing attacks, up from 1,270,833 the previous quarter.
61. In 2022, APWG logged ~4.7 million phishing attacks. Since 2019, the number of phishing attacks has increased by more than 150% yearly.
62. Industries Most Frequently Targeted With Phishing (Q4, 2022.
|Industry||Percentage of phishing attacks|
|Social Media Providers||10.4%|
|Logistics / Shipping||9.0%|
|eCommerce / Retail||5.6%|
63. 50% of large organizations were targeted with spear phishing in 2022, receiving an average of five spear-phishing emails a day.
64. Spear phishing campaigns make up only 0.1% of all email-based phishing attacks, but they are responsible for 66% of all breaches.
This is a broad category of cyber security breach method, whereby the attacker targets the communications of a victim in order to intercept information and/or masquerade as one or more of the entities involved in the communication.
65. MITM attacks represent 19% of all successful cyber attacks, according to one 2021 study.
66. 6% of all attacks observed by IBM in 2022 were due to business email compromise.
67. Cofense identified a 35% increase in the volume of MITM-compromised messages reaching their customers’ inboxes between Q1 2022 and Q1 2023.
68. There has been a 807% increase in DDoS attacks in the nine years to 2022. Quarterly incidents rose from ~325,000 in Q1 2013 to ~2.9 million in Q1 2022.
69. Netscout analysis suggests there were ~13 million attacks in 2022; a new high watermark for attack frequency.
70. In 2022, there was a 74% YoY increase in the number of DDoS attacks.
71. Initial projections suggest further increases in the DDoS incident rate for 2023. Lumen Technologies mitigated more than 8,600 DDoS attacks in Q1 - a 40% YoY increase, and the second busiest quarter in two years.
72. According to Stormwall, Q1 2023 saw a 47% surge in attacks compared to the same period in 2022.
73. Globally, organizations mitigated an average of 29.3 attacks per day during Q4 2022, four times more than the same period in 2021.
74. In 2022, Mandiant identified 55 zero-day vulnerabilities that were judged to have been exploited (ZDEs). This is substantially lower than the 81 ZDEs identified in 2021, but almost double the number from 2020.
75. In 2022, Microsoft (18), Google (10), and Apple (9), were the three most commonly-exploited vendors for the third year in a row.
76. 75% of exploits were linked to ransomware campaigns.
77. 13 ZDEs were exploited by cyber espionage groups in 2022. Around half of these groups were state-sponsored by China.
78. The Zero-Day.cz tracking project logged a total of 53 ZDEs in the first seven months of 2023, compared to 52 in all of 2022.
Supply Chain Attacks
79. 71% of organizations say that their third-party network contains more vendors than it did three years ago. 60% of large organizations work with over 1,000 third parties.
80. Sonatype identified a 742% increase in software supply chain attacks between 2019 and 2022. This increase is linked to the growing risk to corporate systems from malicious scripts inserted into open-source repositories by threat actors, and accidental vulnerabilities unwittingly introduced by DevOps teams.
Cyber Security Breach Impact
The cost of cyber security breaches - and dealing with their aftermath - continues to rise. Evidence also suggests that organizations are struggling to bring on board the skills needed to mitigate and respond to these risks.
81. According to IBM, the global average cost of a data breach in 2023 was $4.45 million - 15% more than in 2020.
82. For companies with an annual turnover of less than $10 million, the average cost of recovery following a ransomware attack is $165,520.
83. In 2021, average ransomware demands were estimated at $220,298 - a 43% increase from 2020.
84. 60% of small businesses close within six months of being hacked.
85. When a business decides to pay, the ransom payment is roughly 15% of the total cost of the attack. The rest is made up of the incident report effort, system restoration, legal fees, monitoring costs, and the overall impact of business disruption.
86. 64% of businesses now have some form of cyber insurance. Barracuda Networks found that 77% of organizations with cyber insurance were hit at least once, compared to 65% of organizations without insurance. It is speculated that attackers might use social engineering to deliberately hone in on targets that are known to be insured, on the assumption that a payout from these companies is more likely.
87. Phishing attacks cost large organizations $15 million annually, or more than $1,500 per employee.
88. For each item of customer-related personally identifiable information extracted via a phishing attack, the average cost to the business is $180.
89. Average cost-per-incident of DDoS attacks for organizations:
- Small-to-medium-sized businesses - $52,000
- Enterprises - $444,000
90. Most commonly encountered consequences of DDoS attacks:
- Software/Hardware replacement - 52%
- Reduction in revenue - 51%
- Loss of consumer trust - 43%
- Customer data theft - 33%
- Financial theft - 26%
- Loss of intellectual property - 19%
91. 51% of organizations are planning to increase security investments as a result of a breach. Key areas of investment include incident response planning and testing, employee training, and threat detection and response tools.
92. However, efforts by organizations to protect themselves are impeded by a shortage of skilled cyber security workers. According to the 2022 ISC2 Cybersecurity Workforce Study, an estimated 3.4 million more cyber security workers are needed to meet the needs of employers. This labour shortage-induced gap increased by 26.2% compared to 2021.
93. The 2023 Fortinet Cybersecurity Skills Gap Report suggests that 56% of organizations struggle to recruit, and 54% struggle to retain cyber talent.
Notable Cyber Security Breaches
These examples highlight some of the threats faced by organizations today.
In early October 2023, genetics testing giant 23andMe confirmed that data related to hundreds and thousands of users had been stolen from its website. It later transpired that the breach occurred not as a result of the company’s system being compromised but through the targeting of large numbers of individual accounts…
The ZDE attack on the popular MOVEit file transfer system is one of the largest hacks in recent history, impacting more than a thousand organizations and 56 million individuals at a global cost of close to $11 billion.
The volume of cyber security breaches is increasing. What’s more, as our recent rundowns of the latest phishing, DDoS and ransomware statistics developments highlight, threat actors are turning to new tools such as self-propagating malware script, and the use of AI to mount increasingly sophisticated attacks.
Organizations will always need up-to-date skills and knowledge to manage fresh threats, new cyber tools and techniques, geo-political events, and advanced methods of attack. To keep on top of all of this, skills in areas such as penetration testing, forensic analysis, and incident response look set to be in very high demand for the foreseeable future.
Frequently Asked Questions
- A10 2022 DDoS Threat Report
- APWG Phishing Activity Trends Report, Q4 2022
- Astra, ‘81 Phishing Attack Statistics 2023: The Ultimate Insight’, Article, October 2023
- Barracuda Spear Phishing Trends Report, 2023
- Bleeping Computer, ‘Google: Ukraine Targeted by 60% of Russian Phishing Attacks in 2023’, Article, April 2023
- Bleeping Computer, ‘Ransom Payment is Roughly 15% of the Total Cost of Ransomware Attacks’, Article, April 2022
- Chainalysis ‘Ransomware Revenue Down as More Victims Refuse to Pay, Article, January 2023
- Check Point, ‘Average Weekly Global Cyberattacks Peak’, Article, July 2023
- Check Point ‘Check Point Research Reports a 38% Increase in 2022 Global Cyberattacks’ Article, January 2023
- Cloudflare, APAC Cybersecurity Readiness Survey, 2023
- CloudSEK Hacktivist Warfare Report, 2023
- Conceal, Who’s Who In Ransomware Report, 2023
- CSO Online, ‘Insured Companies More Likely to be Ransomware Victims, Sometimes More Than Once’, Article, May 2023
- Cybercrime Magazine, ‘60% of Small Companies Close within 6 Months of Being Hacked’, Article, January 2019
- CyberProof, ‘Which Countries are Most Dangerous?’, Article, January 2022
- Cyber Security Hub Survey (APAC), 2023
- Egress, ‘Who Are the Top Phishing Targets in an Organization?’, Article, March 2022
- ENISA Threat Landscape (ETL) Report, 2022
- FBI Internet Crime Report, 2022
- Fortinet 2023 Cybersecurity Skills Gap Report
- Gartner Third Party Risk Management (TPRM) Ebook, 2019
- Gizmodo, ‘Top 10 Countries Being Bombarded by Data Breaches’, Article, August 2023
- IBM Cost of a Data Breach Report, 2023
- IBM Security X-Force Threat Intelligence Index 2023
- Imperva ‘What DDoS Attacks Really Cost Your Business’, Infographic, 2023
- Infosecurity Magazine, ‘Software Supply Chain Attacks Soar 742% in Three Years’, Article, October 2022
- ISC2 2022 Cybersecurity Workforce Study
- Kaspersky Global IT Security Risks Survey 2014 - DDoS Attacks
- Kaspersky Spam and Phishing in 2022 Report
- Kroll State of Incident Response (APAC) Report, October 2022
- Lumen Q1 2023 DDoS and Application Threat Report
- Mandiant, ‘Move, Patch or Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace’, Article, March 2023
- Netscout DDoS Threat Intelligence Report, 2023
- Ponemon 2021 Cost of Phishing Study
- SC Media Report: Ransomware Payout and Recovery Costs Went Way Up in 2023
- Security Brief, ‘DDoS Attacks Not Only More Frequent But More Powerful’, Article, February 2023
- Security Magazine, ‘Between 80 and 95% of Cyberattacks Begin With Phishing’, Article, July 2023
- SonicWall Cyber Threat Report, 2023
- Statista, Distribution of Detected Cyberattacks Worldwide, 2022
- Statista, Distribution of Cyberattacks Across Worldwide Industries in 2022
- StormWall 2022: DDoS Year-in-Review Report
- Surfshark, ‘Data Breaches Ramped Up Globally as 2023 Reaches Midpoint’, Article, August 2023
- Thales Data Threat Report, 2023
- Thales, ‘From Ukraine to the Whole of Europe: Cyber Conflict Reaches a Turning Point,’ Article, March 2023
- Venari, ‘$180 Per Record Cost of Personally Identifiable Information’, Article, October 2021
- Verizon Data Breach Investigations Report, 2023
- Zero-day Vulnerability Database