28 cyber security stats and facts you need to know in 2023

James Harrison
James Harrison
Senior Content Writer

Key Points

Hackers continue to become more sophisticated, malicious and just plain greedy. You don’t have to be a cyber security pro to understand the latest security risks. Even the public has become aware of cyber security breaches that splash across news headlines. And as attacks become more automated and indiscriminate, every organization is at risk.

The main aim for cybercriminals is information – names, passwords, financial records – that is then sold on the dark web or held for ransom. We’ve broken down some of the more eye-opening cybercrime facts and stats in 2023 into various categories and provided some quick tips to help protect your business so you can sleep easier at night.

Cybercrime and ransomware statistics

  1. 25,059 CVE vulnerabilities were recorded in 2022, 5,000 more than 2021 (CVE Metrics)
  2. 255 million phishing attacks occurred over six months in 2022 (Slashnext)
  3. There were 5.5 billion malware attacks in 2022 (Statista)
  4. 1,661,743 malware or unwanted software installers were discovered in 2022 (Kaspersky)
  5. Google blocked more than 231 billion spam and phishing emails in November 2022 (Google)
  6. The share of breaches caused by ransomware grew 41% in 2022 and took 49 days longer than average to identify and contain (IBM)
  7. 51% of IT decision-makers believe there will be a successful cyberattack credited to ChatGPT within the year (BlackBerry)
  8. The cost of cybercrime is predicted to hit $8 trillion in 2023 (Cybersecurity Ventures)
  9. Spending on cyber security and risk management will reach $188 billion in 2023 (Gartner)

Website cyberattack statistics

  1. 30,000 websites are hacked daily (Forbes)
  2. 18% of websites are infected with critical severity threats such as backdoors and malicious file modifications (Sitelock)
  3. 4.1 million websites have malware at any given time (Sitelock)
  4. Vulnerable plugins are the #1 reason WordPress websites get hacked (PatchStack)

Easy tips to protect your website

Check you’re using a secure web hosting service, implement a Web Application Firewall (WAF), run regular vulnerability scans, back up your website regularly and keep any plugins, themes and frameworks up to date.

Network and cloud security breaches

  1. 45% of businesses have experienced a cloud-based data breach or failed audit in the past 12 months (S&P Global Market Intelligence)
  2. Cloud misconfigurations account for 15% of initial attack vectors in security breaches (IBM)
  3. Nearly a third of organizations host sensitive data in the cloud without proper security controls in place (Palo Alto Networks)
  4. 82% of orgs are finding managing their spending in the cloud difficult (Flexera)
  5. 22% of organizations still assessed their cloud security posture manually in 2020 (Fortra)

Easy ways to protect your cloud networking

Use a boundary firewall, implement MFA everywhere, enable Single Sign On; encrypt, encrypt, encrypt; and run regular vulnerability scans.

Web application security statistics

  1. 41% of organizations suffered API security incidents in the last year (Noname)
  2. 63% of these incidents resulted in data breaches (Noname)
  3. API attacks emerged as the #1 threat vector in 2022 (Gartner)
  4. Web application attacks are involved in 26% of all breaches (Verizon)
  5. In 2021 48% of web apps had low or extremely low security level (Positive Technologies)

How to secure your web apps and APIs

Regularly scan for vulnerabilities, use a Web Application Firewall (WAF), avoid security misconfigurations, use encryption everywhere, and sanitize the user input.

Small business security statistics

  1. Fewer than 45% of SMBs believe their business is likely to be a target (
  2. One third of small businesses rely on free, consumer-grade cybersecurity solutions or use no endpoint security at all (BullGuard)
  3. Almost half of all breaches impact businesses with fewer than 1,000 employees (Verizon)
  4. 50% of SMBs take 24 hours or longer to recover from an attack (BullGuard)
  5. 60% of small businesses go out of business after being victims of a cyberattack (worldr)

5 ways to protect a growing business

Use a boundary firewall and antivirus, keep all software patched and updated, create least privilege roles, implement MFA everywhere, and run vulnerability scans of your internal and external systems.

Don’t become just another statistic

As you can see, cyber security should be a priority for every business, whatever your size or maturity. Don’t leave yourself exposed. As your business scales, team expands and revenue grows, you need to ramp up your cyber security or you’ll just become another cyber security statistic.  

There are many online security tools that can help you stay secure and uncover weaknesses in your systems. Intruder is one of them. We help thousands of small companies stay safe every day. Why not try us for free for 14 days?

Get our free

Ultimate Guide to Vulnerability Scanning

Learn everything you need to get started with vulnerability scanning and how to get the most out of your chosen product with our free PDF guide.

Sign up for your free 14-day trial

7 days free trial