As we drift into the second half of 2023, it is helpful to reflect on the data breach statistics that shed light on the evolving threat landscape, the industries most affected, and the lasting consequences data breaches can have on individuals and businesses alike. Brace yourself for a sobering look at the state of data security as we explore the most notable figures that will shape the cybersecurity landscape in the coming year.
Data Breach Statistics for 2023
1. Malware attacks are on the rise again: According to the 2023 Cyber Threat Report by SonicWall, there was a rise in malware attacks, marking the first increase since 2018. The number of attacks surged to 5.5 billion, representing a 2% year-over-year growth. However, it was the significant increase in cryptojacking and IoT malware rates that primarily contributed to this substantial rise
2. It takes 287 days to detect a data breach: According to IBM Security, the average time to detect and manage a data breach in 2021 was 287 days. The lengthy response time is due to increasing cyberattack sophistication, limited security expertise, and complex IT environments.
3. 30% of all large data breaches occur in hospitals: According to recent data, a staggering 30% of all significant data breaches take place within hospitals. Additionally, 2022 witnessed an increase in data breaches for 51% of healthcare organizations compared to 2019. In just the first half of the year, a total of 337 breaches were recorded, adversely affecting 19,992,810 individuals and highlighting the urgent need for improved cybersecurity measures within the healthcare industry.
4. Remote workers pose a greater security risk: Approximately 54% of IT professionals believe that remote workers pose a greater security risk than on-premise workers. The larger attack surface and differences in remote worker behavior combine to create far more substantial risks for enterprises.
5. 94% of Malware is Delivered via Email: According to the Verizon report, after examining real-life data from 41,686 security incidents and 2,013 data breaches, they discovered that 94% of malware is distributed via email.
6. 88% of data breaches are caused by human error: A study conducted by Stanford University and a leading cybersecurity institution reveals that human error is responsible for approximately 88 percent of all data breaches.
7. The number of ransomware victims announced in March 2023 was nearly double that of April 2022: According to the 2023 Ransomware Landscape Report by Black Kite, the number of ransomware victims announced in March 2023 was almost twice the amount reported in April 2022 and 1.6 times greater than the highest month in 2022.
8. 98% of organizations are linked to compromised third-party vendors: According to a study conducted by Black Kite, approximately 300 companies were affected by attacks on 63 vendor organizations in the year 2022. In comparison to the previous year, there were on average 4.7 affected companies per vendor in 2022, whereas in 2021 the average was 2.5 impacted companies per vendor.
9. The United States has the highest number of breached accounts: So far in 2023, the United States has experienced the highest amount of compromised accounts, totaling 55.2 million. The majority of these breaches (49.8 million), occurred in the second quarter.
10. Ransomware attacks increased by over 37% in 2023: According to the 2023 ThreatLabz State of Ransomware Report, there was a 37% rise in Ransomware attacks in 2023. The report reveals that the average ransom payment by enterprises surpassed $100,000, while the typical demand amounted to $5.3 million.
11. 41.9m records were compromised in March 2023: According to IT Governance, there were 41.9 million compromised records worldwide in March 2023. These figures show a significant increase compared to March 2022, with a 951% rise in compromised records.
12. Consumer and retail fraud in UK organizations has risen by 57% when compared to levels before the pandemic: According to a recent survey in England and Wales, approximately half of the adults reported receiving a phishing message in the month leading up to the survey. Scammers have taken advantage of significant events like the COVID-19 pandemic and the increasing cost of living to target individuals. Additionally, there has been a significant increase in online scams, such as advance fee fraud and consumer and retail fraud, due to changes in behavior caused by the pandemic.
13. 40% of MS Office attacks were delivered as Word attachments: According to Astra Security’s research, Microsoft Office attachments are frequently used by cyber criminals to conceal malware. The study found that Word was the most popular choice, being employed in 39.9% of attacks, while Excel was used in 8.7% of cases.
14. The UK’s finance sector has seen a significant increase in DDoS attacks: Data obtained through a Freedom of Information request by Picus Security revealed that in the first half of 2022, 25% of cyber incidents reported to the FCA were attributed to DDoS attacks. This marks a significant increase from the previous year’s 4%. The number of DDoS incidents reported to the FCA in March and April 2022 surpassed the total for the entire year of 2021. The rise in DDoS attacks can be attributed to nation-state hackers and hacktivists who are targeting western nations due to the Russia/Ukraine conflict.
15. Spending on public cloud services will reach nearly $6 billion in 2023: Gartner’s latest forecast predicts that the total spending on public cloud services will reach $591.8 billion in 2023, marking a 20.7% growth compared to the $490.3 billion in 2022. This growth rate is higher than the projected 18.8% increase for 2022.
16. 30% of all malicious emails came from Russia: According to a Kaspersky report, the proportion of spam emails originating from Russia saw an increase in 2022. The study unveiled that 29.82% of all malicious emails originated from the country, which is more than twice the percentage of China at 14%.
17. Security automation can save you $3.05M in a data breach: According to the latest IBM Cost of a Data Breach Report, organizations that implement security AI and automation can save $3.05 million per data breach compared to those that do not. This represents a 65.2% reduction in average breach cost. As cyber threats grow and evolve, being prepared for potential incidents is crucial, and AI and automation are essential tools in this ever-changing security landscape.
18. 43% of cyber attacks are aimed at small businesses: Small and medium-sized businesses are experiencing a rise in cyber attacks. The Cost of Cybercrime Study by Accenture reveals that small businesses are targeted in 43% of cyber attacks, yet only 14% of them are adequately prepared to safeguard against such threats.
19. 97% of all security breaches on websites exploit WordPress plugins: From 2012 to 2021, an estimated total of 47,337 harmful plugins were installed, with 94% of them being active on 24,931 various WordPress websites, all of which hosted two or more malicious plugins.
20. 82% of breaches involved data stored in the cloud: Organizations should look for solutions that offer comprehensive visibility across hybrid environments and safeguard data as it transitions between various clouds, databases, applications, and services.
How Lepide Helps Prevent Data Breaches
The Lepide Data Security Platform stands as a reliable solution to fortify data protection and prevent potential breaches. Designed to ensure data security, the platform employs several key strategies.
- Real-time Auditing: The platform keeps a vigilant eye on data activities across various systems, instantly pinpointing who accessed what data, when, and from where. This proactive monitoring helps identify suspicious actions that could lead to breaches.
- Behavior Analytics: By studying typical user behavior, the platform can spot anomalies that indicate unauthorized access or data usage. This proactive approach enables the detection of threats before they escalate.
- Access Control: The platform empowers administrators to implement stricter access permissions, confining users to the least necessary privileges. This curtails the risk of accidental or intentional data exposure.
- Sensitive Data Handling: Automated scans classify data based on predefined rules, aiding in identifying sensitive information like personal or financial data. This data is then fortified with enhanced security measures.
- Incident Response: In the event of a breach, the platform offers incident response capabilities to contain and minimize the impact. It generates alerts in real time, ensuring immediate actions can be taken.