Cybersecurity Stats: Facts And Figures You Should Know

We access financial information online, shop on retailers’ websites and share personal details on social media accounts. As we increasingly use and rely on digital platforms, we become more exposed to various cybersecurity risks. Malicious hackers exploit security vulnerabilities to capitalize on people’s personal data and organizations’ growing digital footprints.

As we face threats of financial fraud, unauthorized access and identity theft, cybersecurity has never been more crucial. But what is cybersecurity, exactly? This field encompasses the technology, practices and safety measures used to mitigate and protect against cyber threats, including phishing, malware, ransomware and other types of cyberattacks.

Learn about the prevalence of cyberattacks, including common threats and vulnerabilities, and the importance of safeguarding personal information. Read on for must-know cybersecurity stats, including trends and field employment data.

Cybersecurity Fast Facts

  • There were 2,365 cyberattacks in 2023 with 343,338,964 victims.¹
    • 2023 saw a 72% increase in data breaches since 2021, which held the previous all-time record.
  • A data breach costs $4.45 million on average.²
  • Email is the most common vector for malware, with around 35% of malware delivered via email in 2023.³
  • Ninety-four percent of organizations have reported email security incidents.
  • Business email compromises accounted for $2.7 billion in losses in 2022.
  • Information security jobs are projected to grow by 32% between 2022 and 2032.

As the globe becomes more interconnected and reliant on digital technologies, cybercrime is surging. The year 2023 saw a notable increase in cyberattacks, resulting in more than 343 million victims. Between 2021 and 2023, data breaches rose by 72%, surpassing the previous record.

People around the world use email for personal and professional communication, making email a target for cybercriminals and the most common vector for malware. In 2023, 35% of malware was delivered via email, and more than 94% of organizations reported email security incidents.

The repercussions of cyberattacks are far-reaching and costly. A data breach costs $4.45 million on average. In 2022, compromised business emails accounted for $2.7 billion in losses. These alarming figures emphasize the danger of cyber vulnerabilities and highlight the need for skilled cybersecurity professionals.

The Most Common Kinds of Cybersecurity Attacks

Cyberattacks target entities of all sizes and sectors—individuals, corporations and even governments.

In response, cybersecurity bootcamps and cybersecurity degrees have cropped up throughout the higher education market to offer comprehensive, rigorous training to equip aspiring cybersecurity professionals with in-demand skills. Even so, the cybersecurity field faces a growing skills gap.

Before we dive into cybersecurity workforce data, let’s explore some of the most common kinds of cybersecurity attacks.


Phishing refers to the use of text messages, deceptive emails, websites and other forms of communication to deceive individuals into downloading malware or divulging sensitive information. Cyberattackers pose as reputable individuals or legitimate organizations to steal important data such as login credentials, financial information and other personal details.

Four main types of phishing exist.

  • Spear phishing: Spear phishing aims to obtain sensitive information or access computer systems by sending personalized messages via email, text or phone. Attackers using this method frequently leverage information from social media, public databases or previous breaches to enhance their credibility.
  • Whaling: Whaling targets senior or high-profile employees, such as chief executives and financial officers. Attackers craft highly personalized, convincing messages to extract an organization’s sensitive information and data.
  • Vishing: Vishing entails making phone calls or leaving voice messages while pretending to be a reputable source. The aim is to exploit personal information, access bank accounts and steal money.
  • Email Phishing: Email phishing attempts to steal sensitive information by email. Attackers pose as legitimate organizations and can target mass audiences.
  • 74% of account takeover attacks start with phishing.
  • The most targeted companies for phishing scams are:
    • Microsoft (33%)
    • Amazon (9%)
    • Google (8%)
    • Apple (4%)
    • Wells Fargo (3%)
    • LinkedIn (3%)
    • Home Depot (3%)
    • Facebook (3%)
    • Netflix (2%)
    • DHL (2%)

Phishing is one of the most prevalent and effective forms of cybercrime; around three-quarters of account takeover attacks start with phishing.

So how do you recognize and avoid phishing scams? Unusual senders, hyperlinks, suspicious attachments and spelling errors are key red flags. Cyberattackers might fabricate offers that seem too good to be true, create a sense of urgency or make unusual requests.

Microsoft, Amazon and Google rank among the most targeted companies for phishing scams.


  • Malware attacks rose by 71% between 2016 and 2021.
  • Ransomware attack victims rose by 128.17% between 2022 and 2023.¹⁰
  • At any given time, 4.1 million sites are infected with malware.¹¹
  • On average, a ransomware attack costs a business $5.13 million.²
  • Seven percent of ransomware attacks resulted in financial loss in 2023 with a median ransom payment of $10,000.³
  • Ransomware accounts for 24% of malicious cyberattacks.²

​​Distributed Denial of Service (DDoS)

A distributed denial of service occurs when attackers use multiple devices to flood a target system, network or website with a high volume of traffic. This tactic overwhelms the target’s capacity to handle legitimate requests, rendering it inaccessible to legitimate users.

  • On average, Microsoft mitigates 1,700 DDoS attacks daily.¹²
  • Twenty percent of current DDoS-for-hire sites arose in 2023 alone.¹²
  • Prominent DDoS attack victims include¹³:
    • Amazon Web Services (AWS)
    • GitHub
    • Dyn

As tools and techniques for carrying out DDoS attacks become more accessible, so do their frequency and scale. Of the current number of DDoS-for-hire sites, around 20% of them emerged in 2023 alone, highlighting the growing prevalence of these attacks.

Recognizing the threat of DDoS attacks, many organizations are investing in mitigation strategies and services to protect their networks and services from these attacks. On average, Microsoft mitigates 1,700 DDoS attacks every day. Prominent entities like Amazon Web Services, GitHub and Dyn have all fallen victim to disruptive DDoS attacks.

Personal Data Breaches

  • 353,027,892 people were impacted by data breaches in 2023.¹
  • The Consumer Sentinel Network received more than 5.4 million reports in 2022, consisting of¹⁵:
    • Fraud (2,563,959 reports)
    • Identity theft (1,107,197 reports)
    • Other (1,761,231 reports)

Due to the interconnected nature of digital systems and the vast amount of personal information stored online, cybercrime is often a gateway to identity theft. Hackers leverage methods like phishing emails, malware and data breaches to gain unauthorized access to sensitive data, including social security numbers, login credentials and financial information.

The year 2013 saw one of the biggest data breaches in history, when more than 3 billion Yahoo user accounts were compromised. Hackers targeted Yahoo’s database to steal records from user accounts. And in 2021, Facebook was the target of a massive data breach where 533 million users’ personal information was leaked.¹⁴

In 2023 alone, more than 353 million people were impacted by data breaches. This alarming trend is further underscored by the number of reports received by the Consumer Sentinel Network in 2022. Among these reports, fraud accounted for more than 2.5 million reports, while identity theft constituted over 1.1 million.

Identity theft takes several forms. Including online shopping fraud and mortgage fraud, cybercriminals employ many deceptive tactics to commit identity theft. The most common types of identity theft include credit card fraud, bank fraud, loan or lease fraud, and employment or tax-related fraud.

In 2022, credit card fraud made up the largest number of reports, while identity theft classified as “other” constituted the second-largest category. Bank fraud and loan or lease fraud accounted for more than 150,000 reports, ranking third and fourth, respectively. Employment or tax-related fraud ranked as the fifth most common type of identity theft, with 103,420 reports in 2022.

The Cost of Cybercrime

  • The total cost of damages incurred by cybercrime is expected to reach $10.5 trillion by 2025.¹⁶
  • An organization loses $1.3 million in the average data breach.²
  • The average cost of an organization detecting and escalating a data breach is $1.58 million².

The cost of cybercrime is projected to reach a staggering $10.5 trillion by 2025. In addition to compromising sensitive information and jeopardizing the safety of users and customers, cyberattacks have steep financial repercussions.

Remediation efforts, legal fees, regulatory fines, intellectual property theft, operational disruption and reputational damage are several factors that account for the total cost of cybercrime. On average, it costs an organization $1.58 million to detect and escalate a data breach. In the average data breach, an organization loses $1.3 million.

Cybersecurity (or a lack thereof) affects both individuals and organizations all over the U.S. and the world. California, Florida, New York, Texas and Georgia make up the top five states in terms of victim losses due to cybercrime.

A 2022 report published by the FBI ranked California as the worst state for cybercrime by victim loss, with more than 80,000 victim reports and over $2 billion in losses that year. New Jersey, Illinois, Pennsylvania and Alabama trailed closely behind, accounting for more than $1 billion in combined victim loss.

Cybersecurity Jobs and Career Outlook

  • The cybersecurity workforce gap reached 4 million in 2023.
  • The 2022 median salary for information security analysts was $112,000, or $53.85 per hour.
  • In the U.S., around 572,000 jobs opened up in the cybersecurity industry between September 2022 and August 2023—up 74% from 2010.¹⁷
  • The U.S. employed approximately 1.18 million cybersecurity professionals between September 2022 and August 2023, an increase of 59% since 2010.¹⁷
  • The most sought-after cybersecurity certifications as of January 2024 are¹⁷:
    • CompTIA Security+ 265,992 openings requesting this credential
    • Certified Information Systems Security Professional 91,765
    • Global Information Assurance Certification 46,318
    • Certified Information Systems Auditor 35,812
    • Certified Information Security Manager 20,300
    • Certified Information Privacy Professional 13,652
  • The top-paying cybersecurity jobs as of January 2024 are¹⁸:

If you want to get into cybersecurity, we have good news: Demand for cybersecurity professionals is greater than ever before. In 2023, the cybersecurity workforce gap reached 4 million. Between September 2022 and August 2023, there were around 527,000 job openings in the cybersecurity sector.

Experienced cybersecurity professionals might consider pursuing an in-demand cybersecurity certification. The most popular options include CompTIA Security+, Certified Information Systems Security Professional and Global Information Assurance Certification. There are also several entry-level cybersecurity certifications for those just starting out.

In addition, you can earn a relatively high salary in the cybersecurity field. According to the BLS, the median annual wage for information security analysts is $112,000. The top-paying cybersecurity roles as of January 2024 include cybersecurity managers, architects and engineers.

Mariah St. John

Mariah St. JohnEducation Writer

Mariah is a Berlin-based writer with six years of experience in writing, localizing and SEO-optimizing short- and long-form content across multiple niches, including higher education, digital marketing and travel. Her writing expertise extends to brand strategies and driving small business growth through targeted content. In the last three years, she’s primarily produced education-focused content, writing on topics like degree programs, trade schools and career pathways.

Obtain your IT Training and Certifications from CED Solutions:

CED Solutions is one of the largest IT certification providers in North America, offering a range of services including IT training, certification courses, and testing services. With a focus on real-world application and practical skills, CED Solutions has provided certification training to more than 50,000 students over the past 25 years. Recognized for their dedication to student success and career development, CED Solutions is committed to providing opportunities for lifelong learning and professional growth.

Share this post