2023 Cybersecurity Industry Statistics: Account Takeover, Ransomware, Data Breaches, BEC & Fraud


With cybersecurity and fraud studies and reports launching almost weekly, who can keep up with all the stats related to account takeover, ransomware, BEC, fraud, and identity theft? We keep a tally ourselves and thought our readers might want access to help bolster their business case to invest in solutions to combat cybercrime and protect their employees, vendors, and consumers from the ever-evolving tactics of cybercriminals.

Account Takeover (ATO) Statistics:

Ransomware Statistics:

  • There were 493+ million ransomware attacks globally in 2022. While down 21% year-over-year, some industries saw huge spikes, including finance (+41%). 2023 Sonicwall Cyber Threat Report
  • In 2022, ransomware took over the second spot after denial of service in breach incidents, now being present in 15.5% of all incidents. Meanwhile, the share of ransomware in breaches held statistically steady at 24%Verizon 2023 Data Breach Investigations Report
  • Despite increased investment in tools to fight ransomware, 90% of organizations were affected by ransomware in some capacity over the past 12 months, a striking uptick from last year’s 72.5%. SpyCloud 2022 Ransomware Defense Report
  • The IC3 received 2,385 complaints in 2022 identified as ransomware, reflecting losses of more than $33.4 million. FBI Internet Crime Report 2022 [PDF]
  • In 2022, the IC3 received 870 complaints regarding ransomware attacks on critical infrastructure organizations, with 14 of the 16 critical infrastructure sectors having at least one member fall victim to an attack. Healthcare was the sector with the most reported attacks. FBI Internet Crime Report 2022 [PDF]
  • A survey of more than 400 CISOs found that ransomware is the top cyber threat most concerning to respondents. The CISOs Report: Perspectives, Challenges and Plans for 2022 and Beyond
  • According to IT security leaders, the top three riskiest entry points for ransomware are:
    #1 Unpatched vulnerabilities
    #2 Phishing emails with malicious attachments/links
    #3 Unmanaged devices accessing the network.
    SpyCloud 2022 Ransomware Defense Report
  • 87% of IT security leaders agree that reports of credential-stealing malware such as RedLine Stealer have elevated their organization’s concern of unmonitored personal devices as a potential entry point for ransomware. SpyCloud 2022 Ransomware Defense Report

Data Breach Statistics:

Business Email Compromise Statistics:

Fraud & Identity Theft Statistics:

About SpyCloud: SpyCloud transforms recaptured darknet data to protect businesses from cyberattacks. Its products operationalize Cybercrime Analytics (C2A) to produce actionable insights that allow enterprises to proactively prevent ransomware and account takeover, protect their business from consumer fraud losses, and investigate cybercrime incidents. Its unique data from breaches, malware-infected devices, and other underground sources also powers many popular dark web monitoring and identity theft protection offerings. SpyCloud customers include half of the ten largest global enterprises, mid-size companies, and government agencies around the world. Headquartered in Austin, TX, SpyCloud is home to nearly 200 cybersecurity experts whose mission is to make the internet a safer place. 

To learn more and see insights on your company’s exposed data, visit spycloud.com/check-your-exposure/.

Recent Posts

Check Your Company's Exposure

See your real-time exposure details powered by SpyCloud.

[JUST RELEASED] 2023 Ransomware Defense Report highlights infostealers as precursors to future attacks. Download Now