With cybersecurity reports and fraud studies launching almost weekly, it can be hard to keep track of the latest stats related to:
- Account takeover (ATO)
- Ransomware
- Malware
- Session hijacking
- Business email compromise (BEC)
- Fraud and identity theft
- Digital identity threats
At SpyCloud, we know our readers need the latest cybersecurity statistics to bolster their case for investing in solutions to combat cybercrime and protect employees and customers. Here is the latest list of cybersecurity statistics you should know for 2024.
Account Takeover (ATO) Statistics:
- ATO attacks increased 354% year-over-year in 2023. Sift’s Q3 2023 Digital Trust & Safety Index
- Account takeover fraud resulted in nearly $13 billion in losses in 2023. 2024 AARP & Javelin Fraud Study
- 22% of U.S. adults have been victims of account takeover (24M households). Security.org + Deduce Report
- 73% of consumers believe the brand is accountable for ATO attacks and responsible for protecting account credentials. Sift’s Q3 2023 Digital Trust & Safety Index
- Only 43% of account takeover victims were notified by the company that their information had been compromised. Sift’s Q3 2023 Digital Trust & Safety Index
- An annual analysis of recaptured data from the darknet shows a 74% password reuse rate for users exposed in two or more breaches in the last year. SpyCloud 2024 Annual Identity Exposure Report
Ransomware Statistics:
- In the first half of 2023, ransomware attackers extorted $176 million more than the same period in 2022, putting 2023 on track to be the second-costliest year for ransomware in history. Chainalysis Mid-year Update
- The average cost of a ransomware attack escalated to $5.13 million in 2023, not counting the ransom itself. IBM Cost of a Data Breach Report 2023
- There were 493+ million ransomware attacks globally in 2022. While down 21% year-over-year, some industries saw huge spikes, including finance (+41%). 2023 Sonicwall Cyber Threat Report
- In 2022, ransomware took over the second spot after denial of service in breach incidents, now being present in 15.5% of all incidents. Meanwhile, the share of ransomware in breaches held statistically steady at 24%. Verizon 2023 Data Breach Investigations Report
- 81% of organizations were affected by ransomware in some capacity over the past 12 months, and 48% of those that were impacted ended up paying a ransom. SpyCloud 2023 Ransomware Defense Report
- The sector most heavily impacted by ransomware attacks was the construction industry in 2023. eCrime Ransomware and Data Leak Site Report 2023
- The IC3 received 2,825 complaints in 2022 identified as ransomware, reflecting losses of more than $59.6 million. FBI Internet Crime Report 2023
- In 2022, the IC3 received 1,193 complaints regarding ransomware attacks on critical infrastructure organizations, with 14 of the 16 critical infrastructure sectors having at least one member fall victim to an attack. Healthcare was the sector with the most reported attacks. FBI Internet Crime Report 2023
- According to security leaders, the top three perceived riskiest entry points for ransomware are:
#1 Phishing and social engineering
#2 Unpatched vulnerabilities
#3 Third-party or partner connections
SpyCloud 2023 Ransomware Defense Report - More than one-third of North American and European companies who experienced a ransomware event in 2023 had at least one infostealer infection prior to being attacked. SpyCloud 2023 Ransomware Defense Report
Malware Statistics:
- In 2023, the use of infostealer malware by cybercriminals tripled. IBM X-Force Threat Intelligence Index 2024
- 53% of security professionals reported being “extremely concerned” about harmful future attacks stemming authentication, identity, session, and other data exfiltrated from malware-infected devices. SpyCloud 2023 Malware Readiness & Defense Report
- 48.5% of 721.5 million exposed username and password combinations recovered from the criminal underground were exfiltrated from malware-infected devices in 2022. SpyCloud 2023 Malware Readiness & Defense Report
- 20% of all SpyCloud recaptured malware logs from had an antivirus program installed at the time of successful malware execution. SpyCloud 2023 Malware Readiness & Defense Report
- The average infostealer malware log contains credentials from 26 business applications. SpyCloud 2023 Malware Readiness & Defense Report
- Malware analysis now ranks as one of the top three skills needed to succeed as a SOC analyst. Tines Voice of the SOC 2023
Session Hijacking Statistics:
- Session cookie theft via adversary-in-the-middle (AiTM) phishing attacks account for 15% of phishing attacks. Expel Quarterly Threat Report Q2 2023
- SpyCloud researchers recaptured 20 billion stolen cookie records from the dark web in 2022. SpyCloud 2024 Identity Exposure Report
Data Breach Statistics:
- There were 3,122 publicly reported data breaches in 2023, impacting 349 million people. Identity Theft Resource Center’s 2023 Data Breach Report
- The average data breach cost reached an all-time high of $4.45 million in 2023, a 2.6% increase from last year’s average of $4.24 million. IBM Cost of a Data Breach Report 2023
- The most common initial attack vectors for data breaches are phishing and stolen or compromised credentials, responsible for 16% of breaches (at an average cost of $4.9 million per breach). IBM Cost of a Data Breach Report 2023
- The use of stolen credentials remains the primary way into organizations, with 44.7% of breaches involving credentials as the top “action” to entry taken. Verizon 2023 Data Breach Investigations Report
- 86% of breaches for Basic Web Application attacks involved the use of stolen credentials as initial access. 50% of organizations experienced 39+ web application attacks in 2022. Verizon 2023 Data Breach Investigations Report
- 74% of all breaches involve the human element, whether by error, privilege misuse, use of stolen credentials, or social engineering. Verizon 2023 Data Breach Investigations Report
- 27% of global companies suffered a data breach that cost them between $1 million and $20 million USD in the past three years. That percentage rises to 34% for North American firms. Only 14% of global companies reported no data breaches during that same time frame. 2023 PwC Global Digital Trust Insights Report
- 44% of data breach victims tell friends and family not to associate with a brand that’s been breached. Telesign’s Trust Index
Business Email Compromise (BEC) Statistics:
- In 2022, the FBI received 21,489 BEC complaints, with estimated losses totaling more than $2.9 billion. FBI Internet Crime Report 2023
- There was a 65% increase in identified global exposed losses from Business Email Compromise fraud. FBI PSA: Business Email Compromise (BEC): The $43 Billion Scam
- The use of cryptocurrency in BEC-specific crimes was first identified in 2018, and has continued to skyrocket over the last four years. As of 2021, $40 million in losses has been reported in BEC/cryptocurrency complaints. FBI PSA: Business Email Compromise (BEC): The $43 Billion Scam
- Pretexting, including BEC, overtook phishing as the most prevalent social engineering tactic in 2022, with BEC attacks accounting for more than 50% of social engineering incidents. Verizon 2023 Data Breach Investigations Report
- The median open rate for text-based BEC attacks is nearly 28%. Abnormal Intelligence H1 2023 Report
- BEC was the attack vector for 9% of data breaches in 2023. IBM Cost of a Data Breach Report 2023
Fraud & Identity Theft Statistics:
- American adults lost a total of $43 billion to identity fraud in 2023. 2024 AARP & Javelin Fraud Study
- Of 19,778 complaints received by the FBI, associated losses from identity theft were $126 million. FBI Internet Crime Report 2023
- In the past 2 years, 37% of consumers had new accounts opened using their identity. Aite-Novarica U.S. Identity Theft: The Stark Reality
- Every $1 lost to fraud costs financial services firms $4.23, and every $1 lost to fraud costs merchants $3.75. LexisNexis True Cost of Fraud Study
- Card Not Present (CNP) losses are estimated to grow to $48 billion in 2023, an increase of 16% from $41 billion in 2022. Juniper Research Online Payment Fraud: Market Forecasts, Emerging Threats & Segment Analysis 2022-2027
- New accounts are 9.5 times riskier than mature accounts. NICE Actimize 2023 Fraud Insights Report
- Attempted fraud transactions have increased by 92% and attempted fraud amounts have jumped by 146%. NICE Actimize 2023 Fraud Insights Report
- The types of fraud most concerning to fraud executives at financial institutions: ACH fraud and P2P fraud (both with 39% of fraud executives concerned. The types of fraud attacks most concerning? Synthetic identities resulting from application fraud and wire fraud resulting from ATO. Aite-Novarica Market Trends in Fraud for 2022 and Beyond: New Fraudsters, New Era
- Online payment fraud losses are set to exceed $206 billion between 2021 and 2025. Juniper Research Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2021-2025
Digital Identity Threat Statistics:
- The digital identity has become a top attack vector – 90% of organizations reported an identity-related breach in the past year. IDS Alliance 2023 Trends in Securing Digital Identities Report
- The average digital identity exposure amounts to:
- 4 unique exposed usernames / email addresses
- 9 breach exposures
- 15 breach records
- Email accompanied by a password 67% of the time
- Information about the network or physical location of the user 25% of the time
- A 1 in 5 chance of already being the victim of an infostealer infection
For more insights,
get the 2024 Identity Exposure Report.
About SpyCloud: SpyCloud transforms recaptured darknet data to protect businesses from cyberattacks. Our products operationalize Cybercrime Analytics (C2A) to produce actionable insights that allow enterprises to proactively prevent ransomware and account takeover, protect their business from consumer fraud losses, and investigate cybercrime incidents. Our unique data from breaches, malware-infected devices, and other underground sources also powers many popular dark web monitoring and identity theft protection offerings. SpyCloud customers include half of the ten largest global enterprises, mid-size companies, and government agencies located around the world. Headquartered in Austin, TX, SpyCloud is home to 200 cybersecurity experts whose mission is to make the internet a safer place.
To get insights on your company’s compromised data, check your exposure today.
