Close this search box.

Cybersecurity Industry Statistics: ATO, Ransomware, Breaches & Fraud


With cybersecurity reports and fraud studies launching almost weekly, it can be hard to keep track of  the latest stats related to:

  • Account takeover (ATO)
  • Ransomware
  • Malware
  • Session hijacking
  • Business email compromise (BEC)
  • Fraud and identity theft
  • Digital identity threats

At SpyCloud, we know our readers need the latest cybersecurity statistics to bolster their case for investing in solutions to combat cybercrime and protect employees and customers. Here is the latest list of cybersecurity statistics you should know for 2024.

Account Takeover (ATO) Statistics:

Ransomware Statistics:


  • In the first half of 2023, ransomware attackers extorted $176 million more than the same period in 2022, putting 2023 on track to be the second-costliest year for ransomware in history. Chainalysis Mid-year Update
  • The average cost of a ransomware attack escalated to $5.13 million in 2023, not counting the ransom itself. IBM Cost of a Data Breach Report 2023
  • There were 493+ million ransomware attacks globally in 2022. While down 21% year-over-year, some industries saw huge spikes, including finance (+41%). 2023 Sonicwall Cyber Threat Report
  • In 2022, ransomware took over the second spot after denial of service in breach incidents, now being present in 15.5% of all incidents. Meanwhile, the share of ransomware in breaches held statistically steady at 24%Verizon 2023 Data Breach Investigations Report
  • 81% of organizations were affected by ransomware in some capacity over the past 12 months, and 48% of those that were impacted ended up paying a ransom. SpyCloud 2023 Ransomware Defense Report
  • The sector most heavily impacted by ransomware attacks was the construction industry in 2023. eCrime Ransomware and Data Leak Site Report 2023
  • The IC3 received 2,825 complaints in 2022 identified as ransomware, reflecting losses of more than $59.6 million. FBI Internet Crime Report 2023
  • In 2022, the IC3 received 1,193 complaints regarding ransomware attacks on critical infrastructure organizations, with 14 of the 16 critical infrastructure sectors having at least one member fall victim to an attack. Healthcare was the sector with the most reported attacks. FBI Internet Crime Report 2023
  • According to security leaders, the top three perceived riskiest entry points for ransomware are:
    #1 Phishing and social engineering
    #2 Unpatched vulnerabilities
    #3 Third-party or partner connections
    SpyCloud 2023 Ransomware Defense Report
  • More than one-third of North American and European companies who experienced a ransomware event in 2023 had at least one infostealer infection prior to being attacked. SpyCloud 2023 Ransomware Defense Report

Malware Statistics:

Session Hijacking Statistics:

Data Breach Statistics:

Business Email Compromise (BEC) Statistics:

Fraud & Identity Theft Statistics:

Digital Identity Threat Statistics:

  • The digital identity has become a top attack vector – 90% of organizations reported an identity-related breach in the past year. IDS Alliance 2023 Trends in Securing Digital Identities Report
  • The average digital identity exposure amounts to:
    • 4 unique exposed usernames / email addresses
    • 9 breach exposures
    • 15 breach records
    • Email accompanied by a password 67% of the time
    • Information about the network or physical location of the user 25% of the time
    • A 1 in 5 chance of already being the victim of an infostealer infection

For more insights,
get the 2024 Identity Exposure Report.

About SpyCloud: SpyCloud transforms recaptured darknet data to protect businesses from cyberattacks. Our products operationalize Cybercrime Analytics (C2A) to produce actionable insights that allow enterprises to proactively prevent ransomware and account takeover, protect their business from consumer fraud losses, and investigate cybercrime incidents. Our unique data from breaches, malware-infected devices, and other underground sources also powers many popular dark web monitoring and identity theft protection offerings. SpyCloud customers include half of the ten largest global enterprises, mid-size companies, and government agencies  located around the world. Headquartered in Austin, TX, SpyCloud is home to 200 cybersecurity experts whose mission is to make the internet a safer place. 

To get insights on your company’s compromised data, check your exposure today.

Recent Posts

Check Your Company's Exposure

See your real-time exposure details powered by SpyCloud.

[What’s New] Check Your Exposure has been expanded with more recaptured data. See Your Results Now

Close this search box.