130+ Cybersecurity Statistics to Inspire Action This Year [2024 Update]

  • April 24, 2024

Anna Fitzgerald

Senior Content Marketing Manager at Secureframe


Rob Gutierrez

Senior Compliance Manager at Secureframe

Global cyber attacks continue to rise in 2024, with the average number of cyber attacks per organization per week reaching 1,308 in the first quarter of 2024. This is a 28% increase from the last quarter of 2023 and a 5% increase year-over-year.

As the number rises, the costs of these attacks rise as well. Cybercrime losses rose to a record high of $12.8 billion in 2023 and are expected to surge to $23.84 trillion by 2027.

Understanding the evolving threat landscape can help you protect your organization from costly attacks and recovery. 

We’ve compiled a list of more than 130 cybersecurity statistics that underscore the importance of a strong risk management program and security posture, particularly for small businesses and the health industry. Read to learn about cybercrime trends, recent attacks, and evolving threats. 

Cybercrime statistics 

Individuals and organizations are increasingly exposed to cybercrime. Take a look at these statistics to get a better sense of the global impact of cybercrime. 

1. In 2023, the United States Internet Crime Complaint Center (IC3) received 880,418 complaints, a record number of complaints from the American public and a nearly 10% increase in complaints received compared to 2022. (FBI)

2. The complaints registered with the IC3 in 2023 had potential losses exceeding $12.5 billion. This represents a 22% increase in losses suffered compared to 2022. (FBI)

3. The most common type of cyber crime reported to IC3 in 2023 was phishing and spoofing, affecting approximately 298 thousand individuals. (Statista)

4. Individuals over the age of 60 accounted for the highest number of recorded cyber crime victims in the United States in 2023, with more than 104,068 complaints. The second-most targeted were individuals between 30 and 39 years, with over 88 thousand complaints. (Statista)

5. 39% of consumers globally were victims of a cybercrime in 2022. (Norton)

6. An estimated 463 million adults in 8 countries experienced a cybercrime in the past 12 months. (Norton)

7. Global consumers who experienced cybercrime in 2022 spent over 3.5 billion hours resolving issues caused by cybercrime. (Norton)

8. 54% of cybercrime victims in 2022 experienced financial loss as a result of cybercrime. (Norton)

9. Phishing schemes were the number one crime type reported to the FBI's Internet Crime Complaint Center in 2022, with 300,497 complaints. (FBI)

10. Global cybercrime is predicted to cost the world $10.5 trillion annually by 2025. (Cybersecurity Ventures)

Cyber risk statistics

As threat actors become more sophisticated and organizations’ attack surfaces continue to increase, managing cyber risk poses a growing challenge for organizations. Read on to find out how organizations are thinking about cyber risk. 

11. Mitigating cyber risk is a top priority for business and tech executives in 2024, second only to digital and technology risks. (PwC)

12. 41% of organizations have experienced three or more critical risk events in the last 12 months. (Forrester)

13. 58% of organizations consider their exposure to cyber attack high or very high. (Hiscox)

14. More than half of organizations that suffered a cyber attack in the past year (55%) see cyber as an area of high risk. Among non-victims the figure is just 36%. (Hiscox)

15. 41% of organizations attacked in the past year say their risk exposure has increased. (Hiscox)

16. As the complexity of IT environments continues to rise, organizations are integrating a greater number of cybersecurity solutions to manage risk. On average, enterprises already have 53 security solutions in use across their organization. 21% report more than 76 solutions in their cyber stack. (Pentera)

17. More than three out of five organizations (62%) agree that their business is more vulnerable to attack with more employees working from home. (Hiscox)

18. 54% of business and tech executives cite cloud as their most pressing cybersecurity risk in 2024. (PwC)

19. Nearly every organization — 97% — has gaps in its cloud risk management plan. (PwC)

20. Business continuity (67%) and reputational damage (65%) concern organization leaders more than any other cyber risk. (World Economic Forum)

21. 43% of CISOs who reported a breach reported unplanned downtime as a result, making business continuity the biggest risk of a cyber attack. (Pentera)

22. Organization leaders said that artificial intelligence (AI) and machine learning (20%), greater adoption of cloud technology (19%) and advances in user identity and access management (15%) will have the greatest influence on their cyber risk strategies over the next two years. (World Economic Forum)

23. More than two-thirds of business and tech executives (69%) say they’ll use generative AI for cyber defense in the next 12 months. (PwC)

24. 73% of organization leaders agree that cyber and privacy regulations are effective in reducing their organizations’ cyber risks in 2023. This is a noticeable increase from 39% who agreed with the same statement in 2022. (World Economic Forum)

Cybersecurity insider threat statistics 

The largest cybersecurity risk for most businesses is people, not technology. Learn about the cost and impact of insider threat and how organizations are responding. 

25. 74% of organizations say they are moderately to extremely vulnerable to insider threats. (Cybersecurity Insiders)

26. 76% of organizations reported insider attacks in 2024, an increase from 66% in 2019. (Securonix)

27. 74% of organizations say insider attacks have become more frequent. (Cybersecurity Insiders)

28. While 76% of organizations have detected increased insider threat activity over the past five years, less than 30% believe they are equipped with the right tools to handle them. (Securonix)

29. More than half of organizations have experienced an insider threat in the last year. 8% of organizations have experienced more than 20 in the last year. (Cybersecurity Insiders)

30. When cybersecurity professionals were asked to prioritize the most critical effects of insider attacks, the top three answers were:

31. 22% of cybersecurity professionals said non-compliance with regulations was one of the most critical effects of insider threat at their organization. (Cybersecurity Insiders)

32. 68% of cybersecurity professionals are concerned or very concerned about insider risk as their organizations return to the office or transition to hybrid work. (Cybersecurity Insiders)

33. 90% of cybersecurity professionals said it is equally or more challenging to detect and prevent insider attacks compared to external cyber attacks. (Securonix)

34. When asked what type of insider threat they’re most concerned about, 71% of cybersecurity professionals said compromised accounts/machines, followed by inadvertent data breaches/leaks (66%) and negligent data breaches (64%). (Cybersecurity Insiders)

35. A Gartner survey conducted in May and June 2022 among 1,310 employees revealed that 69% of employees have bypassed their organization’s cybersecurity guidance in the past 12 months. (Gartner)

36. 74% of employees say they would be willing to bypass cybersecurity guidance if it helped them or their team achieve a business objective. (Gartner)

37. Over 90% of employees who admitted undertaking a range of unsecure actions during work activities knew that their actions would increase risk to the organization but did so anyway. (Gartner)

38. While 66% of organizations feel vulnerable to insider attacks, 41% of organizations have only partially implemented insider threat programs, pointing to a lack of comprehensive activity monitoring and advanced threat management. (Securonix)

39. Half of medium to large enterprises are expected to adopt formal programs to manage insider risk by 2025, up from 10% today. (Gartner)

40. 39% of organizations already have an insider threat program established. (Cybersecurity Insiders)

41. 46% of organizations are planning on establishing an insider threat program, but the time period ranges. 13% said within the next six months or year, respectively. 15% said within two years and 5% said in more than two years. (Cybersecurity Insiders)

42. 56% of insider-related incidents experienced by organizations in a 12-month study conducted by Ponemon Institute were due to negligence, and the average annual cost to remediate the incident was $6.6 million. (Proofpoint and Ponemon Institute)

43. On average, organizations are spending a total of $15.38 million on activities to resolve insider threats over a 12-month period. (Proofpoint and Ponemon Institute)

44. The time to contain an insider threat incident increased from 77 days in 2016 to 85 days in 2022, leading organizations to spend the most on containment. (Proofpoint and Ponemon Institute)

45. 53% of cybersecurity professionals say detecting insider attacks has become somewhat to significantly harder in the cloud. (Cybersecurity Insiders)

46. In 2022, 67% of companies reported experiencing between 21 and more than 40 insider security incidents per year. This is an increase from 60% in 2020. (Proofpoint and Ponemon Institute)

Cybersecurity attacks statistics 

Cyber attacks continue to dominate headlines. Learn what types of attacks your organization should expect and prepare for. 

47. For the fourth year in a row, cyber attacks were reported as the number one cause of outages across organizations. (Veeam)

48. In 2023, ransomware incidents continued to be impactful and costly. After a brief downturn in 2022, ransomware incidents were again on the rise with over 2,825 complaints. This represents an increase of 18% from 2022. (FBI)

49. In Q1 2024, the manufacturing sector was most impacted globally by ransomware attacks, accounting for 29% of published attacks and having almost double the amount of reported attacks YoY. (Checkpoint Research)

50. Reported losses from ransomware incidents rose 74%, from $34.3 million to $59.6 million. (FBI)

51. The median cost of an attack rose 29% in 2022, to just under $17,000. (Hiscox)

52. 91 % of business and cyber leaders say they believe a far-reaching and catastrophic cyber event is “at least somewhat likely in the next two years” due to global geopolitical instability. (World Economic Forum)

53. 10% of business leaders and 13% of cyber leaders feel that they are missing critical people and skills needed to respond to and recover from a cyberattack. (World Economic Forum)

54. Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. (Gartner)

55. 53% of enterprises report decreasing or stagnating IT security budgets for 2024. This is a major departure from the 2023 outlook in which 92% of enterprises projected an increase in their IT security budgets. (Pentera)

56. When asked about how much they spend on their security in 2023, respondents reported an average budget of $1.27M for IT security. (Pentera)

57. Organizations experiencing 30 or more attacks in the past year had average cyber security budgets of $10 million or more. (Hiscox)

58. US firms reporting a cyber attack jumped sharply (+7%) in 2022, while attacks costing $25,000 or more have also increased, from 34% to 40%. (Hiscox)

59. Denial of Service (DoS) attacks represented 46% of total incidents in an analysis of 23,896 incidents in 2022 by Verizon. (Verizon)

60. Ransomware attacks hit an all-time high in March 2023, with 459 recorded attacks.This represents a 91% month-over-month increase and a 62% year-over-year increase. (NCC Group)

61. In a 12-month study by Microsoft, 76% of organizations which suffered ransomware attacks lacked an effective response plan, preventing proper organizational crisis readiness and negatively impacting time to respond and recover. (Microsoft Digital Defense Report)

62. When asked how they prioritize remediation within their organizations, only 34% of CISOs considered business impact a priority for guiding their remediation strategy. (Pentera)

63. In a 2022 study by CrowdStrike, there was a 20% increase in the number of adversaries conducting data theft and extortion campaigns without deploying ransomware. (Crowdstrike)

64. There were twice the number of ransomware victims in 2023 compared to 2022. (Delinea

Cybersecurity breaches statistics 

As cyber attacks rise, so do the number of attacks resulting in data being lost or compromised. Find out what the leading causes of data breaches are. 

65. For US organizations, data breaches are now at an all-time high. In just the first nine months of 2023, data breaches in the US have already increased by nearly 20% compared to all of 2022. (Apple)

66. In Pentera’s State Of Pentesting 2024 Survey Report, 51% of enterprises reported a breach in the past 24 months. (Pentera)

67. 93% of CISOs who reported a breach cited an impact on the confidentiality, integrity, and/or availability of their IT environment, while only 7% reported no significant impact as a result of the breach. (Pentera)

68. The proportion of businesses that have experienced a data breach of more than USD $1M has increased significantly, from 27% in 2023 to 36% in 2024. (PwC)

69. As company size increases, so does the average cost of their most damaging breach. Companies with more than $10 billion report breaches of $7.2 million while those companies with less than $1 billion report $1.9 million in damages.  (PwC)

70. In an analysis of approximately 24,000 security incidents, more than 5,000 of which were confirmed data breaches, nearly three out of four breaches (73%) were attributed to external sources. (Verizon)

71. ​​External actors are consistently more likely to cause data breaches than internal actors, with 80% of breaches being caused by external actors in an analysis by Verizon. (Verizon)

72. In 2022, 82% of breaches involved the human element. Causes included the use of stolen credentials, phishing, misuse, and human error. (Verizon)

73. Over 30% of data breaches in 2022 involved some type of malware. Ransomware was present in almost 70% of those malware breaches. (Verizon)

74. 54% of organizations reported experiencing a data breach caused by one of their third parties in the last 12 months. (RiskRecon and Ponemon Institute)

Cybersecurity healthcare statistics 

Healthcare is one of the most targeted industries by threat actors. Take a look at some of the most prevalent threats against this sector below. 

75. The healthcare industry is one of the most breached industries, ranking first in Kroll’s 2022 Data Breach Outlook report and second in the 2023 report. (Kroll)

76. The global average cost of a damaging cyber-attack was reported to be $4.4 million, while in the healthcare sector that cost was 25% higher at $5.3 million. (PwC)

77. Nearly half (47%) of all healthcare organization’s respondents reported a data breach of $1M or greater. (PwC)

78. In 2022, 89% of the healthcare organizations experienced an average of 43 attacks in the past 12 months, which equates to almost one attack per week. (Proofpoint and Ponemon Institute)

79. Of the 1,193 complaints that the IC3 received from organizations belonging to a critical infrastructure sector that were affected by a ransomware attack, the healthcare and public health sector was the highest with 249 complaints (or 21% of the total). (FBI)

80. Of the four most common types of attacks against healthcare organizations, ransomware is the most likely to have a negative impact on patient care. In 2022, it led to procedure or test delays in 64% of the organizations and longer patient stays for 59% of them. (Proofpoint and Ponemon Institute)

81. 72% of healthcare IT and security practitioners believe their organizations are vulnerable to a ransomware attack, and 60% say this is the type of attack that concerns them the most. (Proofpoint and Ponemon Institute)

82. Email compromise (37%) and ransomware (34%) were the two most common incident types targeting the healthcare industry in 2023 according to Kroll researchers. (Kroll)

83. In 2022, 56% of healthcare organizations reported experiencing one or more cyberattacks in the past 24 months involving IoMT/IoT devices. Among those, 58% averaged 9 or more cyberattacks during that time. (Cynerio and Ponemon Institute)

84. 64% of healthcare organizations are concerned about medical device security, but only 51% include them in their cybersecurity strategy. (Proofpoint and Ponemon Institute)

85. 45% of healthcare organizations that experienced at least one cyberattack in 2022 reported adverse impacts on patient care, and 53% percent of those reported adverse impacts resulting in increased mortality rates. (Cynerio and Ponemon Institute)

86. 53% of healthcare IT and security practitioners said a lack of in-house expertise is a challenge and 46% said they lack sufficient staffing, both of which negatively affect their cybersecurity posture. (Proofpoint and Ponemon Institute)

87. Healthcare is the most likely industry to self-report as having very mature security. Only 3% of healthcare respondents said that they do not trust their organization’s ability to defend against most cyberattacks. (Kroll)

88. 49% of healthcare respondents rated their overall cybersecurity as very mature, more than any other sector and 16 percentage points higher than the survey average. (Kroll)

89. Despite having above-average confidence, 26% of healthcare businesses rank as having low cyber maturity, and healthcare performs badly in comparison to other sectors that scored highly for self-reported security. This reflects a worrying disconnect between how mature organizations believe they are and how mature they really are. (Kroll)

90. When responding to a cyberattack, lost productivity is the highest cost incurred by health care organizations, averaging $1.1 million. (Proofpoint and Ponemon Institute)

91. When asked about top cybersecurity investment priorities over the next 12 months, 42% of business leaders said ongoing improvements in risk posture based on cyber roadmap. (PwC)

Small business cybersecurity statistics

Small businesses are also a common target for threat actors. Find out about common cybersecurity trends, attitudes, and behaviors for this type of business below. 

92. Cyber attacks cost US small businesses over $8,000 annually. (Hiscox)

93. While the median cost of cyber attacks for one business in a year has dropped from $10,000 in 2022 to $8,300 in 2023, the median number of attacks has risen from 3 to 4. (Hiscox)

94. Small businesses are three times more likely to be targeted by cybercriminals than larger companies. (Barracuda)

95. Small business owners are getting smarter, but so are cybercriminals. Although 63% of small businesses in the US are cyber intermediates and 4% are cyber experts when it comes to defending against and avoiding cyber incidents, almost half (41%) have experienced a cyber attack during the past year. (Hiscox)

96. Half of the smallest organizations by revenue say they either do not have or are unsure as to whether they have the skills they need to meet their cyber objectives. (World Economic Forum)

97. 90% of small and medium-sized enterprises (SMEs) that experienced a serious incident said the cyberattack cost them more than they thought it would. (Cowbell)

98. US small businesses paid over $16,000 in ransoms over the past 12 months. For businesses who paid ransoms, only half (50%) recovered all their data and half (50%) were forced to rebuild systems. Over a quarter of businesses (27%) who paid ransoms were attacked again and 27% went on to be asked for more money by the attacker. (Hiscox)

99. 81% of the SMEs that experienced a cyber incident say they saw a widespread drop in customer trust. (Cowbell)

100.  Businesses with 10 to 49 employees saw a nearly fourfold rise in the average number of cyber attacks in 2022. (Hiscox)

101. The cost of cybercrimes to small businesses reached $2.4 billion in 2021. (FBI)

102. Businesses with revenues of $100,000 to $500,000 can now expect as many cyber attacks as those earning $1 million to $9 million annually. (Hiscox)

103. Businesses with 10 to 49 employees decreased their cyber security budgets in 2022 by almost half, from $411,000 to $225,000. (Hiscox)

104. Only 55% of SME leaders feel highly confident they’re prepared for a cyberattack. (Cowbell)

105. SMEs with a cybersecurity strategy were nearly 2x more likely to recover quickly from a cyberattack compared to those without a cybersecurity strategy. (Cowbell)

106. Smaller organizations with fewer than 1,000 employees were less likely to report incidents where they were negatively affected by a cyber incident originating from their suppliers, service providers or business partners (25%) than larger organizations with more than 1,000 employees (39%). (World Economic Forum)

107. 41% of small businesses surveyed do not use data backup recovery and restoration systems. (Hiscox)

Cyber resilience statistics 

Cyber resilience refers to an organization’s ability to anticipate, withstand, recover from, and adapt to attacks and adverse conditions that impact their cyber resources. Read how business leaders are thinking about and building cyber resilience. 

108. The number of organizations that maintain minimum viable cyber resilience is down 30% in 2024. (World Economic Forum)

109. More than twice as many SMEs as the largest organizations say they lack the cyber resilience to meet their critical operational requirements. (World Economic Forum)

110. 52% of public organizations state that a lack of resources and skills is their biggest challenge when designing for cyber resilience. (World Economic Forum)

111. 32% of business and tech executives said regulatory requirements for operational resilience will have the greatest impact on their organizations’ future revenue growth. (PwC)

112. 95% of business executives and 93% of cyber executives agree that cyber resilience is integrated into their organization’s enterprise risk-management strategies. (World Economic Forum)

113. More than one-third of companies haven’t instituted risk management efforts, and only one-in-four have made cyber-resilience improvements in 2024. (PwC)

114. 76% of business leaders and 70% of cyber leaders agree that having more effective enforcement of regulatory requirements across their sector would increase their organization’s cyber resilience. (World Economic Forum)

115. Nearly half (42%) of the businesses that fell victim to cyber attacks in 2023 implemented additional cybersecurity and audit requirements because of the attacks they faced. (Hiscox)

116. 56% of organization leaders are confident that their organization is cyber resilient. (World Economic Forum)

117. 44% of leaders report that their organizations either are not cyber resilient or that they are concerned about their organization’s ability to be cyber resilient. (World Economic Forum)

118. 54 % of business and 61% of cyber leaders believe their third-party organizations are slightly or far less resilient than their own organizations. (World Economic Forum)

119. Small to medium-sized enterprises were more likely to consider their third parties to be equal in their cyber-resilience capabilities (38%) than larger organizations (23%). (World Economic Forum)

120. A third of all cyber leaders still ranked gaining leadership support as the most challenging aspect of managing cyber resilience. (World Economic Forum)

Cybersecurity awareness statistics 

Knowing what risks you and your organization face and acting responsibly to avoid them can help improve cyber resilience. Take a look at the cybersecurity awareness statistics below to see how individuals and organizations are thinking about cybersecurity and taking action. 

121. Security awareness is often perceived by organizations as a part-time task, with 70% of security awareness practitioners disclosing that they dedicated half or less of their working time to it in 2023. (SANS Institute)

122. Only 14% of security awareness practitioners said that they dedicate 90% or more of their working time to security awareness. (SANS Institute)

123. 75% of respondents said they did have a security awareness budget. However, only 25% knew what their budget was. (SANS Institute)

124. More than 39% of organization leaders agree that “cybersecurity is a key business enabler.” (World Economic Forum)

125. More than half (56%) of cyber leaders meet with business leaders monthly, or more frequently, to discuss cyber-focused topics. (World Economic Forum)

126. 69% of organizations say the top executives have a clear view of how cyber security is being managed. (Hiscox)

127. 59% of small businesses surveyed don’t use security awareness training. (Hiscox)

128. 65% percent of IT professionals said that their cybersecurity awareness training programs need expansion. (ThriveDX)

129. When asked how they had responded to cyber attacks, 39% of experts said they stepped-up employee training (39%). (Hiscox)

130. In 2022, 97% of organizations reported implementing some type of cybersecurity awareness training measures this past year. (ThriveDX)

131. As a result of employee awareness efforts, 19% of organizations reported better awareness and 14% greater vigilance. (ThriveDX)

How to protect against cyber attacks

Below are best practices that can help you protect your organization against cyber attacks. 

1. Meet security and compliance standards and regulations

Adhering to regulatory guidelines and industry standards like SOC 2 and HIPAA can not only help you avoid fines and penalties — it can also help you establish strong internal security controls and sustainable security processes that reduce the likelihood of cyber attacks.

Compliance activities, like risk assessments and security awareness training for example, help keep organizations aware of critical business risks, identify redundancies in their software and procedures, and ensure their staff is properly trained to protect sensitive information. 

2. Identify and prioritize risks

There are many methods for identifying and prioritizing risks. One of the most popular is developing key risk indicators (KRIs).

KRIs are a way to proactively track the most important types of risks that could put your business’s primary objectives and priorities in jeopardy. By establishing KRIs and setting tolerance values to track against each risk, KRIs can serve as early warning signs of upcoming crises and provide your organization enough time to mitigate that risk’s potential impact or prevent it from occurring. 

Another popular method is using a risk matrix. To create a risk matrix, you have to compare the likelihood of a potential risk against the impact that your business would face if that risk occurs. For example, a high-priority risk would be an incoming hurricane that’s expected to cause power outages and disrupt business operations.

No matter what method you choose, prioritizing the risks that pose the greatest threat to your organization can enable you to focus your team’s time and resources to minimize their impact.

3. Create a risk management plan 

Once you’ve identified the biggest risks facing your business, you can create a plan for how to manage them. 

A risk management plan should document your organization’s process for regularly identifying, analyzing, and mitigating risks. It should also list clear roles and responsibilities for team members to track potential risks and address them if they were to happen.  

4. Educate employees

People continue to be one of the greatest threats against an organization. Effectively training your workforce on security and privacy best practices can help reduce the likelihood of security incidents caused by human error.

Ideally, your workforce training program will include interactive training methods such as quizzes, demonstrations, and staging physical security situations. It should also include training for all new employees during onboarding and continuous on-the-job training. 

5. Develop and maintain an information security policy

Policies can also help ensure employees understand and follow security and privacy best practices to protect your organization. Your organization will likely have dozens, including an access control policy, vendor management policy, and more. One of the most important is an information security policy.

An information security policy is a set of rules and guidelines that define how an organization manages and protects its information assets, including its data, systems, and networks. It outlines the objectives, goals, and responsibilities for safeguarding information against unauthorized access, use, disclosure, disruption, modification, or destruction.

It should be distributed to employees for review and updated at least annually to keep up with your organization’s business environment, technologies, and regulatory requirements as they change. 

5. Develop and maintain an incident response and disaster recovery plan

An incident response and disaster recovery plan are other important policies that can help enhance your organization’s information security capabilities and promote a culture of security. An incident response plan can help you respond to security incidents faster and minimize their impact and costs, while a disaster recovery plan can help you recover and restore critical systems, operations, and data to ensure your organization returns to full functionality after an incident.

Like an information security policy, these should be distributed to employees for review and updated at least annually.

6. Use continuous monitoring

Continuous monitoring is a cybersecurity practice that involves ongoing surveillance and analysis of an organization's IT infrastructure, systems, and applications to detect potential security threats and vulnerabilities.

This can help you detect threats in real-time, respond to both vulnerabilities and security incidents faster and more efficiently, and maintain compliance with regulatory requirements.

How Secureframe can help your organization’s cybersecurity efforts

Defending your organization from cyber attacks while navigating an increasingly complex threat and compliance landscape is difficult — so don’t do it alone. 

Secureframe can simplify and streamline your cybersecurity efforts. We can help you automate risk assessments, reduce your third-party risk, simplify policy management, speed up cloud remediation, and conduct continuous monitoring to look for gaps in controls so you can maintain continuous compliance. We can also make training your workforce on the latest security and privacy best practices easy and automatic. 

Plus, our in-house compliance team can give personalized advice based on your company’s unique risks and industry requirements to keep you secure and compliant, even as you scale.

When asked how Secureframe helped them improve, 81% of UserEvidence survey respondents say they reduced the risk of data breaches, with 39% saying they cut that risk by at least half.

To learn more about how Secureframe can help you develop a robust cybersecurity program and reduce the risk of cyber attacks, request a demo today.

About the UserEvidence Survey

The data about Secureframe users was obtained through an online survey conducted by UserEvidence in February 2024. The survey included responses from 44 Secureframe users (the majority of whom were manager-level or above) across the information technology, consumer discretionary, industrials, financial, and healthcare industries.


What are the statistics for cyber security in 2023?

The average cost of a data breach reached an all-time high in 2023 of USD 4.45 million, which represents a 2.3% increase from 2022. In 2023, 52% of all breaches involved some form of customer personal identifiable information, such as names and Social Security numbers, making customer PII the most commonly breached record type for the third year in a row. These are just a few statistics that represent the cybersecurity landscape in 2023. You can find more here.

What is 90% of cyber incidents?

According to a few studies, approximately 90% of cyber incidents are due to human error. For example, CybSafe analysis of data from the UK’s Information Commissioner’s Office (ICO) found that 90% of data breaches were caused by user error in 2019. The World Economic Forum's 2022 Global Risks Report stated that 95% of cybersecurity incidents occur due to human error.

What do 80% of cyber attacks involve?

According to a few studies, approximately 80% of cyber attacks involve weak or stolen passwords. For example, according to the 2021 Password Security Report by LastPass, more than 80% of breaches were caused by weak, reused, or stolen passwords.