Enterprise IT leaders and practitioners in security operations (SecOps) are under growing pressure from threat actors, who continuously pound away at their infrastructure defenses using a variety of new and proven tactics, techniques, and procedures.
Phishing, vulnerability exploits, and credential theft continue to be popular vectors for initial access. But increasingly, threat actors are leveraging weaknesses in the software supply chain, and more recently they have turned to AI-enabled tools and techniques to break into organizational networks.
The trends have complicated an already complex cyber-risk management landscape and heightened breach risks for many organizations. Here's a list of 30 cybersecurity stats from reliable industry sources that demonstrate some of the most important trends impacting cybersecurity over the past year.
[ Special report: The State of Software Supply Chain Security (SSCS) 2024 ]
Breaches and attacks
6.06B: Total number of malware attacks
Malware attacks in 2023 were up 11% over 2022. Attacks involving cryptojacking soared 659% over the same period, while those involving encrypted threats shot up 117%.
Source: 2024 SonicWall Cyber Threat Report, SonicWall
$4.45M: Global average cost of a data breach
The cost of a data breach continues to tick steadily upwards. Between 2020 and 2023, the average cost of a data breach globally increased 15.3%, from $3.86 million to $4.45 million.
Source: Cost of a Data Breach Report 2023, IBM
$1.68M: Average data breach cost savings among DevSecOps adopters
Organizations that have a high level of DevSecOps adoption and robust incident response planning and testing had a higher success rate than others in containing the cost of a data breach.
Source: Cost of a Data Breach Report 2023, IBM
14%: Breaches in which a software vulnerability was used to gain initial access
In 2023, the percentage of incidents investigated that involved vulnerability exploits as an initial access vector tripled compared to the previous year.
Source: 2024 Data Breach Investigations Report, Verizon
68%: Breaches involving social engineering — or user error
The proportion of breaches involving the human element remained largely unchanged over the prior year, highlighting the importance of security awareness training.
Source: 2024 Data Breach Investigations Report, Verizon
37%: Percentage of breaches in 2023 that resulted in data theft
Other common post-compromise activity included financial gain (36%) and extortion (11%).
Source: M-Trends 2024 Special Report, Mandiant
62%: Intrusions involving attackers abusing valid accounts
Credential abuse — especially incidents involving the use of privileged domain accounts and default accounts — contributed to a high percentage of security incidents in 2023.
Source: 2023 Threat Hunting Report, CrowdStrike
160%: Increase in attacks using cloud metadata APIs to discover secrets or other credentials
Threat actors are increasingly exploiting weaknesses in cloud environments to probe organizations for privileged credentials.
Source: 2023 Threat Hunting Report, CrowdStrike
266%: Increase in cybercriminal use of information stealers
Threat groups that previously specialized in ransomware have increasingly turned to infostealers for many of their campaigns. The most notable among these stealers were Rhadamanthys, LummaC2, and StrelaStealer.
Source: Threat Intelligence Index 2024, IBM X-Force
7.6 trillion: Attempts at unauthorized access via vulnerability exploit
The number of attempts that threat actors made in 2023 to gain unauthorized access to a protected system or service via a vulnerability exploit has increased steadily over the past decade and is up 613% from 2013.
Source: 2024 SonicWall Cyber Threat Report, SonicWall
22.3%: Observed attacks that involved living-off-the-land binaries (LOLBINs)
In 2023, 92% of all LOLBIN attacks included Rundll32, Msiexec, or Mshta.
Source: ReliaQuest Annual Cyber-Threat Report: 2024, ReliaQuest
75.8%: Percentage of nation-state actor attacks involving living-off-the-land techniques
Other common attack vectors that nation-state actors leveraged last year included custom malware (63.7%), off-the-shelf tools (62.6%), and software supply chains (54.9%).
Source: 2024 Threat Hunting Survey, SANS Research Program
Vulnerabilities and threats
67%: Percentage of organizations with one critical vulnerability in their environment
Despite growing risks, many organizations lagged behind on vulnerability management last year. More than nine out of every 10 organizations had at least one CVE in their environment with known exploits, and 25% had five or more CVEs.
Source: Threat Intelligence Index 2024, IBM X-Force
260,773: Number of vulnerabilities, exploits, and zero days seen since 1988
Software vulnerabilities continued to present a major breach risk for organizations last year, as they have for more than three decades.
Source: Threat Intelligence Index 2024, IBM X-Force
84,245: Number of total vulnerabilities and zero days with known exploits since 1988
While the cumulative number of flaws with known exploits is holding steady, only 7,506 of the vulnerabilities (7%) were zero-day threats.
Source: Threat Intelligence Index 2024, IBM X-Force
32%: Percentage of organizations able to evaluate AI-generated code for security risks, etc.
Despite burgeoning use of generative AI tools such as OpenAI Codex, ChatGPT, and GitHub Copilot in software development, fewer than one-third of organizations have the ability to detect potential security issues, licensing, and other quality issues in the code.
Source: The State of Supply Chain Security Risks, Synopsys
74%: CISOs and security leaders who described AI-powered cyberthreats as significant
While GenAI technologies such as ChatGPT and GitHub CoPilot are transforming enterprise IT infrastructures, a recent survey found they are also giving threat actors a handy way to refine their attacks.
Source: State of AI Cybersecurity 2024, Darktrace
60%: Security leaders who say their organizations are not prepared for AI-enabled threats
Nearly all IT and security leaders (96%) believe AI-driven security products will better prepare them for next-generation, AI-powered cyberattacks.
Source: State of AI Cybersecurity 2024, Darktrace
Software supply chain security
54%: Percentage of organizations that experienced a software supply chain attack in 2023
Half of the victim organizations took more than one month to respond to these attacks, while about 20% said their mechanisms for detecting and responding to supply chain attacks were ineffective.
Source: The State of Supply Chain Security Risks, Synopsys
15%: Percentage of software supply chain breaches involving a third party
Intrusions resulting from a software vulnerability or compromise at a third party (data custodian or infrastructure provider) surged 68% last year, fueled largely by zero-day exploits.
Source: 2024 Data Breach Investigations Report, Verizon
28%: Increase in malicious packages on the npm and PyPI repositories
Attackers last year increasingly tried to breach enterprise software development environments by planting weaponized packages and libraries on two of the most widely used public code repositories.
Source: The State of Software Supply Chain Security 2024, ReversingLabs
11,000: Number of malicious packages uploaded to npm, PyPI, and RubyGems
In many cases, threat actors in 2023 uploaded malicious package that were obfuscated or encrypted, making them hard to detect by conventional tools.
Source: The State of Software Supply Chain Security 2024, ReversingLabs
$45B: Global cost of software supply chain attacks
What's more, by 2031, the financial costs to organizations globally from supply chain attacks will soar to $138 billion.
Source: 2023 Software Supply Chain Attack Report, Snyk
Ransomware
36%: Decrease in ransomware attacks globally year over year
Researchers recorded 317.6 million ransomware attacks last year, which represented a substantial year-over-year decline compared to 2022. Nearly every region, including North America and Europe, witnessed a fall in ransomware volume in 2023. The only exception was Asia, which experienced a sharp increase.
Source: 2024 SonicWall Cyber Threat Report, SonicWall
59%: Percentage of security leaders who say they have experienced a ransomware attack
Respondents to a survey of 5,000 IT and security pros noted that the volume of reported ransomware attacks last year was lower than in the previous two years. In both 2023 and 2022, 66% of organizations experienced at least one ransomware attack.
Source: The State of Ransomware 2024: Sophos
49%: Percentage of a victim organization's computers impacted on average by a ransomware attack
Contrary to perception, ransomware attacks rarely result in all computers at an organization getting encrypted. In fact, only 4% of ransomware victims last year reported that their full environment had been encrypted.
Source: The State of Ransomware 2024: Sophos
Incident response
10 days: Global median dwell time after an initial compromise
Enterprise organizations are getting better at detecting intruders in their environment. In 2022, the median dwell time (the amount of time an attacker remains undetected on a network) was 16 days. Ten years ago, it was 205 days.
Source: M-Trends 2024 Special Report, Mandiant
54%: Organizations that learned about breaches, ransomware, etc. from an external source
Most organizations still first learn about a security incident in their environment from a security vendor, law enforcement agency, industry partner, customer, or other external entity, such as a ransomware actor.
Source: M-Trends 2024 Special Report, Mandiant
58 minutes: Average MTTR to security incident for organizations using AI and automation
In contrast, organizations that utilized traditional incident detection and response mechanisms had an average mean time to respond of 2.3 days
Source: ReliaQuest Annual Cyber-Threat Report: 2024, ReliaQuest
50.8%: Organizations that have implemented threat hunting in their environment
Another 35% have implemented ad hoc methods to hunt down threats, and 13% plan to implement a threat hunting capability soon.
Source: 2024 Threat Hunting Survey, SANS Research Program
Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.