RL Blog
|

Security operations by the numbers: 30 cybersecurity stats that matter

Get up to speed on the state of SecOps with key takeaways from recent research and surveys of cybersecurity practitioners and leaders.

Jaikumar Vijayan
Blog Author

Jaikumar Vijayan, Freelance technology journalist. Read More...

30-secops-stats-that-matter

Enterprise IT leaders and practitioners in security operations (SecOps) are under growing pressure from threat actors, who continuously pound away at their infrastructure defenses using a variety of new and proven tactics, techniques, and procedures.

Phishing, vulnerability exploits, and credential theft continue to be popular vectors for initial access. But increasingly, threat actors are leveraging weaknesses in the software supply chain, and more recently they have turned to AI-enabled tools and techniques to break into organizational networks.

The trends have complicated an already complex cyber-risk management landscape and heightened breach risks for many organizations. Here's a list of 30 cybersecurity stats from reliable industry sources that demonstrate some of the most important trends impacting cybersecurity over the past year.

[ Special report: The State of Software Supply Chain Security (SSCS) 2024 ]

Breaches and attacks

6.06B: Total number of malware attacks

Malware attacks in 2023 were up 11% over 2022. Attacks involving cryptojacking soared 659% over the same period, while those involving encrypted threats shot up 117%.

Source: 2024 SonicWall Cyber Threat Report, SonicWall

$4.45M: Global average cost of a data breach

The cost of a data breach continues to tick steadily upwards. Between 2020 and 2023, the average cost of a data breach globally increased 15.3%, from $3.86 million to $4.45 million.

Source: Cost of a Data Breach Report 2023, IBM

$1.68M: Average data breach cost savings among DevSecOps adopters

Organizations that have a high level of DevSecOps adoption and robust incident response planning and testing had a higher success rate than others in containing the cost of a data breach.

Source: Cost of a Data Breach Report 2023, IBM

14%: Breaches in which a software vulnerability was used to gain initial access

In 2023, the percentage of incidents investigated that involved vulnerability exploits as an initial access vector tripled compared to the previous year.

Source: 2024 Data Breach Investigations Report, Verizon

68%: Breaches involving social engineering — or user error

The proportion of breaches involving the human element remained largely unchanged over the prior year, highlighting the importance of security awareness training.

Source: 2024 Data Breach Investigations Report, Verizon

37%: Percentage of breaches in 2023 that resulted in data theft

Other common post-compromise activity included financial gain (36%) and extortion (11%).

Source: M-Trends 2024 Special Report, Mandiant

62%: Intrusions involving attackers abusing valid accounts

Credential abuse — especially incidents involving the use of privileged domain accounts and default accounts — contributed to a high percentage of security incidents in 2023.

Source: 2023 Threat Hunting Report, CrowdStrike

160%: Increase in attacks using cloud metadata APIs to discover secrets or other credentials

Threat actors are increasingly exploiting weaknesses in cloud environments to probe organizations for privileged credentials.

Source: 2023 Threat Hunting Report, CrowdStrike

266%: Increase in cybercriminal use of information stealers

Threat groups that previously specialized in ransomware have increasingly turned to infostealers for many of their campaigns. The most notable among these stealers were Rhadamanthys, LummaC2, and StrelaStealer.

Source: Threat Intelligence Index 2024, IBM X-Force

7.6 trillion: Attempts at unauthorized access via vulnerability exploit

The number of attempts that threat actors made in 2023 to gain unauthorized access to a protected system or service via a vulnerability exploit has increased steadily over the past decade and is up 613% from 2013.

Source: 2024 SonicWall Cyber Threat Report, SonicWall

22.3%: Observed attacks that involved living-off-the-land binaries (LOLBINs)

In 2023, 92% of all LOLBIN attacks included Rundll32, Msiexec, or Mshta.

Source: ReliaQuest Annual Cyber-Threat Report: 2024, ReliaQuest

75.8%: Percentage of nation-state actor attacks involving living-off-the-land techniques

Other common attack vectors that nation-state actors leveraged last year included custom malware (63.7%), off-the-shelf tools (62.6%), and software supply chains (54.9%).

Source: 2024 Threat Hunting Survey, SANS Research Program 

Vulnerabilities and threats

67%: Percentage of organizations with one critical vulnerability in their environment

Despite growing risks, many organizations lagged behind on vulnerability management last year. More than nine out of every 10 organizations had at least one CVE in their environment with known exploits, and 25% had five or more CVEs.

Source: Threat Intelligence Index 2024, IBM X-Force

260,773: Number of vulnerabilities, exploits, and zero days seen since 1988

Software vulnerabilities continued to present a major breach risk for organizations last year, as they have for more than three decades.

Source: Threat Intelligence Index 2024, IBM X-Force

84,245: Number of total vulnerabilities and zero days with known exploits since 1988

While the cumulative number of flaws with known exploits is holding steady, only 7,506 of the vulnerabilities (7%) were zero-day threats.

Source: Threat Intelligence Index 2024, IBM X-Force

32%: Percentage of organizations able to evaluate AI-generated code for security risks, etc.

Despite burgeoning use of generative AI tools such as OpenAI Codex, ChatGPT, and GitHub Copilot in software development, fewer than one-third of organizations have the ability to detect potential security issues, licensing, and other quality issues in the code.

Source: The State of Supply Chain Security Risks, Synopsys

74%: CISOs and security leaders who described AI-powered cyberthreats as significant

While GenAI technologies such as ChatGPT and GitHub CoPilot are transforming enterprise IT infrastructures, a recent survey found they are also giving threat actors a handy way to refine their attacks.

Source: State of AI Cybersecurity 2024, Darktrace

60%: Security leaders who say their organizations are not prepared for AI-enabled threats

Nearly all IT and security leaders (96%) believe AI-driven security products will better prepare them for next-generation, AI-powered cyberattacks.

Source: State of AI Cybersecurity 2024, Darktrace

Software supply chain security

54%: Percentage of organizations that experienced a software supply chain attack in 2023

Half of the victim organizations took more than one month to respond to these attacks, while about 20% said their mechanisms for detecting and responding to supply chain attacks were ineffective. 

Source: The State of Supply Chain Security Risks, Synopsys

15%: Percentage of software supply chain breaches involving a third party

Intrusions resulting from a software vulnerability or compromise at a third party (data custodian or infrastructure provider) surged 68% last year, fueled largely by zero-day exploits.

Source: 2024 Data Breach Investigations Report, Verizon

28%: Increase in malicious packages on the npm and PyPI repositories 

Attackers last year increasingly tried to breach enterprise software development environments by planting weaponized packages and libraries on two of the most widely used public code repositories.

Source: The State of Software Supply Chain Security 2024, ReversingLabs

11,000: Number of malicious packages uploaded to npm, PyPI, and RubyGems

In many cases, threat actors in 2023 uploaded malicious package that were obfuscated or encrypted, making them hard to detect by conventional tools.

Source: The State of Software Supply Chain Security 2024, ReversingLabs

$45B: Global cost of software supply chain attacks

What's more, by 2031, the financial costs to organizations globally from supply chain attacks will soar to $138 billion.

Source: 2023 Software Supply Chain Attack Report, Snyk

Ransomware

36%: Decrease in ransomware attacks globally year over year

Researchers recorded 317.6 million ransomware attacks last year, which represented a substantial year-over-year decline compared to 2022. Nearly every region, including North America and Europe, witnessed a fall in ransomware volume in 2023. The only exception was Asia, which experienced a sharp increase.

Source: 2024 SonicWall Cyber Threat Report, SonicWall

59%: Percentage of security leaders who say they have experienced a ransomware attack 

Respondents to a survey of 5,000 IT and security pros noted that the volume of reported ransomware attacks last year was lower than in the previous two years. In both 2023 and 2022, 66% of organizations experienced at least one ransomware attack.

Source: The State of Ransomware 2024: Sophos

49%: Percentage of a victim organization's computers impacted on average by a ransomware attack

Contrary to perception, ransomware attacks rarely result in all computers at an organization getting encrypted. In fact, only 4% of ransomware victims last year reported that their full environment had been encrypted.

Source: The State of Ransomware 2024: Sophos

Incident response

10 days: Global median dwell time after an initial compromise

Enterprise organizations are getting better at detecting intruders in their environment. In 2022, the median dwell time (the amount of time an attacker remains undetected on a network) was 16 days. Ten years ago, it was 205 days.

Source: M-Trends 2024 Special Report, Mandiant

54%: Organizations that learned about breaches, ransomware, etc. from an external source 

Most organizations still first learn about a security incident in their environment from a security vendor, law enforcement agency, industry partner, customer, or other external entity, such as a ransomware actor.

Source: M-Trends 2024 Special Report, Mandiant

58 minutes: Average MTTR to security incident for organizations using AI and automation

In contrast, organizations that utilized traditional incident detection and response mechanisms had an average mean time to respond of 2.3 days

Source: ReliaQuest Annual Cyber-Threat Report: 2024, ReliaQuest

50.8%: Organizations that have implemented threat hunting in their environment

Another 35% have implemented ad hoc methods to hunt down threats, and 13% plan to implement a threat hunting capability soon.

Source: 2024 Threat Hunting Survey, SANS Research Program



Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

More Blog Posts

Do More With Your SOAR

Do More With Your SOAR

Running an SOC is complex — and running without the best tools makes it more difficult. Learn how RL File Enrichment can automate and bolster your SOC.
Read More