Account Takeovers Exposed: Key Statistics You Need to Know

Account takeover allows threat actors to steal sign-in credentials and access an organization's network. Read some eye-popping stats about ATO cost and frequency.
November 28, 2023

Account takeovers (ATO) have become a significant concern for organizations of all sizes and industries. These attacks are an especially damaging form of identity theft and fraud in which a threat actor gains access to a user’s account credentials. This puts the organization at risk of leaking sensitive information and falling prey to fraudulent requests for financial transactions. To make matters worse, these attacks can go undetected for months.

ATOs can occur in various ways—through session hijacking due to authentication token theft or forgery, traditional phishing, social engineering, credential stuffing, or even SMS or voice phishing. In essence, these threats are enabled by a combination of advanced attack methods and weak security measures.

To shed light on the prevalence and impact of account takeovers, we’ll delve into the latest statistics surrounding this type of cyber threat. By understanding the scope of the problem, businesses can better prepare themselves to detect, prevent, and mitigate the risks associated with account takeovers.

1. Approximately 26% of Companies Are Targeted by Weekly ATO Attempts

Unfortunately, account takeovers have become increasingly common over the past year. A quarter of companies (26%) say they are targeted by an ATO attempt each week.

Thankfully, not every ATO attempt is successful. Many are stopped by keen-eyed security teams or stymied by sophisticated cybersecurity solutions. Due to the high frequency of these attacks, it’s important for organizations to prioritize stopping ATOs in their tracks.

2. It Takes an Average of 11 Months to Resolve a Breach Caused by Stolen Credentials

On average, it takes 11 months to resolve a breach caused by stolen credentials, according to the IBM 2023 Cost of a Data Breach Report. This includes 240 days to identify the breach and another 88 to contain and resolve it. That’s almost a year, and each day is another opportunity for the attacker to harm your organization.

One of the reasons for the long life of these attacks is that 67% of organizations are not detecting account compromise on their own, making it crucial for organizations to leverage third-party cybersecurity solutions to help address ATO.

3. Organizations with 50,000+ Employees Have a 60% Chance of a Successful ATO Each Week

Organizations with a large number of employees offer threat actors more surface area for attacks. In fact, companies with more than 50,000 employees have a 60% chance of a successful ATO each week.

Successful attackers can then burrow deeper into organizations through emails, third-party applications, sensitive files, and more based on their privileged status. And with such dispersed networks of remote workers or employees across multiple offices, it’s easy to miss potential warning signs.

4. Nearly 80% of Fortune 1000 Organizations Have at Least One Compromised Account

Even top-tier companies are susceptible to ATO. In fact, they may even be hot targets for threat actors who recognize the value and reputation of these organizations. Nearly 80% of Fortune 100 organizations have at least one compromised account, according to Abnormal data.

Executives and members of financial services organizations are obvious targets. But attackers will compromise any account they can in hopes of climbing the corporate ladder, so to speak, with additional attacks against other employees.

5. The Average Breach Caused by Stolen Credentials Costs Organizations $4.62M

In addition to the frequent and widespread occurrence of ATO, it also bears a hefty price tag. According to the aforementioned IBM report, the average breach caused by stolen credentials costs organizations $4.62 million. That’s a substantial hit to an organization’s wallet and potentially a fatal hit to some.

Defend Against ATO With a Sophisticated Security Solution

ATO attempts are frequent, costly, and difficult to detect, making them a top concern for organizations and security professionals.

Abnormal is an advanced security solution that detects compromised email accounts and unusual or malicious user behavior. By recreating the crime scene in detail, Abnormal provides security teams with conclusive evidence to take action. Better still, Abnormal proactively kicks attackers out of hijacked Microsoft 365 accounts and remediates emails sent from compromised accounts. With total visibility into internal-to-internal email traffic, Abnormal prevents lateral phishing attacks often associated with ATO.

In the same way that you can cancel credit cards or debit cards before a thief has the opportunity to use them, Abnormal helps security teams take proactive steps to stop ATO. Abnormal can even detect ATOs already hidden within your network, thereby providing full defenses for your organization.

Interested in learning more about account takeovers and how you can stay protected with Abnormal? Schedule a demo today!

Schedule a Demo
Account Takeovers Exposed: Key Statistics You Need to Know

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 MKT477 Energy Infrastructure Data Blog
Energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. Learn more.
Read More
B Mr Wonderful Talks AI
Explore the future of AI and cybersecurity and learn why prioritizing security investments is crucial with Kevin O’Leary of Shark Tank fame.
Read More
B 1500x1500 MKT468a Open Graph Images for Phishing Subjects Blog
Discover the most engaging phishing email subjects, according to Abnormal data, and how to protect your organization from these scams.
Read More
B Threat Report BEC VEC Blog
Our H1 2024 Email Threat Report revealed significant year-over-year increases in both business email compromise and vendor email compromise. Learn more.
Read More
B 2 7 24 Product Update
Abnormal product enhancements improve detection efficacy, reporting on QR code attacks, productivity, and protection from account takeover.
Read More
B 1500x1500 Quishing Stats Blog 02 05 24
Today we released our H1 2024 Email Threat Report, which examines the threat landscape and dives into the latest evolution in phishing: QR code attacks.
Read More