Account Takeovers Exposed: Key Statistics You Need to Know

Account takeover allows threat actors to steal sign-in credentials and access an organization's network. Read some eye-popping stats about ATO cost and frequency.
November 28, 2023

Account takeovers (ATO) have become a significant concern for organizations of all sizes and industries. These attacks are an especially damaging form of identity theft and fraud in which a threat actor gains access to a user’s account credentials. This puts the organization at risk of leaking sensitive information and falling prey to fraudulent requests for financial transactions. To make matters worse, these attacks can go undetected for months.

ATOs can occur in various ways—through session hijacking due to authentication token theft or forgery, traditional phishing, social engineering, credential stuffing, or even SMS or voice phishing. In essence, these threats are enabled by a combination of advanced attack methods and weak security measures.

To shed light on the prevalence and impact of account takeovers, we’ll delve into the latest statistics surrounding this type of cyber threat. By understanding the scope of the problem, businesses can better prepare themselves to detect, prevent, and mitigate the risks associated with account takeovers.

1. Approximately 26% of Companies Are Targeted by Weekly ATO Attempts

Unfortunately, account takeovers have become increasingly common over the past year. A quarter of companies (26%) say they are targeted by an ATO attempt each week.

Thankfully, not every ATO attempt is successful. Many are stopped by keen-eyed security teams or stymied by sophisticated cybersecurity solutions. Due to the high frequency of these attacks, it’s important for organizations to prioritize stopping ATOs in their tracks.

2. It Takes an Average of 11 Months to Resolve a Breach Caused by Stolen Credentials

On average, it takes 11 months to resolve a breach caused by stolen credentials, according to the IBM 2023 Cost of a Data Breach Report. This includes 240 days to identify the breach and another 88 to contain and resolve it. That’s almost a year, and each day is another opportunity for the attacker to harm your organization.

One of the reasons for the long life of these attacks is that 67% of organizations are not detecting account compromise on their own, making it crucial for organizations to leverage third-party cybersecurity solutions to help address ATO.

3. Organizations with 50,000+ Employees Have a 60% Chance of a Successful ATO Each Week

Organizations with a large number of employees offer threat actors more surface area for attacks. In fact, companies with more than 50,000 employees have a 60% chance of a successful ATO each week.

Successful attackers can then burrow deeper into organizations through emails, third-party applications, sensitive files, and more based on their privileged status. And with such dispersed networks of remote workers or employees across multiple offices, it’s easy to miss potential warning signs.

4. Nearly 80% of Fortune 1000 Organizations Have at Least One Compromised Account

Even top-tier companies are susceptible to ATO. In fact, they may even be hot targets for threat actors who recognize the value and reputation of these organizations. Nearly 80% of Fortune 100 organizations have at least one compromised account, according to Abnormal data.

Executives and members of financial services organizations are obvious targets. But attackers will compromise any account they can in hopes of climbing the corporate ladder, so to speak, with additional attacks against other employees.

5. The Average Breach Caused by Stolen Credentials Costs Organizations $4.62M

In addition to the frequent and widespread occurrence of ATO, it also bears a hefty price tag. According to the aforementioned IBM report, the average breach caused by stolen credentials costs organizations $4.62 million. That’s a substantial hit to an organization’s wallet and potentially a fatal hit to some.

Defend Against ATO With a Sophisticated Security Solution

ATO attempts are frequent, costly, and difficult to detect, making them a top concern for organizations and security professionals.

Abnormal is an advanced security solution that detects compromised email accounts and unusual or malicious user behavior. By recreating the crime scene in detail, Abnormal provides security teams with conclusive evidence to take action. Better still, Abnormal proactively kicks attackers out of hijacked Microsoft 365 accounts and remediates emails sent from compromised accounts. With total visibility into internal-to-internal email traffic, Abnormal prevents lateral phishing attacks often associated with ATO.

In the same way that you can cancel credit cards or debit cards before a thief has the opportunity to use them, Abnormal helps security teams take proactive steps to stop ATO. Abnormal can even detect ATOs already hidden within your network, thereby providing full defenses for your organization.

Interested in learning more about account takeovers and how you can stay protected with Abnormal? Schedule a demo today!

Schedule a Demo
Account Takeovers Exposed: Key Statistics You Need to Know

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B 07 22 24 MKT624 Images for Paris Olympics Blog
Threat actors are targeting French businesses ahead of the Paris 2024 Olympics. Learn how they're capitalizing on the event and how to protect your organization.
Read More
B Cross Platform ATO
Cross-platform account takeover is an attack where one compromised account is used to access other accounts. Learn about four real-world examples: compromised email passwords, hijacked GitHub accounts, stolen AWS credentials, and leaked Slack logins.
Read More
B Why MFA Alone Will No Longer Suffice
Explore why account takeover attacks pose a major threat to enterprises and why multi-factor authentication (MFA) alone isn't enough to prevent them.
Read More
Learn how Abnormal uses natural language processing or NLP to protect organizations from phishing, account takeovers, and more.
Read More
B DK Compromise 7 11 24
Discover the top five ways hackers compromise accounts, from exploiting leaked API credentials to SIM swapping partnerships, and more. Learn how these techniques enable account takeover (ATO) and pose risks to enterprises.
Read More
B Sans Recap 7 11 24
Discover trends among modern SOC teams, including misaligned budgets, increased automation, unsatisfactory AI tools, staffing issues, and more.
Read More