2023 Cybersecurity Spotlight: 10 of the Year's Must-Know Stats

Staying informed about the latest cybersecurity trends and statistics can go a long way toward reducing your organization's vulnerability to attacks. Like Francis Bacon said: knowledge is power.

As we bid farewell to 2023, it’s the perfect time to take a look back at a few of the biggest shifts and developments we saw in the cybersecurity landscape over the past 12 months. From the staggering losses caused by business email compromise to the rising prominence of generative AI in cyberattacks, these statistics shed light on the challenges organizations face in protecting their data and systems.

According to the FBI IC3’s 2022 Internet Crime Report, $2.7 billion was lost to business email compromise (BEC) last year, representing a year-over-year increase of 14.5%. This is a high mark for an already troubling trend. Over the past 10 years, the FBI estimates that BEC has caused $51 billion in exposed losses.

It’s concerning enough that the number of BEC attacks has doubled since 2020. Perhaps even more alarming is that the median amount stolen in BEC attacks is more than $50,000. Further, organizations with 50,000 or more employees have a nearly 100% chance of receiving at least one BEC attempt each week.

Nearly half (48%) of organizations received a vendor email compromise (VEC) attack in the first six months of 2023. Also known as supply chain compromise, these attacks originate with an attack on a vendor or supplier and, on average, cost 11.8% more and take 12.8% longer to identify than other breach types.

Encouraging new use cases for generative AI emerge all the time. But there’s a dark side to this revolutionary technology, too. Security professionals have seen an uptick in cyberattacks over the past year, with 85% of respondents attributing the rise to bad actors using generative AI.

After an attacker successfully infiltrates an enterprise, it takes the organization 277 days on average to identify and contain the data breach. One of the unfortunate reasons for this extended dwell time is that many organizations cannot or do not detect these incursions on their own.

The cybersecurity workforce shortage has reached 4 million, according to ISC2. Optimistically, this indicates that there are plenty of opportunities for job seekers in the cybersecurity industry. Unfortunately, this also implies that organizations lack the robust security teams necessary to keep themselves protected from cyberattacks.

Two-thirds (66%) of organizations have implemented an AI-enabled email security solution over and above the protections offered in Microsoft 365 or Google Workspace. This is a step in the right direction as organizations recognize the evolving threats of sophisticated social engineering scams, BEC attacks, and AI-powered cyberattacks.

While only two-thirds of organizations have already implemented AI-enabled email security solutions, the vast majority of security leaders recognize the need to integrate the technology into their existing infrastructure. A near-ubiquitous 94% of cybersecurity stakeholders believe AI will have a major impact on their security strategy within the next two years.

Today’s workforces leverage various communication channels beyond email, including Slack and Zoom. These channels are also targeted by threat actors, which is why 84% of organizations want their AI-enabled email security to protect other communication apps. In fact, 89% of organizations report that protecting SaaS applications is a top five IT priority over the next 12 to 24 months.

The average cost of a data breach is $4.45 million—a price tag that by itself is enough to motivate investment in advanced AI cybersecurity solutions. But on top of that, organizations using security AI and automation had, on average, nearly $1.8 million lower data breach costs than those without these technologies.

The cybersecurity landscape in 2023 has been marked by significant challenges and evolving threats. The malicious use of generative AI has fueled the surge in cyberattacks, demanding a proactive approach. Forward-thinking organizations are responding to these novel cyberattacks by implementing AI-native email security solutions, resulting in cost savings and improved threat detection.

By arming your organization with knowledge and innovation, you can successfully navigate the ever-changing landscape and protect your workforce now and into the future.

Interested in learning more about how Abnormal can help your organization protect more, spend less, and secure the future? Schedule a demo today.