Cybersecurity Scary Facts

Here are 13 scary cybersecurity facts and recommended actions to consider when addressing your budget for 2023. We have listed our top 5 with some analysis and then have the remaining 8 stats listed below.


1) 82% of breaches involved people.

Human beings are at the center of our cybersecurity threat landscape. To reduce the potential of network breach and increasing security gaps, organizations must continue to prioritize ongoing employee training. Educating the team on the latest security protocols will be critical to improve the security posture of any organization. This includes how to identify evolving, sophisticated phishing schemes, preventing unintended sharing and access to sensitive data as well as misconfiguration of assets.

Verizon, “2022 Data Breach Investigations Report” May 24, 2022

2) 93% of company networks can be penetrated by cybercriminals. 71% of unacceptable events can occur within 1 month. 

Despite organizations investing more time and money in cybersecurity, bad actors can still penetrate networks with relative ease. In this Positive Technologies report, it only took 2 days, on average, to penetrate a company’s internal network. To reduce your attack surface, you need to focus on proven solutions that secure vulnerable endpoints from unauthorized access. Adding continuous monitoring, isolation and containment of breaches can help manage potential threats before they spread laterally throughout the network.  

Positive Technologies, “Business in the crosshairs: analyzing attack scenarios.” December 20, 2021

3) 82% of CIOs believe their software supply chains are vulnerable to cyberattacks.

Ever since Solar Winds, executives and government technology leaders have been increasingly concerned about breaches (malware and ransomware) coming from their supply chain. As digital transformation and migration to the cloud continues to increase across all industries, the vulnerability to supply chain hacks has only grown. Organizations need to take steps to secure workloads coming from supply chain partners and devices by wrapping them in their own root of trust.

BetaNews, “82 percent of CIOs believe their software supply chains are vulnerable.” May 31, 2022

4) Internet of Things (IoT) malware attacks in healthcare have risen 123%

IoT and IoMT devices have emerged as keys to expanding patient services and improving medical outcomes. However, their growth also has expanded the attack surface. Most connected medical devices lack encryption or are not visible to IT security solutions. As a result, they are increasingly being targeted by bad actors. Not surprisingly, IoT malware attacks in healthcare are on the rise. One way to reduce your attack surface is to use a solution specifically designed to bring Zero Trust principles to IoT security.

Health IT Security, “IoT Malware Attack Volume Up 123% in Healthcare.” July 28, 2022

5) Healthcare organizations have the highest average data breach cost of any industry.

In healthcare, the cost of a breach has increased by 42% since 2020. In fact, costs for breaches in healthcare are the highest of any industry for the 12th year straight. According to IBM, the average cost is now over $10 million and rising. Since cybersecurity spending also is on the rise, we recommend you review what cybersecurity solutions you are using and whether or not they are designed to protect your most vulnerable assets. Click here to schedule a preliminary security review of your current solution.

IBM, “Cost of a data breach 2022: A million-dollar race to detect and respond.” January 2022



6) Global cybercrime to cost the world $10.5 trillion by 2025

Cyber Crime Magazine, “2022 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics.” January 22, 2022

7) On average it takes 287 days to identify and contain a data breach

IBM, “Cost of a data breach 2022: A million-dollar race to detect and respond.” January 2022

8) ISACA found that 61% of cybersecurity teams are understaffed.

ISACA, “New ISACA Study Finds Cybersecurity Workforce Minimally Impacted by Pandemic, but Still Grappling with Persistent Hiring Challenges.” May 4, 2021

9) Estimated 3.5 million unfilled cybersecurity jobs globally by 2025. Over 500,000 unfilled cybersecurity jobs will be in the U.S.

Cyber Crime Magazine, “Cybersecurity Jobs Report: 3.5 Million Openings In 2025.” November 11, 2021

10) Only 50% of small and mid-sized businesses have a cybersecurity plan in place.

UpCity, “2022 Study: 50% Of SMBs Have A Cybersecurity Plan In Place.” May 2, 2022

11) 62% of companies surveyed were impacted by a supply chain attack in 2021.

Anchor, “2022 Security Trends: Software Supply Chain Survey.” January 19,2022

12) 13% increase in ransomware breaches – more than the last 5 years combined.

Verizon, “2022 Data Breach Investigations Report” May 24, 2022

13) SANS Institute survey of ethical hackers shows that 60% of hackers need 5 hours or less to break into a network environment once they discovered a weakness.

CSO Online, “Most hackers need 5 hours or less to break into enterprise environments.” September 29, 222

Other sources to consider for information:


Click here to schedule a security review of your current solution with an OT/IoT security solution expert and visit the Onclave website for additional information.