In 2023, we’ve seen a number of high profile cybersecurity incidents, including a cyberattack on MGM Resorts International which cost them an estimated $80 million in revenue over five days, and a data breach from personal genomics and biotechnology company, 23andMe resulted in 20m data records stolen. As we round out the year, we’ve compiled a list of some of the key social engineering statistics from the year.

  1. An estimated 18% of attacks targeted web-based software and webmail. (Resmo)
  2. Smishing (SMS Phishing) attacks target 76% of global businesses. (Resmo)
  3. In Q2 2023, Microsoft topped the list of most impersonated brands for phishing scams. (MSSP Alert)
  4. Phishing makes up 44% of social engineering incidents, and is the third most common type of action in breaches where virtual currency was involved. (Verizon)
  5. Social engineering attacks cost an average of $130,000. (Splunk)
  6. In Q3 2023, bad actors used various social engineering channels in successful attacks: phishing websites (54%), email (27%), social media scams (19%), and instant messaging hoaxes (16%). (Positive Technologies)
  7. 68% of black hat hackers say multi-factor authentication and encryption are the biggest hacker obstacles. (HailBytes)
  8. Google blocks around 100m phishing emails every day. (Resmo)
  9. 90% of data breach incidents target the human element to gain access to sensitive business information. (Splunk)
  10. Individuals working for educational institutions are most likely to open a phishing email. Healthcare and retail employees are the least likely to do so. (StationX)
  11. The average organisation is targeted by 700+ social engineering attacks annually, that’s on average 2.7 per day. (Firewall Times)
  12. Men are more than twice as likely to fall for phishing attacks than women. (KnowBe4)
  13. Phishing volumes increased by more than 54% during the first half of 2023 compared to the second half of 2022 at 742.9 million vs. 482.2 million. (Vade)