In 2023, we’ve seen a number of high profile cybersecurity incidents, including a cyberattack on MGM Resorts International which cost them an estimated $80 million in revenue over five days, and a data breach from personal genomics and biotechnology company, 23andMe resulted in 20m data records stolen. As we round out the year, we’ve compiled a list of some of the key social engineering statistics from the year.
- An estimated 18% of attacks targeted web-based software and webmail. (Resmo)
- Smishing (SMS Phishing) attacks target 76% of global businesses. (Resmo)
- In Q2 2023, Microsoft topped the list of most impersonated brands for phishing scams. (MSSP Alert)
- Phishing makes up 44% of social engineering incidents, and is the third most common type of action in breaches where virtual currency was involved. (Verizon)
- Social engineering attacks cost an average of $130,000. (Splunk)
- In Q3 2023, bad actors used various social engineering channels in successful attacks: phishing websites (54%), email (27%), social media scams (19%), and instant messaging hoaxes (16%). (Positive Technologies)
- 68% of black hat hackers say multi-factor authentication and encryption are the biggest hacker obstacles. (HailBytes)
- Google blocks around 100m phishing emails every day. (Resmo)
- 90% of data breach incidents target the human element to gain access to sensitive business information. (Splunk)
- Individuals working for educational institutions are most likely to open a phishing email. Healthcare and retail employees are the least likely to do so. (StationX)
- The average organisation is targeted by 700+ social engineering attacks annually, that’s on average 2.7 per day. (Firewall Times)
- Men are more than twice as likely to fall for phishing attacks than women. (KnowBe4)
- Phishing volumes increased by more than 54% during the first half of 2023 compared to the second half of 2022 at 742.9 million vs. 482.2 million. (Vade)