In 2023, the global annual cost of cyber crime is predicted to top $8 trillion, according to a recent Cybersecurity Ventures report. This seemingly enormous figure might still be a major underestimate.

In 2021, U.S. financial institutions lost nearly $1.2 billion in costs due to ransomware attacks alone. That was a nearly 200% increase over the previous year. If we continue at that rate, next year could see global costs approaching $16 trillion.

Why might costs be so high? Here are seven reasons why cyberattack rates and costs will rise dramatically in 2023.

Reason 1: The economy

The Cybersecurity Venture report correctly identified the talent crunch as a reason for concern. But the problem has even deeper roots. The worldwide economic outlook continues to face stiff headwinds. Inflation, the energy crisis and supply chain issues are affecting every industry. Inflation will increase the overall cost of cyber crime as preventive and remediation costs rise.

While inflation is not directly related to the number of incidents, it does impact company budget decisions. In response, some of the biggest tech brands are reducing headcounts and implementing hiring freezes. Meanwhile, security teams have been stretched thin for years. If security budgets don’t rise with inflation, security leaders will have even less buying power to implement strong security and capable teams.

Reason 2: Malware-as-a-Service

Ransomware has plagued businesses, governments, individuals and organizations in nearly every sector. Now it’s easier than ever for threat actors to access powerful ransomware tools. Even with modest technical skills, criminals can launch attacks that can cost companies millions.

Ransomware and other malware can be purchased for as little as $66. You can even get a phishing kit for free on underground forums. Meanwhile, the global average cost of a data breach is $4.35 million. And the majority of targets are already victims of repeat attacks (83% have had more than one breach, as per IBM Cost of a Data Breach report). Since accessing malware services and kits has never been easier, attack rates are bound to rise substantially.

Reason 3: Geopolitical conflict

In 2021, the Russia-based REvil Ransomware-as-a-Service group was responsible for nearly 18,000 attack attempts in the U.S. alone. Members of the group were also behind the Colonial Pipeline attack. The cyber gang claimed to rake in annual revenues of over $100 million. Some might forget it was the Russian government that eventually took down REvil. Reportedly, the takedown was part of a rare collaborative effort between the United States and Russia.

Since the outbreak of the war in Ukraine, these kinds of collaborative efforts are less likely. The U.S. continues to increase cybersecurity collaborative efforts with friendly nations. But rising geopolitical tensions are already causing an increase in state-sponsored and politically driven attacks.

Reason 4: Criminals target smaller organizations

While the big, high-profile breaches fill headlines, many intruders prefer to target smaller organizations. Between 2020-2021, cyberattacks on small companies surged by more than 150%, according to RiskRecon, a Mastercard company that evaluates companies’ security risk.

The reasons behind this trend are twofold. For starters, smaller targets usually have weaker security. Also, high-profile targets like infrastructure or big corporations will likely attract a stronger law enforcement response. This means schools, local police departments, small government offices and businesses with less than 1,000 employees will continue to be attacked.

Reason 5: Organizations can’t afford cyber insurance

A recent report warns that the number of organizations with cyber insurance problems is set to double in 2023. They might be unable to afford cyber insurance, be declined coverage or experience significant coverage limitations.

Forrester commented on the situation in their Top Cybersecurity Threats for 2022 report. The firm predicts that it is likely that insurers will include new underwriting requirements and greater scrutiny of risk mitigation and security program maturity. The cyber insurance crisis is not only an indicator of rising risk. It will also place further pressure on businesses on the financial side in the event of a breach.

Reason 6: Rapidly expanding attack surface

In 2021 there were a total of 11.3 billion IoT devices worldwide. This number will likely reach 15.1 billion in 2023. Meanwhile, as of 2022, 26% of U.S. employees work remotely. Current estimates expect 36.2 million American employees to be working remotely by 2025.

The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal sensitive data, cryptojack devices or build botnets. Intruders may even reach corporate assets from a device connected to a home network where remote work occurs.

The attack surface has never been greater and continues to expand rapidly. This means threat actors have even more places to probe and attack.

Reason 7: Hacktivism rising

The world continues to suffer from a wide variety of conflicts. In the geopolitical realm, pro-Ukraine or pro-Russian hackers launch attacks with political motives. We also see the rise of environmental hacktivists targeting mining and oil companies.

According to one expert, hacktivism has become a mainstream force impacting millions of lives globally. “Hacking for a cause” incidents include the Democratic National Committee (DNC) email hack and the massive 2.6 TB Panama Papers leak. Hacktivism is a significant anti-establishment weapon promoting a diverse set of causes around the globe. And as street protests grow, online protests will grow as well.

Get ready for a turbulent 2023

These indicators all point towards a significant rise in cyberattacks and associated costs for 2023. Efforts to stem the tide are underway from both the public and private sectors. Let’s hope the good guys soon gain the upper hand.

More from Risk Management

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today