In 2023, the global annual cost of cyber crime is predicted to top $8 trillion, according to a recent Cybersecurity Ventures report. This seemingly enormous figure might still be a major underestimate.

In 2021, U.S. financial institutions lost nearly $1.2 billion in costs due to ransomware attacks alone. That was a nearly 200% increase over the previous year. If we continue at that rate, next year could see global costs approaching $16 trillion.

Why might costs be so high? Here are seven reasons why cyberattack rates and costs will rise dramatically in 2023.

Reason 1: The economy

The Cybersecurity Venture report correctly identified the talent crunch as a reason for concern. But the problem has even deeper roots. The worldwide economic outlook continues to face stiff headwinds. Inflation, the energy crisis and supply chain issues are affecting every industry. Inflation will increase the overall cost of cyber crime as preventive and remediation costs rise.

While inflation is not directly related to the number of incidents, it does impact company budget decisions. In response, some of the biggest tech brands are reducing headcounts and implementing hiring freezes. Meanwhile, security teams have been stretched thin for years. If security budgets don’t rise with inflation, security leaders will have even less buying power to implement strong security and capable teams.

Reason 2: Malware-as-a-Service

Ransomware has plagued businesses, governments, individuals and organizations in nearly every sector. Now it’s easier than ever for threat actors to access powerful ransomware tools. Even with modest technical skills, criminals can launch attacks that can cost companies millions.

Ransomware and other malware can be purchased for as little as $66. You can even get a phishing kit for free on underground forums. Meanwhile, the global average cost of a data breach is $4.35 million. And the majority of targets are already victims of repeat attacks (83% have had more than one breach, as per IBM Cost of a Data Breach report). Since accessing malware services and kits has never been easier, attack rates are bound to rise substantially.

Reason 3: Geopolitical conflict

In 2021, the Russia-based REvil Ransomware-as-a-Service group was responsible for nearly 18,000 attack attempts in the U.S. alone. Members of the group were also behind the Colonial Pipeline attack. The cyber gang claimed to rake in annual revenues of over $100 million. Some might forget it was the Russian government that eventually took down REvil. Reportedly, the takedown was part of a rare collaborative effort between the United States and Russia.

Since the outbreak of the war in Ukraine, these kinds of collaborative efforts are less likely. The U.S. continues to increase cybersecurity collaborative efforts with friendly nations. But rising geopolitical tensions are already causing an increase in state-sponsored and politically driven attacks.

Reason 4: Criminals target smaller organizations

While the big, high-profile breaches fill headlines, many intruders prefer to target smaller organizations. Between 2020-2021, cyberattacks on small companies surged by more than 150%, according to RiskRecon, a Mastercard company that evaluates companies’ security risk.

The reasons behind this trend are twofold. For starters, smaller targets usually have weaker security. Also, high-profile targets like infrastructure or big corporations will likely attract a stronger law enforcement response. This means schools, local police departments, small government offices and businesses with less than 1,000 employees will continue to be attacked.

Reason 5: Organizations can’t afford cyber insurance

A recent report warns that the number of organizations with cyber insurance problems is set to double in 2023. They might be unable to afford cyber insurance, be declined coverage or experience significant coverage limitations.

Forrester commented on the situation in their Top Cybersecurity Threats for 2022 report. The firm predicts that it is likely that insurers will include new underwriting requirements and greater scrutiny of risk mitigation and security program maturity. The cyber insurance crisis is not only an indicator of rising risk. It will also place further pressure on businesses on the financial side in the event of a breach.

Reason 6: Rapidly expanding attack surface

In 2021 there were a total of 11.3 billion IoT devices worldwide. This number will likely reach 15.1 billion in 2023. Meanwhile, as of 2022, 26% of U.S. employees work remotely. Current estimates expect 36.2 million American employees to be working remotely by 2025.

The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal sensitive data, cryptojack devices or build botnets. Intruders may even reach corporate assets from a device connected to a home network where remote work occurs.

The attack surface has never been greater and continues to expand rapidly. This means threat actors have even more places to probe and attack.

Reason 7: Hacktivism rising

The world continues to suffer from a wide variety of conflicts. In the geopolitical realm, pro-Ukraine or pro-Russian hackers launch attacks with political motives. We also see the rise of environmental hacktivists targeting mining and oil companies.

According to one expert, hacktivism has become a mainstream force impacting millions of lives globally. “Hacking for a cause” incidents include the Democratic National Committee (DNC) email hack and the massive 2.6 TB Panama Papers leak. Hacktivism is a significant anti-establishment weapon promoting a diverse set of causes around the globe. And as street protests grow, online protests will grow as well.

Get ready for a turbulent 2023

These indicators all point towards a significant rise in cyberattacks and associated costs for 2023. Efforts to stem the tide are underway from both the public and private sectors. Let’s hope the good guys soon gain the upper hand.

More from Risk Management

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

6 Principles of Operational Technology Cybersecurity released by joint NSA initiative

4 min read - Today’s critical infrastructure organizations rely on operational technology (OT) to help control and manage the systems and processes required to keep critical services to the public running. However, due to the highly integrated nature of OT deployments, cybersecurity has become a primary concern.On October 2, 2024, the NSA (National Security Agency) released a new CSI titled “Principles of Operational Technology Cybersecurity.” This new guide was created in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD SCSC) to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today