Cyber Security Statistics: Exactly How Hackable are You? (2023)

Certain cyber security statistics reveal that, on average, a hacking incident occurs every 39 seconds, with 30,000 websites being compromised daily. 

In 2022 alone, 22 billion records were exposed from at least 4,100 data breaches.

Cybersecurity has become such a major topic in our lives that it became the center of attention at the World Economic Forum’s annual meeting this year in Davos, making it a top concern for individuals and businesses alike who want to hire a cyber security company.

Although it may seem inevitable, and internet users may feel powerless against hackers, 95% of hacking incidents result from human mistakes and poor cybersecurity practices, such as having common passwords and not using a password manager. 

But what can we individuals do to protect ourselves, and how hackable are you compared to the rest of the population?   

At Sortlist, we decided to compile a hackability report examining the best and worst cybersecurity practices as well as identifying the factors that increase our risks of being hacked. 

We also built a calculator for you to determine just how hackable you are based on a wide variety of factors including whether your passwords are good enough or if the industry you work in puts you more at risk.

Find it in the first section of this study, or at any point click the button to the right to begin 👉

131,637%

Percentage increase in time required to hack when a password has a capital letter

SMS

This form of 2FA can actually increase the risk of hacking, our study reveals

0.87%

Percentage of T-Mobile employees in cybersecurity despite 8 hacks in 5 years

Passwords are often your first line of defense between yourself and hackers. In fact, 61% of breaches are caused in password security through the use of stolen or misused credentials and unique passwords.

Neglecting proper password security protocols opens the door for hackers to easily obtain a vast array of personal information. With a few simple details, they can gain access to your bank accounts. Or, they may have your work logins and threaten to disclose private or work matters unless you pay them a hefty fee, also known as ransomware.

Our cyber security statistics say that only 56% of internet users are said to have the “perfect password”.  

• At least 12 characters
• Uppercase and lowercase letters, numbers, and special symbols
• No memorable keyboard paths
• Is not based on your personal information
• Is unique for each account you have.

Small actions like using a 6-character password with just a capital letter, having strong passwords, or using password managers increases the time it takes for hackers to decipher your password by 131,637%, taking it from 1 second to 22 minutes.

Surprisingly, older generations tend to have better password practices than younger generations.  Those 50 and over are more likely to use unique passwords for each of their online accounts, while 76% of Gen Z have admitted to not paying as much attention to their password security of their multiple accounts.

Since 2011 (when google launched two-factor authentication), we can no longer just write our password and log into an account. We’ve all been there. Entered our password, received a message on the screen saying to look out for an SMS with a code, and got frustrated because we just want to use our same password to get into our account.

Too many one-step authentications (just having a simple password) are getting hacked, and your poor old accounts just want to double-check that it’s really you trying to get in, and that you have not given your login credentials to the mean old hacker. How can they do that? Ask for extra proof, also known as a multifactor authentication through an external source.

Multi-factor authentication is said to block 99% of all safety issues related to passwords. Microsoft, one of the earliest adopters of MFA, says that 99.9% of hacked accounts didn’t use this extra barrier of protection against hackers.  

Currently, 79% of people use some sort of MFA, usually in the form of 2-factor authentication. However, among the various manners to prove that you are the one entering your own account, 86% of people opt for SMS or email verification.  

According to the National Institute of Standards and Technology (NIST), the use of SMS as a form of 2FA can actually increase the risk of hacking, as mobile phone networks can be targeted by malware, resulting in data being compromised. Instead, users should opt for other options such as email.  

Software updates are like doctors to your devices. They fix any bugs, issues, potential weak points that hackers can prey upon etc. However, new updates provide information on your current software’s problems which hackers can use as a cheat sheet to figure out how to infiltrate your devices or accounts, so it’s best to update immediately.

Whenever we are presented with a software update, almost all of us don’t hesitate to click on “remind me later”. 

In fact, only 6% of people click on “update now” the very first time they see the message. If you are one of them… respect. But in fact, we should all be following your lead.  

Cybersecurity experts suggest that software updates are the best way to defend against cyberattacks. But not only are the majority of us procrastinators in this field, but 51% of us tend to wait for something to go wrong before doing the update.  

But why do we wait? 

Our most common excuse is that we are busy doing other personal or professional tasks (69%), followed by not wanting to stop or close any programs we are currently using (51%) and some of us don’t have enough battery (17%).

But it’s time for us to change our habits on both a personal and professional level. 80% of breaches that occurred in companies could have been avoided had they “patched” their software earlier or configured their updates. 

Google Maps, Apple Maps, WhatsApp, Uber, Instagram…almost all your apps on your phone have some sort of location services enabled.  With some of them, you can turn it off, but others simply can’t work without it.

By sharing your location, you are using a GPS system that hackers can use to infiltrate into your device.

Enabling location services allows third parties to track your movements and access private information such as your healthcare visits and which banks you go to.  Hackers can also exploit this information.

There is an estimated $12 billion market for location data meaning that hacking for this type of information can prove to be fruitful.  Which medical centers do you visit? Which banks do you use? All these traceable locations can be used to expose certain information about yourself that you would not want out in the open.

To avoid having their precise location shared, 33% of internet users around the world use a VPN. By doing so, even if you get hacked, your real data won’t be compromised.  

Working in the healthcare sector significantly increases your risk of being hacked. It has been the industry with the highest number of breaches for almost 15 years, and between 2017 and 2020, over 90% of healthcare organisations reported experiencing at least one security breach. 

However, the healthcare industry is not the only one to experience breaches, as multiple industries have been targeted over the years. In 2022, the top 5 most hacked industries were healthcare, finance, retail, education, and energy & utilities.  

With more people at home, the risk of a security breach or you getting hacked has actually increased. 90% of IT professionals believe that remote working increases cybersecurity risks.