The Rising Cost of Cyberattacks: Trends and Impacts across Industries
Downloads
Cybersecurity incidents have escalated sharply since 2020, exposing organizations to mounting financial and operational risks. This study quantifies multi-year trends in five major attack classes, calculates the compound annual growth rate (CAGR) of breaches, and evaluates how targeted security spending mitigates losses across eight industries. Secondary data were extracted from authoritative sources (IBM, ENISA, and Ponemon). Descriptive statistics charted incident growth; Pearson correlation assessed the linkage between phishing volume and breach frequency; ordinary least-squares regression measured the effect of network, infrastructure, and identity-access investments on breach counts. Breaches rose at a 28.3% CAGR from 2020 to 2023. Healthcare incurred the highest mean cost per incident (USD 10.9 million in 2023). Phishing volume strongly correlates with breaches (r = 0.97, p < 0.05), while greater outlays on network and infrastructure security were significantly associated with lower breach rates (β = –0.18 and –0.22, respectively; p < 0.05). Unlike prior sector-specific studies, our cross-industry analysis blends global data with inferential modelling, producing actionable benchmarks that help decision-makers allocate limited cybersecurity budgets where they reduce risk most.
Downloads
[1] Tariq, U., Ahmed, I., Bashir, A. K., & Shaukat, K. (2023). A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review. Sensors, 23(8), 4117. doi:10.3390/s23084117.
[2] Ketipov, R., Schnalle, R., Doukovska, L., & Dehez, D. (2024). Managing Cybersecurity: Digital Footprint Threats. Cybernetics and Information Technologies, 24(3), 151–162. doi:10.2478/cait-2024-0030.
[3] Dutta, V., & Zielińska, T. (2021). Cybersecurity of robotic systems: Leading challenges and robotic system design methodology. Electronics (Switzerland), 10(22), 2850. doi:10.3390/electronics10222850.
[4] Jurišić, M., Tomičić, I., & Grd, P. (2023). User Behavior Analysis for Detecting Compromised User Accounts: A Review Paper. Cybernetics and Information Technologies, 23(3), 102–113. doi:10.2478/cait-2023-0027.
[5] Bogdanova, G., Todorov, T., & Georgieva-Tsaneva, G. (2018). Software approaches and methods to ensure the security of interactive systems. Cybernetics and Information Technologies, 18(5), 12–20. doi:10.2478/cait-2018-0017.
[6] Dasu, L. S., Dhamija, M., Dishitha, G., Vivekanandan, A., & Sarasvathi, V. (2023). Defending Against Identity Threats Using Risk-Based Authentication. Cybernetics and Information Technologies, 23(2), 105–123. doi:10.2478/cait-2023-0016.
[7] Levy, Y., & Gafni, R. (2021). Introducing the concept of cybersecurity footprint. Information and Computer Security, 29(5), 724–736. doi:10.1108/ICS-04-2020-0054.
[8] Admass, W. S., Munaye, Y. Y., & Diro, A. A. (2024). Cyber security: State of the art, challenges and future directions. Cyber Security and Applications, 2, 100031. doi:10.1016/j.csa.2023.100031.
[9] Pemble, M. (2005). Evolutionary trends in bank customer-targeted malware. Network Security, 2005(10), 4–7. doi:10.1016/S1353-4858(05)70288-9.
[10] Alawida, M., Omolara, A. E., Abiodun, O. I., & Al-Rajab, M. (2022). A deeper look into cybersecurity issues in the wake of Covid-19: A survey. Journal of King Saud University - Computer and Information Sciences, 34(10), 8176–8206. doi:10.1016/j.jksuci.2022.08.003.
[11] Pöyhönen, J., Simola, J., & Lehto, M. (2023). Basic Elements of Cyber Security for a Smart Terminal Process. International Conference on Cyber Warfare and Security, 18(1), 300–308. doi:10.34190/iccws.18.1.966.
[12] Pradeep Kumar, K., Prathap, B. R., Thiruthuvanathan, M. M., Murthy, H., & Jha Pillai, V. (2024). Secure approach to sharing digitized medical data in a cloud environment. Data Science and Management, 7(2), 108–118. doi:10.1016/j.dsm.2023.12.001.
[13] Salim, D. T., Singh, M. M., & Keikhosrokiani, P. (2023). A systematic literature review for APT detection and Effective Cyber Situational Awareness (ECSA) conceptual model. Heliyon, 9(7), 17156. doi:10.1016/j.heliyon.2023.e17156.
[14] Khando, K., Gao, S., Islam, S. M., & Salman, A. (2021). Enhancing employees information security awareness in private and public organisations: A systematic literature review. Computers and Security, 106, 102267. doi:10.1016/j.cose.2021.102267.
[15] Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80(5), 973–993. doi:10.1016/j.jcss.2014.02.005.
[16] Safitra, M. F., Lubis, M., & Fakhrurroja, H. (2023). Counterattacking Cyber Threats: A Framework for the Future of Cybersecurity. Sustainability (Switzerland), 15(18), 13369. doi:10.3390/su151813369.
[17] Perwej, Y., Ahamad, F., Khan, M. Z., & Akhtar, N. (2021). An empirical study on the current state of internet of multimedia things (IoMT). International Journal of Engineering Research in Computer Science and Engineering, 8(3), 25-42.
[18] Cavelty, M. D. (2007). Cyber-Security and Threat Politics: US Efforts to Secure the Information Age. Cyber-Security and Threat Politics: US Efforts to Secure the Information Age. Routledge, London, United Kingdom. doi:10.4324/9780203937419.
[19] GAO. (1996). Information Security: Computer Attacks at Department of Defense Pose Increasing Risks: Report to Congressional Requesters. General Accounting Office (GAO), AIMD-96-84. Available online: https://www.gao.gov/products/aimd-96-84 (accessed on May 2025).
[20] Beaman, C., Barkworth, A., Akande, T. D., Hakak, S., & Khan, M. K. (2021). Ransomware: Recent advances, analysis, challenges and future research directions. Computers & security, 111, 102490.
[21] Lanza, C. (2022). Semantic control for the cybersecurity domain: investigation on the representativeness of a domain-specific terminology referring to lexical variation. CRC Press, New Jersey, United States.
[22] Easter, D. (2024). State Department cipher machines and communications security in the early Cold War, 1944–1965. Intelligence and National Security, 39(4), 620–635. doi:10.1080/02684527.2023.2269512.
[23] Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176–8186. doi:10.1016/j.egyr.2021.08.126.
[24] Oruj, Z. (2024). Cyber Security: contemporary cyber threats and National Strategies - Distance Education in Ukraine: Innovative, Normative-Legal. Pedagogical Aspects, 1(2), 100–116.
[25] Adigwe, C. S., Mayeke, N. R., Olabanji, S. O., Okunleye, O. J., Joeaneke, P. C., & Olaniyi, O. O. (2024). The Evolution of Terrorism in the Digital Age: Investigating the Adaptation of Terrorist Groups to Cyber Technologies for Recruitment, Propaganda, and Cyberattacks. Asian Journal of Economics, Business and Accounting, 24(3), 289–306. doi:10.9734/ajeba/2024/v24i31287.
[26] CISA. (2023). Ransomware statistics. Cybersecurity& Infrastructure Security Agency, CISA. Available online: https://www.cisa.gov/stopransomware/fact-sheets-information (accessed on May 2025).
[27] Deloitte. (2023). Global healthcare cybersecurity report. Available online: https://www.deloitte.com/global/en/services/risk-advisory/content/future-of-cyber.html (accessed on May 2025).
[28] ENISA. (2023). Threat landscape report. European Union Agency for Cybersecurity, ENISA. Available online: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023 (accessed on May 2025).
[29] IBM Security (2023). Cost of a data breach report 2023. Available online: https://www.ibm.com/reports/data-breach (accessed on May 2025).
[30] Ponemon Institute. (2023). The sixth annual global cyber risk report. Available online: https://www.ponemon.org/ (accessed on May 2025).
[31] Salman, I. R., Rasheed, A. A., Hassan, S. A. D. H., Hussein, R. A., & Al-Saady, M. (2025). Automated aquatic biodiversity monitoring using deep learning on the Tigris River: Species identification and ecosystem assessment. International Journal of Aquatic Biology, 13(1), 30–40. doi:10.22034/ijab.v13i1.2476.
[32] Rashid, M. K., Salman, I. R., Obaid, A. L., Hassan, S. A. D. H., Al-Musawi, M. R., & Al-Saady, M. (2024). Application of machine learning in predicting sources of water pollution in the Euphrates and Tigris rivers in Iraq. International Journal of Aquatic Biology, 12(6), 581–589. doi:10.22034/ijab.v12i6.2421.
[33] Hassan, S. A. D. H., Al-Furiji, H., Kareem Rashid, M., Abed Hussein, Z., & Ambudkar, B. (2024). Trending Algorithm on Twitter through 2023. Data and Metadata, 3, 384–384. doi:10.56294/dm2024384.
[34] Aboud, F. (2024). Flexural Behavior of Aligned Steel Reinforced Concrete Beams. Misan Journal of Engineering Sciences, 3(2), 197-213.
[35] Majeed, I. H. (2023). Experimental and Numerical Study of Torsional Solid and Hollow Section of Polyolefin Fiber-Reinforced Concrete Beams. Misan Journal of Engineering Sciences, 2(2), 71–84. doi:10.61263/mjes.v2i2.63.
[36] Khudhur, E., Aqeel H. Chkheiwer, & Adel A. Al Menhosh. (2023). Flexural Behavior of Normal and High Strength Self-Curing Self-Compacted Concrete Beams of Local Materials. Misan Journal of Engineering Sciences, 2(1), 98-124. doi:10.61263/mjes.v2i1.47.
[37] Smith, A. (2022). The cybersecurity threat landscape in 2022: A focus on critical infrastructure. Security Journal, 11(3), 245–262.
[38] Jones, T. (2023). The financial impact of cybercrime on the healthcare industry - Journal of Medical Economics, 26(7), 891-898.
[39] Mousa, A. A., Hassan, S. A. D. H., Rashid, M. K., & Al-Saady, M. (2025). Safeguarding Patient Data: Machine Learning for Phishing URL Detection in Healthcare Systems. Journal of Advanced Research Design, 131(1), 47–60. doi:10.37934/ard.131.1.4760.
[40] Tao, H., Bhuiyan, M. Z. A., Rahman, M. A., Wang, G., Wang, T., Ahmed, M. M., & Li, J. (2019). Economic perspective analysis of protecting big data security and privacy. Future Generation Computer Systems, 98, 660-671. doi:10.1016/j.future.2019.03.042.
[41] Shackell, M., & Leader, F. S. (2005). Global Economic Crime Survey. PwC, London, United Kingdom
[42] Alanazi, A. T. (2023). Clinicians’ Perspectives on Healthcare Cybersecurity and Cyber Threats. Cureus, 15(10), 47026. doi:10.7759/cureus.47026.
[43] Pool, J., Akhlaghpour, S., Fatehi, F., & Burton-Jones, A. (2024). A systematic analysis of failures in protecting personal health data: A scoping review. International Journal of Information Management, 74, 102719. doi:10.1016/j.ijinfomgt.2023.102719.
[44] Borky, J. M., & Bradley, T. H. (2019). Protecting Information with Cybersecurity. Effective Model-Based Systems Engineering, 345–404. doi:10.1007/978-3-319-95669-5_10.
- This work (including HTML and PDF Files) is licensed under a Creative Commons Attribution 4.0 International License.
