Cyber Security Statistics: Exactly How Hackable are You? (2023)
arrow_back Expertise Reports

Cyber Security Statistics: Exactly How Hackable are You? (2023)

Certain cyber security statistics reveal that, on average, a hacking incident occurs every 39 seconds, with 30,000 websites being compromised daily. 

In 2022 alone, 22 billion records were exposed from at least 4,100 data breaches.

Cybersecurity has become such a major topic in our lives that it became the center of attention at the World Economic Forum’s annual meeting this year in Davos, making it a top concern for individuals and businesses alike who want to hire a cyber security company.

Although it may seem inevitable, and internet users may feel powerless against hackers, 95% of hacking incidents result from human mistakes and poor cybersecurity practices, such as having common passwords and not using a password manager. 

But what can we individuals do to protect ourselves, and how hackable are you compared to the rest of the population?   

At Sortlist, we decided to compile a hackability report examining the best and worst cybersecurity practices as well as identifying the factors that increase our risks of being hacked. 

We also built a calculator for you to determine just how hackable you are based on a wide variety of factors including whether your passwords are good enough or if the industry you work in puts you more at risk.

Find it in the first section of this study, or at any point click the button to the right to begin 👉


Percentage increase in time required to hack when a password has a capital letter


This form of 2FA can actually increase the risk of hacking, our study reveals


Percentage of T-Mobile employees in cybersecurity despite 8 hacks in 5 years

How Hackable Am I? Sortlist’s Hackability Calculator

Password hacking statistics: Only 56% of people have the perfect password, 50% use the same one

Passwords are often your first line of defense between yourself and hackers. In fact, 61% of breaches are caused in password security through the use of stolen or misused credentials and unique passwords.

Neglecting proper password security protocols opens the door for hackers to easily obtain a vast array of personal information. With a few simple details, they can gain access to your bank accounts. Or, they may have your work logins and threaten to disclose private or work matters unless you pay them a hefty fee, also known as ransomware.

best passwrod practices

Our cyber security statistics say that only 56% of internet users are said to have the “perfect password”.  

only 56% of people have the perfect password
  • At least 12 characters
  • Uppercase and lowercase letters, numbers, and special symbols
  • No memorable keyboard paths
  • Is not based on your personal information
  • Is unique for each account you have.

Small actions like using a 6-character password with just a capital letter, having strong passwords, or using password managers increases the time it takes for hackers to decipher your password by 131,637%, taking it from 1 second to 22 minutes.

amount of time it takes to hack a 6 character password with capital letter

How can you ensure password security? Use a password manager

Additionally, experts recommend changing passwords regularly every 3 months, yet only 31% of internet users change their passwords twice a year, and even more concerning when it comes to password statistics, another 31% have never changed the passwords for any account. Having secure passwords for your personal accounts as well as other online accounts can greatly safeguard your security measures.

over 50s are more likely to use multiple passwords

Surprisingly, older generations tend to have better password practices than younger generations.  Those 50 and over are more likely to use unique passwords for each of their online accounts, while 76% of Gen Z have admitted to not paying as much attention to their password security of their multiple accounts.

SMS as your multi-factor authentication? You’re greatly increasing your chances of a data breach

Since 2011 (when google launched two-factor authentication), we can no longer just write our password and log into an account. We’ve all been there. Entered our password, received a message on the screen saying to look out for an SMS with a code, and got frustrated because we just want to use our same password to get into our account.

Too many one-step authentications (just having a simple password) are getting hacked, and your poor old accounts just want to double-check that it’s really you trying to get in, and that you have not given your login credentials to the mean old hacker. How can they do that? Ask for extra proof, also known as a multifactor authentication through an external source.

Multi-factor authentication is said to block 99% of all safety issues related to passwords. Microsoft, one of the earliest adopters of MFA, says that 99.9% of hacked accounts didn’t use this extra barrier of protection against hackers.  

MFA blocks 99% of safety issues that are related to passwords

Currently, 79% of people use some sort of MFA, usually in the form of 2-factor authentication. However, among the various manners to prove that you are the one entering your own account, 86% of people opt for SMS or email verification.  

most used forms of MFA

According to the National Institute of Standards and Technology (NIST), the use of SMS as a form of 2FA can actually increase the risk of hacking, as mobile phone networks can be targeted by malware, resulting in data being compromised. Instead, users should opt for other options such as email.  

51% of people would rather be sorry than safe when updating software

Software updates are like doctors to your devices. They fix any bugs, issues, potential weak points that hackers can prey upon etc. However, new updates provide information on your current software’s problems which hackers can use as a cheat sheet to figure out how to infiltrate your devices or accounts, so it’s best to update immediately.

only 6% of people update their software immediately

Whenever we are presented with a software update, almost all of us don’t hesitate to click on “remind me later”. 

In fact, only 6% of people click on “update now” the very first time they see the message. If you are one of them… respect. But in fact, we should all be following your lead.  

Cybersecurity experts suggest that software updates are the best way to defend against cyberattacks. But not only are the majority of us procrastinators in this field, but 51% of us tend to wait for something to go wrong before doing the update.  

But why do we wait? 

Our most common excuse is that we are busy doing other personal or professional tasks (69%), followed by not wanting to stop or close any programs we are currently using (51%) and some of us don’t have enough battery (17%).

But it’s time for us to change our habits on both a personal and professional level. 80% of breaches that occurred in companies could have been avoided had they “patched” their software earlier or configured their updates. 

device updates & security

Sharing your location? More like directly sharing your data

Google Maps, Apple Maps, WhatsApp, Uber, Instagram…almost all your apps on your phone have some sort of location services enabled.  With some of them, you can turn it off, but others simply can’t work without it.

By sharing your location, you are using a GPS system that hackers can use to infiltrate into your device.

Enabling location services allows third parties to track your movements and access private information such as your healthcare visits and which banks you go to.  Hackers can also exploit this information.

There is an estimated $12 billion market for location data meaning that hacking for this type of information can prove to be fruitful.  Which medical centers do you visit? Which banks do you use? All these traceable locations can be used to expose certain information about yourself that you would not want out in the open.

33% of the population uses a VPN

To avoid having their precise location shared, 33% of internet users around the world use a VPN. By doing so, even if you get hacked, your real data won’t be compromised.  

Over 90% of healthcare organisations have experienced data breaches 

Working in the healthcare sector significantly increases your risk of being hacked. It has been the industry with the highest number of breaches for almost 15 years, and between 2017 and 2020, over 90% of healthcare organisations reported experiencing at least one security breach. 

over 90% of healthcare organizations experienced at least one breach between 2017-2020

The healthcare industry holds a vast amount of information on millions of individuals worldwide, making it an attractive target for hackers. Ransomware attacks are the most prevalent, as the sensitive and critical nature of the data increases its value.  

With health information, hackers can engage in serious acts such as tax fraud and use someone else’s information as their own to gain access to extra benefits related to handicaps or long-term illnesses.  

A cyberattack on healthcare data can also have dire consequences such as putting a patient’s life at risk by compromising access to their medical information, leading to an incorrect diagnosis or treatment.

top 5 most hacked industries

However, the healthcare industry is not the only one to experience breaches, as multiple industries have been targeted over the years. In 2022, the top 5 most hacked industries were healthcare, finance, retail, education, and energy & utilities.  

However, the average cost of breaches in the healthcare sector was $10.10 million, 60% higher than the next most impacted industry, finance

average cost of data breaches in top 5 most hacked industries

All of these sectors have data related to credit card information, research, contact information, and access to critical services that if they were to be disrupted, there could be serious societal disruptions (major blackout, network shutdown, etc.). Instead of hacking one individual, hacking an industry or sector give anyone access to data in masses.  

Why is healthcare the biggest hack victim? The bottom in terms of cybersecurity investments

According to Global Market Insights, by 2024, the cybersecurity market is expected to grow to $300 billion. But although the healthcare sector has been most at risk of cyberattacks in the last decades, they are not the ones investing the most in cybersecurity. 

average percentage of IT budget dedicated to cybersecurity

On average, companies allocate 10% of their IT budget toward cybersecurity. Despite 80% of healthcare organisations in the US suffering a breach in 2019, they only invested 5% on average in cybersecurity, which is 24% below the recommended amount in its sector.

healthcare sector should be spending 29% more on cybersecurity

The financial sector is most cautious with cybersecurity, investing an above average of 10.9% of its IT budget.  

It has faced significant challenges related to cybersecurity in recent years due to the rise of remote work and digitalisation.  

“The constant development of new open application programming interfaces (APIs) to connect banks with other institutions has sparked debate about who owns a customer’s financial data. And these new fintech solutions have coincided with a rise in cyberattacks.”

As a result, the finance sector has been forced to make critical decisions related to cybersecurity. They have been investing more of their IT budget towards cybersecurity measures and implementing stronger security protocols to prevent data breaches and protect their customers’ sensitive information.

Companies with the largest hacks of 2023 have larger than average cybersecurity teams

A larger budget means a large cybersecurity team as well as more elaborate systems and software programs that can be used as extra protection. However, it’s not all businesses that can afford such a level of security, nor does a high level of security guarantee ultimate protection against hacks.  

Currently, only 38% of companies believe that they are sufficiently staffed to protect themselves against cyber threats. 

only 38% of companies believe they have enough employees for cybersecurity

Companies that believe they are understaffed in their cybersecurity teams tend to incur 18% higher costs for data breaches, compared to those that are adequately staffed. Despite this, even companies with sufficient staffing in their cybersecurity teams experience an average breach cost of $4.01 million.

average cost of data breach for companies who are either sufficiently staffed or understaffed

50% of businesses have only 1 employee dedicated to their organisation’s cybersecurity and amongst medium and large businesses, the average increases to 2–3 people. Only 17% of medium-sized businesses and 23% of large businesses have cybersecurity teams composed of 4 to 5 people.

Average number of people in company cybersecurity teams

However, size doesn’t always matter. Take a look at the cybersecurity team sizes of some companies famously hacked, including the top 6 hacks so far in 2023.  

90% of IT professionals say their remote workers aren’t secure

Since the start of the pandemic, working from home had become a new norm for many of us. But even to this day, many companies have decided to either become fully remote or adopt a hybrid method of at-home and in-office work.  In 2019, only 3.6% of high-paying jobs were remote. But now, the number has jumped to 15%.  

number of employees working from home in high paying jobs

With more people at home, the risk of a security breach or you getting hacked has actually increased. 90% of IT professionals believe that remote working increases cybersecurity risks.  

90% of IT professionals believe that remote working increases cybersecurity risks

More employees working from home means less cybersecurity control for and from companies.  Each employee has to rely on their own personal Wi-Fi which may not have as much cybersecurity as a million-dollar company that has a cybersecurity team or integration developers working around the clock to protect its employees.  

Working from home has also made us work with new platforms, tools, and software programs which put us more at risk if we don’t update them, change our work passwords, etc.

The average cost of a breach for a company with 81-100% of employee WFH is $5.1 million.  This is 28% more than companies with only 1-20% of remote employees. 

average cost of data breach when looking at percentage of employees working from home


Cybersecurity has become a major concern for both individuals and businesses with the number of hacking incidents rising at an alarming rate. With the majority of incidents resulting from human mistakes and poor cybersecurity practices, individuals should look to improving their ways of protecting themselves online.

Passwords, multi factor authentication, and software updates are a few areas where people can enhance their cybersecurity practices to prevent hackers from getting in. This is especially crucial for those working in sectors that are most vulnerable to attacks, such as healthcare and finance, or for those who work remotely.

Want to see how hackable you are? Try the calculator!


To create the calculator, we took the percentage of the population that complies with the different cybersecurity best practices highlighted. These are:

% of people that have the perfect password56
% of people that use 2fa79
% of people that don't delay updates6
% of people that use a VPN33
% of people that work safely from home10
% of companies that have an employee working in cybersecurity50

These figures were normalised to 100%, and weighted 2:1 in favour of those "personal" decisions (the first three) rather than those which are professional.

The % associated to passwords, is divided equally between the five options.

Each of the most hacked industries are given a weighting of 1% from 1 to 5.

About the Sortlist Data Hub

The Sortlist Data Hub is the place to be for journalists and industry leaders who seek data-driven reports from the marketing world, gathered from our surveys, partner collaborations, and internal data of more than 50,000 industries.

It is designed to be a space where the numbers on marketing are turned into easy-to-read reports and studies.


Access our exclusive content!