Malware in 2023: Why it could be the worst year ever for businesses

Image of laptop infected with malware
(Image credit: © Unsplash / Michael Geiger)

2022 was a difficult year for businesses in cyberspace. Companies faced ransomware, continued effects from Log4j exploits, and rising premiums from cyber insurers.

Unfortunately, the effects of malware have been getting worse year after year. The costs of cyberattacks have skyrocketed, and many analysts predict they’ll keep climbing. For all the effort that businesses and governments have put into fending off malware, it doesn’t seem as though the online world has hit a turning point in the battle yet.

Let’s take a closer look at six reasons why 2023 could be the worst year yet for malware.

Perimeter 81 is one of TechRadar's choices for the best SWG providers

Perimeter 81 is one of TechRadar's choices for the best SWG providers

Protect your employees and network from web-based attacks with a Secure Web Gateway. Filter out malicious threats. Monitor all employee activity. Streamline compliance. Secure your entire workforce, whether on-prem or remote with Perimeter 81. Deploy in minutes. Start now.

1. Ransomware costs continue to climb

Ransomware attacks are a near-constant threat to businesses around the world. The number and scale of ransomware attacks have grown dramatically in recent years. IBM estimates that in 2022, the average ransomware attack cost companies $4.54 million—and that figure doesn’t even include the cost of the ransom itself.

While many companies have built up their cybersecurity teams to better prevent ransomware attacks, there are still many poorly defended targets for hackers to go after. Schools, local governments, and hospitals have all proven easy exploits for ransomware groups. Worse still, cybercriminals have discovered that they can command higher ransoms by threatening to release organizations’ data if they refuse to pay.

Cybersecurity Ventures estimates that cybercrime alone could cost the world $10.5 trillion by 2025. Heading into 2023, there’s little reason to be optimistic that the frequency of ransomware attacks will level off or decline.

2. Geopolitical hostility could drive malware attacks

While the majority of malware attacks are driven by individual hackers and cybercriminal gangs, nation-state attacks also pose significant threats to businesses.

Russia, China, and North Korea all deploy sophisticated teams of hackers to further their geopolitical aims. As tensions between China, Russia, and the West grow, many analysts expect that state-sponsored attacks on critical businesses could become more common.

For example, Russia could use cyberattacks on Western businesses to discourage them from doing business with Ukraine or to punish countries for supporting Ukraine’s war efforts.

3. AI could make phishing more effective than ever

Phishing attacks led to some of the most significant data breaches in 2021. Uber suffered a massive hack after an employee succumbed to repeated two-factor authentication requests. Microsoft saw the source code for the Bing search engine and the Cortana virtual assistant published after a SIM-swap attack.

Advances in AI technology could make phishing attacks even harder to detect. For example, hackers may be able to use text-generation tools like OpenAI’s ChatGPT to write malicious emails. They can also use AI to mimic individuals’ friends, family, and colleagues to get them to expose their passwords or other sensitive information.

4. The number of devices to exploit is growing

The world is growing more digitally connected year after year, and that’s creating new opportunities for hackers along the way. Every new internet-connected device is a potential target.

The growth of IoT devices means malicious actors will have more attack surfaces. Often, relatively simple devices like baby monitors, WiFi-enabled kitchen appliances, and internet-connected smart home devices aren’t held up to strong cybersecurity standards. These devices can provide unintended backdoors into a company’s network.

In addition, companies are increasingly using virtual reality and metaverse-like digital spaces to connect employees. This new tech could also present another way for attackers to get into companies’ networks.

5. Recession could drive cost-cutting around cybersecurity

While governments around the world are doing everything they can to avoid a global economic recession in 2023, many companies are preparing for the worst. That means cutting back on all fronts—including cybersecurity.

Already, companies like Microsoft are seeing reduced cybersecurity software sales. It’s also possible that amid a wider slowdown in tech hiring, companies will hold off on adding more cybersecurity employees to their IT teams.

Any reduction in cybersecurity spending could make companies more vulnerable to malware and put them behind in the race against new hacking techniques.

6. Supply chain attacks could worsen

The SolarWinds hack of 2019/2020 exposed the vulnerabilities faced by the business community to software supply chains. That exposure was further reinforced by the Log4j vulnerability discovered in 2021, which many companies still haven’t addressed.

It’s likely that more vulnerabilities already exist in the software used by companies, but we simply don’t know about them yet. While there’s no guarantee that supply chain attacks will get worse in 2023, companies need to be on the lookout for wide-ranging attacks that could severely affect their systems.

What can your company do to defend itself?

As the threat of malware continues to grow in 2023, companies need to be proactive about defending themselves. There’s no quick fix for completely securing a business against malware. Instead, companies need to employ a variety of systems to monitor their networks, quickly identify malware, and recover swiftly after an attack.

Platforms, like Perimeter 81, offer a suite of tools, including a secure web gateway, zero-trust network access, a firewall, and more. These tools can be combined with efforts to educate employees on cyber-safe practices and build redundancy to recover in the aftermath of an attack. All of which can help companies get through another difficult digital year.


The cybersecurity environment looks to be more challenging than ever in 2023. Ransomware costs are continuing to climb, geopolitical tensions are increasing the likelihood of major attacks, and technological advances are exposing businesses to more threats than ever before.

Businesses need a strong cybersecurity software suite along with education, monitoring, and redundancy in order to protect themselves against malware in 2023.

Michael Graw

Michael Graw is a freelance journalist and photographer based in Bellingham, Washington. His interests span a wide range from business technology to finance to creative media, with a focus on new technology and emerging trends. Michael's work has been published in TechRadar, Tom's Guide, Business Insider, Fast Company, Salon, and Harvard Business Review.