13 Man-in-the-Middle Attack Statistics You Must Know About

Man-in-the-middle (MITM) attacks are one of the most downplayed cyber threats. Unknown to many, it accounts for 19% of successful attacks. And this costs businesses billions and billions in losses.

But that’s just the tip of the iceberg.

Below you’ll find man-in-the-middle attack statistics illustrating the severity of this threat. That way, you can grasp the risks and take proactive steps to protect yourself.

So, let’s crunch the numbers!


Striking man-in-the-middle attack statistics

Here’s a quick round-up of the most important MITM-related stats: 

  • These attacks account for 35% of exploitation activity.
  • Manufacturing was the most targeted industry in 2022.
  • Business email compromise (BEC) is the most popular attack vector.
  • Successful MITM threats cost businesses over $2.4 billion annually.
  • Only 10% of organizations are secure against this danger. 

General man-in-the-middle attack statistics

It can be hard to come by mentions of man-in-the-middle attacks in the cybersecurity space. But the following stats show it’s a threat that deserves your attention.

1. MITM accounts for 35% of WiFi exploitation activity.  

(Source: Verizon)

Also known as an adversary-in-the-middle (AITM) attack, it’s responsible for slightly more than one-third of WiFi exploits. This is due to the adoption of public Wi-Fi, which is highly insecure.

So, anytime you see a free hotspot, think twice before using it. Chances are cybercriminals might be behind the scene eavesdropping on users.

2. Man-in-the-middle attacks comprise 19% of successful online attacks.  

(Source: Astra)

Research by Astra suggests MITM contributes 19% of successful attempts. Its stealthy nature usually makes it difficult for victims to detect.

The threat is also versatile and works effectively across any communication channel. This enables the attackers to target a wide range of platforms and devices.  

Moreover, cybercriminals use trust exploitation to impersonate noteworthy entities. 

3. Half of MITM attacks involve stealing sensitive data.

(Source: Astra)

50% of man-in-the-middle attacks involve intercepting sensitive information. In addition, that includes login credentials, bank accounts, credit card details, etc.   

4. Man-in-the-middle attacks compromise a million passwords monthly.

(Source: Microsoft)

This threat is highly effective against multi-factor authentication (MFA) methods.

Furthermore, targets include cloud-hosted and mobile applications. Intruders can intercept and control sessions using replay attacks.

Man-in-the-middle attack stats based on industry

The corporate world bears the heat when it comes to MITM attacks. Let’s have a look!

5.  Manufacturing is the most targeted industry.

(Source: IBM)

Manufacturing continues to be the top-attacked sector. Finance and insurance, professional services, and energy immediately follow it.

Here’s the breakdown as of 2022:

  • Manufacturing – 24.8%
  • Finance and insurance – 18.9%
  • Consumer services – 14.6%
  • Energy – 10.7%
  • Wholesale and retail – 8.7%
  • Education – 7.3%
  • Healthcare – 5.8%
  • Government – 4.8%
  • Transportation – 3.9%
  • Media and telecom – 0.5%

6. Over 10,000 organizations are hot targets of MITM phishing attacks.

(Source: The Hacker News)

Hackers focus on over 10,000 businesses yearly using AITM phishing attacks. Usually,  they hijack Office 365’s authentication to bypass MFA security.

Moreover, this process allows intruders to steal login details and access victims’ mailboxes. 

7. About 75% of corporate websites aren’t secure. 

(Source: W3Techs)

HTTP Strict Transport Security (HSTS) protocol helps stop MITM attacks on websites. It prevents the downgrading of user requests and session hijacking.

However, only 25.7% of companies implement this technology on their web platforms.

8. Around half of organizations take shortcuts in mobile security.

(Source: Verizon)

43% of organizations compromise the security of mobile applications and services. This leaves out billions of phone users vulnerable to MITM threats. 

In addition, 62% of companies acknowledge cutting corners to meet performance targets. 52% point out they do so to offer customers convenience. 

Surprisingly, 46% also focus on cutting costs to boost profits. Meanwhile, 26% claim they lack the expertise to enforce relevant security measures.

Common MITM attack vector stats 

Cybercriminals can deploy man-in-the-middle attacks on virtually any channel of communication. Still, they prefer emails, servers, and cloud applications.

The distributions are as follows:

9. Business email compromise (BEC) is the most popular method.

(Source: IBM)

BEC ranks third on the list of well-known cyber threats with 6%.

Furthermore, malware backdoors lead the pack with 21%, followed by ransomware’s 17%. Others, like server access, remote exploit, spam, and MalDoc, also share 5% each.

10. MITM attacks surged by 30% in 2021.

(Source: Cursor Insight)

Covid-19 changed workplaces as no one would ever imagine. Most organizations enforced remote work to prevent the halting of operations.

However, this move intensified MITM attacks by about 30% in 2021. Even worse, cybercriminals aren’t slowing down.

11. Email hijacking incidents increased by 100% in 2022.

(Source: IBM)

IBM observed a 100% jump in email thread hijacking in 2022. Basically, intruders intercept emails and alter messages to their benefit.  

12. Only 5% of organizational HTTPS servers are secure. 

(Source: SecureOps)

A study by SecureOps found 95% of HTTPS servers vulnerable to MITM threats. This also goes hand-in-hand with the deliberate failure of organizations to employ HSTS.

The cost of man-in-the-middle attacks

There’s a huge price to pay when it comes to this danger.

13. MITM costs businesses over $2.4 billion in losses.

(Source: Microsoft)

BEC lure attacks take the lion’s share with 79.9%. 

In addition, invoice fraud comes a distant second with 9.3%. It’s also followed by payroll redirection, business information, and gift card scam, with 4.6%, 4.3%, and 1.9% respectively.

Additionally, BEC accounts for the top five internet crime losses globally. Fascinating, huh? 

Wrap up

As technology evolves, cybercriminals change tactics to target victims. You’ll often hear about ransomware, phishing, and malware. However, these man-in-the-middle attack statistics show it’s a silent but lethal online threat.

Still, it’s not the only one around. Constant vigilance is a must. Luckily, it’s easier when you’re informed and know what you’re dealing with. Stay safe!


What is the most common man-in-the-middle attack?

Business email compromise (BEC) is the most common man-in-the-middle attack vector. Besides, it accounts for 79.9% of financial losses.

Do MITM attacks still work?

Yes, they still work. MITM attacks rose by 30% in 2021. Additionally, hackers prefer it because it bypasses multi-factor authentication on applications. 

Is TLS vulnerable to MITM?

Yes, it is. Poor implementation of Transport Layer Security(TLS) makes it susceptible to MITM. Moreover, cybercriminals can intercept the connection, downgrade it, and take control of the session. 

What are the risks of MITM?

Our man-in-the-middle attack statistics show that it can cause huge financial losses. Every year, it sets back businesses for $2.4 billion. It also leads to data interception, credential theft, account takeover, and more.


  1. Verizon
  2. Astra
  3. Microsoft
  4. IBM
  5. The Hacker News
  6. W3Techs
  7. Cursor Insight
  8. SecureOps