Today companies rely more and more on ever-expanding data. The downside is that data is often susceptible to costly security breaches, a trend that has become more prominent in the post-pandemic world. These data breach statistics will show you how valuable it is to work on properly installing security measures to prevent catastrophic incidents. Otherwise, your company might join the list of numerous organizations experiencing devastating security breaches that result in the loss of customers, profits, and reputation.
Data Breach Statistics (Editor’s Choice)
- It takes an average of 287 days for an organization to detect a data breach. (Varonis)
- Only 54% of organizations know where their information is stored. (Panda Security)
- The average cost of a stolen record stands at $150. ((IBM))
- The average cost of a data breach is about $1.07 million higher due to remote work since COVID-19. (IBM)
- Small businesses account for 43% of data breaches. (Verizon)
- Compromised credentials are the reason for 20% of breaches. (IBM)
General Data Breach Stats
1. In the first six months of 2019, around 20 data breaches occurred daily.
A recent report from Risk Based Security demonstrated that there were 3,813 breaches between January and June or 20 per day on average. These breaches exposed more than 4.1 billion records with social security numbers, bank information, birthdates, full names, and other sensitive info. For reference, this number was 54% higher than the same period in 2018.
(Dark Reading)
2. It takes approximately 287 days for an organization to identify a data breach.
Typically, organizations manage to identify a data breach after quite some time. Afterward, they spend about 80 days on average to contain the breach. Yet, it takes the longest to handle a healthcare data breach, stats show. Namely, a healthcare data breach lifecycle is 329 days on average, followed by the financial industry, with 233 days.
(Varonis)
3. In 2021, the number of data breaches skyrocketed by 68%.
The latest report from Identity Theft Resource Center shows that in 2021 there were 1,862 breaches, which is higher than those in 2020 (1,108). One of the main drivers of this unwanted growth of all data breach types was the effects of coronavirus and rapid digitization.
(CNET)
4. In 2021, the number of breaches involving sensitive info theft grew to 83%.
In line with cyber breach statistics, the percentage of breaches that involve sensitive info grew from 80% in 2020 to 83% in 2021. Nonetheless, it remained below the record 95% in 2017. Moreover, despite the increase in breaches, the number of affected people decreased by 5% or reached 294 million. This was attributed to the shift of cybercriminals toward smaller, focused attacks, cybersecurity statistics indicate. Also, ransomware's hits doubled in 2021 and accounted for 22% of all attacks.
(CNET)
5. Only 54% of organizations know where their sensitive information is stored.
One of the highest data breach risks is that nearly half of the surveyed companies don’t know where their sensitive data is stored, data breach stats show. Gemalto confirmed in its study that this data often includes customers' physical addresses, bank details, etc. As a result, organizations risk breaches, not knowing where their data is stored. Without the visibility of data, it’s pretty difficult to prevent this. Also, 65% of companies accumulate so much data they can’t even analyze or categorize it.
(Panda Security)
6. Companies store 48% of corporate data in the cloud.
Although nearly half of all corporate data finds its home in the cloud, 49% of the companies encrypt the stored data. Data breach statistics also show that 78% of businesses consider it important to own encryption keys. Nevertheless, companies have to protect the data initially entrusted to them either in the cloud or traditional storage.
(Prime Factors)
7. In Q1 2020, Cisco was the largest cybersecurity vendor with a 9.1% market share.
Many cybersecurity companies provide solutions that help companies protect their data from potential breaches. Among the most prominent cybersecurity companies, Cisco stood as number one by market share for several years. After this tech giant, Palo Alto Networks and Fortinet held the largest market share with 7.8% and 5.9%, respectively. Next, Check Point had a 5.4% market share, followed by Symantec, with 4.7%. Ultimately, according to data breach statistics, the list of significant players in this field includes IBM (4.5%), McAfee (4%), and Trend Micro (3.5%).
(Statista)
Statistics on the Cost of Data Breach
8. The total costs of breaches increased by 10% between 2020 and 2021.
Between 2020 and 2021, organizations registered the largest ever rise in data breach costs. Namely, the cost increased from $3.86 million to $4.24 million. The costs were lower for organizations that approached security issues and handled data more seriously and maturely, according to data breach cost statistics. However, the costs went through the roof for those that fell behind in areas like AI security, automation, and cloud security.
(IBM)
9. The average cost per stolen record is $150.
For instance, the average cost of a breach per record was $161 in 2021, which is $15 higher than in 2020 ($146). Compared to 2017, for example, it’s a 14.2% increase ($141).
(IBM)
10. The average cost of a data breach was about $1.07 million higher due to the remote work factor since COVID-19.
Data breach trends point to the negative impact of the COVID-19 pandemic. Breaches resulting from remote work have registered higher costs than other security violations. For 17.5% of companies, remote work was an important factor in the breach. Organizations with over 50% of their workforce working offsite spent 58 days more identifying and mitigating the breach.
(IBM)
Principal Causes of Data Breaches
11. Compromised credentials account for 20% of breaches.
Emails are responsible for 4% of breaches, with the highest average cost ($5.01 million). Next is phishing ($4.65 million), malicious insiders ($4.61 million), and social engineering ($4.47 million). Compromised credentials have an average total cost of $4.37 million.
(IBM)
12. Misconfigurations will cause 99% of firewall breaches by 2023.
According to Gartner data breach stats predictions, configuration mistakes will cause over one-third of breaches resulting from errors. These include firewall configurations, cloud systems, and servers misconfigured to enable unauthorized access.
(Dark Reading)
13. Physical attacks have declined between 2019 and 2021, with 118 vs. 51, respectively.
Although physical attacks could be a common cause for breaches, they seem to be decreasing lately. The main reason is that the ongoing pandemic for two years has limited the possibility of attackers physically stealing sensitive data. Most of the activities are now happening online. Identity Theft Research Center reported that 294 million victims were subjects of breaches in 2021.
(Dark Reading)
Cyber Breach Statistics by Industry
14. The healthcare industry experienced 11 consecutive years of the highest costs for breaches of security.
Judging from all recent reports, the history of data breaches in healthcare goes way back. It also registers the highest costs. The costs of breaches increased from $7.13 million in 2020 to $9.23 million in 2021, or a staggering 29.5% growth.
(IBM)
15. Between 2009 and 2021, there were 4,419 healthcare breaches.
HHS’s Office for Civil Rights received nearly 5,000 reports for cyber breaches with over 500 exposed records in this industry. As a result, about 314,063,186 healthcare data records have been lost or stolen, healthcare data breach statistics confirm. To put it in perspective, it’s 94.63% of the US population. Further, in 2018, there was one data breach per day of 500 or more records stolen. In 2021, this rate doubled — an average of 1.95 breaches per day of 500 records.
(HIPAA Journal)
16. Small businesses represented 43% of all data breaches.
Based on one of the recent reports by Verizon, small businesses run a serious risk of data breach incidents. The report revealed that they are the number one target for criminals because of their false sense of security. Also, most small business owners expect criminals to go after bigger fish. However, they first go for these small, easy targets. Moreover, data breach statistics show that cybercriminals see another important benefit from attacking small businesses. They can be an entry point for larger companies with which small firms do business. In fact, 59% of companies have been victims of a data breach due to third-party vendors.
(Verizon)
17. 60% of small businesses that experience a cyberattack shut down within six months.
Many cyber attacks that provoke companies to go down could be avoided. Despite that, small businesses often fail to implement all the measures that could save them. Otherwise, the increase of cyberattacks is just too high for a small venture, small business data breach statistics confirm.
(Verizon)
18. In 2020, there were over 1.4 million reports of identity theft.
According to the Federal Trade Commission, identity theft was one of the most common types of data breaches in 2020. At least, this was the most frequent type of complaint customers filed. Namely, it accounted for nearly 30% of all reports FTC has received.
(The Ascent)
19. The number of reports for credit card fraud has been going up, hitting a 44.7% increase in 2020.
Hackers are always interested in credit card fraud. However, some years stand out with a record number of reports on this type of breach. For instance, 2020 is one such year when the number nearly doubled. There are two main types of credit card fraud. First, identity thieves could use the information to open a credit card in a customer’s name. Otherwise, they could use an already active card, credit card data breach statistics show.
(The Ascent)
20. 26% of law firms confirmed they suffered a data breach of some sort.
Security is especially important for law firms because their clients entrust them with the most confidential personal information. That’s one of the reasons why law firms often end up as a target for hackers.
(Clio)
21. 36% of law firms confirm they have an incident response plan.
Although incident response should be one of the top priorities for law firms working with tons of sensitive data, it’s not often the case. Only a fraction of law firms has an incident response program. Usually, it depends on the size of the firm. So, 12% of firms with one attorney have this plan, followed by 21% of those with two to nine attorneys. Ultimately, 80% of offices with over 100 attorneys have an incident response plan for their law firm, data breach statistics reveal.
(ABA)
22. A glitch at Twitter forced the company to alert its 330 million users to change their passwords.
A couple of years ago, Twitter experienced a glitch that made the social media giant send a warning to its customers to change their passwords since some were exposed on its internal network. Based on the company’s statement, the passwords ended up ‘unmasked in an internal log.’ Yet, the company didn’t publish how many customers had been affected. However, the internal investigation showed there hadn’t been any data breach.
(CBS News)
23. Facebook shared personal info from 87 million users with the consultancy Cambridge Analytica.
Social media data breach statistics indicate that these media accounted for 56% of all records compromised in the first six months of 2018. According to Gemalto's report, 4.5 billion data records were compromised in the mentioned period. The same period also saw 945 breaches. Facebook-Cambridge Analytica was one of the largest incidents since this data leak might have impacted around 60,000 South African users.
(IT Web)
24. Retailers account for 24% of cyberattacks.
Data breach statistics show that due to the quantity of data these companies manage, no wonder they have a ‘rich’ data breach history. The most common attacks that hackers attempt include credential phishing (30.43%) and malware (21.74). Other than that, some also experience ransomware threats (13.04%), DDoS attacks (10.14%), and many other cyber methods (24.65%).
(Fortinet)
25. 62% of consumers don’t trust retailers' data security capabilities.
Most consumers lack confidence in retail companies’ cybersecurity measures and their effectiveness. Moreover, 25% say that their data is not safe, retail data breach statistics confirm. One of the ways retail organizations could address this issue is by following the PCI DSS standards, ensuring customer payment info is out of attackers’ reach.
(Fortinet)
26. Data privacy and security, with 42%, are the biggest challenges associated with cloud computing.
Cloud computing statistics show that many companies, depending on the industry, struggle with different obstacles in this area. One of the most common hurdles includes data security. Other notable issues include data governance and compliance (39%) and controlling costs (37%). For SMBs, controlling costs is the number one challenge (43%), followed by data security (36%), migration to the cloud, and related activities (28%).
(Expert Insights)
27. Around 90% of data breaches target cloud servers.
Although cloud storage platforms could be more beneficial for keeping data, cloud data breach statistics reveal it’s also important to handle the safety of stored data. It’s vital since almost all data breach attacks target the cloud. However, hybrid cloud breaches cost companies about $1.19 million less than breaches on the public cloud. Statistics reveal that the cost of a data breach in hybrid space amounts to around $3.61 million.
(CyberTalk)
The Largest Data Breaches in History
28. DSW Shoe Warehouse breach was the first major data leakage, with over 1.4 million credit card numbers compromised.
One of the first major data breaches occurred in 2005, reaching over one million compromised records. The same year, a significant data breach hit George Mason University, the first of this kind, exposing 32,000 pictures, social security numbers, and names of students and staff, data breach stats reveal.
(LifeLock)
29. In 2013, Yahoo experienced one of the largest data breaches that affected all three billion customers.
Yahoo suffered one of the largest data breaches in history. A particular attack that hit the company in 2013 left all three billion of its user accounts exposed. Moreover, in 2014, they suffered another attack that affected 500 million accounts. Attackers stole users’ names, phone numbers, birth dates, passwords, and backup email addresses.
(NY Times)
30. Data Root Analytics experienced a data breach in 2017, losing over 198 million US voters’ personal information.
The data was stored on the Amazon S3 server but was visible to anyone who found it due to a misconfiguration. According to data breach statistics, it was one of the largest data breach incidents in US politics that year.
(Wired)
31. Facebook didn’t notify over 530 million users whose personal data was compromised in 2019’s breach.
Facebook experienced a data breach in 2019 that affected a staggering half a billion users. Namely, customers' numbers, locations, full names, email addresses, and similar details ended up on an amateur hacking forum. The leak comprised data from the company’s users from around 106 countries.
(NPR)
The Bottom Line
These data breach statistics suggest that companies still have much to learn about the GDPR and data governance to avoid incidents. Further, they seem to confirm the importance of having a data breach response plan and identifying vulnerabilities. Otherwise, the hackers will manage to penetrate the systems of companies that even have many defenses in place. Organizations and business leaders must learn from others’ security mistakes rather than their own.
FAQs
How many data breaches happen every day?
Hackers create around 300,000 new malware each day, designed to steal data. According to security breach statistics, these include viruses, Trojans, adware, and spyware. For reference, there are over 4,000 cyber-attacks every day in the US, while globally, attackers hack 30,000 websites daily. For instance, between March and April 2020, hackers registered more than 300,000 websites with coronavirus-related keywords to scam users.
(IT Chronicles)
What is the most common data breach?
There are many forms of breaches. Often employees lose their phones or computers, and the information gets stolen. Other than thefts caused by human error, there are many others due to malicious activities of attackers. These include phishing, malware, ransomware, password guessing, recording keystrokes, and DDoS attacks.
(HubStor)
What percentage of data breaches are caused by human error?
Data breach statistics indicate that cyber protocols in a company and awareness about them matter a lot. Sometimes, the human factor can bypass the most complex protection systems. In fact, human errors often lead to successful attacks and, as a result, data breaches. Namely, 95% of the cyber violations originated from human errors. Since antivirus programs often focus on firewalls and scans, companies never sufficiently tackle employees’ cybersecurity education.
(Forbes)
