Data Breach Statistics

Today’s cybercriminals are more sophisticated than ever, leveraging the latest technology to launch complex cyberattacks. Security breaches have become extremely common, targeting large corporations, small businesses, and even individual consumers.

Our society is increasingly reliant on digital infrastructure for our day-to-day activities, which often include remote work. These trends have exacerbated the frequency of data breaches and underscore the need for robust cybersecurity measures, whether it’s at work or at home.

We’ve rounded up some of the most fascinating data breach statistics to provide a closer look at the current data security landscape. These statistics illustrate the sobering frequency of data breaches and highlight cyber crime trends to watch out for.

Key Takeaways

• Data breaches happen with an alarming frequency, affecting over 422 million individuals in 2022 in the US alone.
• The healthcare industry is the most common target of data breaches, followed by the financial services sector.
• Data breaches are expensive to find and recover from, costing $4.35 million on average and even more for companies based in the United States.
• Many organizations take months to contain data breaches, worsening their effects.
• Data breaches happen for a variety of reasons, ranging from weak passwords to social engineering attacks and more.

What is a Data Breach?

A data breach is a type of security compromise where an unauthorized person or group gains access to secure data. Many data breaches happen as a result of cyber attacks.

However, data can be manually compromised as well. For example, an unauthorized person breaking into a secure physical file system would count as a data breach. However, most of today’s data breaches happen online, since secure records are most likely to be stored digitally.

There are many different types of data that are vulnerable to data breaches. Bank accounts, credit card numbers, and other types of financial information are common targets. Social Security numbers and other types of personal data are also vulnerable.

For corporations, customer data is a common target. These include customer passwords or confidential purchase information. However, almost any form of corporate data could be vulnerable to a breach, depending on your organization.

How Many Data Breaches Occur Each Year?

Data breaches happen at an alarming frequency. The number of data breaches of individual records is often in the billions, and worse, many victims don’t realize their records have been compromised until it is too late.

• In 2022, there were 1,802 data compromises and 422 million individuals were affected. (Statista, 2023)
• In 2021, there were 22 billion individual records compromised. (Security.com, 2022)
• 83% of organizations surveyed in 2022 experienced more than one data breach. (IBM, 2022)

How Many Data Breaches Occur Each Day?

Data leaks happen with daily frequency. Because of this, it’s very important to be consistent with your data protection measures.

• From 2013 to 2018, there was an average of 3.8 million records stolen each day. (University of North Georgia, 2018)
• There are approximately 2,200 cyber attacks each day. (Security Magazine)

Data Breach Statistics by Industry

Some industries are more vulnerable to data breaches than others. This is because they deal with high volumes of sensitive data. Here are some data breach statistics for the most targeted industries.

Healthcare

The healthcare industry is one of the top targets for data breaches. This is largely due to the sheer volume of sensitive information that hospitals, insurance companies, and other healthcare organizations collect about their patients. This industry also has some of the strictest compliance standards in place to prevent these data breaches.

• Between 2009 and 2022, there have been 5,150 healthcare data breaches of 500 or more records in the United States. This has resulted in the exposure of over 382 million individual records. (HIPAA Journal, 2023)
• There have already been 273 reported healthcare data breaches in the first half of 2023. (HIPAA Journal, 2023)
• Healthcare data breaches are the most expensive of any industry, with an average cost of $10.1 million. (IBM, 2022)
• The healthcare industry makes up 20% of all publicly-reported data breaches. (IT Governance, 2023)
• Hacking and IT incidents are the most common cause of data breaches in the healthcare industry. (US Department of Health and Human Services, 2023)
• The largest-ever healthcare data breach was the Anthem data breach in 2015, which affected data from over 80 million then-current and former Anthem customers. (Fierce Healthcare, 2020)
• The use of electronic health records in hospitals jumped from 16% in 2010 to 97% in 2014 and has remained at that rate since then. (HealthIT.gov, 2021)

Finance

The financial sector is also a major target for data breaches. Identity theft and other forms of fraud often stem from data breaches at these organizations.

• Between 2018 and 2022, financial data breaches resulted in 153.3 million leaked records. (Comparitech, 2022)
• 71% of data breaches are financially motivated. (Verizon, 2023)
• Within the financial sector, insurance companies have been the biggest victims of data breaches over the past five years, followed by banks and investment companies. (Comparitech, 2022)
• 80% of Americans worry that businesses aren’t able to properly safeguard their financial information. (AICPA & CIPA, 2018)
• Losses from cryptocurrency theft rose from $2.3 billion in 2021 to $3.7 billion in 2022, a 57% increase. (Immunefi, 2022)
• In 2022, at least 79 financial services companies reported data breaches affecting 1,000 or more consumers, with Receivables Performance Management being the largest. (American Banker, 2022)

Education

Cyber criminals have increasingly targeted schools and other organizations in the education sector over the past several years. Many of today’s students use their personal devices to submit assignments or even take classes, which can put their data at risk.

• Over the last 20 years, 32 million records have been compromised in 2,700 higher education data breaches. (University Business, 2023)
• California has the largest volume of data breaches in total, with 2.3 million records affected. (University Business, 2023)
• 83% of records affected by education data breaches were from post-secondary institutions. (Comparitech, 2023)
• Illuminate Education was the target of the largest-ever education data breach in 2022. Illuminate provided technology services to major school districts across the country and compromised the personal information of 820,000 students in New York City alone. (EdWeek, 2022)
• The education sector saw a 44% increase in cyber attacks from 2021 to 2022 (Checkpoint/Infosecurity Magazine, 2022)
• 88.8% of higher education organizations don’t take necessary measures to protect their students and staff from phishing attacks that use spoofing to mimic their online domain. (BusinessWire, 2018)

Government

Even the government is not immune to data breaches, many of which are politically motivated. Government agencies have access to classified data that other organizations don’t, which makes them a top target.

• From 2014 to 2022, data breaches cost federal, state, and local governments a total of $26 billion. (Comparitech, 2022)
• The average number of records affected in a government breach is 71,534 as of 2022. (Comparitech, 2022)
• The US government budgeted $10.89 billion for cybersecurity in 2023. While this is an increase from $9.84 billion in 2022, it is down significantly from $18.79 billion in 2020. (Statista, 2023)
• The US Office of Personnel Management experienced back-to-back breaches in 2014 and 2015, compromising sensitive data for over 22 million people. This was one of the largest government data breaches ever. (Reuters, 2021)

Costs of a Data Breach

In addition to causing potential safety issues, data breaches are also extremely expensive to recover from. Data loss comes with a variety of hidden costs, from identity theft to ransomware payouts. There are also long-term costs associated with recovering data, re-securing your systems, and regaining your customers’ trust.

• The average cost of a data breach is US$4.35 million. (IBM, 2022)
• The average data breach cost in the United States is $9.44 million, which is almost twice as high as the global average. (IBM, 2022)
• The average total cost of a data breach increased by 2.6% between 2021 and 2022. (IBM/Ponemon Institute, 2022)
• The average cost of data breaches could reach $5 million globally in 2023 if growth continues. (Upguard, 2023)
• 29% of companies lost revenue after a data breach. (Terranova Security, 2023)
• Companies that contain a data breach in less than 30 days save over $1 million in comparison to companies that take longer. (Varonis, 2022)

What’s the Average Length of Time It Takes to Notice A Data Breach?

Many data breach victims don’t notice that the breach has happened until it’s too late to fix the problem, making these attacks even more damaging. The information compromised in a data breach is often sold on the dark web or shared in other ways, creating even more security issues.

• It takes an average of 277 days for businesses to identify and report data breaches. (IBM, 2022)
• It takes about 69 days after the breach is initially identified to contain it. (IBM, 2022)
• Data breaches that happen as a result of compromised credentials take longer to identify, at an average of 327 days. (IBM, 2022)
• About 60% of data breaches are discovered within days, but 20% take months to identify. (Verizon, 2021)
• 60% of SMBs will shut down within six months of a data breach. (Security Intelligence, 2021)

Most Common Causes of a Data Breach

There are many different types of cyber threats that can ultimately result in a data breach. Here are some of the most common causes of data breaches to be aware of.

Weak and Stolen Credentials

Many data breaches happen when hackers steal sensitive usernames and passwords. There are several ways this can happen. Many hackers use spyware to track keystrokes, while others use brute force attacks, which leverage computing power to “guess” vulnerable passwords.

Once the hacker has access to these passwords, they’re able to infiltrate the target system, compromising even more data. Many people will also use the same passwords for multiple accounts, resulting in even more vulnerabilities.

• 30% of online users have experienced a data breach due to a weak password. (GoodFirms, 2023)
• 24% of Americans have used variations of extremely common passwords like “password”, “ABC123”, etc. (Google/Harris Poll, 2019)

Back Doors or Application Vulnerabilities

Many hackers also look for vulnerabilities in the servers or applications they are targeting. By finding “back doors”, they are able to access sensitive data that would otherwise be protected. Regularly updating the software programs you use is the most effective way to minimize these vulnerabilities.

• 81% of mobile apps are vulnerable to cyber attacks. (Business of Apps, 2023)
• Android apps are more likely to be vulnerable to data breaches than iOS apps. 84% of Android apps are vulnerable compared to 70% of iOS apps. (HelpNet Security, 2021)

Malware

Malware is a category of malicious software programs that cyber criminals often use to access sensitive data. We’ve already mentioned spyware, which is used to track a user’s online behavior.

Ransomware attacks are also an incredibly common source of data breaches. Ransomware captures data on the victim’s system and then holds it for ‘ransom’, charging a large sum of money to return the data. If the target does not pay the ransom, the hacker could sell the data to third parties or publicize it.

• The average cost of a ransomware breach is higher than the average data breach, at $4.62 million. (IBM, 2022)
• There were 493.33 million ransomware attacks in 2022. (Statista, 2022)

Social Engineering

Social engineering is another frequently-used technique among cybercriminals. Phishing attacks are the most common form of social engineering, and they typically happen via email, social media, or phone. With these attacks, the hacker pretends to be a trusted source in order to gain access to vulnerable data – usually login information for a specific account.

Social engineering is particularly dangerous because it can’t be prevented with firewalls or antivirus programs. Instead, you’ll need to be very cautious with your digital communications to avoid it.

• There were 300,497 phishing victims in 2022 in the United States. (Forbes, 2023)
• 70 to 90% of data breaches use some form of social engineering. (GlobalSign, 2020)

Insider Threats

Insider threats happen when someone within an organization decides to leak, sell, or otherwise compromise sensitive data. Like social engineering, these threats can also be very difficult to predict. Maintaining a strong company culture can help organizations avoid these insider threats.

• Insider threat incidents rose 44% between 2020 and 2022. (ProofPoint/Ponemon Institute, 2022)
• Insider threats cause approximately 20% of global data breaches. (Verizon, 2022)