25+ Shocking Data Breach Statistics & Trends

Nobody’s safe from data breaches. There have been incidents in every sector from government agencies and financial institutions to little mom-and-pop stores.

However, staying updated is challenging when the technology keeps evolving and criminals become increasingly sophisticated.

That’s why we’ve compiled a list of the essential data breach statistics, facts, and trends to help you stay informed.

Top Data Breach Stats

Here are the most revealing data breach statistics we uncovered during our research:

  • There were 6.4 million data breaches in quarter one of 2023.
  • People are actively involved in 74% of data breaches.
  • Money is the primary motive behind 95% of cyber attacks.
  • The average cost of a data breach in 2023 is $4.45 million.
  • Stolen credentials are the top cause of intentional data breaches.

Current State of Data Breaches

Data breaches have never been more relevant. Our most sensitive information is available online including our personal information, banking details, and health records.

All this could become open to the public with a few keystrokes.

These statistics show you the scope of the cyber security issue plus the different types of threats and what causes them.

Over 6 million data sets were compromised in the first quarter of 2023. (Statista)

number of compromised data sets

While this number seems high, the record was 125 million data sets exposed in the final quarter of 2020.

Total cost of a data breach
The average cost of a data breach has been rapidly increasing since 2020.

The average cost of a data breach has increased from $3.62 million in 2017 to $4.45 million in 2023. (IBM)

As the world goes digital, so do the criminals. Moving online has given hackers more remote access points into worldwide servers which elevates the risk and potential impact of breaches.

95% of cyber attacks are motivated by financial gain. (Verizon)

cyber attacks for financial gain

Hackers might infiltrate a system for a number of reasons including espionage, revenge, and disruption.

However, the overwhelming majority of attacks are for money.

Personal data is the most frequently compromised type of information. (Statista)

That includes identification, contact details, and account credentials. Poor IT governance is often to blame—around nine out of ten user errors lead to personal data getting compromised.

The most common cause of intentional data breaches is stolen credentials. (Verizon)

Almost half of data breaches are due to hackers stealing account details. That’s followed by ransomware which has become increasingly prevalent over the past five years.

Josh Amisav

“Firewalls, EDRs, and anti-virus solutions are no longer enough to keep businesses safe. The easiest way for a malicious user to gain access to your network is by leveraging a leaked or stolen password and simply log in.

To make matters worse, Multi-Factor Authentication and Passwordless apps can be bypassed as well with infostealer malware. Attackers simply use leaked session tokens to completely bypass the authentication. Given that most infostealer malware is not detected by antivirus, it’s clearly one of the biggest threats to the enterprise today.”

Josh Amisav, founder and CEO of Breachsense

74% of data breaches have a human element. (Verizon)

People are often actively involved in security issues whether that’s through credential misuse, scams, or errors.

19% of data breaches involve an internal user. (Verizon)

percentage of breaches with internal user

Around 5% of breaches stem from people both inside and outside a company.

They could be collaborating or an employee could leave a device unattended near an opportunistic hacker.

Web applications are the most popular way to breach a system. (Verizon)

Hackers gain access via web apps in almost two-thirds of cases. Emails are in second place, providing the way in for around a third of data breaches.

A massive 82% of data breaches involve Cloud technology. (IBM)

percentage of data breaches that involve cloud tech

An increasing amount of people use the Cloud for centralized data storage.

As hackers can gain remote access to these networks, reducing the risk of getting caught, they’ve become a popular target.

Global Data Breach Statistics

While statistics suggest the risk of data breaches is high, it’s essential to account for differences between regions.

Here’s a look at how the countries stack up:

Russia has the highest rate of data breaches with over eight incidents per 10 users. (SurfShark)

France is in second place with a rate of three out of 10 users compromised.

The worst-hit continent is Europe with one in five people experiencing data breaches.

breached email accounts by internet users
Countries experience varying rates of data breaches, with Russia and the USA being among the worst hit.

Kosovo has the lowest rate of data breaches in Europe at just 7 out of 100 people. (SurfShark)

Other countries with similarly low rates are Greenland, Bhutan, and French Guiana.

The top five countries (Russia, USA, Poland, France, and India) make up 70% of all data breaches. (SurfShark)

However, many countries are experiencing spikes in security issues.

Poland only just entered the top five in 2022 due to a surge of phishing attacks.

86% of business leaders predict political instability will lead to a “catastrophic” cyber event within the next two years. (WEF)

In response, they plan to tighten their business policies, monitor third parties more closely, and reconsider which countries they work alongside.

Business Data Breach Statistics

The stakes are high for companies when a single data leak could expose millions of customers’ details.

Here we’ll look at the size and scope of cyber threats to organizations and how business leaders respond.

51% of companies say “cyber security is a key business enabler”. (WEF)

importance of cyber security for companies

In response to cyber threats, organizations have begun to recognize the strategic importance of data protection and security.

Only one in three organizations detect data breaches using their own resources. (IBM)

Companies only discover security issues in 67% of cases through third parties like users, ethical hackers, and the cybercriminals themselves.

Data breaches take an average of 204 days to identify and a further 73 to contain.

Businesses take 20 days longer to resolve security issues than they did in 2017 as cyber threats become more sophisticated and harder to detect.

Around a third of companies don’t involve law enforcement after data breaches—and cost themselves an extra 9.6% per incident. (IBM)

Organizations that don’t report security issues also find breaches take 33 days longer to resolve than those that do.

security risk of resentful employees
While not the biggest threat to companies, resentful employees can pose a significant risk.

Although the most common motive for privilege abuse is financial, 13% of employees leak data because of a grudge against their company. (Verizon)

A further 5% peek into business accounts to discover secrets they can sell to competitors.

Confidential information like this could help rivals gain an edge or undercut their victim’s strategies.

90% of major energy suppliers have experienced a third-party data breach in 2023. (SecurityScorecard)

Our reliance on the energy sector has made it a high-value target for criminals.

Experts believe supply chains are the weak link given 92% of leading companies have also encountered a fourth-party data breach.

Costs from healthcare data breaches have risen by 53.3% since 2020. (IBM)

costs of healthcare data breaches

As more medical records get stored online, average losses have reached $10.93 million.

You may think of hospitals but breaches can also occur at research facilities, healthcare suppliers, and insurance firms.

Financial Data Breach Statistics

Financial data poses a significant risk, given the sensitive nature of the information involved and the sector’s central role of banks in global economies.

That’s why we’ve dedicated a separate section to this industry and its unique cybersecurity challenges.

The finance sector has the second highest data breach costs after healthcare at $5.9 million. (IBM)

Due to strict regulations, financial institutions are subject to harsh penalties for mishandling customer information.

Banking details aren’t the most common type of compromised data in the financial and insurance industry. (Statista)

Financial data only gets leaked in 21% of security incidents. Breaches at banks, investment firms, and insurance companies are more likely to expose your personal details and user credentials.

The majority of hackers exploit vulnerabilities in web apps to seize cryptocurrency. (Verizon)

Over 90% of data breaches related to cryptocurrency occur on web apps.

Users can avoid theft by using complex passwords, enabling multi-factor authentication, and using private networks to make transfers.

Data Breach Victims

Data breaches can have a far-reaching and deep impact, especially when they’re intentional.

Here we’ll focus on the extent of the issue and the individual cost to victims.

total compromises and victims
After declining in the late 2010s, the number of data breach victims has begun to increase again.

There were over 422 million victims of data breaches in the US in 2022. (ITRC)

This number is over 25% higher than in 2020 and 2021. Interestingly, the victim count was in the billions which suggests cybersecurity improved after governments introduced new data laws in 2018.

The personal cost of data breaches can be high—credit card fraud has an average loss of around $11,000 and affects 23,000 people per year. (SurfShark)

Identity theft has more cases per year at 28,00 with a mean cost of $6,776. A staggering 300 million users fall victim to phishing each year, but the average payoff for criminals is just $173.

At 34%, 2022 was the year with the lowest number of breach notices that included both victim and attack details. (ITRC)

This figure means the majority of individuals and businesses affected by breaches don’t have the information they need to address data compromises.

Eva Velasquez

“​​The trend away from transparency also points out the overall inadequacy of the current patchwork quilt of state data breach notification laws, many of which now date back to 2005 when virtually all breaches involved paper records, lost or stolen laptops, or data tapes lost in transit.”

Eva Velasquez, CEO of the Identity Theft Resource Center

The most frequently compromised types of personal data are full names and social security numbers. (ITRC)

With these details, a hacker can open fraudulent accounts and apply for loans.

That’s why it’s essential for businesses to monitor accounts for unusual activity and ask users to verify their identity.

The biggest ever data breach was Yahoo with over 3 million compromised accounts. (CNBC)

Despite occurring back in 2013, the attack on Yahoo still has the highest victim count.

The security issue affected every user account in their system.

Comparing Different Types of Data Breaches

When we talk about a data breach, we mean any lost, damaged, or exposed information.

That means there’s a wide range of reasons why compromises happen from organized cyber criminal groups to someone leaving their smartphone at a cafe.

difference causes of data breaches
Verizon has discovered fluctuations in the different causes of data breaches over time.

System intrusion is the most common way hackers gain unauthorized access to networks. (Verizon)

Using software to exploit weak spots in a system has taken the top spot since 2021.

Before then, social engineering was the most popular way to hack into a system.

Phishing scams account for 44% of social engineering. (Verizon)

percentage of phishing scams

In phishing attacks, cybercriminals trick users into downloading an attachment or following a link.

These files usually contain malware that collects or damages data.

The rate of pretexting scams has quadrupled since 2017. (Verizon)

As the name suggests, “pretexting” is when the hacker pretends to be someone the victim knows and asks them for their credentials.

That’s why it’s become popular for companies to post disclaimers saying they’ll never ask for your details.

Misdelivery makes up 43% of data breaches caused by human error.

Now most communication has moved online, it’s easy to accidentally send a message to the wrong recipient.

You might ‘cc’ them into a thread or input the wrong name into the email address field.

Compromised devices are around five times more likely to be misplaced than stolen.

Hackers can gain entry to networks from open user accounts on smartphones and laptops but they’re usually crimes of opportunity.

global cost of ransomware
The cost of ransomware attacks is increasing exponentially as we approach the next decade.

Experts predict ransomware will cost the world 265 billion by 2031. (Cyber Security Ventures)

The average loss of an attack is already $10 million. Due to criminals refining their technology, experts believe ransomware will hit a company every 2 seconds by the 2030s. 

Data Breach Laws and Regulations

With the introduction of stringent laws, the state of data security and protection has transformed. Let’s look at the impact of these regulations:

Over 90% of organizations are unprepared to meet GDPR and CCPA guidelines. (CYTRIO)

organizations meeting gdpr guidelines

A study found that the majority of companies don’t have a comprehensive privacy policy that mentions how they’ll meet international data laws.

This startling fact applies to businesses of all sizes, not just small teams with few legal resources.

Businesses operating in the EU can receive fines of up to €20 million ($21.5 million) or $4% of their global revenue for violating GDPR guidelines. (GDPR)

The GDPR is relatively new and only just celebrated its fifth anniversary in 2023.

However, the EU legislature is already the standard for many other data protection laws worldwide.

The largest ever fine for a data breach was $1.1 billion dollars. (Statista)

largest data breach fine

Vehicle-for-hire company, Didi Global, settled for this amount in 2022 after allegedly collecting millions of pieces of passenger data including screenshots, locations, and facial recognition information.

Amazon comes in second place with an $877 million fine for security incidents in 2021. (Statista)

The EU found the retail giant had breached GDPR guidelines by using account holders’ information for marketing purposes.

An Amazon spokesperson said, “There has been no data breach, and no customer data has been exposed to any third party.”

cyber leaders agreement on privacy regulations
The overwhelming majority of business and cyber leaders agree that privacy regulations are beneficial.

Around three in four organizations say that cyber and privacy regulations help them effectively reduce risks. (WEF)

Only 3% strongly disagree that they benefit from legislation surrounding data protection and security like the GDPR.

What Journalists Are Reporting About Data Breaches

Now data breaches are becoming more common, there’s growing concern about how well companies guard sensitive information.

That’s why significant security issues like the ones below often make the news.

23andMe announced that hackers had gained access to over 6.9 million profiles by using old passwords. (The New York Times)

Besides personal data, the genetic testing service holds information about users’ health and ancestry.

A spokesperson said 23andMe was notifying all account holders and asking them to change their login credentials.

Even cybersecurity providers aren’t safe—authentication service, Okta, encountered a hack that caused their shares to drop by 7%. (CNBC)

Okta is a leading identity management solution that helps businesses verify users as they log into a system.

Hackers entered their customer system to gain access to credentials.

TikTok received a €345 million ($371 million) fine for making children’s accounts public by default. (The Guardian)

There are different expectations of privacy for minors. The Irish Data Protection Commission (DPC) ruled that TikTok hadn’t included sufficient checks for parental controls or guided underage users to make their accounts private.

Trends in Data Breaches and Cyber Security

So far we’ve covered recent trends and statistics in data breaches. In this section, we’ll look at upcoming trends and experts’ predictions for the next ten years.

51% of businesses are planning to invest more into cybersecurity due to a breach. (IBM)

businesses planning to invest in cybersecurity

Investing in AI and automation security software solutions could save organizations up to $1.76 million per year.

Business leaders say increasing employee awareness is the most effective way to strengthen their cybersecurity. (WEF)

However, experts disagree—they say investing in cloud-based services and integrating technology into all areas of the organization should take priority.

Companies that invest in security will reduce data breaches by two-thirds. (Gartner)

There is a constant risk of cyber attacks but organizations that continually improve their threat management will deflect most hackers by 2026.

Jeremy Jurgens

“Geopolitical instability, rapidly maturing and emerging technologies, lack of available talent, and increasing shareholder and regulatory expectations represent some of the significant challenges that concern cyber and business leaders.

The outlook, however, need not seem bleak. There’s hope for better understanding – and more effective action – in the future.”

Jeremy Jurgens, Managing Director of World Economic Forum

Wrap Up

No matter what industry you work for, it’s important to consider the role of data protection.

Breaches can affect everyone from large organizations and governments down to individual people. 

As the world recognizes and adapts to the new risks, we’re moving from a reactive to a forward-thinking approach.

We think 2024 will be a year when companies continue to invest in cybersecurity and robust data security becomes standard, rather than an afterthought.

Recommended reading:

Rhiannon is an experienced B2B SaaS content writer who specializes in reviews and comparisons to help readers make the most fully-informed choices.