Here are the latest data breach statistics and facts you need to know.
Cost Of A Data Breach
The average cost of a single incident of prolonged ransomware breach is $4.62 million.
The average cost of a single instance of a prolonged data breach is $4.24 million in the long term.
In 2021 the average cost of a data breach jumped by 10.3% compared to 2020.
The average cost of a data breach for the healthcare industry was $7.13 million in 2020.
The average cost of a data breach for the healthcare industry was $9.23 million in 2020.
The average cost of a data breach for the healthcare industry increased 29.5 from 2020 to 2021.
39% of all costs related to data breaches happen a year after the incident occurs.
Lost business opportunities were the largest share of breach costs in 2021. The average cost of such a breach is $1.59 million when all factors are tallied up.
A breach that a lifecycle of 200 days will cost the affected company $4.87 million.
The highest average cost of a data breach occurs in the United States.
Americans have an average cost of $9.05 million per data breach each year.
Mega breaches had an average cost of $401 million in 2021.
The average cost of a mega breach was $392 million in 2020.
The average cost of a mega breach jumped by 97% from 2020 to 2021.
In 2019, global spending in regards to information security was predicted to exceed $124 billion.
Data breaches have caused material disruption to the businesses of 75% of companies.
Per data breach, the global average cost rose to $3.29 million in 2019.
Over 50% of the cost of a data breach can be ameliorated if the recovery process is automated.
For each lost or stolen record, the company loses $150.
Common Causes Of Data Breaches: How They Happen
Scam emails sent impose a total cost of 6.4 billion worldwide every single day of the year.
In 2018, misconfigured S3 buckets are to blame for the compromising of 70 million records.
Over 58% of companies have made over 100,000 folders available to all employees.
Formjacking code is responsible for 4,800 beaches of websites every single month of the year.
40% of all organizations worldwide state that they were were impacted in some way as a result of the behavior of cryptominers in 2018.
34% of all data breaches that happened in 2018 involved internal actors in some way.
71% of all breaches happen because the perpetuators have a financial motivation for their actions.
24% of all breaches of data happen as a result of the use ransomware.
60% of cyber attacks that occurred in the healthcare sector involved some form of ransomware in 2017.
17% of all data breaches involved phishing. Hackers used this method to get important data from the organizations they targeted.
967.7 million active malware programs were found by experts during 2019.
57% of all organizations that had some form of data breach in 2018 had firewalls in place for all of their employees when they were infiltrated by ackers.
69% of the total number of cyberattacks that happened during 2019 were committed by people with no official ties to the organization where the data breach took place.
31% of the total number of cyberattacks that happened during 2019 were committed by people who had official ties to the organization where the data breach took place.
51% of the total number of cyberattacks registered took place as a result of malicious or criminal intent by the hackers behind them.
25% of the total number of data breaches involve some form of negligent behavior by a company's employee or by those who have been given access to such data because they have been hired for contract work.
24% of the total number of data breaches involve some form of system glitch by the owner of the computer.
Insider involvement is believed to be responsible for 40% of all known healthcare data breaches in 2018.
The number of malicious attacks has increased by 21% in the last five years. This number is only expected to grow even more in the next five years.
Experts have been able to demonstrate that 3.2 billion records in the first half of 2019 were breached as a result of the effects of misconfigured databases and services.
75% of 2019 all known skimming incidents in Florida happened when the victim was at a gas station.
9% of 2019 all known skimming incidents in Florida happened when the victim was engaging in some form of transaction at an ATM.
21% of all folders that are found in a typical company are open to all employees in that company.
Average Response Time & Lifecycle
In 2021, it took an average time of 212 days to respond to a data breach once it was discovered.
In 2021, it took an average time of 75 days to contain a data breach once it was discovered.
The average data breach required 287 total days to respond and contain the data breach effectively once it was discovered in 2021.
In 2022, it took an average time of 207 days to respond to a data breach once it was discovered.
In 2022, it took an average time of 70 days to contain a data breach once it was discovered.
The average data breach required 277 total days to respond and contain the data breach effectively once it was discovered in 2022.
In 2022 the average number of days to respond to a data breach dropped by ten days when compared to 2022.
Companies that are able to contain any kind of data breach in less than 30 days are able to save an average of more than $1 million when compared to those companies that take take longer than a month to contain such breaches.
Companies that take longer than a month to contain such breaches can face major fines that can exceed a hundred thousand dollars if they take too long to let others know about the data breach.
$740,000 is the total cost to notify customers about the data breach in the United States.
$3.86 million is the total average cost of a data breach for companies in the United States.
Having a fully dedicated CISO can mitigate the costs of a data breach by 20%.
Remote Work-Specific Data Breaches
In instances where the data breach for an American company happened when the worker in question was working remotely, the cost to fix the entire breach increased for the American company by $1.07 million.
In American organizations where over 80% of the workers were working remotely, the cost of the average data was a total of $5.54 million.
70% of American workers who work remotely believe they have had at least one data breach while they have been working remotely.
Remote working has increased by over 44% in the last 5 years.
$3.99 million was the cost for a data breach for those organizations that had less than 20% of their employees who were on some form of remote work.
The average cost of a data breach in American companies was $1.11 million when the workers in question were mostly engaged in remote work.
Remote work increased the cost of a data breach for American by 24%.
Bring Your Own Device, also known as BYOD usage has increased among American employees 58% since 2020.
Companies that limit access to company data and intellectual property to only those who need to know it increased their security by an average of 23%.
Companies that make use of efforts by prohibiting the use of personal computers to work on company records and business increased their security by an average of 33%.
Companies that make use of efforts like multifactor identification to login to the company's records increased their security by an average of 15%.
86% of American business executives are in agreement with the statement that data breaches are more far likely to happen when their employees are working out of office least part of the time.
Human error is responsible for 99.5% of all data breaches by remote workers in the United States.
The 4 most common cybersecurity risks of remote work are unsecure wi-fi, unsecure corporate networks, susceptibility to phishing and ransomware and having vulnerable hardware that lacks enough overall security methods.
Risk Of Data Breaches
4.1 billion records were found to be compromised by experts in 2019.
76% of all organizations in the entire world have experienced at least one phishing attack in the last year.
$124 billion will be spent on maintaining security in 2019.
56% of all total records that were compromised in 2018 came from a total of just 6 social media accounts.
6.4B fake emails are sent from hackers every single day of the year.
60% of all people who go online report they have faced at least one data breach at some point in time.
60% of all people who go online report they have faced at least one data breach in the last year.
41,502 data breaches have been reported by in Europe between the months of May 2018 and January 2019.
7.75% of all American companies report that a data breach has caused a material disruption to their business processes at some point in time.
65% of all American companies report that data breach has had a negative material impact on their overall reputation for their clients and customers.
Officials in the American entertainment and health care fields as well as those in the media report taking the highest time to respond to a potential data breach.
Officials in the American research and energy fields as well as those in the financial services sector are the industries that are most likely to respond quickly in the event of a data breach.
The highest mean average time to respond to a data breach is found in companies that are run from the Middle East.
The fastest mean average time to respond to a data breach is found in companies that are run from Germany.
The likelihood that there might be a material data breach for any given company in the next 24 months has risen to 32.3% as of 2018.
65% of all those working in the field of information technology on a global basis believe that the severity of all forms of attacks has increased a great deal.
57% of all those working in the field of information technology on a global basis believe that the amount of time required to respond to such attacks has increased in the last five years.
The social media platform with the largest number of breaches in 2018 was Facebook.
Marriott International reports the highest number of data breaches of all hospitality companies in the United States.
383 million people over the world had their records exposed as a result of the Marriott International data breach.
Projections Of Data Breaches
$9.44 million is the average cost of data breach in the United States.
9.6% of all companies over the global are expected to experience at least one data breach during the next two years.
Cybercrime may cost the cost the global economy as much as $10.5 trillion by 2025.
Biggest Data Breaches In History
The FriendFinder Network was the source of the source of the second biggest data breach of all time. 412 million users were affected.
MySpace was the source of the source of the third biggest data breach of all time. 360 million users were affected.
Twitter was the source of the source of the third biggest data breach of all time. 330 million users were affected.
Data Breach Prevention
63% of all American organizations that have experienced at least one data breach have decided to use biometric authentication.
80% of all American organizations state that they have planned to increase their overall security spending in 2018.
7 of all American companies cited information security as their single largest budgetary increase of 2019.
Information security spending is forecast to surpass a total $151 billion in 2023.
FAQs
The United States government has spent $18.8 billion in cyber security costs in 2021.
58% of data breaches that are known to have happened 2017 happened to small to medium sized businesses.
53% of all American organizations will choose to share information on data breaches and incident responses that happened to their company with government and with their industry peers.
The costs that associated with all forms of insider threat prevention and investigations have increased for company officials by 60% since 2017.
How many data breaches occur?
10% of over 850 organizations that were asked about malware and data breach in their companies in a survey of companies across the globe have stated they have experienced at least one malware attack.
An incident response team can decrease the total cost of a data breach by $360,000.
Having a business continuity plan in place can reduce the cost of any kind of data breach by over $280,000.
What was the biggest data breach in history?
Yahoo was the biggest data breach of all time. 3 billion users were affected by the Yahoo data breach.
Aadhaar and Alibaba were the biggest source of data breaches in the world in 2018. 1.1 billion Indians had their data compromised by this breach.
How many data breaches were there in 2022?
4,100 publicly disclosed data breaches happened to American companies in 2022.
22 billion records in total were exposed of varied types of American data breaches in 2022.
15 million data records were exposed worldwide during the third quarter of 2022.
How much does a data breach cost?
The average cost of a data breach went up during the lockdown in response to the COVID-19 pandemic.
The average cost of a data breach has risen nearly every single year since officials have been keeping track of data breaches.
The average cost of data recovery for larger companies in the United States was $1.1 million per incident.
83% of all American companies are considering spending more money on cyber security in 2023.
The average cost of each data breach is $204 for large companies per employee.
The average cost of each data breach is $$3,533 for small and medium sized companies per employee.
48% of all corporate data is now stored on the cloud, making it highly vulnerable to many varied forms of cyber attacks.
35% of all corporate data was stored on the cloud in 2020.
The average business used 29 cloud apps in 2022.
The average business used 27 cloud apps in 2021.
2021 had the highest average cost of a data breach in 17 years.
What is the average size of a data breach?
The average size of a data breach was 25,575 records in 2021.
Each data breach cost $150 per record compromised.
A typical breach of data took 245 days for each affected company to find and identify.
The total cost per lost record as a result of each data breach was $550.
What percent of breaches are caused by end users?
95% of all kinds of known cybersecurity breaches are caused by humans making mistakes with the data.
45% of all users have stated the fact that they were distracted as the main reason why they fell for varied types of problems that caused data breaches.
37% of all users have stated the fact that they were doing something else at the same as the main reason why they fell for varied types of problems that caused data breaches.
43% all end users have stated the fact that the email they received appeared to have come from senior executive in the reason why they fell for the scam that cased the data breach.
41% all end users have stated the fact that the email they received appeared to have come from a well-known brand as the reason they fell for the scam that caused the data breach.
31% all end users have stated the fact that the email they received appeared to have come from a friend they know at work as the reason they fell for the scam that caused the data breach.
25% all end users have stated the fact that the email they received appeared to have come from a friend they know outside of work as the reason they fell for the scam that caused the data breach.
25% all end users have stated the fact that the email they received appeared to have come from a neighbor they know as the reason they fell for the scam that caused the data breach.
25% all end users have stated the fact that one of the main reasons they fell for a phishing scam is because they were working at a remote location rather than in the office the reason they fell for the scam that caused the data breach.
Sources
- https://www.varonis.com/blog/data-breach-statistics
- https://dataprot.net/statistics/data-breach-statistics/
- https://techjury.net/blog/data-breach-statistics/
To see how Worth can reduce your risk.