The consequences of having data compromised can go well beyond financials — they can cost your company’s reputation and could even result in legal proceedings. And no one is immune, with large businesses such as Target or Equifax having also suffered data breaches over the years. That’s why we prepared a string of essential data breach statistics to give you some ideas on how to stay protected. Stay tuned!
Data Breach Statistics (Editor’s Choice)
- The average total cost of a ransomware breach stands at $4.62 million. (Varonis)
- 60% of breaches involve stolen credentials. (Comparitech)
- A breach with a lifecycle of over 200 days costs $4.87 million. (Varonis)
- 43% of data breaches affect small businesses. (Dataprot)
- The average cost of a “mega-breach” is $401 million. (Varonis)
- Around 26% of law firms have experienced a data breach. (Clio)
- A social media data breach exposed the personal information of over 87 million Facebook users. (BBC)
- Twitter suffered a data breach that compromised over 250,000 user accounts. (NBC News)
- The lifecycle of data breaches in healthcare is 329 days on average. (Varonis)
General Data Breach Stats
1. The first recorded data breach happened to the French Telegraph System in 1834.
This happened when a couple of thieves stole financial market information and made history books. The earliest recorded attempts at manipulating phone lines occurred in 1878, two years after the invention of the telephone. The Bell Telephone Company found a group of young men misdirecting and disconnecting customer calls in New York, data breach history facts show.
(Herjavec)
2. The first large breach that had an impact on over one million records happened in 2005, credit card data breach statistics show.
It was a mistake at DSW Shoe Warehouse that revealed 1.4 million credit card numbers and the names associated with those accounts. The first big credit card breach meanwhile happened at CardSystems Solutions, exposing 40 million credit card accounts and almost running the company out of business in a single stroke.
(Dataprot)
3. The average cost of a data breach is $4.24 million.
Data breach cost statistics show that the global cost of a ransomware attack has risen significantly over the past decade, largely due to the increasing amount of sensitive data held by organizations and their failure to adequately protect it. The average total cost of a ransomware breach is $4.62 million, slightly higher than the average cost of a data breach.
(Varonis)
4. The cost of a breach with a lifecycle of over 200 days is $4.87 million.
In 2021, the bigger loss than the cost of data itself was the expense of all the lost business opportunities resulting from the data breach, with an average cost of $1.59 million, according to data breach trends. In fact, up to 39% of the costs are incurred well after the incident.
(Varonis)
5. Around 43% of data breaches happen to small businesses.
Unlike large enterprises which usually invest heavily in cybersecurity, small businesses rarely pay enough attention to the safety of their data, and as a result, are a frequent target for cybercriminals. It’s no wonder then that SMBs are the victim of breaches in nearly half the cases, according to small business data breach statistics.
(Dataprot)
6. Over 60% of breaches are the result of stolen credentials.
A Data Breach Investigations Report by Verizon from 2021 analyzed over 79,000 breaches of security incidents and 5,200 data breaches. In over 60% of breaches, stolen credentials were involved. In 85% of the cases, a human element was involved in the breach. In only 3% of the cases, the breaches exploited a vulnerability in the system, cyber breach statistics show.
(Comparitech)
7. Around 8,000 websites quarterly are compromised with formjacking code.
Formjacking is a clever way for criminals to steal information. They do this by using JavaScript code on websites and hijack payment forms where people enter data. There were 7,836 sites compromised via formjacking in Q1 2020, marking an increase from 7,663 in Q4 2019.
(Comparitech)
8. Manybreaches in 2018 were caused by poorly configured Amazon S3 buckets.
Cloud data breach statistics show that misconfigured S3 buckets were at fault for the theft or leakage of 70 million records in 2018. The leaked information included system passwords, internal business documents, and employee information from Ford, Netflix, and TD Bank which all suffered because of this faulty cloud storage.
(Dataprot)
9. Businesses use 29 cloud apps on average in 2022.
This compares to 27 in 2020. Companies are both using more cloud applications and storing more information on the cloud, namely 48% of corporate data, up from 35% just three years ago.
(Dataprot)
Data Breach Statistics by Industry
10. Data breaches in the healthcare industry have increased by 58%.
The healthcare industry is a frequent target of breaches, which have increased significantly amid the ongoing pandemic. Once a breach happens, the companies lose their credibility and clients’ trust, which pushes marketing budgets higher. As a result, up to two years after a breach, hospitals spend 64% more on advertising.
Data breach risks are higher in this sector partially because healthcare has the longest data breach lifecycle — 329 days.
(Varonis)
11. The average cost for healthcare data breaches was $9.23 million in 2021.
Healthcare data breach statistics show that this represents a 29.5% increase from $7.13 million in 2020. The healthcare industry is a prime target for breaches. Healthcare data is valuable because it can be used to commit fraud and identity theft.
There are many reasons why healthcare data is vulnerable to breaches of security. One reason is that healthcare organizations often have outdated computer systems. This makes it easier for hackers to break in and steal data, according to healthcare data breach stats.
(Varonis)
12. Up to 26% of law firms experienced some form of a data breach.
When you choose the right lawyer for your business, it’s important to know that cyber security will be an integral part of their practice. The 2019 ABA Cybersecurity Tech Report shows that 26% of law firms have experienced some form of data intrusion. Lawyers are often overworked which makes them a fairly easy data breach target. Up to 75% report working outside regular hours. Law firm data breach statistics, therefore, indicate that law practices could use the services of cybersecurity firms to take care of the overall safety of the systems.
(Clio)
13. The Target breach from 2013 compromised more than 70 million records.
Retail is one of the most common data breach types, as evidenced by the Target incident in November 2013 which saw hackers gain access to the chain’s POS system. As a result, they were able to steal the credit and debit card information of millions of customers.
In what retail data breach statistics show was the largest retail data breach in US history, Target had its image tarnished and its reputation severely damaged, with the company’s profits plunging nearly 50% during the traditionally strong holiday season. Costs resulting from the breach soared to a massive $200 million in just a couple of months, and Target saw about 90 lawsuits filed against it.
(Slate, Varonis)
14. The data of 500 million guests, including credit card information, was stolen in the Marriott incident.
The incident happened back in 2014 when the system was operated by Starwood Hotels and Resorts but information about it surfaced four years later when the chain was part of Marriott. This gave the hackers free reign for four years.
(Dataprot, Varonis)
Social Media Data Breach Statistics
15. Social media accounted for 56% of data breaches in 2018.
Social media data breach refers to the unauthorized access and use of information on social media platforms. This can happen when hackers gain access to social media accounts or when user data is leaked through security vulnerabilities. A social media data breach can have serious consequences for users, including identity theft, financial fraud, and loss of privacy.
(IT Web)
16. In 2013, Twitter suffered a data breach that resulted in the exposure of over 250,000 user accounts.
Another high-profile social media data breach occurred in 2018 when the personal information of over 87 million Facebook users was exposed in the Cambridge Analytica incident, security breach statistics show.
(Varonis, BBC, NBC News)
17. A Facebook data leak in 2019 exposed 540 million records.
In another massive data breach, Facebook leaked sensitive information on publicly accessible cloud storage — Amazon S3 Bucket containing 146 gigabytes worth of data like IDs and passwords, which are perfect pickings for hackers planning phishing scams and social engineering attacks.
(Dataprot)
In Conclusion
The different types of data breaches can have serious implications for both individuals and organizations. It is important to be aware of the risks and take steps to protect your data and what to do if breaches do happen. By understanding data theft statistics and the consequences resulting from data leaks, businesses can be better prepared in the event that their information is compromised.
FAQs
How many data breaches happen every day?
There is no definitive answer to this question as the frequency of breaches varies depending on multiple factors. However, it is estimated that there are hundreds of data breaches every day therefore the risk of a data breach is quite high. This number is only expected to increase in the future as more and more businesses store sensitive data electronically.
(Dataprot)
What is the most common data breach?
Data breach stats show that among the most common breaches include stolen information, ransomware, password guessing, recording keystrokes, phishing, and denial of service. Most breaches are caused by malicious or unauthorized activity. Common causes of data breaches meanwhile include cyber-attacks, system vulnerabilities, and human error.
(Hubstor)
What percentage of data breaches are caused by human error?
A recent study from Stanford University found that 88% of all breaches are caused by an employee mistake. To prevent breaches, businesses need to implement strong security measures and train employees on how to handle sensitive data, data breach statistics show. They also should have a plan in place for how to respond to a data breach if one does occur, including a list of security and data recovery companies that can offer professional assistance.
(KnowBe4)
Sources: Varonis, Comparitech, Dataprot, Clio, BBC, NBC News, Herjavec, Slate, IT Web, Hubstor, KnowBe4