Data breaches are getting bigger, hackers are getting savvier, and the amount of compromised data is unfortunately on the rise. A quick look at data breach trends shows that hackers are mostly motivated by money to acquire data and that personal information is a highly valued type of data to compromise. It’s also apparent that companies are still not prepared enough for breaches even though they are becoming more commonplace.
In fact, studies find that companies still keep thousands of files unprotected and open for anyone inside the company to access.
We’ve put together 57 data breach statistics to illustrate how they have evolved over the years, plus we outline how costly and damaging each breach can be for companies and consumers.
History of Data Breaches
Computer viruses and cybersecurity incidents have greatly heightened in severity over the years. Take a look at how data breaches have progressed and how dangerous they are today.
- The first computer virus, known as “The Creeper,” was discovered in the early 1970s (History of Information)Click To Tweet
- The largest insider attack occurred from 1976 to 2006 when Greg Chung of Boeing stole $2 billion worth of aerospace docs and gave them to China (NBC)Click To Tweet
- Yahoo holds the record for the largest data breach of all time with 3 billion compromised accounts (Statista)Click To Tweet
- AOL was the first victim of phishing attacks in 1996 (Phishing)Click To Tweet
- Cyber attacks are considered among the top three risks to global stability (World Economic Forum)Click To Tweet
- As of 2015, 25 percent of global data required security but was not protected (Statista)Click To Tweet
- Social media data breaches accounted for 56 percent of data breaches in the first half of 2018 (IT Web)Click To Tweet
Cost of a Data Breach
It’s no secret that data breaches are costly for a business. See just how expensive it is to experience a breach and what elements cause the cost to rise.
- The average cost of a data breach is $3.86 million (IBM)Click To Tweet
- The average cost per lost or stolen record in a data breach is $148 (IBM)Click To Tweet
- The average cost savings with an incident response team is $14 per record (IBM)Click To Tweet
- Companies that contained a breach in less than 30 days saved more than $1 million compared to those that took more than 30 days (IBM)Click To Tweet
- The extensive use of Internet of Things (IoT) devices increased the cost per compromised record by $5 (IBM)Click To Tweet
- The cost of lost business after a breach for US organizations adds up to $4.2 million (IBM)Click To Tweet
- Notification costs after a breach for US organizations add up to $740,000 (IBM)Click To Tweet
- A mega breach of 1 million records has an average total cost of $40 million (IBM)Click To Tweet
- A mega breach of 50 million records has an average total cost of $350 million (IBM)Click To Tweet
- Hospitals spend 64 percent more annually on advertising over the two years following a breach (American Journal of Managed Care)Click To Tweet
Data Breach Risk
There are different factors that put companies at higher risk for a breach, like leaving folders open and unprotected. Some industries are also more susceptible than others. For example, healthcare organizations are the most breached industry. Peruse through the stats below to see what can put you at risk.
- 88 percent of companies with more than 1 million folders have 100,000 folders accessible by every employee. open to everyone (Varonis)Click To Tweet
- 30 percent of companies have over 1,000 sensitive folders open to everyone (Varonis)Click To Tweet
- 57 percent of companies have over 1,000 folders with inconsistent permissions (Varonis)Click To Tweet
- 3 percent of a company’s folders are protected (Varonis)Click To Tweet
- 58 percent of data breach victims are small businesses (Verizon)Click To Tweet
- 22 percent of data breaches in 2017 involved the use of stolen credentials (Verizon)Click To Tweet
- 36 percent of compromised data in 2017 was personal information like name, birthday, and gender (Verizon)Click To Tweet
- 93 percent of malware comes from emails (Verizon)Click To Tweet
- Routers and connected cameras make up 90 percent of infected devices (Symantec)Click To Tweet
- More than 70 million records were stolen or leaked from poorly configured S3 buckets in 2018 (Symantec)Click To Tweet
- Supply chain attacks rose by 78 percent in 2018 (Symantec)Click To Tweet
- Ransomware attacks are down by 20 percent since 2017 (Symantec)Click To Tweet
- A cyber attack occurs every 39 seconds (University of Maryland)Click To Tweet
- The larger the data breach, the less likely the organization will have another breach in the following two years (IBM)Click To Tweet
- 27 percent of data breaches are caused by human error (IBM)Click To Tweet
- Card-not-present fraud is 81 percent more prevalent than point-of-sale fraud (Javelin)Click To Tweet
- Nearly one in ten targeted attack groups use malware to destroy or disrupt business operations (Symantec)Click To Tweet
Data Breach Prevention
Cybersecurity professionals are taking note of these costs and risks. See how the cybersecurity industry is shifting budget and priorities to protect their organizations from cyber attacks.
- 63 percent of companies have implemented a biometric system or plan to onboard one (Veridium)Click To Tweet
- 49 percent of companies will increase their cloud security budget in the next 12 months (Cybersecurity Insiders)Click To Tweet
- Enterprise ransomware detections rose by 21 percent since 2017 (Symantec)Click To Tweet
- 17 percent of IT security professionals reported information security as the largest budget increase for 2018 (ZDNet)Click To Tweet
- 80 percent of organizations planned to increase security spending in 2018 (ZDNet)Click To Tweet
Data Breaches by the Numbers
There are many factors to consider when preparing for and managing a data breach, like the amount of time it takes to respond to a data breach and the reputational impact it has on your company. Read below to see how breaches happen, and other crucial information.
- At 287 days, the entertainment industry takes the most time to detect a data breach in comparison to other industries (IBM)Click To Tweet
- At 103 days, the healthcare industry takes the most time to contain a data breach compared to other industries (IBM)Click To Tweet
- The average time to identify a breach across all industries is 197 days (IBM)Click To Tweet
- The average time to contain a breach across all industries is 69 days (IBM)Click To Tweet
- The United States saw 1,244 data breaches in 2018 and had 446.5 million exposed records (Statista)Click To Tweet
- The global number of web attacks blocked per day increased by 56.1 percent between 2017 and 2018 (Statista)Click To Tweet
- Office applications were the most commonly exploited applications worldwide in Q3 of 2018 (Statista)Click To Tweet
- There was an 80 percent increase in the number of people affected by health data breaches from 2017 to 2019 (Statista)Click To Tweet
- 28 percent of data breaches in 2018 involved internal actors (Verizon)Click To Tweet
- 76 percent of breaches are financially motivated (Verizon)Click To Tweet
- 62 percent of external data breach actors in 2018 were involved in organized crime (Verizon)Click To Tweet
- 40 percent of security incidents in 2017 were DoS attacks (Verizon)Click To Tweet
- 95 percent of breached records came from the government, retail, and technology in 2016 (Tech Republic)Click To Tweet
- An average of 4,800 websites a month are compromised with formjacking code. Formjacking involves hackers inserting malicious code into e-commerce websites to steal payment information like credit card numbers, names, and more (Symantec)Click To Tweet
- By stealing only 10 credit cards per website, cybercriminals earn up to $2.2 million through formjacking attacks (Symantec)Click To Tweet
- 48 percent of malicious email attachments are Microsoft Office files (Symantec)Click To Tweet
- From 2016 to 2018, the most active attack groups targeted an average of 55 organizations (Symantec)Click To Tweet
The best thing to do is to prepare for a breach since it is very likely for a cyber attack to happen to your organization. To keep your company from becoming a statistic, your business should complete a comprehensive risk assessment to identify your most vulnerable areas.