Billions of people have had their data compromised – in a single data breach, no less. In this article, we’ll dig into some key statistics on data breaches, digging into impact, cost, attack vectors, and more. Read on.
Data Breach Impact Statistics
1. 45% of U.S. Companies Experienced a Data Breach in 2021
While the size of the incidents varied, approximately 45% of U.S. companies experienced some form of a data breach, according to a 2021 report. While that figure is concerning, it’s lower than the 65% figure recorded in 2019.
[Source: Thales Group]
2. 294 Million People Were Impacted by Data Breaches in 2021
While data breaches are still prevalent, the number of people impacted actually declined by 5% in 2021. That brought the total number of affected people down to about 294 million.
In some cases, that may seem like positive news. However, it mainly represents a shift in attacker mentality, with many starting to favor focused hacks over large-scale data theft.
3. Over 15 Years, the U.S. Had More Than 12,000 Breaches Involving Over 11.1 Billion Records
Between 2005 and mid-2020, there were approximately 12,098 reported data breaches. In total, those incidents represented 11.1 billion compromised records.
4. Russia Saw the Biggest Increase in Data Breaches in Q1 2022
Likely spurred by the war in Ukraine, Russia has become a target for data breach attempts. During Q1 2022, approximately 3.5 million internet users were impacted. Overall, it resulted in an 11% increase in data breach activity quarter-to-quarter.
5. With 3 Billion Compromised Accounts, the 2013 Yahoo Breach Was the Biggest Data Breach of All Time
When it comes to wide-scale data breaches, the 2013 Yahoo breach was the largest by far. Overall, a shocking 3 billion accounts were compromised. The event was also a costly one. The settlement alone was $117.5 million – to say nothing of additional damages, such as the hit to Yahoo’s reputation and the cost of shoring up their security.
For more information, see our guide to the biggest data breaches of all time.
6. On Average, It Takes 287 Days to Discover a Data Breach
While most would hope it occurred faster, the average amount of time it takes to detect a data breach is a surprising 287 days. That’s just a bit more than 9 ½ months.
7. It Takes an Average of 80 Days to Contain a Breach
Once a data breach is detected, that doesn’t mean it’s immediately addressable. Instead, it takes an average of 80 days to get everything contained. That means it takes about one full year to identify that a breach occurred and get the situation remotely under control.
Data Breach Attacker Statistics
8. Over 75% of Data Breaches Are Perpetrated by Organized Crime Groups
When it comes to attackers, most aren’t single individuals looking to harm a company. Instead, more than 75% of data breaches are perpetrated by organized crime groups. This can include state-backed hacking agencies or coordinated private hacker groups.
9. Russia Responsible for More Than Half of All State-Backed Hacking Activity
On the state-backed hacking front, Russia is more active than any other country. The nation represents more than half of state-backed attacks.
10. Success Rate of State-Backed Russian Hacking Attempts Rises from 21% to 32%
Along with being the most prevalent state-backed hacking force, Russia is increasingly successful in its attempts. In 2020, its success rate was estimated at 21%. In 2021, that rate rose to 32%.
11. 85% of Data Breaches Involve a Human Element
While it’s easy to assume that brute force plays a role in most data breaches, that isn’t the case. Instead, 85% involve a human element. For example, social engineering, lost credentials, clicking on malicious links, or other human-related missteps or vectors are more often involved than simple forced entry into a system.
12. 25% of Data Breaches Involve Phishing
Phishing is currently the most popular attack vector for data breaches. Overall, phishing is involved in approximately 25% of all data breach incidents.
13. 33% of IT Professionals Saw an Increase in Phishing Via Non-Email Platforms
While email remains the dominant channel for phishing, attackers are increasingly phishing via alternate avenues. Overall, 33% of IT professionals saw an increase in non-email phishing attempts in 2021. Among them, 44% saw phishing attempts on video conferencing platforms, and 40% experienced them on workforce messaging solutions. 40% also saw them on cloud-based sharing platforms, while 36% experienced text messaging-based phishing.
14. Ransomware Attacks Increase to 22% of All Breach-Related Cyberattack Activity
Ransomware attacks have been on the rise in recent years. In 2021, 22% of data breaches involved ransomware. Additionally, experts believe that the strategy will ultimately surpass phishing, potentially as early as this year.
15. 60% of Data Breaches Involve Insider Threats
While many attribute data breaches to outside forces – like hackers – insider threats are actually responsible for 60% of incidents. However, the harm isn’t always intentional, and risky behavior or human error can have unintentional consequences that result in a breach.
[Source: idwatchdog by Equifax]
16. One in Five Breaches Happen Due to Lost or Stolen Credentials
Lost or stolen credentials are a popular way for attackers to gain entry into systems. Overall, about one-in-five companies that experienced a malicious breach in 2021 was compromised because lost or stolen credentials were involved.
17. Marriott/Starwood Breach the Largest Data Breach of All Time Involving a State-Sponsored Attacker
With over 500 million records compromised, the 2014 Marriott/Starwood breach was the biggest data breach ever perpetrated by a state-sponsored attacker. In this case, a Chinese intelligence group was reportedly behind the incident.
The cost to Marriott was actually far smaller than many would expect. Overall, the breach cost a mere $72 million during the first six months, the majority of which was actually covered by insurance.
Data Breach Cost Statistics
18. Data Breaches Cost Businesses $150 Per Compromised Record
The per-record cost of data breaches seems modest, coming in at $150 per stolen, lost, or compromised record. However, that means 10,000 records would come with a price tag of $1.5 million. If there were 1 million records, that totals to $150 million.
19. Breaches Originating from Third-Parties Cost $370,000 More on Average
On average, third-party-related breaches, such as those originating from partners or suppliers or their systems, cost $370,000 more than those originating within the company. This highlights the importance of thorough vetting, particularly when it comes to partner and supplier security standards, practices, and protocols.
20. Data Breaches in the United States Cost More Than Double the Worldwide Average
The average cost of a data breach in the United States far outpaces international numbers. At $8.19 million, that makes the average cost of a U.S. incident more than double the worldwide average.
21. Companies Involved in Large Data Breaches Underperform by More Than 15% Following the Incident
When it comes to long-term ramifications, a single data breach can harm a company’s financial performance for years. Overall, companies that experienced a breach involving 1+ million records and were publicly listed at the time of the incident underperform the market by 15.6% a full three years after the fact.
22. At $4 Billion, Epsilon Data Breach Was the Most Costly of All Time
The 2011 Epsilon breach was the most costly data breach of all time, running a total cost of $4 billion. In the breach, email data from 75 client companies was compromised, including on major companies such as Best Buy and Target. Though the information was only stolen on 2% of customers, the size of the email lists and clients involved meant millions of contact details were involved in the breach.
[Source: CSO Online]
More Data Breach Statistics
23. Data Breaches Double Across Manufacturing and Utilities in 2021
While data breach activity increases in the vast majority of sectors, the manufacturing and utilities industries were definitively the hardest hit. They represent the biggest overall increase, with the number of breaches more than doubling between 2020 and 2021.
24. The U.S. Military Experienced Zero Reported Data Breaches in 2021
When it comes to anomalous data breach activity, the military actually saw a decline in breaches. In fact, the U.S. military didn’t report a single data breach in 2021.
25. California Experienced the Most Data Breaches, with 5.6 Billion Records Compromised Over 15 Years
Between 2005 and mid-2020, California had the most data breaches. In total, there were 1,777 reported incidents involving 5.6 billion records. That’s over twice the number of breaches of second-place New York, which had 863 reported breaches.
26. Ukraine Targeted by 67% Fewer Data Breaches in Q1 2022
Prior to the invasion, during Q4 2021, Ukraine was the most breached country in Eastern Europe. While data breaches are rising in Russia, Ukraine saw a dramatic decline.
Overall, the nation was involved in 67% fewer breaches during the quarter prior to the invasion. Likely, this is a result of compromised communication services, though public sentiment regarding the war may also be a factor.