25+ Disturbing Data Breach Statistics That Will Make You Think
Last Updated: May 20, 2023
Technology is an integral part of our lives. Most of our communication, jobs and entertainment have rapidly moved online. And so has our personal information.
While there are benefits to our digital presence, there are also a few drawbacks. Data breaches are one.
Check out our data breach statistics below to see how cyberattacks affect you.
Mind-Blowing Data Breach Statistics (Editor’s Choice)
- There were 4,145 data breach cases in the world in 2021.
- In the US alone, there were 1,862 cases of data breaches.
- In 2021, data breaches were discovered for an average of 287 days.
- Nearly 60% of organizations don’t have a cyber incident plan.
- In 2019, the average cost of a data breach globally was $4.24 million.
- Almost half of all data breaches target small businesses.
- In 2021, 45 million individuals were affected by healthcare cyberattacks.
- Cyberattacks happen every 39 seconds.
Data is one of the most valuable assets, and statistics on data loss show that companies get hacked more and more every year.
A data breach can easily expose your name, social security number, bank accounts, and addresses. And data breaches happen all the time.
Terrifying, right? There’s more:
Data Breach Statistics 2021
How many data breaches occurred in 2021?
1. In 2021, there were 4,145 data breaches globally.
According to a Flashpoint and Risk Based Security report, publicly disclosed data breaches totaled 4,145 globally in 2021.
The number represented a 5% decline from 2020. Still, it also accounted for 22 billion records exposed, making 2021 the second-highest year for the amount of confidential data compromised since 2005.
2. Data compromises rose 68% in the US.
According to the latest Identity Theft Resource Center’s Data Breach Report, there were 1,862 data breaches in the US in 2021. This was a new record, surpassing both 2020’s total of 1,108 and the previous record of 1,506 set in 2017.
Data compromises that involved sensitive information, such as social security numbers, accounted for 83% of the total, slightly up from 80% recorded in 2020. Despite the increase, these events were far from the 2017 record high of 95%.
3. In 2021, the average cost of a data breach was $4.24 million.
This was the highest average cost in 17 years and almost 10% higher than the $3.86 million in 2020. Data breaches in the healthcare sector were found to be the costliest at an average of $7.13 million.
According to the IBM report, the accelerating remote work trend was to blame for a $137,000 increase in the average data breach cost in the US. What’s more, 76% of participants said remote work would increase the time to identify and contain a data breach.
4. The average cost per lost/stolen record was $161.
The loss of customer personal identifiable information (PII) was the costliest compared to other types of data – $180 per lost or stolen record.
Also, the faster an organization contained the attack, the less expensive it was. A breach lifecycle under 200 days costs $1 million less than a lifecycle over 200 days.
Cybercriminals are getting more sophisticated, and the number of data breaches shows companies are still not adequately prepared for the challenge.
5. 56% of organizations don’t have a cyber incident plan.
The vast majority of organizations don’t have a cyber incident response plan. What’s more, only around a third of the remaining 44% stated they trusted their plans.
People don’t seem to take cybersecurity breaches very seriously. That results in exposures that last shockingly long.
6. Over 30% of cyber breaches take months or years to discover.
It doesn’t matter if that’s a small business or a large corporation data breaches are not discovered as fast as they need to be.
Facebook, Equifax, and Capital One are just a few examples of companies having problems with data breaches. Not only was the personal information of millions of people leaked, but the hack was discovered way too late.
The average time to identify and contain a breach is 287 days. According to IBM, organizations further along in their cloud modernization maturity detected and contained breaches 77 days faster than those in the early stage of their strategy.
7. 85% of data breaches involved a human element.
Phishing events accounted for 36% of all breaches in 2021, representing an 11% increase from 2020. And while just 10% of breaches involved ransomware, their frequency has doubled since the previous year.
Data theft statistics show that most attackers are external and financially motivated, and organized crime is the top category.
Major Security Breaches in 2021
As it’s clear, even tech giants – which store most of our personal data — can become the victim of data breaches.
8. Facebook had yet another data breach leaking the personal data of over 533 million users.
(Source: Business Insider)
Facebook seems to be an easy target for cybercriminals. In the past several years, the social media giant got hacked regularly.
The company is struggling to keep its users’ data secure. But the most shocking thing is that in the most recent data breach in April 2021, 533 million users’ information was available for free in a hacking forum. The data included information that could be used to identify individuals from 106 different countries, with the US, the UK, and India experiencing the greatest numbers of exposed records.
But Facebook isn’t the only social media platform suffering data breaches. In August 2020, a cyberattack compromised profile data for nearly 235 million users of TikTok, Instagram, and YouTube. The database contained personally identifiable information (PII), such as names, contact information, and images.
9. Data breach exposed the personal data of 40 million T-Mobile customers.
(Source: New York Times)
In August 2021, cybercriminals compromised T-Mobile’s systems and stole the personal information of 40 million current, former and prospective customers. The exposed details included names, birthdays, and social security numbers.
10. Colonial Pipeline paid $4 million to hackers who breached its systems.
(Source: The Guardian)
In May 2021, Colonial Pipeline fell victim to a ransomware attack. It infected some of the fuel pipeline’s digital systems, shutting it down for several days.
As Colonial Pipeline moves oil from refineries to industry markets, the hack was deemed a national security threat and the company agreed to pay $4.4 million to the hackers who broke into its computer systems.
What makes this attack so worrying is how easily the hackers could access the system. It has since been revealed that the company didn’t use robust cybersecurity measures such as multi-factor authentication.
11. A Microsoft cyber breach exposed over 30K organizations.
This was the eighth cyberattack against civil organizations and businesses Microsoft has reported in the last 12 months.
The breach occurred in March 2021 and affected more than 30,000 organizations across the US, including local governments, government agencies, and businesses. According to Microsoft, a Chinese hacking group called Hafnium was responsible for the event.
If global corporations are not protected against cyberattacks, what can we say about public institutions?
Well, data privacy statistics don’t show a better situation there either.
12. Data of more than 220 million Brazilians was exposed in a major public data breach.
In January 2021, security researchers found highly sensitive personal data of over 220 million Brazilians for sale online. Because the number of people affected exceeded the country’s estimated population, it has been assumed that the leakage included information regarding deceased people.
The data was leaked through the website of Brazil’s Ministry of Health. The case is still under investigation.
13. The French government visa website was hit by a cyberattack that exposed applicants’ personal data.
French authorities announced in September 2021 that the personal data of almost 9,000 people who applied for a French visa had been compromised. The exposed details included email addresses, names, nationalities, dates of birth, and ID card/passport numbers. No financial or ‘sensitive’ data (as defined by the GDPR) was compromised. Still, the government recommended the affected people take precautions.
It’s not only governments.
The healthcare sector is one of the most vulnerable to data breaches. Information security stats show that:
14. The healthcare sector scores the worst in cyber crisis response.
(Source: HIPAA Journal)
In the context of information security technology, cyber crisis exercises test the risk of a data breach occurring.
The Immersive Labs platform for conducting cyber crisis simulations has reported that in 2021, the technology and financial services sectors performed the most cyber crisis exercises, running an average of nine and seven exercises per year, respectively. Meanwhile, healthcare organizations performed an average of two tests per year.
Also, healthcare performed the worst out of all industry sectors for cyber crisis response by some distance, achieving a performance score of just 18% – considerably lower than the average of 68%.
To rank at the bottom of this list isn’t good news. Especially for a sector that holds incredible amounts of personal information on every single person.
15. Healthcare data breaches hit an all-time high in 2021.
(Source: Critical Insights)
In 2021, 45 million individuals were affected by healthcare cyberattacks, up from 34 million in 2020. That number has tripled in just three years, growing from 14 million in 2018.
That’s not all.
Data breach statistics by year show the total number of incidents reached an all-time high, rising 2.4% from 663 in 2020 to 679 in 2021.
16. About 46% of data breaches in 2021 targeted small businesses.
The year 2021 was marked by cyberattacks in every business sector and size. With regard to the number of data breaches, the gap between large and small organizations is closing.
Small businesses have plenty of customer information — like credit card numbers, email addresses, and insurance details — that are enticing to cybercriminals.
Biggest Data Breaches of All Time
Cyberattacks are now a common thing, but there’re times when data breaches are so big they make us gasps in shock.
17. The biggest data breach affected over 1 billion Indians.
The incident happened in early 2018. India’s national ID database, Aadhaar, suffered a data breach, with over 1.1 billion records lost. This included biometric information such as fingerprint and iris scans which could be used to open bank accounts and receive government services, such as financial aid.
This was a massive hack, but probably the most famous of all data breaches happened between 2013 and 2016.
18. Between 2013 and 2016, Yahoo experienced data breaches compromising 3 billion records of personal information.
(Source: New York Times)
In those breaches, the company’s entire customer base was exposed. Cybercriminals gained access to names, birth dates, phone numbers, and passwords. It was even confirmed that security questions were also exposed during the attacks.
The most recent of the biggest cyberattacks happened in 2019.
19. 1.2 billion records of data sitting on an unsecured server owned by People Data Labs were compromised.
An investigator found that a great volume of data could be easily accessed without the need for authorization. And even if the 1.2 billion records are an impressive collection of data, they didn’t contain any sensitive information.
Nonetheless, hundreds of millions of users’ email addresses and social media profiles were available for download.
Data Breach Facts
It’s surprising how vulnerable our online information can be.
Data breaches are becoming a tempting opportunity many cybercriminals take advantage of.
20. A hacking attack occurs every 39 seconds.
(Source: University of Maryland)
How often do data breaches occur?
Every 39 seconds!
It’s mind-blowing, but cybercriminals are not going to slow down. The volume of breaches now results in a great loss of personal data. Imagine in a year’s time.
Data breach stats show that:
21. 95% of cybersecurity breaches are caused by human error.
What percent of data breaches are caused by human error?
Employee data breach statistics show that the lack of adequate cybersecurity training opens companies to the threat of phishing attacks and data loss.
We also need to take into account that:
22. By the end of 2023, it’s expected that there will be about 30 billion connected devices.
According to Cisco, there will be 3.6 networked devices/connections per person and nearly 10 devices and connections per household by 2023.
Without appropriate security measures, such as identity theft protection, they all can turn into ticking bombs. The risk of cyberattacks will rise together with the number of our smart devices, according to data breach predictions.
In a digital business, cybersecurity needs to be a priority.
23. Cybercrime is predicted to cost the world $10.5 trillion annually by 2025.
(Source: Cybersecurity Ventures)
Cybercrime is predicted to cost the world $10.5 trillion annually by 2025. For reference, the amount was just $3 trillion a decade ago, while in 2021, the world spent around $6 trillion to strengthen its digital defense.
With such growth, it’s crucial for organizations to boost their cybersecurity measures.
24. Global cybersecurity spending is set to exceed $1.75 trillion from 2021 to 2025.
(Source: Cybersecurity Ventures)
That’s a massive amount, but cybersecurity doesn’t come cheap, and organizations will be forced to re-organize and include decent security measures.
As illustrated in the image below, cybersecurity expenditure is predicted to grow at an annual growth rate of 15%.
(Image source: Cybersecurity Ventures)
Data breach stats show that we’ll also have to deal with an increasing number of unfilled cybersecurity positions.
25. In 2025, there will be 3.5 million vacant cybersecurity jobs globally.
(Source: Cybersecurity Ventures)
We will need an army of cybersecurity specialists to keep up with the data breach trends!
The US Bureau of Labor Statistics projects “information security analyst” will be the 10th fastest growing occupation over the next decade, with an employment growth rate of 31% compared to the 4% average growth rate for all fields.
In the eight-year period from 2013 to 2021, the number of vacant cybersecurity jobs grew by 350%. The trend is set to slow down, according to Cybersecurity Ventures, which predicts the position openings in the sector to remain at 3.5 million in 2025.
It’s evident by the shocking stats of leaked data that cybersecurity will have to go hand with our move to a digital society. If we ignore its importance, we’ll just continue to lose our personal information in malicious data breaches. There are a few steps we can take to prevent the loss of our information, according to data breach statistics:
- Learn how a data breach goes down and how to better protect against one.
- Implement cybersecurity plans at home and at work.
- Be vigilant of any online activity that seems suspicious.
- Be prepared to respond adequately to a data breach.
Follow those steps to keep your data safe, and remember to stay informed! Till next time!