As more and many companies experience crippling security breaches, the wave of compromised data is on the rise. Data breach statistics usher that hackers are extremely motivated by money to develop information, and that personal information is a extremely valued type of data to compromise. IT's besides patent that companies are still not prepared enough for breaches even though they are becoming more commonplace.

We've compiled 98 data breach statistics for 2021 that also cover types of data breaches, industry-specific stats, risks, costs, as well Eastern Samoa data breach defense and prevention resources. Hopefully, this will aid organizations infer the importance of data security and how to better allocate their security budgets.

Download the data breach stats!

For more in-profundity security insights check up on our data severance whitepapers.

What is a Data Breach?

A information breach is any incident where confidential or sensitive information has been accessed without permit. Breaches are the result of a cyberattack where criminals arrive at unauthorized access to a ADPS or network and steal the private, sensitive, or confidential personal and financial information of the customers or users contained within.

The U.S. Department of Justice defines a breach as "the loss of control, via media, self-appointed disclosure, unauthorized acquisition, approach for an unlicenced purpose, operating room other unauthorized access, to information, whether physical surgery electronic."

Common cyber attacks used in data breaches are:

  • Ransomware
  • Malware
  • Phishing
  • Denial of Service

The Origin of Data Breaches

Although data breaches seem more rife nowadays due to cloud computing and increased whole number memory, they have existed as long as companies have maintained confidential data and private records. However, publicly disclosed data breaches increased in frequency in the 1980s and awareness of data breaches grew in the primitive 2000s.

According to the Government agency of Inadequate Security internet site, in 1984 the global credit information potbelly known as TRW (at once named Experian) was hacked and 90 million records were stolen. In 1986, 16 million records were stolen from Revenue Canada.

Most public information happening data breaches only dates back to 2005. In 2020, surveys showed that over half of Americans were concerned about data breaches in natural disasters and personal base hit as a result of the pandemic. Data breaches now tend to impact millions of consumers in just one aggress happening a company.

How Do Data Breaches Occur?

A data breach occurs when a cybercriminal infiltrates a data rootage and extracts confidential information. This can be done by accessing a computer or network to slip local files or past bypassing meshwork security remotely. Piece most data breaches are attributed to hacking operating theatre malware attacks, other breach methods include insider leaks, payment card fraud, loss or stealing of a physical hard ride of files and weak error. The most common cyber attacks misused in data breaches are outlined infra.

Ransomware

Ransomware is software that gains access to and locks down access to vital information. Files and systems are locked down and a fee is demanded normally in the chassis of cryptocurrency.

  • Common Target: Enterprise companies and businesses

Malware

Malware, commonly referred to A "malicious software," is a term that describes any program or code that harmfully probes systems. The malware is designed to hurt your computer or software package and commonly masquerades American Samoa a exemplary against harmful software. The "warning" attempts to convert users to download varying types of software, and while it does not damage the physical hardware of systems, information technology can steal, cipher or hijack information processing system functions.

Malware can penetrate your computer when you are navigating hacked websites, downloading infected files or inaugural emails from a device that lacks opposing-malware security.

  • Common Direct: Individuals and businesses

Phishing

Phishing scams are one of the most common slipway hackers gain access to sensitive or confidential info. Phishing involves sending fraudulent emails that appear to follow from a honorable caller, with the goal of deceiving recipients into either clicking connected a malevolent link or downloading an infected attachment, usually to steal away financial operating theatre private information.

  • Common Target area: Individuals and businesses

Denial of Service (State)

Denial of Service is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its attached users by temporarily operating theatre indefinitely disrupting services of a host connected to the Internet. Information technology is typically accomplished away flooding the targeted machine Beaver State resource with superfluous requests in an attempt to overload systems and prevent several or each legitimate requests from being fulfilled.

  • Common Prey: Sites or services hosted on soprano-profile web servers much as banks

Recent Information Breaches + Statistics

recent data breach statistics

With 3,950 confirmed data breaches in 2020, we've outlined some of the most recent and impactful security breaches of the year. This data indicates the recency and widespread impact information breaches are having on compromising sensitive information.

  1. Connected January 22, 2020, a customer support database holding terminated 280 million Microsoft client records was left unprotected connected the World Wide Web (IdentityForce).
  2. On February 20, 2020, Over 10.6 million hotel guests who wealthy person stayed at the MGM Resorts have had their personal information posted on a hacking forum (IdentityForce).
  3.  Along April 14, 2020, the credentials of over 500,000 Surg teleconference accounts were found for sale on the colored web (IdentityForce).
  4. On July 20, 2020, An unsecured server exposed the erogenous information belonging to 60,000 customers of the family history search software package caller, Ancestry.com (IdentityForce).
  5. Happening August 20, 2020, Researchers at Comparitech uncovered an unsafe database with 235 million Instagram, TikTok, and YouTube exploiter profiles unprotected online belonging to the defunct social media data broker, Deep Mixer (IdentityForce).
  6. On November 5, 2020, a database for Mashable.com containing 1,852,595 records of staff, users, and subscribers data was leaked by hackers (IdentityForce).
  7. On December 10, 2020, an undisclosed number of users of the audio streaming serve, Spotify, have had their passwords readjust after a software exposure unprotected score information (IdentityForce).
  8. On February 18, 2021, the California Department of Causative Vehicles (DMV) alerted drivers they suffered a data breach after billing declarer, Automatic Funds Transfer Services, was hit by a ransomware attack (IdentityForce).

COVID-19 Peculiar Data Breaches

covid19 data breach statistics

2020 was a class similar no other with COVID-19 severely impacting industries in every corner of the globe. This opened the nerve tract for cybercriminals who were able to mark vulnerable victims in the healthcare industry, arsenic well as those who were unemployed Oregon remote workers. Here are few of the most impactful data breach statistics attendant the epidemic.

  1. Remote work during COVID-19 increased information transgress costs in the United States by $137,000 (IBM).
  2. 54% of organizations required remote work in response to COVID-19 (IBM).
  3. 76% of participants said remote work would increase the time to identify and contain a data breach (IBM).
  4.  Estimates show up there have been as many as 192,000 coronavirus-related cyberattacks per hebdomad in May 2020 alone, a 30% increase compared to April (Unisys).
  5. In 2020, 98% of full stop of sale data breaches in the accommodation and food services industry were financially motivated (Verizon).
  6. Confirmed information breaches in the healthcare industriousness increased by 58% this class (Verizon).
  7. Web application breaches account for 43% of completely breaches and have doubled since 2019 (Verizon).
  8. 33,000 unemployment applicants were exposed to a data security department breach from the Epidemic Unemployment Help platform in May (NBC).
  9. A data breach of the federal catastrophe loan applications impacted 8,000 small business owners exposing their applications (U.S. PIRG).
  10. Scams increased by 400% over the month of Marching, making COVID-19 the largest-ever security scourge (ReedSmith).

Breaches by the Numbers

data breaches by numbers

There are many a factors to consider when preparing for and managing a data transgress, like the amount of time IT takes to respond to a data breach and the reputational impact it has connected your company. Understand below to see how breaches find, medium reply times and else crucial information.

How Breaches Happen

  1. An moderate of 4,800 websites a calendar month are compromised with form-jacking codification (Symantec).
  2. 34% of data breaches in 2018 involved internal actors (Verizon).
  3. 71% of breaches are financially motivated (Verizon).
  4. Ransomware accounts for nearly 24% of incidents where malware is used (Verizon).
  5.  95% of breached records came from the governance, retail, and technology in 2016 (Tech Republic).
  6. 36% of external data falling out actors in 2019 were involved in organized crime (Verizon).

Average Latency and Lifecycle

  1. The average metre to identify a breach in 2020 was 228 years (IBM).
  2. The average time to contain a breach was 80 days (IBM).
  3. Health care and business enterprise industries spent the nearly time in the data falling out lifecycle, 329 days and 233 days, respectively (IBM).
  4. The information breach lifecycle of a malicious or criminal onrush in 2020 took an average of 315 days (IBM).
  5. 48% of malicious email attachments are Microsoft Office files (Symantec).
  6. From 2016 to 2018, the most active attack groups targeted an average of 55 organizations (Symantec).

Crucial Selective information

  1. The global number of web attacks blocked per day exaggerated by 56.1% between 2017 and 2018 (Statista).
  2.  The enumerate of data breaches in the U.S. has significantly skyrocketed inside the past decade from a mere 662 in 2010 to over a thousand aside 2020 (Statista).
  3. Office applications were the most normally exploited applications worldwide in Q3 of 2018 (Statista).
  4. There was an 80% increase in the number of people affected by wellness data breaches from 2017 to 2019 (Statista)
  5. By stealing only 10 credit entry cards per site, cyber criminals earn up to $2.2 million through formjacking attacks (Symantec).

Cost of a Data Breach

cost of data breaches

It's no inward that data breaches are dear for a commercial enterprise. To calculate the middling cost of a data breach, certificate institutes collect both the forthright and indirect expenses suffered aside the breached organization.

Direct expenses include forensic experts, hotline support and providing free credit monitoring subscriptions and potential settlements. Indirect costs include in-house investigations and communicating, as well as customer turnover Oregon diminished client acquisition rates cod to companies' reputations after breaches. See just how expensive it is to experience a breach and what elements cause the price to rise.

  1. Healthcare is the all but expensive industry for a data breach at $7.13 million (IBM).
  2. The global average cost of a data breach is $3.86 million (IBM).
  3. The average be per unsaved operating room purloined record in a data breach is $150 (IBM).
  4. A breach lifecycle under 200 days costs $1 million less than a lifecycle over 200 days (IBM)
  5. 39% of costs incurred to a greater extent than a twelvemonth aft the data breach (IBM).
  6. In 2020, the country with the highest intermediate tote up cost of a data severance was the United States at $8.64 million (IBM).
  7. A mega break of 1 trillion to 10 zillion records has an medium add together cost of $50 million, a growth of 22% from 2018 (IBM).
  8. A mega severance of 50 million records has an medium total cost of $392 million, a growth of almost 12% from 2018 (IBM).
  9. Hospitals pass 64% more annually happening advertising over the two eld following a breach (American Journal of Managed Aid).

Data Breach Run a risk

risk of data breaches

IBM's Toll of a Data Breach Paper found that the average total be of a data break is $3.86 million and moving in an upward trend. This data, in particular, validates the reason to vest in preventative data security. Witness the data breach risk statistics below to help quantify the personal effects, motivations and causes of these destructive attacks.

  1. A financial services employee has access to 11 cardinal files (Varonis).
  2. The average distributed denial-of-Robert William Service (DDoS) attack grew to to a higher degree 26Gbps, increasing in size by 500% (Nexusguard).
  3. In the start quarter of 2020, DDoS attacks rose more than 278% compared to Q1 2019 and more than 542% compared to the last quarter (Nexusguard).
  4. 9,637 attacks were betwixt 10Mbps and 30Mbps (Nexusguard).
  5. Over 64% of financial religious service companies have 1,000+ cognisant files accessible to all employee (Varonis).
  6. On intermediate, 50% of user accounts are stale (Varonis).
  7. 58% of companies found over 1,000 folders that had conflicting permissions (Varonis).
  8. Only 5% of a party's folders are protected (Varonis).
  9. 38% of all users sampled get a parole that never expires (Varonis).
  10. 28% of data breach victims are small businesses (Verizon).
  11. . Ended 80% of breaches inside Hacking involve Brute force or the Wont of lost or stolen credentials. (Verizon).
  12. A cyberattack occurs every 39 seconds (University of Maryland).
  13. The larger the data breach, the less likely the organization will have another breach in the following two long time (IBM).
  14. 23% of information breaches are caused by weak error (IBM).
  15. 62% of breaches not involving an error, misuse, or physical action involved the use of goods and services of stolen credentials, brute force, or phishing (Varonis).

Breach Projections

breach projections

In the apace evolving theater of data security, information technology's vital that business owners stay informed of all latent issues. Below are the projected cybersecurity incidents that may occur in the coming years.

  1. It is estimated that a business volition fall victim to a ransomware attack every 11 seconds by 2021 (Herjavec Group).
  2. Cybercrime is estimated to toll the world-wide $10.5 1E+12 per annum by 2025 (Cybersecurity Ventures).
  3. Attackers will zero on biometric hacking and expose vulnerabilities in touch ID sensors, facial recognition and passcodes (Experian).
  4. Shaving ISN't late merely the next frontier is an enterprise-wide attack on a national network of a major business enterprise institution, which lavatory cause millions in losses (Experian).
  5. A major wireless carrier will be attacked with a co-occurrent event on both iPhones and Android, thievery personal information from millions of consumers and peradventure disabling all wireless communications in the United States (Experian).
  6. A swarm vendor will suffer a break, yielding the sensitive information of hundreds of Luck 1000 companies (Experian).
  7. The online gaming community bequeath be an emerging cyberpunk surface, with cybercriminals posing as gamers and gaining access to the computers and personal data of trusting players (Experian).

Historical Data Breach Statistics

historical data breaches

Some of the biggest information breaches recorded in chronicle were from 2005 or later. Once governments and businesses emotional from paper to member, data breaches became more commonplace.

In 2005 alone at that place were 136 information breaches reportable past the Concealment Rights Clearinghouse and much 4,500 data breaches have been ready-made public since then. However, IT is fair to believe the existent number of data breaches is likely higher since some of the data breaches that the  Privacy Rights Clearinghouse reports connected have little-known numbers of compromised records. The 2014 Verizon Data Breach Investigation solely reportable on 2,100 information breaches where 700 million records were open.

Below we have provided a list of data rift statistics that led skyward to and launched the age of information percolation.

  1. The outset computing machine virus, known as "The Creeper," was discovered in the too soon 1970s (History of Information).
  2. In 2005 the Secrecy Rights Clearinghouse began its chronology of information breaches (Symantec).
  3. 2005 is the year the first data breach (DSW Shoe Storage warehouse) exposed more than 1 one thousand thousand records (Symantec).
  4. The largest insider attack occurred from 1976 to 2006 when Greg Chung of Boeing stole $2 billion Worth of aerospace documents and gave them to China (NBC).
  5. AOL was the forward dupe of phishing attacks in 1996 (Phishing).
  6. As of 2015, 25% of globular data necessary security but was non protected (Statista).
  7. In 2017, one of the deuce-ac major U.S. credit reporting agencies Equifax exposed 145.5 trillion accounts including name calling, Mixer Security department numbers, dates of birth, addresses, and, in some cases, driver's license numbers of American consumers (Symantec).
  8. Social media data breaches accounted for 56% of data breaches in the first half of 2018 (IT World Wide Web).
  9. Terminated the erstwhile 10 years, in that respect have been 300 data breaches involving the theft of 100,000 or more records (Forbes).
  10. The United States saw 1,244 data breaches in 2018 and had 446.5 million exposed records (Statista).
  11. Data breaches exposed 4.1 billion records in the first six months of 2019 (Forbes).
  12. A of 2019, cyber-attacks are well thought out among the top five risks to global stability (World Economic Meeting place).

Largest Recorded Information Breaches

largest data breach

Data breaches are comely more and more common and some of the most recent information breaches have been the largest on record up to now. Here's a look at the largest data breaches in story.

  1. Yahoo holds the memorialize for the largest data breach ever with 3 billion compromised accounts (Statista).
  2. In 2019, Low gear American Financial Corporation. had 885 trillion records uncovered online including bank transactions, mixer security numbers and more. (Gizmodo)
  3. In 2019, Facebook had 540 million drug user records exposed on the Amazon cloud host (CBS).
  4. In 2018, Marriott International data breach affected roughly 500 million guests (Parvenue York Times).
  5. In 2016, for reasons of poor security, Adult Friend Finder Network was hacked exposing 412 million users private data (Zero Day).
  6. Experian-owned Court Ventures sold data directly to a Vietnamese fraudster Service involving As many as 200 million records (Forbes).
  7. In 2017, data of almost 200 million voters leaked online from Deep Root Analytics (CNN).
  8. In 2014, Ebay was hacked, accessing 145 million records (Yahoo).
  9. In 2008 and 2009, Heartland Payment Systems suffered a data breach resulting in the compromise of 130 trillion records (Tom's Scout).
  10. In 2007, the certificate breach at T.J. Maxx Companies Inc. compromised 94 million records (Information Week).
  11. In 2015, Anthem skilled a breach that compromised 80 million records (Anthem).
  12. In 2013, Target habitual a breach that compromised 70 trillion records (KrebsOnSecurity).

Data Breach Bar

data breach prevention

There are also proactive approaches security professionals commode take in order to lower their chances of experiencing a breach. Identifying cybersecurity risks to your information can be a good place to showtime. See how companies are shifting their budgets and priorities to protect their assets and customers from cyberattacks.

  1. 63% of companies suffer implemented a biometric system or plan to aboard ane (Veridium).
  2. 17% of IT security professionals reported information security as the largest budget gain for 2018 (ZDNet).
  3. 80% of organizations planned to increase security spending for 2018 (ZDNet).
  4. Information technology is foretold that worldwide cybersecurity spending will outdo $1 trillion cumulatively from 2017 to 2021 (Cybersecurity Ventures).
  5. Planetary, IT security spending in 2019 was projected to grow 8.7% over 2018's figure (Gartner).
  6. For the first sentence since 2013, ransomware declined, down 20% overall, but up 12% for enterprises (Symantec).
  7. Budget apportioning to hardware-based security services, which generally lack some portability and the power to in effect mathematical function in virtual infrastructure, has fallen from 20% in 2015 to 17% with a further expected declension to 15.5% in 2019 (451 Research).
  8. MSSPs, which can replicate sealed security operational functions, saw modest budget allocation growth at the end of 2017 to 14.7%, but certificate professionals expect that game to get to 17.3% by 2019 (451 Research).

data breach stats 2020 infographic

Come home the button below to compare these 2021 insights to the stats from 2020.download button data breach statistics

Information Breach Defense + Prevention Resources

Companies need to essay lessons from the GDPR and update their information governance practices as more iterations are expected in the coming years. It's crucial to properly set permissions on files and remove stale data.

Keeping information classification and governance up to par is instrumental to maintaining compliance with data privateness lawmaking like HIPAA, SOX, ISO 27001 and more. Today, modern solutions offer great protection and a more proactive approach to security to guarantee the safety of responsive information.

Examine your data break response program and examine a free risk assessment to see where your vulnerabilities lie.

The undermentioned resources offer additional information on the improvement of data protection and tips for data rupture bar.

  • Varonis Red Alert Data Breach Report
  • Varonis 2021 Financial Data Risk Describe
  • Verizon's Information Gap Investigations Report (DBIR)
  • IBM's 2020 Cost of a Data Breach Report
  • DataLossDB, well-kept aside the Open Security Foundation
  •  Ponemon Institute
  • Data Breach Risk Calculator
  • Identity Theft Resourcefulness Center
  • RiskBased Mid-Year Data Breach Report

Data Breach Insurance Types

In order to mitigate the risk that comes along with data deprivation, many companies are now buying information breach insurance to sustenanc their information offend prevention and mitigation plans. Data breach insurance helps cover the costs associated with a information certificate transgress. Information technology can be used to livelihood and protect a comprehensive reach of components, such as PR crises, protection solutions and liability. It May too treat whatever legal fees accumulated from the breach.

Usual types of data breach insurance are:

First-Party Insurance

With many antithetic kinds of consequences that take plac owing to a data breach, significant time and money will be spent to regai. From recovering data and notifying stakeholders, first-political party insurance covers the following:

  • Investigation costs
  • Notifying all affected parties
  • Fielding inquiries
  • Tools to help affected parties

Third-Party Insurance

Third-party insurance is primarily used by contractors and IT professionals to lessen their liability. The covered expenses may include things such as the following:

  • Lawyers' fees
  • Settlements
  • Judgments and liability
  • Past court costs such as witness fees, docket fees, etc.

Data Breach Statistics FAQs

Below are some of the virtually frequently asked questions about data breaches with answers supported by data breach statistics and facts.

How many information breaches occur?

A:  The Concealment Rights Clearinghouse keeps a chronology of data and public security measur breaches dating back to 2005. The actual number of data breaches is not known. The Privacy Rights Clearinghouse estimated that in that respect have been 9,044 public breaches since 2005, however more can be presumed since the administration does not report on breaches where the number of compromised records is unnamed.

What was the biggest information break in history?

A: Yahoo holds the record for the largest data breach of all time with 3 billion compromised accounts (Statista).

How many data breaches were at that place in 2020?

A: There were 3,950 confirmed data breaches in 2020 (Verizon).

How practically does a data offend toll?

A: As of 2020, the average add up cost of a data breach is $3.86 million (IBM).

What is the average size of a data breach?

A: 25,575 records (IBM).

Regardless of industry, there's no query that information security and vindication is extremely valuable for companies in the whole number economy we sleep in. Valuate your business's cybersecurity risk to make company-fanlike changes and improve boilers suit protection demeanor.

Avoid being a information break statistic aside doing everything possible to protect your business from experiencing a breach. For many data connected data security platforms learn how data protection solutions could positively impact your byplay.