60+ Data Breach Statistics: Trends, Costs, and Insights

author avatarTodor Pichurov Hours Posted on Hours Updated on

The modern digital ecosystem has seen an exponential growth in connectivity, which has simultaneously increased the number of data breaches around the globe.

Throughout this article, we will present data breach statistics from prominent sources to shed light on the causes, costs, and consequences of cyber attacks.

By examining how many data breaches take place, in addition to their impact across regions and industries, organizations can better mitigate the risk and reduce breach costs associated with each data security breach.

This Article Contains:

Top data breach statistics for 2025

Below are some of the top data breach statistics—including recently published data from authoritative sources:

  1. The average cost of a data breach reached $4.35 million in 2022.
  2. Healthcare data breach costs have grown 53.3% since 2020, with the average being $10.93 million back in 2023.
  3. By 2025, the global cost of cybercrime is expected to hit $10.5 trillion, increasing at an annual rate of 15 percent.
  4. In 2023, 86% of data breaches involve the use of stolen credentials.
  5. 40% of all records compromised involved employee PII, a figure that has grown significantly from 26% back in 2022.
  6. The average total cost of a mega breach (50-60 million records) was $332 million.
  7. The number of insider incidents increased by nearly 8% in 2023.
  8. By 2023, cyber-attacks are projected to occur every 11 seconds.
  9. Ransomware attacks increased by 435% compared to previous years.
  10. Data breaches impacted nearly 294 million people.
  11. In 2023, 32% of incidents involved data theft and leak.
  12. Between September 2022 and September 2023, there were over 4,608 data breaches reported in the US alone, with affected records in those breaches exceeding 5 billion .
  13. Approximately 45% of all data breaches in 2023 were attributed to third-party vendor compromises.
  14. In 2023, Europe was the most affected region, accounting for 32% of global cyberattacks.
  15. In 2023, 51% of organizations increased security spending following a data breach.
  16. The cause for nearly half (49%) of inadvertent data breaches was human error and system issues or glitches.
  17. In 2023, 57% of organizations reported that data breaches led to an increase in the pricing of their business offerings or products.
  18. The average size of a data breach is 25,575 records.
  19. From 2020 to 2022, data breaches in the healthcare sector increased by 42%.
  20. 82% of breaches involved the human element (from phishing to misuse) according to the Verizon DBIR 2022.
  21. In 2021, there were 5.4 billion malware attacks worldwide.
  22. In 2021, 295 million US residents were affected by data breaches.
  23. Between 2005 and 2022, over 11,000 data breaches have been recorded in the US alone.
  24. Retailers can lose around $3.27 million on average per data breach event.

Combined, these data points provide a striking overview of how widespread and costly data breaches have become.

Whether focusing on healthcare data breaches or incidents in retail, the growing number of cyber attacks indicates that data security is an urgent priority.

Key drivers of data breaches

There are various triggers behind data breaches in today’s threat landscape:

  • Human Error: Often cited as the root cause of up to 95% of cybersecurity breaches.
  • Stolen or compromised credentials: Attackers rely on compromised credentials to infiltrate systems undetected.
  • Phishing attacks: The Verizon DBIR notes that phishing was responsible for 36% of breaches.
  • Accidental data breaches: Misconfigurations or inadvertent sharing of sensitive data.
  • Organized crime groups: Motivated by financial gain, leading to malicious data breaches.
  • Ransomware: A type of cyber attack that has grown by 435% recently.
binary code, binary, binary system

Understanding these drivers helps security teams anticipate how data breaches occur and highlights why healthcare data breach costs and financial industry incidents remain high-impact events.

Additionally, human error plays a big role in accidental data breaches and underscores the importance of stringent processes and continuous employee education.

Costs associated with data breaches

The cost of a data exposure goes beyond immediate mitigation. Data breach cost typically includes direct and indirect expenses, such as:

  • Legal fees: Companies often face lawsuits and regulatory fines.
  • Notification: Customers, partners, and regulators must be informed of a data security breach.
  • Reputation management: PR efforts to rebuild trust.
  • Forensic investigations: Determining the scope and identifying the initial attack vector.

Cost statistics and facts

  1. The typical cost of a data breach stands at $4.88 million.
  2. In 2023, the largest portion of breach-related expenses was detection and escalation, with an average cost of $1.58 million.
  3. As of 2024, the United States leads globally with the highest average data breach cost at $9.36 million, followed closely by the Middle East at $8.75 million.
  4. A mega-breach involving 50 to 60 million records in 2024 carries an estimated cost of $375 million—$43 million more than in 2023.
  5. Companies with significant noncompliance issues experience an average breach cost of $5.05 million, which is 12.6% above the norm.
  6. Automating recovery efforts can reduce over half of the expenses tied to a data breach.
  7. Between 2020 and 2021, the cost of a mega breach surged by 97%.
  8. In 2021, lost business opportunities accounted for the largest portion of breach-related costs, averaging $1.59 million per incident.
  9. For U.S. companies where more than 80% of employees worked remotely, the average data breach cost amounted to $5.54 million.
  10. Data breaches resolved in under 200 days resulted in 23% cost savings, equating to $1.02 million.
  11. For businesses with under 500 employees, the financial impact of a data breach increased from $2.92 million to $3.31 million—a difference of 13.4%.

Causes and attack vectors

Malware attacks, phishing attacks, and stolen credentials form the trifecta of leading causes behind malicious data breaches.

According to Statista, 5.4 billion malware attacks occurred worldwide in 2021 alone. Furthermore, accidental data breaches—often tied to human error—underscore how even a single oversight can trigger a massive data breach event.

  1. Multi-factor authentication (MFA) is known to block over 99.9% of account-compromise attacks
  2. In 2023, 65% of data breaches involved internal actors, while 35% were attributed to external threats.
  3. Financial motives drive 95% of all data breaches, reflecting a 24% rise since 2019.
  4. Ransomware is responsible for nearly 24% of malware-related security incidents.
  5. On a global scale, identifying a data breach took an average of 194 days in 2024, showing a slight improvement from 2023.
  6. Organizations that leverage threat intelligence detect breaches 28 days faster, on average.
  7. Breaches involving stolen or compromised credentials had the longest resolution times, taking an average of 88 days within a 292-day breach lifecycle.
  8. Scam emails result in a worldwide financial impact of $6.4 billion each day.
  9. In 2019, cybersecurity professionals identified 967.7 million active malware programs.
  10. System glitches account for 24% of all data breaches.
  11. In a typical company, 21% of folders are accessible to all employees.
  12. Human error contributes to 99.5% of data breaches among remote workers in the United States.
  13. Intrusions into cloud environments increased by 75% year over year in 2023.
  14. Between November 2021 and October 2023, Microsoft Office applications were the primary target for attacks, involved in 61% of malicious attacks globally.
  15. Attempts to extract secret keys and credential data from cloud metadata and APIs surged by 160% in 2023.
  16. Business Email Compromise (BEC) attacks now make up more than half of all social engineering attacks.
  17. In 2023, the three most commonly reported malware strains were Cobalt Strike, MimiKatz, and Qakbot.
  18. The primary methods attackers use to infiltrate organizations include stolen credentials, phishing, and exploiting security vulnerabilities.

Incident response and mitigation

The longer an organization takes to detect a security breach, the higher the average breach cost. Studies show having an incident response team can reduce data breach expenses by $1.12 million on average.

  1. In 2021, the average time required to contain a data breach after detection was 75 days.
  2. Companies that successfully mitigate breaches within 30 days save more than $1 million compared to those taking longer than a month.
  3. Notifying customers of a data breach costs U.S. businesses approximately $740,000.
  4. The average cost of a data breach for U.S. companies is $3.86 million.
  5. A majority (57%) of surveyed organizations reported raising their product or service prices due to breach-related expenses.
  6. More than 9% of publicly traded U.S. companies issued breach notifications in 2023, impacting around 143 million individuals.
  7. In 47% of cases, public companies omitted details about the root cause of the breach in their official disclosures—an increase of 98% from 2022.

An agile incident response plan typically includes:

  • Detection and analysis: Swift identification of suspicious activity.
  • Containment: Isolation of compromised systems.
  • Eradication: Removal of malware and closure of exploited vulnerabilities.
  • Recovery: System restoration and verification.
  • Post-incident review: Learning to prevent future accidental data breaches or malicious data breaches.

Powerful law enforcement agencies and cyber task forces often collaborate with organizations during major large data breaches, providing resources and support in apprehending perpetrators.

Impact across industries

  • Healthcare breach costs: Averaging $10.1 million; even higher in 2023.
  • Retail: Estimated $3.27 million per breach.
  • Global average cost: Estimated at $4.35 million in 2022, trending upward year over year.

Healthcare

The healthcare industry consistently incurs the highest breach costs, averaging $10.1 million per incident as of 2022.

Healthcare data breaches have a data breach lifecycle that often extends longer due to regulatory burdens, leading to increased breach costs.

Healthcare data breach claims are also on the rise, driven by the large amounts of sensitive information—medical records, driver’s license numbers, insurance details—stored by healthcare providers.

The targeted sector remains healthcare for many attackers due to the high value of patient data on illicit markets.

Financial services

The financial industry is another prime target for cyber threats, as each largest data breach incident can jeopardize consumer trust and result in heavy fines.

Fraudulent transactions, identity theft, and compliance violations are common consequences.

Large data security breach events in this sector often include tens of thousands of compromised records, each with a high resale value.

Retail and eCommerce

Retailers, especially those operating online, face cyber attacks that can compromise customer payment information.

On average, retailers can lose $3.27 million per data breach. This figure underscores why data breaches in eCommerce settings are particularly damaging, often resulting in reputational harm and significant financial losses.

Regional insights and notable trends

Data breaches occur on every continent, though some areas face unique challenges:

  • North America: The US leads in recorded breaches, with 295 million US residents affected in 2021.
  • Europe: The most affected region in 2023, accounting for 32% of global cyberattacks.
  • Asia & Africa: Rapid digitization has increased cyber incidents, including large data breaches in emerging markets.

Regulatory frameworks like GDPR in the EU and state-level legislation in the US have resulted in stronger compliance requirements, influencing how organizations respond to recent data breaches.

Emerging technologies and future outlook

As emerging technologies such as AI, IoT, and quantum computing advance, the risk of cyber attack intensifies.

On the defensive side, security AI tools promise quicker anomaly detection and real-time threat remediation. However, attackers also leverage new technology to refine phishing attacks and malware breaches.

By 2025, the global cost of cybercrime is forecasted to hit $10.5 trillion.

a blue and black globe with lines and dots around it

Whether these threats manifest in a biggest data breach or multiple smaller incidents, the impetus to fortify data security protocols grows stronger each year.

Collaboration with powerful law enforcement agencies and public-private partnerships will remain instrumental in addressing widespread data breaches plaguing every industry.

Conclusion

The landscape of data breaches is both dynamic and increasingly perilous.

From healthcare data breaches that incur record-breaking healthcare data breach costs to accidental data breaches caused by simple human error, the scope of the problem demands continual vigilance.

Organizations should note that most data breaches stem from known vulnerabilities—be they stolen or compromised credentials, phishing attacks, or misconfigurations—and can be mitigated through robust incident response frameworks.

With an emphasis on security AI, network security, and employee training, businesses can reduce breach costs and shrink the data breach lifecycle.

Ultimately, the message is clear: data breaches will remain a top concern for the foreseeable future.

By studying the latest breach statistics, investing in security spending, and proactively preparing for the worst, leaders across sectors can significantly diminish the impact of each data breach—protecting both their bottom line and their customer trust.

References

  1. Astra Security – Data Breach Statistics
  2. Secureframe – Data Breach Statistics
  3. IBM – Data Breach Report
  4. Sprinto – Data Breach Statistics
  5. BigCommerce – eCommerce Data Breaches
  6. Verizon – Data Breach Investigations Report
  7. Strobes – Top Data Breaches of January 2025
  8. Worth Insurance – Data Breach Statistics
  9. Varonis – Data Breach Statistics
  10. Statista – Data Breaches Worldwide
  11. Statista – Malware Attacks per Year
  12. Statista – Number of US Residents Affected by Data Breaches
Share this post on your favorite social media
author avatar

Todor has over a decade of experience in creating content about cybersecurity. He specializes in making complex security topics understandable for all. As part of the SpyHunter team, Todor uses his expertise to educate users, empowering them to better understand and manage their digital environments securely and efficiently.