60+ Data Breach Statistics: Trends, Costs, and Insights

author avatarTodor Pichurov Hours Posted on Hours Updated on

The modern digital ecosystem has seen an exponential growth in connectivity, which has simultaneously increased the number of data breaches around the globe.

Throughout this article, we will present data breach statistics from prominent sources to shed light on the causes, costs, and consequences of cyber attacks.

By examining how many data breaches take place, in addition to their impact across regions and industries, organizations can better mitigate the risk and reduce breach costs associated with each data security breach.

This Article Contains:

Top data breach statistics for 2025

Below are some of the top data breach statistics—including recently published data from authoritative sources:

  1. The average cost of a data breach reached $4.35 million in 2022.
  2. Healthcare data breach costs have grown 53.3% since 2020, with the average being $10.93 million back in 2023.
  3. By 2025, the global cost of cybercrime is expected to hit $10.5 trillion, increasing at an annual rate of 15 percent.
  4. In 2023, 86% of data breaches involve the use of stolen credentials.
  5. 40% of all records compromised involved employee PII, a figure that has grown significantly from 26% back in 2022.
  6. The average total cost of a mega breach (50-60 million records) was $332 million.
  7. The number of insider incidents increased by nearly 8% in 2023.
  8. By 2023, cyber-attacks are projected to occur every 11 seconds.
  9. Ransomware attacks increased by 435% compared to previous years.
  10. Data breaches impacted nearly 294 million people.
  11. In 2023, 32% of incidents involved data theft and leak.
  12. Between September 2022 and September 2023, there were over 4,608 data breaches reported in the US alone, with affected records in those breaches exceeding 5 billion .
  13. Approximately 45% of all data breaches in 2023 were attributed to third-party vendor compromises.
  14. In 2023, Europe was the most affected region, accounting for 32% of global cyberattacks.
  15. In 2023, 51% of organizations increased security spending following a data breach.
  16. The cause for nearly half (49%) of inadvertent data breaches was human error and system issues or glitches.
  17. In 2023, 57% of organizations reported that data breaches led to an increase in the pricing of their business offerings or products.
  18. The average size of a data breach is 25,575 records.
  19. From 2020 to 2022, data breaches in the healthcare sector increased by 42%.
  20. 82% of breaches involved the human element (from phishing to misuse) according to the Verizon DBIR 2022.
  21. In 2021, there were 5.4 billion malware attacks worldwide.
  22. In 2021, 295 million US residents were affected by data breaches.
  23. Between 2005 and 2022, over 11,000 data breaches have been recorded in the US alone.
  24. Retailers can lose around $3.27 million on average per data breach event.

Combined, these data points provide a striking overview of how widespread and costly data breaches have become.

Whether focusing on healthcare data breaches or incidents in retail, the growing number of cyber attacks indicates that data security is an urgent priority.

Key drivers of data breaches

There are various triggers behind data breaches in today’s threat landscape:

  • Human Error: Often cited as the root cause of up to 95% of cybersecurity breaches.
  • Stolen or compromised credentials: Attackers rely on compromised credentials to infiltrate systems undetected.
  • Phishing attacks: The Verizon DBIR notes that phishing was responsible for 36% of breaches.
  • Accidental data breaches: Misconfigurations or inadvertent sharing of sensitive data.
  • Organized crime groups: Motivated by financial gain, leading to malicious data breaches.
  • Ransomware: A type of cyber attack that has grown by 435% recently.
binary code, binary, binary system

Understanding these drivers helps security teams anticipate how data breaches occur and highlights why healthcare data breach costs and financial industry incidents remain high-impact events.

Additionally, human error plays a big role in accidental data breaches and underscores the importance of stringent processes and continuous employee education.

Costs associated with data breaches

The cost of a data exposure goes beyond immediate mitigation. Data breach cost typically includes direct and indirect expenses, such as:

  • Legal fees: Companies often face lawsuits and regulatory fines.
  • Notification: Customers, partners, and regulators must be informed of a data security breach.
  • Reputation management: PR efforts to rebuild trust.
  • Forensic investigations: Determining the scope and identifying the initial attack vector.

Cost statistics and facts

  1. The typical cost of a data breach stands at $4.88 million.
  2. In 2023, the largest portion of breach-related expenses was detection and escalation, with an average cost of $1.58 million.
  3. As of 2024, the United States leads globally with the highest average data breach cost at $9.36 million, followed closely by the Middle East at $8.75 million.
  4. A mega-breach involving 50 to 60 million records in 2024 carries an estimated cost of $375 million—$43 million more than in 2023.
  5. Companies with significant noncompliance issues experience an average breach cost of $5.05 million, which is 12.6% above the norm.
  6. Automating recovery efforts can reduce over half of the expenses tied to a data breach.
  7. Between 2020 and 2021, the cost of a mega breach surged by 97%.
  8. In 2021, lost business opportunities accounted for the largest portion of breach-related costs, averaging $1.59 million per incident.
  9. For U.S. companies where more than 80% of employees worked remotely, the average data breach cost amounted to $5.54 million.
  10. Data breaches resolved in under 200 days resulted in 23% cost savings, equating to $1.02 million.
  11. For businesses with under 500 employees, the financial impact of a data breach increased from $2.92 million to $3.31 million—a difference of 13.4%.

Causes and attack vectors

Malware attacks, phishing attacks, and stolen credentials form the trifecta of leading causes behind malicious data breaches.

According to Statista, 5.4 billion malware attacks occurred worldwide in 2021 alone. Furthermore, accidental data breaches—often tied to human error—underscore how even a single oversight can trigger a massive data breach event.

  1. Multi-factor authentication (MFA) is known to block over 99.9% of account-compromise attacks
  2. In 2023, 65% of data breaches involved internal actors, while 35% were attributed to external threats.
  3. Financial motives drive 95% of all data breaches, reflecting a 24% rise since 2019.
  4. Ransomware is responsible for nearly 24% of malware-related security incidents.
  5. On a global scale, identifying a data breach took an average of 194 days in 2024, showing a slight improvement from 2023.
  6. Organizations that leverage threat intelligence detect breaches 28 days faster, on average.
  7. Breaches involving stolen or compromised credentials had the longest resolution times, taking an average of 88 days within a 292-day breach lifecycle.
  8. Scam emails result in a worldwide financial impact of $6.4 billion each day.
  9. In 2019, cybersecurity professionals identified 967.7 million active malware programs.
  10. System glitches account for 24% of all data breaches.
  11. In a typical company, 21% of folders are accessible to all employees.
  12. Human error contributes to 99.5% of data breaches among remote workers in the United States.
  13. Intrusions into cloud environments increased by 75% year over year in 2023.
  14. Between November 2021 and October 2023, Microsoft Office applications were the primary target for attacks, involved in 61% of malicious attacks globally.
  15. Attempts to extract secret keys and credential data from cloud metadata and APIs surged by 160% in 2023.
  16. Business Email Compromise (BEC) attacks now make up more than half of all social engineering attacks.
  17. In 2023, the three most commonly reported malware strains were Cobalt Strike, MimiKatz, and Qakbot.
  18. The primary methods attackers use to infiltrate organizations include stolen credentials, phishing, and exploiting security vulnerabilities.

Incident response and mitigation

The longer an organization takes to detect a security breach, the higher the average breach cost. Studies show having an incident response team can reduce data breach expenses by $1.12 million on average.

  1. In 2021, the average time required to contain a data breach after detection was 75 days.
  2. Companies that successfully mitigate breaches within 30 days save more than $1 million compared to those taking longer than a month.
  3. Notifying customers of a data breach costs U.S. businesses approximately $740,000.
  4. The average cost of a data breach for U.S. companies is $3.86 million.
  5. A majority (57%) of surveyed organizations reported raising their product or service prices due to breach-related expenses.
  6. More than 9% of publicly traded U.S. companies issued breach notifications in 2023, impacting around 143 million individuals.
  7. In 47% of cases, public companies omitted details about the root cause of the breach in their official disclosures—an increase of 98% from 2022.

An agile incident response plan typically includes:

  • Detection and analysis: Swift identification of suspicious activity.
  • Containment: Isolation of compromised systems.
  • Eradication: Removal of malware and closure of exploited vulnerabilities.
  • Recovery: System restoration and verification.
  • Post-incident review: Learning to prevent future accidental data breaches or malicious data breaches.

Powerful law enforcement agencies and cyber task forces often collaborate with organizations during major large data breaches, providing resources and support in apprehending perpetrators.

Impact across industries

  • Healthcare breach costs: Averaging $10.1 million; even higher in 2023.
  • Retail: Estimated $3.27 million per breach.
  • Global average cost: Estimated at $4.35 million in 2022, trending upward year over year.

Healthcare

The healthcare industry consistently incurs the highest breach costs, averaging $10.1 million per incident as of 2022.

Healthcare data breaches have a data breach lifecycle that often extends longer due to regulatory burdens, leading to increased breach costs.

Healthcare data breach claims are also on the rise, driven by the large amounts of sensitive information—medical records, driver’s license numbers, insurance details—stored by healthcare providers.

The targeted sector remains healthcare for many attackers due to the high value of patient data on illicit markets.

Financial services

The financial industry is another prime target for cyber threats, as each largest data breach incident can jeopardize consumer trust and result in heavy fines.

Fraudulent transactions, identity theft, and compliance violations are common consequences.

Large data security breach events in this sector often include tens of thousands of compromised records, each with a high resale value.

Retail and eCommerce

Retailers, especially those operating online, face cyber attacks that can compromise customer payment information.

On average, retailers can lose $3.27 million per data breach. This figure underscores why data breaches in eCommerce settings are particularly damaging, often resulting in reputational harm and significant financial losses.

Regional insights and notable trends

Data breaches occur on every continent, though some areas face unique challenges:

  • North America: The US leads in recorded breaches, with 295 million US residents affected in 2021.
  • Europe: The most affected region in 2023, accounting for 32% of global cyberattacks.
  • Asia & Africa: Rapid digitization has increased cyber incidents, including large data breaches in emerging markets.

Regulatory frameworks like GDPR in the EU and state-level legislation in the US have resulted in stronger compliance requirements, influencing how organizations respond to recent data breaches.

Emerging technologies and future outlook

As emerging technologies such as AI, IoT, and quantum computing advance, the risk of cyber attack intensifies.

On the defensive side, security AI tools promise quicker anomaly detection and real-time threat remediation. However, attackers also leverage new technology to refine phishing attacks and malware breaches.

By 2025, the global cost of cybercrime is forecasted to hit $10.5 trillion.

a blue and black globe with lines and dots around it

Whether these threats manifest in a biggest data breach or multiple smaller incidents, the impetus to fortify data security protocols grows stronger each year.

Collaboration with powerful law enforcement agencies and public-private partnerships will remain instrumental in addressing widespread data breaches plaguing every industry.

Conclusion

The landscape of data breaches is both dynamic and increasingly perilous.

From healthcare data breaches that incur record-breaking healthcare data breach costs to accidental data breaches caused by simple human error, the scope of the problem demands continual vigilance.

Organizations should note that most data breaches stem from known vulnerabilities—be they stolen or compromised credentials, phishing attacks, or misconfigurations—and can be mitigated through robust incident response frameworks.

With an emphasis on security AI, network security, and employee training, businesses can reduce breach costs and shrink the data breach lifecycle.

Ultimately, the message is clear: data breaches will remain a top concern for the foreseeable future.

By studying the latest breach statistics, investing in security spending, and proactively preparing for the worst, leaders across sectors can significantly diminish the impact of each data breach—protecting both their bottom line and their customer trust.

References

  1. Astra Security – Data Breach Statistics
  2. Secureframe – Data Breach Statistics
  3. IBM – Data Breach Report
  4. Sprinto – Data Breach Statistics
  5. BigCommerce – eCommerce Data Breaches
  6. Verizon – Data Breach Investigations Report
  7. Strobes – Top Data Breaches of January 2025
  8. Worth Insurance – Data Breach Statistics
  9. Varonis – Data Breach Statistics
  10. Statista – Data Breaches Worldwide
  11. Statista – Malware Attacks per Year
  12. Statista – Number of US Residents Affected by Data Breaches
Share this post on your favorite social media
author avatar

Todor has over a decade of experience in creating content about cybersecurity. He specializes in making complex security topics understandable for all. As part of the SpyHunter team, Todor uses his expertise to educate users, empowering them to better understand and manage their digital environments securely and efficiently.

SpyHunter Free Trial: Important Terms & Conditions

The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac, offering comprehensive malware detection and removal functionality, high-performance guards to actively protect your system from malware threats, and access to our technical support team via the SpyHunter HelpDesk. You will not be charged upfront during the Trial period, although a credit card is required to activate the Trial. (Prepaid credit cards, debit cards, and gift cards are not accepted under this offer.) The requirement for your payment method is to help ensure continuous, uninterrupted security protection during your transition from a Trial to a paid subscription should you decide to purchase. Your payment method will not be charged a payment amount upfront during the Trial, although authorization requests may be sent to your financial institution to verify that your payment method is valid (such authorization submissions are not requests for charges or fees by EnigmaSoft but, depending upon your payment method and/or your financial institution, may reflect on your account availability). You can cancel your Trial by contacting EnigmaSoft’s payment processor (identified in your confirmation email) or EnigmaSoft directly no later than two business days before the 7-day Trial period expires to avoid a charge coming due and being processed immediately after your Trial expires. If you decide to cancel during your Trial, you will immediately lose access to SpyHunter. If, for any reason, you believe a charge was processed that you did not wish to make (which could occur based on system administration, for example), you may also cancel and receive a full refund for the charge any time within 30 days of the date of the purchase charge. See FAQs.

At the end of the Trial, you will be billed upfront immediately at the price and for the subscription period as set forth in the offering materials and registration/purchase page terms (which are incorporated herein by reference; pricing may vary by country per purchase page details) if you have not timely canceled. Pricing typically starts at $72 for 3 months (SpyHunter Pro Windows) and $42 for 3 months (SpyHunter for Mac). Your purchased subscription will be automatically renewed in accordance with the registration/purchase page terms, which provide for automatic renewals at the then applicable standard subscription fee in effect at the time of your original purchase and for the same subscription time period, provided you’re a continuous, uninterrupted subscription user. Please see the purchase page for details. Trial subject to these Terms, your agreement to EULA/TOS, Privacy/Cookie Policy, and Discount Terms. If you wish to uninstall SpyHunter, learn how.

For payment on the automatic renewal of your subscription, an email reminder will be sent to the email address you provided when you registered before your next payment date. At the onset of your trial, you will receive an activation code that is limited to use for only one Trial and for only one device per account. Your subscription will automatically renew at the price and for the subscription period in accordance with the offering materials and registration/purchase page terms (which are incorporated herein by reference; pricing may vary by country per purchase page details), provided that you are a continuous, uninterrupted subscription user. For paid subscription users, if you cancel, you will continue to have access to your product(s) until the end of your paid subscription period. If you wish to receive a refund for your then current subscription period, you must cancel and apply for a refund within 30 days of your most recent purchase, and you will immediately stop receiving full functionality when your refund is processed.

For CALIFORNIA CONSUMERS, please see the notice provisions:
NOTICE TO CALIFORNIA CONSUMERS: Per the California Automatic Renewal Law, you may cancel a subscription as follows:

  1. Go to www.enigmasoftware.com and click the "Login" button at the top right corner.
  2. Log in with your username and password.
  3. In the navigation menu, go to "Order/Licenses." Next to your order/license, a button is available to cancel your subscription if applicable. Note: If you have multiple orders/products, you will need to cancel them on an individual basis.

Should you have any questions or problems, you can contact our EnigmaSoft support team by phone at +1 (888) 360-0646 (USA Toll-Free) / +353 76 680 3523 (Ireland/International) or by email at support@enigmasoftware.com.
How do you cancel a SpyHunter Trial? If your SpyHunter Trial was registered via MyCommerce, you can cancel the trial via MyCommerce by logging into the MyAccount section of MyCommerce (see your confirmation email for further details). You can also contact MyCommerce by phone or email to cancel. To contact MyCommerce via phone, you can call +1-800-406-4966 (USA Toll-Free) or +1-952-646-5022 (24x7x356). You can contact MyCommerce by e-mail at ordersupport@mycommerce.com. You can easily identify if your trial was registered via MyCommerce by checking the confirmation emails that were sent to you upon registration. Alternatively, all users may also contact EnigmaSoft Limited directly. Users can contact our technical support team by emailing support@enigmasoftware.com, opening a ticket in the SpyHunter HelpDesk, or calling +1 (888) 360-0646 (USA) / +353 76 680 3523 (Ireland/International). You can access the SpyHunter HelpDesk from SpyHunter's main screen. To open a support ticket, click on the "HelpDesk" icon. In the window that appears, click the "New Ticket" tab. Fill out the form and click the "Submit" button. If you are unsure of what "Problem Type" to select, please choose the "General Questions" option. Our support agents will promptly process your request and respond to you.

———

SpyHunter Purchase Details
You also have the choice of subscribing to SpyHunter immediately for full functionality, including malware removal and access to our support department via our HelpDesk, typically starting at $42 for 3 months (SpyHunter Basic Windows) and $42 for 3 months (SpyHunter for Mac) in accordance with the offering materials and registration/purchase page terms (which are incorporated herein by reference; pricing may vary by country per purchase page details). Your subscription will automatically renew at the then applicable standard subscription fee in effect at the time of your original purchase subscription and for the same subscription time period, provided you’re a continuous, uninterrupted subscription user and for which you will receive a notice of upcoming charges before the expiration of your subscription. Purchase of SpyHunter is subject to the terms and conditions on the purchase page, EULA/TOS, Privacy/Cookie Policy and Discount Terms.

———

General Terms
Any purchase for SpyHunter under a discounted price is valid for the offered discounted subscription term. After that, the then applicable standard pricing will apply for automatic renewals and/or future purchases. Pricing is subject to change, although we will notify you in advance of price changes.
All SpyHunter versions are subject to your agreeing to our EULA/TOS, Privacy/Cookie Policy, and Discount Terms. Please also see our FAQs and Threat Assessment Criteria. If you wish to uninstall SpyHunter, learn how.