The cyber world and all sectors in it have been increasingly under scrutiny for implementing, updating, and maintaining its cybersecurity measures in this increasingly risky cyberspace.
This article aims to reflect and ponder on the implications of data breaches plaguing the cyber world. Without further ado, here are the compiled data breach statistics 2023.
Top Data Breach Statistics for 2023
Here are the top data breach statistics for 2023:
- Breaches caused by phishing took the third longest mean time to identify and contain at 295 days according to IBM’s 2022 Data Breach Report.
- Nearly 22 percent of all data breaches are accounted for by phishing thus securing it a position as one of the most prevalent cybercrimes in the FBI’s 2021 IC3 Report.
- 79% of critical infrastructure organizations didn’t employ a zero-trust architecture.
- 45% of the data breaches were cloud-based.
- The average cost of a data breach increased by 2.6% to $4.35 million in 2022 from $ 4. 24 million dollars in 2021.
- The average cost of a data breach for critical infrastructure organizations was put at $4.82 million dollars.
- 30% of all large data breaches occur in hospitals.
- Data breaches exposed at least 42 million records between March 2021 and February 2022.
- Yahoo experienced a data breach affecting nearly 1,000,000,000 individuals due to a malicious outsider who gained access through identity theft.
- India’s biometric database Aadhar containing the personal data of almost every citizen (nearly 1.1 billion people) was exposed in a security breach.
General Data Breach Statistics 2023
- Around 817 data breaches have been reported in the U.S. since H1 2022.
- 2021 was one of the costliest years in terms of data breaches through phishing attacks in the last 17 years.
- 19% of data breaches occurred due to a compromise with a business partner.
- According to Ponemon Institute statistics, 77% of companies are woefully ill-prepared and planned when it comes to thwarting an attack or a data breach.
- 73% of cyber insurance claims from 2013-2019 were due to data breaches, incident response, and crisis management.
- 27% of data breach claims and 24% of first-party claims had exclusions within the insurance package that resulted in non-payout or partial payouts.
- In a cyber insurance claim due to a data breach, 71% of the loss falls under cyber policy coverage which is made up of insurer payments up to 44% and insured payments with retention at 27%.
- In a data breach insurance claim, the major chunk of its average cost can be broken down accordingly, forensic costs at 21%, defense at 18%, legal advice and cybersecurity experts at 13%, and credit monitoring and theft monitoring services come up to 14%.
- 36% of all data breaches involved phishing according to Verizon’s 2022 report.
- 90% of healthcare institutions have experienced at least one security data breach in the previous few years.
- 30% of most data breaches occur in large hospitals with a record of exposing patients’ private health information.
- In 2019, Facebook breaches were a major cause of data leakages.
- Major reasons for insurance claims in the IT and Communications sector were malicious data breaches (24%) and accidental data breaches (18%).
- More than 83% of organizations included in IBM’s Data Breach Report have experienced more than one breach.
- According to the statistics provided by IBM, 60% of organizations that were breached resulted in a price hike that was passed on to customers.
- Companies with fully deployed security AI experienced on average a 74-day shorter time to identify and contain data breaches, than those without — 249 days versus 323 days.
- The use of security AI and automation jumped by nearly one-fifth in two years, from 59% in 2020 to 70% in 2022.
- 19% of data breaches occurred due to stolen or compromised credentials in 2022 at an average cost of USD 4.50 million.
- Stolen and or compromised credentials were also the top vector of data breaches in 2021 by 20%.
- The cost difference was 27.6% between hybrid cloud breaches and public cloud breaches.
- The mean or average time to identify and contain a data breach fell from 287 days in 2021 to 277 days in 2022, a decrease of 10 days or 3.5%.
- 51% of healthcare organizations reported an increase in data breaches since 2019.
- 61% of healthcare data breach threats come from negligent employees.
- Nearly 93% of healthcare organizations have experienced a data breach in the past three years according to Herjavec Group’s 2020 Healthcare Cybersecurity Report and 57 percent have had more than five data breaches during the same timeframe.
- 2020 saw a 58% increase in healthcare industry targetted data breaches.
- Data breaches in healthcare went up by 42% since 2020 having the highest breach costs for the 12th year in a row.
- More than 2100 healthcare data breaches have been reported since 2009.
- 34% of data breaches in healthcare organizations came in the form of authorized access or disclosure.
- 6 percent of pediatric hospitals reported data breaches.
- At least 18% of teaching hospitals experienced a data breach.
- 47% of healthcare data breaches come from hackers or various IT incidents.
- According to HIPAA, healthcare data breaches in the U.S. have decreased by 48%.
- The U.S. pharma company Pfizer mistakenly leaked private data of the country’s prescription drug users in a data breach caused due to unsecured cloud storage.
- OneTouchPoint reported a massive data breach that affected over 1,073,316 individuals in mid-July of 2022.
- Broward Health based in Florida reported a data breach affecting 1.35 million people on January 2nd of 2022.
- The Shields healthcare data breach is the largest data breach reported in 2022 affecting over 2 million individuals.
- Tenet Healthcare-affiliate Baptist Medical Center suffered a cyberattack on April 24th, 2022 affecting 1.24 million individuals.
- Singapore-based Farrer Park Hospital had a breach between March 8, 2018, and Oct 25, 2019. The confidential medical information of 2000 individuals was automatically forwarded to a third party.
- Texas Tech University Health Sciences Center was hit by a data breach due to a hacking incident that was reported on June 7, 2022. The breach affected over 1,29 million people.
- In highly regulated industries such as healthcare, financial, energy, pharmaceuticals and education industries, an average of 24% of data breach costs were accrued more than two years after the breach occurred.
- Other common vectors of data breaches included cloud misconfiguration at 15% of breaches and vulnerability in third-party software at 13% of breaches.
- Breaches caused by business email compromise had the second highest mean time to identify and contain, at 308 days.
- Nearly three-quarters of organizations in the study said they had an IR plan, with 73% saying they did have an IR plan and 27% saying they didn’t have a plan for IR against data breaches.
- 63% of organizations with an IR plan said they regularly tested it, with 37% saying they didn’t regularly test the IR plan.
- Forty-five percent said the data breach occurred in the cloud, whereas 55% said the data breach didn’t occur in the cloud.
- In September 2017, Equifax announced that its systems had been breached affecting 148 million individuals. The data compromised included names, home addresses, phone numbers, dates of birth, social security numbers, and driver’s license numbers.
- Two-thirds of the people online have had their records stolen or compromised by bad actors by 2018.
- Identity theft is the most common type of data breach incident, accounting for 59 percent of all global data breach incidents in 2016.
- In 2019, the United States had 1,473 reported data breaches involving 164.68 million exposed records.
- Just 38% of organizations said their security teams were sufficiently staffed to meet their security management needs, while 62% said they weren’t sufficiently staffed.
- Myspace had a similar source of breach by malicious outsiders which resulted in account access to almost 360,000,000 records in 2013.
- From 2013 to 2017 the U.S.A. experienced a large number of data breaches at nearly 6550 while for the U.K. it was 570.
- The most targeted sector remains healthcare with over 2,248 breaches between 2013-2016.
- From 2013 to 2016, data breaches by malicious outsiders increased steadily.
- Twitter notified 330 million users of a glitch that stored passwords unmasked in an internal log, making all user passwords accessible to the internal network. This happened in May 2018.
- Clearview AI, a facial-recognition company that contracts with powerful law-enforcement agencies had its entire client list and over 3 billion photos stolen in 2020 February.
- Canva, in 2019 May, suffered a data breach that impacted 137 million users. The exposed data included email addresses, names, usernames, cities, and passwords stored as crypt hashes.
- 780,000 records are lost to hacking each day.
- Office applications accounted for 72.85% of exploited applications worldwide in the third quarter of 2019.
- 71% of breaches are financially motivated.
- 16% of data breaches involved Public sector entities.
- 43% of data breaches involved small businesses.
- 63% of organizations that have experienced a data breach are implementing biometric authentication.
- Organized crime groups were behind 39% of breaches.
Cost of a Data Breach
- According to IBM, the average cost of data breaches from 2020 to 2022 has seen a 12.7% hike from $3.86 million to $4.35 million.
- The average ransomware cost of $4.54 million is slightly higher than the overall average total cost of a data breach, USD 4.35 million.
- Data breaches in the U.S. cost up to 9.44 USD on average.
- USD 2.10 million was the cost savings of breaches at organizations that use risk quantification techniques versus those that don’t.
- At 16% phishing was the second most common reason for data breaches and the costliest averaging $ 4.91 million in breach costs.
- Statistics showed that in 2018 showed the average cost per data breach was around $150 for each compromised record.
- USA had the highest rate of costly data breaches in 2021 at $9.05 million according to IBM.
- Risk quantification had a considerable effect on data breach costs, saving up to USD 2.10 million on average.
- The average data breach cost during remote working was $1 million higher than the pre-pandemic scenario.
- Savings from data breaches when compared between fully AI-integrated organizations to those that haven’t revealed a $3.05 million dollar cost saving when compared to the $6.02 million loss for the undeployed companies.
- 41% of organizations in the study said they deploy a zero trust security architecture incurring up to $1 million when compared to 59% of organizations that do not deploy this.
- Factoring in remote work causing the breach, costs were an average of nearly USD 1 million greater than in breaches where remote working wasn’t a factor — USD 4.99 million versus USD 4.02 million.
- Remote work-related breaches cost on average about USD 600,000 more compared to the global average.
- Data breaches that happened in a hybrid cloud environment cost an average of USD 3.80 million, compared to USD 4.24 million in private clouds and USD 5.02 million in public clouds.
- Breach costs for pharmaceuticals were estimated at USD 5.01 million, technology at USD 4.97 million, and energy at USD 4.72 million.
- The top five countries and regions for the highest average cost of a data breach were:
- United States at USD 9.44 million
- Middle East at USD 7.46 million
- Canada at USD 5.64 million
- United Kingdom at USD 5.05 million
- Germany at USD 4.85 million
- The per-record cost of a data breach hit a seven-year high from $158 in 2016 to $164 in 2022.
- With costs of $408 per record healthcare data breaches cost the highest of any industry.
- A recent study found that the average cost of a data breach is $ 4.24 million.
- The average cost of a healthcare data breach surpassed the general average of $ 9.23 million per incident.
- $10.10 million was the average cost of a data breach in the healthcare industry.
- An average of $ 9.3 million was the cost of healthcare data breaches per incident in 2021.
- Healthcare data breaches cost an average of $408 per record, which is three times higher than the cross-industry average of $148 per record.
- A data breach lifecycle of fewer than 200 days was associated with an average cost of USD 3.74 million in 2022.
- USD 5.57 million was the average cost of a breach for organizations with high levels of compliance failures.
- USD 2.66 million was the average breach cost savings at organizations with an IR team that tested an IR plan versus those with no IR team and who had not tested an IR plan.
- USD 1.51 million was the average breach cost savings associated with a mature zero trust deployment versus early adoption of zero trust.
- Ransomware breaches took 49 days longer than average to identify and contain.
- For those organizations that didn’t pay the ransom, the average cost of the breach was USD 5.12 million.
- For organizations that did pay the ransom, the cost of the breach was USD 4.49 million. The difference in average cost was USD 0.63 million, or 13.1%.
- For those organizations with the largest share of employees working remotely — 81% to 100% — the average cost of a data breach was USD 5.10 million.
- For organizations with the smallest share of employees working remotely — less than 20% — the average cost was USD 3.99 million.
- USD 550,000 was the average data breach cost savings of a sufficiently staffed organization versus an insufficiently staffed one.
- According to a 2020 report by Sophos, ransomware attack remediation efforts on average cost US$732,500 when a ransom is not paid, and US $1,448,458 when a ransom is paid.
Data Breach Statistics by Industry
28% of critical infrastructure organizations were targeted by malicious ransomware attacks. These sectors included healthcare, financial services, government organizations, and more.
Here are some industry-specific data breach statistics:
- In the case of healthcare-related claims, the triggering causes were malicious data breaches at 18% and accidental data breaches at 29%.
- The average breach in healthcare increased by nearly USD 1 million to reach USD 10.10 million.
- Healthcare breach costs have been the most expensive industry for 12 years running, increasing by 41.6% since 2020.
- A survey conducted revealed that nearly 70% of healthcare organizations saw longer hospital stays and delays in procedures due to ransomware attacks.
- 8% of healthcare data breach claims were triggered by ransomware attacks.
- The insurance sector faced major loss and claims triggers through malicious data breaches at 39% and accidental data breaches at 35%.
- Financial organizations had the second highest costs, averaging USD 5.97 million.
- The financial industry saw an increase from USD 5.72 million in 2021 to USD 5.97 million in 2022, an increase of USD 0.25 million or 4.4%.
- The financial sector experienced 137 breaches in 2018 that exposed 1.7 million accounts.
- 95 percent of breached records came from three industries in 2016: Government, retail, and technology.
- Manufacturing organizations faced cyber insurance claims the most for malicious data breaches at 22%.
- With retail and wholesale businesses, the significant causes of an insurance claim were malicious data breaches (30%) and accidental data breaches (8%).
How do Data Breaches Occur?
Here is a few main statistics involving the most common kind of attacks that lead to data breaches, ransomware, and phishing.
Ransomware is malicious malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware is spread mainly through phishing emails.
- Eleven percent of breaches in an IBM study were ransomware attacks, a 7.8% increase from 2021, for a growth rate of 41%.
- The average cost of a ransomware attack went down slightly, from USD 4.62 million in 2021 to USD 4.54 million in 2022.
- 27% of malware breaches involve ransomware.
- A business will fall victim to a ransomware attack every 11 seconds in 2021.
- Compared to 2019, Malware attacks increased by 358%, and ransomware attacks increased by 435%.
Phishing attacks are a type of social engineering that aims to trick you into revealing sensitive information like usernames or passwords.
- Phishing was the second most common cause of a breach at 16% and the costliest at USD 4.91 million in breach costs.
- Phishing attacks grew by 250% over the course of 2018.
- According to AICPA (2018), out of the 60% of Americans that have been exposed to fraud schemes, 26% were through phishing emails.
- Breaches caused by stolen or compromised credentials had an average cost of USD 4.50 million.
You can take several preventive steps to protect yourself against phishing attacks.
- Unless you’re sure of the source of links or attachments received, do not click on them.
- Use multi-factor authentication identity yourself by more than just your username and password.
- Do not entertain any requests for information.
- Use password manager to securely save all your passwords, credit cards, and personal info.
This article has provided a detailed compilation of data breach statistics for 2023. It has included relevant statistics revealing the costs of a data breach, specific incidents, and general data breach statistics that one needs to consider.