Living in the modern world means integrating technology into almost every aspect of our daily lives. This symbiotic relationship with technology opens us up to becoming highly susceptible to hacking. This vulnerability extends from our smartphones, personal and work computers, transport, bank, and credit card purchases to every small smart device you have installed in the home or workplace.

Why are Data breaches and Cybersecurity breaches a growing concern?

Internet users and consumers might not be concerned enough about the threat of hacking, the real scenario is far from being safe. It is estimated that the world over a typical “hacking activity” attack occurs every 39 seconds.

Large companies and Federal Departments including The US Office of Personnel Management (OPM), Anthem Blue Cross, Yahoo, Uber, Quora, Facebook, Cathay Pacific, Marriott International, Equifax, LinkedIn, etc., have all experienced cyber threats in the past few years. No one is immune.

Recently it’s become apparent that the complexity, frequency, and expense of data breaches are ever-increasing. Many major cyber-attacks have targeted high profile companies in the United States, Europe, and Australia. To counter this, new legislation has been introduced in affected countries, aimed at changing the rules related to threat timeframes and user notification.

We aim to present a comprehensive picture of an alarming threat of cybercrimes and data breaches, something which affects customers, social network users, and even companies. Information is presented in a series of points, covering the most critical cybersecurity statistics for 2019-20.

data breach stats

Costs of a Data Breach

A single instance of a data breach can have immense implications on a business. A smaller sized-company could be put out of business due to a large breach. Below are some statistics related to how costly data breaches are, as of 2019/20.

  • Experts agree that by the year 2020, the average cost of a data security breach for a major business would be over $150 million. This estimate is due to the higher level of digitalization and connectivity that the world has experienced over the last few years. [BigCommerce]
  • The average total cost per data breach worldwide in 2019 amounted to a total of $3.92 million and $3.5 million in 2014. [IMB]
  • The average price for a Business Email Compromise hack is $24,439 per case, according to a 2019 report by Verizon. [Verizon]
  • Organizations reporting phishing and social engineering attacks are increasing by 16% year over year. [Accenture]

Data Breach Numbers and Risks

The 2019 Thales Data Threat Report – Global Edition issued by Zurich Insurance, found that rapid digitalization and the internet of things has expanded the connectivity of the developed world and its infrastructure.

To keep up with rapidly expanding and sophisticated technologies, many companies are investing in their service usability. Chasing greater competitiveness, they are migrating to cloud or multi-cloud environments very quickly. This is when the data storage is maintained by a company itself or in tandem with a third party. This hybrid structure can make data very difficult to secure, states the Threat Report.

Most organizations are finding it challenging to control internet security breaches and implement strong safety measures. It’s even harder for smaller and mid-sized companies who due to budget constraints or lack of staff make them vulnerable to attack. The risk of a data breach can be due to a combination of reasons, with some companies being more susceptible than others. The top risk factors are explained below using the relevant statistics.

data breach statistics

  • A typical user has a 27.9% chance of experiencing a data breach that could affect a minimum of 10000 records. With a total of 6,466,440 (estimated) records succumbing to data breaches worldwide daily. [Security Intelligence]
  • The financial sector accounts for 14% of all data breaches. In 47% of all financial data breaches, the victim is a bank. [Fortunly]
  • Increasingly more malware attacks, 25.7%, are targeting global financial services and banks. [Intsights Cyber Intelligence]
  • Year-over-year increases for compromised credit cards is 212%, credential leaks are 129%, and malicious apps is 102%. [Intsights Cyber Intelligence]
  • The United States is in the number one position when it comes to the risk of data breaches. [Statista]
  • Reports from 2018 indicate that phishing attacks targeted 76 % of businesses. [Wombat]
  • Almost 41% of US-based companies allow employees unrestricted access to sensitive data. [Varonis]
  • Experts have calculated that almost 25% of enterprises would succumb to data breaches through IoT devices by the year 2020. The figure poses a problem, as a mere 10% of IT security budgets allocated by companies are directed towards smart device security. [Gartner]
  • An estimated 10 million records have been compromised worldwide due to data breaches, as calculated by the Breach Level Index since 2013. The average cost of the data breaches is somewhere around $3.86 million. [Thales Security]
  • 88% of businesses have over 1 million folders, do not limit employee access to company files. [Varonis]
  • Over 4.5 billion data records were affected by data breaches in the first half of 2018, which equates to over 1 million data breaches per hour. [Gemalto]
  • Data breach instances were reported in 2019, with the first half of 2019, experiencing an 11% increase compared to the previous year. [Accenture]
  • According to the Imperva 2019 Cyberthreat Defense Report, It’s expected that 57.6% of Government organizations, 73.5% of educational organizations, and 74.5% of retail organizations are at direct risk of suffering data breaches or compromises.
  • The 2019 Thales Global Threat Report study revealed that there are some areas where encryption rates are higher, thereby preventing attacks. They are the IoT (42%), containers (47%), and big data (45%). Data encryption makes information unreadable and therefore useless to hackers and allows companies to guard their sensitive data and corporate secrets.

Business Continuity Plan

Having a Business Continuity Plan (BCP) is critical in the face of a data breach. A plan would outline the type of data being stored, where it’s stored, and what the potential liabilities are when implementing data security and recovery actions. AON’s 2019 Cyber Security Risk Report outlined that most organizations are missing a BCP.

When you investigate what’s causing data breaches, many times, it’s criminal activity or human error, or a mix of both. But the most common cause is the failure of organizations to prepare and do assessments in advance to identify their weaknesses. And failing to come up with answers to remedy and recover from their disadvantages. Taking care of weak passwords, improper configuration, untrained staff, or an outdated OS are all things companies can do beforehand to prevent attacks.

Incident Response

A BCP will also entail an effective cyber incident response plan. This refers to an organized approach that is aimed at addressing, managing, and rectifying the damages, in the aftermath of a cyber-attack or data breach incident.

  • Organizations take up to 197 days on an average to detect data breaches. [IBM’s Ponemon Institute]
  • Companies that contain a data breach in less than 30 days are expected to save over $1 million in finances.[IBM’s Ponemon Institute]
  • The FBI’s Internet Crime Complaint Center (IC3), reports that the number of cybercrimes reported account for only 10-12% of the actual number occurring. [FBI IC3]

Largest Data Breaches in History

The number of instances related to data breaches has been steadily increasing since 2013, with an estimated 14,717,618,286 cases where data has been either stolen or lost. Below are some of the most prominent instances of data breaches ever recorded in recent years.

  • Target in 2013: The data breach was carried out via malicious software installed on machines used by customers to pay with their cards. A total of 110 million Target accounts were compromised. [Forbes]
  • E-Bay in 2014:The data breach was carried out using stolen login credentials from a small number of employees. A total of 145 million eBay accounts were compromised. [Business Insider]
  • Anthem Inc. in 2015: The data breach was carried out by hackers after they infiltrated the company server. A total of 37.5 million personally identifiable records of customers were stolen. [Threatpost]
  • Yahoo! in 2013/2014: One of the most significant data breaches occurred in 2013-2014, where Yahoo’s 3 billion accounts got compromised. It was a coordinated attack by an organized, unidentified cyber-criminal organization. [REUTERS]
  • AOL in 2003: An estimated 92 million customer accounts were compromised after Jason Smathers, a 24-year-old AOL software engineer, caused the security breach. [WIRED]
  • Quora in 2018: The data breach was caused due to unauthorized access by a malicious third party. One hundred million user accounts were compromised. [Quora]
  • Facebook in 2018: This data breach was caused after hackers exploited a vulnerability in Facebook’s “View As” code. They were left with 50 Million compromised accounts. [The Guardian]
  • Marriott International in 2014/2018: The breach occurred due to unauthorized access to the guest’s information database. As a result, over 500 million user accounts were compromised. [Forbes]
  • Uber in 2016: Attackers, in this case, obtained credentials and accessed Uber’s cloud servers. They then got access to sensitive user information. As a result, more than 57 million users and driver accounts were compromised. [TechCrunch]
  •  Equifax in 2017: The data breach occurred as a result of a vulnerability in the open-source software used to access its servers. As a result, the personal information of 143 million consumers was exposed. [Forbes]
  • Aadhar Data breach in 2018: The Indian Government’s national ID database, which stores “Aadhar” information, succumbed to a cyber-attack in March 2018. The personal data of over 1.5 billion Indian citizens, including phone numbers, addresses, ID numbers, etc., were left exposed on the web. Experts have labeled this as one of the worst data breaches of all time. [TechCrunch]
infographic of big data breaches
Statistics provided by Ana Bera, co-founder of safeatlast.co

Click here to see the full infographic!

Data Hacking Trends

With the exponential growth of the cloud and IoT applications, such as connected health devices, house or child monitoring equipment, and smart cars. The demand on data-centers keeps increasing. This is also increasing new forms of cybercrime since all these devices are now hackable, susceptible to IoT attacks. It’s not surprising since connected devices are becoming more and more entangled and integrated into everyday lives.

In only 2 years, the total data stored in the cloud – which includes everything from public clouds operated by third-party vendors, government-owned clouds, social media companies, and private clouds run by mid-to-large-sized companies – will be a hundred times greater than today.

Modern hacking trends include a myriad of cybercrime techniques aimed at compromising data. Some of the most dangerous and common types of security threats include:

  • Attacks related to ransom malware have caused damages worth almost $1 billion. US users have paid $ 25 million worth of ransom. [Whitehouse Council of Economic Advisors]
  • Hacking crimes due to Social engineering account for 97% of the total hacking cases in the world. It also accounts for 93% of data breaches. [PwC Report 2018]
  • An estimated 4000,000 DDos attacks were reported monthly in the last few years. [Caliptix Security]
  • Service Denial attacks have numbered close to 800000 cases in the first couple of months in 2018 alone.
  • [PwC Report 2018]
  • 2018 has also seen almost 61% of organizations succumbing to IoT device hacks. That number has risen to 64% in 2019. At the end of 2018, more than 23 billion IoT devices were installed worldwide. [Newsweek]
  • Attacks related to phishing and pretexting comprise of nearly 98% of the total incidents involving social channels in 2019. Verizon’s 2017 DBIR revealed that it was still a large factor in data breaches. [Verizon]
  • In a report from Forrester, their research revealed that only 12% of breaches were targeting public cloud environments. 37% of decision-makers believed that heightened security made the migration to the public cloud vital to future success. [Forrester]

The motivation behind cybercrime remains financial gain and has remained the dominant motivator behind cyberattacks, at a rate of 88.1%. Cyberattacks as a form of technology warfare have been rising recently, up to 4% as of January 2019, when only a month earlier, in December 2018 the rate was 2% according to Privacy Affairs. Governments and non-government organizations have taken part in cyber warfare, and that rate should continue to grow as technologies become more integrated into the public’s lives.

C-suite and Cybersecurity

  • According to a recent survey carried out on C-suite users, a total of 53% of respondents indicated “cybercrime and data breaches” as the number one concern when it comes to cybersecurity. [IBM Study]

Increased attacks on Service Providers

Attacks on service providers such as Yahoo, AML, etc. have seen a stark rise in the last 6 or 7 years.

  • Yahoo faced the worst service provider attack with instances affecting 3 million, 500 million, and 200 million user accounts in 2013, 2014, and 2016 respectively. [NYTimes]

Organizational vulnerabilities

  • Both medium and small-scale organizations are losing an estimated $120,000 on average due to service denial attacks. Another figure indicated that enterprises could lose more than $2 million in total, due to denial of service attacks. [Security Intelligence]
  • An estimated 61% of organizations worldwide have succumbed to IoT system hacking in 2018 alone. [CSO Online]
  • In 2019, 64% of companies that allocate more than 10% of their budget towards cybersecurity experienced at least one breach. 34% of the companies indicated that they experienced a data breach last year. [Helpnet Security]

Third-party/Supply-chain risk

  • Most data breaches are caused by malicious activities outside the entity, as a study found that it accounts for 56% of total data breaches in 2018. Malicious insiders account for only 7% of the violations. [Statista]
  • Intrusions caused by Phishing attacks have affected 82% of manufacturers in the U.S, which also covers the industrial supply chains present in the manufacturing sectors. [phishing box]
  • Almost 59% of UK and US-based companies who have used a third-party service have experienced data breaches. Of them, a measly 16% of them think that the third party’s risk management system is effective enough in 2019. [Business Wire]

Skills Shortage in CyberSecurity

The overall level of skills when it comes to Cybersecurity measures has not matched up to the required standards.

  • 38% of global organizations claim that they can handle a sophisticated cyber-attack. [IBM]
  • This is a worrying statistic, as over 54% of the world’s organizations have experienced some sort of significant cyber-attack in the past year. [IBM]
  • In 2018-2019, almost 53 percent of organizations reported a problematic shortage of cybersecurity skills. [Security Intelligence]
  • Cybersecurity engineers will soon be the highest-paid among all IT professionals in 2020, more than software engineers, systems administrators, IT auditors, and software architects. With salaries exceeding $225,000 annually. [InfoSec]

Trends in HIPAA Data Breaches

  • In America, the total number of medical records that have been exposed throughout 2019 amounts a total of 38 Million. [HIPAA JOURNAL]
  • The U.S. Department of Health and Human Services experienced 52 data breaches in October 2019 alone. [HIPAA JOURNAL]
  • 2015 is still the worst year for data breaches in this sector, with two instances exposing 78.8 million and 11 million customers respectively. [appknox]

Cybersecurity Spending

As the threat of cybersecurity intensifies, the overall amount spent on cybersecurity has been increasing since 2015.

  • The U.S. President’s Budget allocated towards cybersecurity rose to $15 Billion for 2019. [Whitehouse Cybersecurity Funding]
  • This is a stark increase of $583.4 Million of almost 4.1% from the budget allocated for 2018. [Whitehouse Cybersecurity Funding]
  • The largest contributor to the budget was the Department of Defense, which allocated $8.5 Billion, an increase of $340 million compared to the previous year (2018). [Whitehouse Cybersecurity Funding]
  • How much are companies spending on cybersecurity? In 2018, in excess of $114 billion was spent globally on information-security products and services. It’s expected to grow to $170.40 billion by 2022. What’s driving this spending are business needs, security risks, and industry changes. Privacy has also become an important factor according to 2019 cybersecurity statistics. [Gartner]
  • In 2020, almost fifty-two percent of companies believe that cloud computing is a priority for cybersecurity investment.  [Safe At Last]
  • Cloud computing providers will spend more on security spending by 57%. The other areas that will see more development are IoT, mobile computing, cybersecurity analytics, and robotic process automation. [Forrester]
  • by 2023, businesses are expected to spend $12.6 billion on cloud security tools, that’s more than double from the $5.6 billion spent in 2018. [Forrester]

data breaches stats

Prevention and the Future

The modern, inter-connected world is increasingly falling under threat from growing instances of cybercrimes. Many large companies have fallen prey to such elaborate cybercrime schemes and have lost millions on lawsuits to recover the situation.

In 2018 alone, data breaches affected 45.9% of businesses, 29.2% of medical and healthcare institutions, 10.9% of banking, credit or financial institutions, and 8% of government or military associated companies and departments. [Digital Information World]

The number of data breaches per year in the United States has gradually increased since 2014: [Statista]

  • 783 cases in 2014
  • 781 cases in 2015
  • 1093 cases in 2016
  • 1579 cases in 2017
  • 1244 cases in 2018

When it comes to 2019, however, the numbers have skyrocketed.

  • There were more than 3800 reported cases of breaches in 2019. [Forbes]
  • Compared to the first six months of 2018, there has been a 54% increase in the number of reported breaches. [TechRepublic]
  • These breaches exposed records which were 52% more than that of 2018. [Risk Based Security]

The largest data breaches in 2019:

  • A total of 620 million accounts suffered a data breach in 2019, from a total of 16 websites. [Forbes]
  • Websites such as Dubsmash, Armor Games, ShareThis, Whitepages and 500px were among those affected. [IT Governance UK]

Prevention is always better than cure and is most applicable when dealing with cybercrimes. With different forms of cybersecurity, ranging from malware, phishing, denial of service, SQL injection, Zero-day exploits, DNS tunneling, and others, the need for effective cybersecurity measures is of utmost priority.

Cybersecurity measures range from simple to complex. Necessary preventive measures such as password protection and authentication, are not enough to prevent more elaborate and complex cyber threats that are faced by companies today.

From a business perspective, data breaches can never be ignored, and appropriate measures must be taken by the companies, something which is lacking as of now. As hackers find more elaborate ways to breach security, countermeasures need to be in place. The only way to tackle such threats is to develop sophisticated security techniques, as well as to educate users and employees about the dangers of the different forms of cybersecurity threats prevalent currently.

If left untreated, cybercrimes and data breaches can hamper the reputation of a company, assets, finances, and even their existence, which means there will be no future if you don’t start prevention now. Find out more on how to secure your data in the cloud, by connecting with one of our experts.

Key Takeaways for Statistics on Data Breaches

  • As an increasingly large number of systems and processes go online, customers, businesses, and governments become more vulnerable to cybercrime and attacks.
  • To counter the threat of cybercrime, organizations must increase their investments in cybersecurity and deploy them correctly. Also, to train their workforce regularly.
  • Outside comparing the numbers of attacks in 2019, what’s evident is that the variety and severity of cyberattacks are on the rise.
  • Plan and prepare by updating your OS regularly. Train employees on the dangers of social engineering. Disallow the downloading of unfamiliar apps from unknown sources.
  • If a cyberattack does occur and hackers demand payment, by not reporting it and giving in, will be the easy way out. Hackers will come back for more if they can profit. To avoid future cyberattacks means reporting crimes to the authorities and refusing to pay. This will make future attacks less likely.