Data breaches are a serious matter. A data breach refers to the situation where sensitive, confidential or protected information is accessed by unauthorised sources.
The files in the breach are viewed, shared and used without permission, often to the detriment of the Individual or organisation that has suffered from the breach.
There is a lot to understand about data breaches that can be helpful to protect yourself, or your organisation,
so read on for the most current data breaches statistics to be sure that you’re protecting yours, and others, sensitive information.
Data Breaches Statistics 2024 (All You Need to Know)
Key Data Breaches Statistics 2024
This entire article will look at different statistics and facts from the types of breaches, the biggest breaches in history, and prevention methods to data breaches. Below are some of the most current key data breaches statistics.
- In the early 1970s, the first computer virus was discovered. It was known as ‘The Creeper.’
- Cyber attacks are currently considered as being in the top three risks to global economic stability.
- A cyberattack occurs every 39 seconds.
- The more intense the breach, the less likely the organisation who suffered it is going to experience another in the following two years.
- 27% of data breaches are actually caused by human error. This would be from losing a device, not signing out, sharing with an unauthorised person, etc.
- 10% of attacker groups use malware to disrupt or destroy operations in businesses.
- Just from stealing 10 credit cards from a website can give cybercriminals up to $2.2 million through these attacks.
- 48% of malicious email attachments are from Microsoft Office files.
- The most actively engaged attacker groups from 2016 to 2018, targeted on average 55 organisations in their attacks.
- 58% of data breach sufferers are small businesses.
- 93% of malware is coming from emails in a range of different emailing platforms.
- Routers and connected camera make up 90% of devices that are infected.
- Last year, in 2018, 28% of data breaches involved internal sources attacking the records.
- 76% of data breaches are financially motivated.
- In 2018, 62% of attackers from external sources in their data breaches were also involved in organised crime.
Biggest Data Breaches in History
As you’ll read below in these notable data breaches statistics through history, the biggest breaches seemed to happen from 2014 onwards, with the trend being that many attackers were substantially targeting companies during this time.
This may have occurred in thus way through hackers getting to understand security loopholes that were widespread at the time, and advancing in on many different companies simultaneously. These are just a few examples of some of the biggest data breaches in recent history.
Yahoo
- The Internet platform Yahoo announced in 2016 that there were two breaches, which occurred in 2013 and 2014.
- It’s estimated that the attack compromised sensitive information of users who were registered with Yahoo, like date of birth, email addresses, full names, and telephone numbers, and for some people, security answers for their accounts, for around 1 billion users for the 2013 attack.
- In the 2014 attack, the estimation of users affected was 500 million, with the same information accessed, except for the security answers this time.
- These two Yahoo breaches affected the sale price of the company to Verizon in 2017, which paid $350 million USD less than it initially intended to pay.
Marriott International
- This multinational hospitality company that manages and franchises a large portfolio of hotels and other accommodations suffered cyber attacks from 2014.
- In 2018, the company announced that approximately 500 million customers were affected by their data that was stolen from 2014.
- These happened to systems, which supported the Starwood hotel brands, which was acquired by Marriott International in 2016.
- Most victims have only their name and contact data compromised, though there were also cases of contact information and passport number combinations being found.
- eBay
- A cyber-attacks as reported in 2014, sharing that hackers had access to company files from access it through using the credentials of three employees.
- The access of the attackers lasted for a total of 229 days, which let them to reach eBay’s user database systems.
- An estimated total of 145 million users were said to be affected in having their names, date of birth, addresses and some encrypted passwords exposed.
- Financial information, such as credit card numbers were not compromised, as they were stored separately, though the CEO John Donahue mentioned that there was a decline in user activity after the breach.
Target
- In 2013, several weeks after the breach began, Target identified hackers that had gained access to users data through third-party vendors to its point of sale payment card reader.
- The hackers collected close to 40 million debit and credit card numbers, compromising the information of close to 110 million people.
- The estimated cost of the breach to the company is close to $162 million.
- Cost of Data Breaches to Businesses
Businesses that experience data breaches suffer great financial loss from a host of different reasons. Below are some of the top data breaches statistics in terms of the costs to companies, as well as facts about why these costs can be so high.
- The average cost of substantial data breaches to an organization is $3.86 million USD.
- For every lost or stolen record in a data breach, the average cost is $148 USD.
- Companies that have been able to deal with a breach in less than 30 days report saving more than $1 million USD than those who took longer.
- A large breach that affects more than 1 million records has an average total cost of $40 million USD.
- A very large breach that affected more than 50 million records will have an average total cost of $350 million USD.
- Almost 90% of small business owners believe that they aren’t at risk of data breaches, however, small and medium-sized businesses are vulnerable to breaches, especially because they don’t expect it, and therefore attackers assume that they may not have sufficient protection in place.
- One-third of small businesses have no tools in place to protect against an attack that is occurring.
- These two points above are why cyber-thieves have small businesses high on their radar, with over 70% of attacks targeting small businesses.
The costs that occur include the following:
- Notification costs to contact individuals that are affected.
- Forensic investigation costs to find the source and reach of the breach,
- Industry fines and penalties which make up a great deal of the breach cost, where industry standards to evaluated to see if security was being met before the breach occurred.
- Replacements of cards, credit monitoring, and identity theft repair costs. Estimates are at $10 USD per cardholder.
- Upgraded or repaired POS systems and software after the breach.
- Costs of additional security monitoring.
- Legal costs, judgments, and settlements.
- Business loss after customers leave their affiliations with certain companies who lose rapport through the breach.
Types of data breaches
Data Breaches occur not just through hackers maliciously accessing files – though that can often most harmful, and the main form of breach.
They can also happen from an accidental situation where information has been viewed unintentionally, like mistakes in file-sharing in team-working environments.
A breach can also be done with someone on the inside that has the authorisation to access the files and does so by using them/shares them with malicious intent.
This is different to an outsider attacking hosts and companies through various means, gathering information and using this for their own gain (usually financial) – these are what we know as ‘hackers.’
The last kind is when devices are lost/stolen, like an unencrypted laptop or device that contains sensitive information that someone finds/steals and access that information.
The most common attack methods are the following:
- Stolen credentials, with malicious actors receiving username and password combinations from weak systems (through algorithm software designed for this purpose).
- Compromised assets, with malware attacks used to negate the authentication steps the usually take place to protect a computer and the data.
- Third-party access, which is where malicious attackers use third party vendors to hack their way into the system.
- Payment Card Fraud, where card skimmers attach their devices to ATMs or other technology where cards are swiped.
- Mobile devices, where insecure devices, especially when used in the workplace, download malware-laden applications that give hackers access to data stored on the device, and wherever it may be linked (such as the company as a whole).
Data Breaches Statistics for Different Industries
Not all data breaches have the same effect on a company, and not all industries are targeted in the same way. Below are the most current statistics, which reveal how different industries experience cyber threats and what the general trends of breaches are for these industries.
- In a recent study by Germalto, it was found that Australian customers are more likely than other regions of the globe, to walk away from a company that has experienced a breach.
- In the above study, more than 70% of people report that they would walk away if financial and sensitive information were compromised.
- The entertainment industry is reported to take the most time to detect a data breach than any other industry, at an average of 287 days.
- The healthcare industry also takes a long time to contain a data breach, at 103 days.
- There was a large 80% increase in the number of people affected by health-related record data breaches in the space between the years 2017 to 2019.
- Across all industries, the average time to identify a data breach is around 197 days.
- To contain a breach, the average time across all industries is 69 days.
- 95% of breached records were from the government, retail and technology in the year of 2016, and these industries are still often the most breached.
- The number of web attacks that were blocked globally increased by 56.1% from 2017 to 2018, with systems across all industries ramping up their security measures.
Data Breaches Prevention Measures
There are many ways that you can protect against data breaches. Some of these techniques will be more applicable to others, depending on whether you’re an individual protecting your personal internet usage, or companies securing their internal data or preventing their customer’s files from being accessed.
Below are some facts and data breaches statistics sharing how best to prevent data breaches from occurring.
- 75% of employees in most companies generally have problems with identifying the best practices for data privacy and security.
- 63% of companies now have a biometric system or a plan to create one to protect against threats.
- Since 2017, ransomware detections rose by 21%.
- It’s estimated that 49% of companies will increase their cloud security budget over the next year.
- 17% of IT security professionals reported that information security measures were among the largest budget increases for companies in 2018.
Prevention Methods for breaches include:
- Encryption method for sensitive data (like personal information and financial records)
- Enforcing BYOD security policies for companies.
- Education for employees on the best way to be secure in the way that they store, share and use data.
- Enforcing multi-factor identification and strong credential requirements for profiles and passwords.
- Patching and updating software when new options are available.
Warning signs that your data has been breached include systems rebooting or shutting down without a valid reason, unusual network traffic, remote and after-hours access that was unauthorised, new unrecognisable user accounts, malfunction or disablement of anti-virus programs.
For more statistics, you can see this post on social media statistics in the UK. Also if you are looking to get a website online securely. This guide on the best secure web hosting providers is a great starting point! You can also see my post on WordPress reccomended web hosts too!
References:
- https://www.vantiv.com/vantage-point/safer-payments/the-cost-of-data-breaches
- https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
- https://www.varonis.com/blog/data-breach-statistics/
- https://usa.kaspersky.com/resource-center/definitions/data-breach
- https://www.endpointprotector.com/blog/5-best-practices-for-data-breach-prevention-in-2019/
- https://www.cso.com.au/article/657056/what-does-data-breach-truly-cost/