27 Ultimate Data Breach Statistics to Make You Safer

Data breach statistics show that both individuals and businesses, as well as huge corporations, can suffer from a data breach. Ransomware is one of the most common attacks to steal data. However, it’s not the only way someone’s info can get stolen.

Unfortunately, data breaches are dangerous and costly. The attacks are getting worse with each year, and organizations have to keep track of the latest prevention methods and strategies. Keep reading to see what can be done.

Data Breach Stats (Editor’s Choice) 

  • Malware is still the most used form of attack, with 71.14% in the last 12 months.
  • On average, 4,800 websites are compromised each month because of formjacking.
  • 95% of data breaches happen due to human error.
  • Confirmed data breaches in the healthcare industry increased by 58% during 2020.
  • Cybercrime is up 600% because of the pandemic.
  • A total of 56% of nonprofits don’t require multi-factor authentication to log in to user accounts.
  • Usually, only 5% of the organization’s folders are secure.
  • Retail accounts for only 4.3% of data breach attacks

Cybersecurity Statistics

The latest stats around cybersecurity show that even opening an email can cause issues since most malware is attached to the message. Still, that’s not the only form of attack. 

1. Yahoo suffered the largest data breach in 2013, when 3 billion accounts were affected.

Source: Csoonline

When it comes to the worst data breaches in history, Yahoo has suffered one of them. It happened back in 2013, and 3 billion accounts were affected. This was also one of the largest US data breach events in recent history. 

2. Cybercrime is up 600% because of the pandemic.

Source: Purplesec

The pandemic forced many people to turn to online services. Unfortunately, this caused the increase of cybercrime to go up by 600%. In addition, there’s an evident increase in sophisticated phishing email schemes, which cause data leaks as well. 

3. A total of 92% of malware is sent via email.

Source: Purplesec

Besides a standard phishing attack, a total of 92% of malware is also sent via email, cyber breach statistics show. Additionally, mobile malware is also on the rise, and a total of 98% of mobile malware targets Android uses. 

4. Malware is still the most used form of attack, with 71.14% in the last 12 months.

Source: Purplesec

What’s more, malware has remained the most common type of cyber attack within the last 12 months. It was used in 71.14% of cases, while Potentially Unwanted Applications (PUAs) were used in 28.86% of cases, making PUAs one of the most common types of data breaches.

5. The first major cause of data breach was deliberate theft or sabotage by external vendors.

Source: Packetlabs

Some data breaches happen because of human error, but many happen intentionally. In 2020, 43% of C-suite business leaders reported that the data breach happened because of human error. In 2021, a total of 85% of breaches involved a human element. However, deliberate theft or outside sabotage remain among the most common causes of data breaches.

6. On average, 4,800 websites are compromised each month because of formjacking.

Source: Varonis Comparitech

This type of code involves the use of malicious JavaScript code to steal personal and financial information from a website. This attack focuses on the form page, makes a duplicate of it every time someone fills in the data, and sends the information to the hacker. Data breach statistics show that 4,800 websites suffer from a form-jacking code attack each month. 

7. An attack occurs every 39 seconds. 

Source: UNG

Additionally, according to the latest data, hackers conduct an attack approximately every 39 seconds. The most common things that allow hacking are weak passwords and non-secure usernames. 

8. On average, every employee has access to almost 11 million files.

Source: Varonis

The latest data breach risk statistics point out that every employee in the financial services industry has access to about 11 million files and can copy, move, and change the data. For large organizations, this number goes up to 20 million. Additionally, more than 1,000 files are constantly open to all employees.

9. Nearly 95% of data breaches happen due to human error.

Source: Cybint Solutions

Human errors represent an enormous risk when it comes to cyber security. Unfortunately, hackers will avoid the IT department, as it’s the strongest in the company. Instead, they’ll head over for the employees.

10. The average time to detect a breach in 2020 was 228 days.

Source: Varonis

Another scary fact is that companies usually take 228 days to discover a data breach. That’s more than seven months. Additionally, the average time to contain a breach is 80 days. 

11. It’s expected that companies will spend about $6 trillion on cybersecurity globally.

Source: Cybintsolutions

Companies are becoming aware that they must invest more in cybersecurity. According to predictions, about $6 trillion will soon be invested in cybersecurity around the world. 

12. Phishing is among the top three reported scams in 2020.

Source: FBI

FBI data breach statistics show that phishing was the most reported scam in 2020. The Internet Crime Complaint Center also issued a report that showed an increase of more than 300,000 complaints in 2020 than in 2019. The top three reported crimes involved phishing scams, non-payment or non-delivery scams, and extortion. 

13. Reported losses surpassed $4.2 billion.

Source: FBI

What’s more, the overall losses stated in the FBI report surpassed $4.2 billion. Victims lost their money to business email compromise scams, investment frauds, and similar attacks. 

Data Breach Stats Per Industry

Every industry suffers from different data breach issues. For example, during the pandemic, the healthcare industry had the worst breaches. On the other hand, retail wasn’t that exposed. 

14. Confirmed data breaches in the healthcare industry increased by 58%. 

Source: Trendmicro

During 2020, the cyberattacks in the healthcare industry increased by 58%. In total, these attacks exposed close to 12 billion pieces of protected health information, according to healthcare data breach statistics.

15. Healthcare is also the most expensive industry for a data breach, at $7.13 million.

Source: Reciprocity

Additionally, the healthcare industry saw the highest costs related to data breaches. The approximate costs reached $7.13 million. For comparison, other sectors had an average data breach cost of $3.86 million. 

16. Overall, 28% of data breach victims are small businesses.

Source: Securitymagazine

Small businesses are especially exposed to data breach attacks. So much so that about 28% of them were victims of hackers, according to small business data breach statistics. The wide-ranging attacks are the main reason small businesses should work on their cybersecurity. 

17. Retail accounts for 44% of ransomware attacks in 2020.

Source: Computerweekly

The retail industry was forced to move the operations online, which led to an increased number of ransomware attacks. A total of 44% of retail organizations suffered this attack. Additionally, 54% of attacked companies stated that cybercriminals succeeded in encrypting their data, according to retail data breach statistics.

18. On the other hand, financial services saw a 238% increase in attacks.

Source: Cybertalk

During the first part of 2020, organizations in the financial service industry saw a 238% increase in cyberattacks. Extortion attacks gained traction, and many companies also suffered DDoS attacks and exploits. The overall cost of the data breach went above $5 million. 

19. A total of 56% of nonprofits don’t require multi-factor authentication to log in to user accounts. 

Source: CommunityIT

When it comes to nonprofits, the nonprofit data breach statistics show that 56% of organizations don’t require an MFA to log in. MFA serves to increase security when users log in and boosts the safety of accounts. Unfortunately, nonprofits rarely use it.

20. What’s more, 70% of nonprofits never run a vulnerability assessment.

Source: CommunityIT

Another issue with nonprofits comes from not running a vulnerability assessment. A total of 70% of organizations don’t haven’t had even one assessment to calculate their security risks. This means they don’t know how vulnerable they are. 

Costs of Data Breach

Ransomware-related costs are high on a global level, and the numbers will just continue growing in the future. The recent estimates show that ransomware will cost up to $6 trillion by the end of 2021.

21. Ransomware attacks are estimated to cost about $6 trillion.

Source: NBCDFW

Cybercrime grew due to Covid, and it’s attacking everything and everywhere. In 2021, ransomware attacks will cost up to $6 trillion, and in the future, they’re likely to grow even more. 

22. Ransomware also costs businesses over $75 billion each year.

Source: Purplesec

Businesses lose $75 billion annually because of ransomware attacks. Additionally, the average cost of the data breach attack on a business is close to $133,000. Businesses also lost about $8,500 per hour because of ransomware-induced downtime. 

23. A total of 25% of businesses are willing to pay the ransom.

Source: Purplesec

About 25% of businesses are willing to pay between $20,000 to $50,000 to regain access to files. A total of 40% of ransom victims paid the price, and 30% of organizations paid it to receive their money back. Additionally, data breach cost statistics show that 10% of all ransom demands are over $5,000. 

24. Over 50% of ransomware was paid in Bitcoin in 2018.

Source: Purplesec

What’s more, 50% of ransoms were paid in Bitcoin in 2018. Attackers use cryptocurrency because it’s hard to track, and it’s impossible for victims to get chargebacks on their payments once the data is unlocked.

Data Breach Statistics by Regions

Every region is different when it comes to ransomware and data breach issues. Below is the data for Asian Pacific, European, African, American, and Middle East regions. 

25. There were 5,255 incidents in the Asia Pacific region.

Source: Verizon

Data theft statistics for the Asia Pacific region show that there were 5,255 attacks, out of which 1,495 were confirmed data disclosure. Threat actors were external in 95% of cases, and the motive was mostly financial, in 96% of cases. Credentials were the most compromised data, in 96% of attacks. 

26. Europe, the Middle East, and Africa saw 5,379 attacks in 2021.

Source: Verizon

When it comes to Europe, the Middle East, and Africa, the number of data breaches by year is 5,379 in 2021. A total of 293 confirmed data disclosures. Overall, 83% were external threat actors with financial motives in 89% of cases. Credentials were the most commonly compromised data, in 70% of attacks. 

27. North America had 13,256 attacks, most of which were financially oriented.

Source: Verizon

North America had the highest number of attacks, 13,256, with 1,080 confirmed data breaches. Similar to other regions, threat actors were external in 82% of cases, with financial motives being behind 96% of attacks. Credentials were compromised in 85% of attacks. 


Data breach statistics show that ransomware and similar attacks are quite costly to businesses across the globe. So much so that the overall cost of data breaches will reach $6 trillion by the end of 2021. 

What’s more, no country is immune to data breach attacks, and they’re usually coming from external threats. Still, many companies have their data exposed to almost all employees, who can copy, alter, or share them further, causing problems for the organization.


Overall, about 30,000 websites suffer attacks daily. Unfortunately, many believe that only websites with adult content or gambling get hacked. The reality is different. These 30,000 websites are mostly legit small businesses trying to do their best. 

One of the most common attacks is form-jacking, and it’s affecting about 4,800 websites each month. Additionally, one attack happens every 39 seconds each day. This amounts to hundreds of thousands of hacked platforms each year.

There are certain steps that every organization should take after it notices a data breach. The first thing is to immediately notify the customers, even if the majority of the user accounts aren’t affected. 

Companies should also disclose information to clients. Then, the clients will know the risks and will be able to react accordingly. Finally, companies should provide clear instructions to their customers and help them manage their accounts, and reduce the chance of data breach.

A data breach is a stressful event. Unfortunately, it’s essential to follow the right steps if it happens. Businesses should focus on internal and external communication, where they’ll clearly state what happened and work on solutions immediately. 

On the other hand, individuals should instantly change their passwords on all platforms and accounts related to the platforms that suffered a data breach. This will secure additional accounts that are related to the hacked websites.

There are several different kinds of data breaches. The most common one involves stolen credentials. This type of attack usually happens because of weak passwords or passwords that were lost. 

One of the most common ways hackers can find out the passwords is phishing. It’s the fraudulent practice of sending emails, text messages to the victim with the intention of obtaining sensitive information. Sometimes phishing also occurs via phone call, according to data breach statistics.