A data breach can happen at any time to any organization. In response, the cybersecurity sector must respond promptly. However, it can be overwhelming for individuals and businesses to keep up with the latest data breach trends and statistics.
To help you grasp everything, this guide compiles the most critical data breach statistics to know in 2023 and beyond.
Top 9 Data Breach Statistics by Year and Industry (Editor’s Pick)
- The average cost of a data breach is projected to hit $5 million in 2023.
- There were 1,802 data breach cases in the U.S. in 2022.
- A ransomware data breach cost around $4.54 million in 2022.
- 33% of data breaches in 2021 were caused by social engineering.
- The U.K. hospitality industry saw 5,176 cybersecurity breaches in 2022.
- The U.S. healthcare sector experienced 337 data breach incidents in the first half of 2022.
- U.K. organizations paid $3.88 million for each data breach in 2022.
- Indonesia had a 95% decrease in individual data breach cases in 2021.
- Financial institutions were affected by 560 data breaches in 2022.
General Data Breach Statistics
1. Compromised/stolen credentials were the leading cause of data breaches between March 2021 and March 2022.
Compromised or stolen credentials caused 19% of all data breaches.
Other causes of data breaches included phishing at 16%, third-party software vulnerability at 13%, and cloud misconfiguration at 15%.
2. Data breaches initiated by stolen credentials took an average of 327 days to identify and contain.
It was followed by business compromise email-initiated breaches at 308 days and phishing at 295 days.
3. Companies that deployed A.I. and automation saved approximately $3.05 million in data breach costs in 2022.
Moreover, these firms saved 74 days on average to detect and control breaches.
4. The average cost of a data breach is projected to hit $5 million in 2023.
The proportion of phishing attacks in data breaches increased 1.3x between July and October 2022, representing 76% of all attacks.
5. It took 277 days to identify and contain a data breach in 2022.
It took 207 days to identify a data breach and 70 days more to contain it.
That was a slight improvement from 287 days to identify and manage a breach in the previous year.
6. 45% of data breaches in 2022 were cloud-based.
Organizational breaches in the public cloud cost $5.02 million, while private cloud breaches cost $4.24 million. Those in the hybrid cloud environment cost around $3.8 million.
7. In 2021, data breaches exposed 22 billion records.
4,145 acknowledged breaches exposed over 22 billion records, a 5% slump from 2020 figures.
8. There were 1,802 data breach cases in the U.S. in 2022.
Similarly, over 422 million people were affected by these data breaches, leakages, and exposure.
9. There was a considerable decrease in breached records in Q1 2022 compared to Q4 2021.
There were 75,099,482 breached records in Q1 2022 across 266 security incidents. In contrast, there were 185,721,284 breached records in Q4 2021.
10. Phishing accounted for 40% of all data breaches in 2021.
22% involved hacking, while 11% involved malware.
11. A ransomware data breach cost around $4.54 million in 2022.
This cost was slightly more than the $4.35 million average total data breach cost. However, the figure slightly decreased from the previous year, 2021, at $4.62 million.
12. 952.8 million accounts were compromised between January and November 2021.
This was a 3.4% increase from 2020, when 921.8 million accounts were breached in the same timeframe.
13. Data breaches were costlier in highly regulated sectors in 2021-2022.
Healthcare breach costs reached a new high of $10.10 million, a 41.6% increase since 2020. The financial services sector came second with around $5.97 million, while pharma rounded up the top three (at $5.01 million).
14. 43% of businesses in 2022 did not have or were just implementing cloud security measures.
34% already applied cloud security, while 23% applied cloud security techniques regularly. 17% of businesses were yet to implement cloud security policies.
15. Businesses with mature cloud security identified and contained data breaches much faster than their early-stage counterparts in 2022.
Mature-stage firms had a breach lifecycle of around 237 days, 40 days shorter than the worldwide average. Early-stage firms had a lengthy breach lifespan, averaging 345 days, whereas mid-stage firms had a breach lifecycle of 277 days, commensurate with the worldwide average.
Data Breach Statistics by Attack Type
The figure was an 11% increase from the previous year.
Moreover, privilege abuse accounted for 4% of such attacks, miscellaneous errors took a 17% share, system intrusion claimed 18%, and basic web application attacks were the culprit in 26%.
17. 82% of data breaches in 2022 involved a human element.
This mainly involves the use of stolen credentials and phishing.
18. Stolen credentials accounted for around 50% of attacks in 2022.
This was out of a share of 5212+ data breaches.
Data Breach Statistics in the Hospitality Industry
19. The average cost of a data breach in the hospitality sector was $2.94 million between 2021 and 2022.
Various factors contributed to the figure, including crisis management, legal costs, customer notification, regulatory response, lost business, reputational damage, and forensic activities.
20. Around 31% of hospitality companies had experienced a data breach as of 2021.
89% of them experienced more than one attack every year.
21. The U.K. hospitality industry saw 5,176 cybersecurity breaches in 2022.
However, that accounted for only 0.44% of all UK data breaches that year.
Data Breach Statistics in the Manufacturing Industry
22. 48% of manufacturing businesses believed their staff to be one of the most significant threats to cloud data security in 2022.
This was 9% higher than the global average.
In response, 75% of these firms adopted multifactor authentication, and 70% audited user behavior.
23. U.S. manufacturing & utility businesses experienced 136 data breaches in 2022.
In these breaches, around 38 million records were leaked.
Overall, the industry has suffered 562 data breaches exposing roughly 91 million records in the three years leading to 2022.
24. 38% of organizations in the manufacturing sector experienced an account compromise at least once in 2022.
This was 7% more than the average of all other sectors.
Also, 19% of separate manufacturing industry attacks were linked to the supply chain.
Data Breach Statistics in the Healthcare Industry
25. In Q1 2022, healthcare was the UK's most vulnerable industry to data breaches.
It accounted for 26% (65 breaches) of all data breaches.
The public sector followed with 18% (47 breaches).
26. The U.S. healthcare sector experienced 337 data breach incidents in the first half of 2022.
The incidents affected approximately 19,992,810 people.
27. Healthcare organizations were the most targeted US sector by cyber-attacks that led to data breaches in 2022.
For the third year in a row (2020-2022), the sector had 300+ data compromise cases, which included data breaches, exposure, and leaks.
No other sector had up to 300 cases, with only financial services (268) coming close in 2022.
28. 81% of U.K. healthcare organizations suffered a ransomware attack in 2020-2021.
Also, only 38% of U.K. healthcare businesses paid a ransom to get their data back. Meanwhile, 44% refused to pay and lost their data.
29. 5,150 healthcare data breaches have been reported in the U.S. between 2009-2022.
Each of these breaches affected 500+ records and exposed 382,262,109 health records combined.
Data Breach Statistics in the Financial Services Sector
30. Financial institutions were affected by 560 data breaches in 2022.
The figure accounted for 250+ million compromised records.
31. Around 3 out of 5 financial service firms in 2021 had 1,000+ sensitive files accessible to each employee.
However, 70% of that sensitive data was considered stale.
32. The financial services sector was the second most targeted US industry by data compromise attacks in 2022.
There were 268 data compromise incidents in the sector, only behind 344 compromises in the healthcare sector.
Data Breach Statistics in the Education Sector
33. The amount of data retrieved after paying ransom in the education sector reduced in 2021.
The average was 62% and 61% data restored for the lower and higher education organizations, respectively. This was slightly lower than the 68% average in 2020.
34. 62% of U.K’s higher education institutions experienced breaches or attacks at least weekly between 2021 and 2022.
This was the same for 20% of further education colleges, 23% of secondary schools, and 12% of primary schools.
35. 71% of U.K. high education institutions lost data or money after a breach between 2021-2022.
Only 42% of further education colleges, 33% of secondary schools, and 20% of primary schools were likely to report such adverse outcomes after a breach.
36. 68% of further education colleges in the U.K. were insured against cyber security breaches in 2021.
Higher education institutions (65%), primary (41%), and secondary schools (31%) were less insured than these colleges.
37. Cyber attacks targeting personal data in the U.K. education sector increased by 44% in H1 2022.
Every week, the industry saw an average of 2,297 data breach attempts.
Data Breach Statistics in the Retail Industry
38. The average data breach cost in the retail sector was $3.28 million in 2022.
This was a marginal increase from $3.27 million per breach in 2021.
39. There were 241 confirmed data breaches in the U.S. retail sector in 2022.
The breaches were caused by 629 cyber security incidents that targeted customer data for financial gain.
Data Breach Statistics by Country
40. The U.S. had the highest average data breach cost in 2022.
The country had an average data breach cost of $9.44 million in 2022.
The Middle East followed closely at $7.46 million, as Canada ranked third ($5.64 million).
The U.K. and Germany rounded up the top five at $5.05 million and $4.85 million, respectively.
41. U.K. organizations paid $3.88 million for each data breach in 2022.
This is less than the $3.92 million worldwide average. The average magnitude of breaches in the United Kingdom was also less; 23,600 vs. 25,575 worldwide.
42. Over the last decade, the number of data breaches in the United States has grown considerably.
From 662 breaches with 16.2 million record exposure in 2010 to more than 422 million impacted individuals via 1,802 breaches in 2022.
43. In 2021, almost 62% of organizations in the United States experienced a data breach.
The same firms sustained financial losses in the same year due to a cyber incident.
44. In 2021, the top 5 nations with the highest number of data breaches accounted for more than 50% of all breaches.
These countries were the U.S. (212.4 million breaches), Iran (156.1 million), India (86.6 million), Russia (27 million), and France (24.6 million).
45. Sudan had a 4,178% increment in breaches in 2021.
It had 9.2 million data breach instances compared to around 214,000 in 2020, behind Iran’s 10842% breach increment. The United Arab Emirates came in third with a 515% growth from 1.5M in 2020 to 9M in 2021, followed by Iraq with a 456% year-on-year increase. India ranked fifth with a 352% rise from 2020.
46. Indonesia had a 95% decrease in individual data breach cases in 2021.
The number reduced from 84.7 million in 2020 to 4.4 million in 2021.
Data Breach Cost/Impact Statistics
47. As of 2022, data breaches in critical infrastructure organizations cost about $1 million more than in other sectors.
This is with an average cost of $4.82 million, while other industries averaged $3.83 million.
48. In 2022, remote-working companies' average data breach cost was about $1 million more than non-remote counterparts.
Companies using remote working methodology paid an average of $4.99 million in data breach costs, compared to $4.02 million in organizations that do not employ remote work.
49. The overall cost of mega breaches decreased in 2022.
Damage costs fell across six categories of significant breaches in 2022.
The only exception was the 20 – 30 million mega breach category, which rose by US$ 11 million between 2021 and 2022.
50. Companies with an incident response strategy in 2022 saved 58% on data breach costs.
Thus, spending $2.66 million less than the worldwide average.
51. Risk Quantification significantly minimized data breach costs in 2022.
47% of the surveyed organizations used Risk Quantification and saved up to $2.10 million on average.
Expected Data Breach Trends in 2023
52. Quantum computing will likely impact cyber security since it may render current encryption techniques obsolete.
For instance, security algorithms that would take 10 billion years to breach today may be cracked by quantum computers in as little as 10 seconds.
During the next decade (2022-2032), quantum computing’s enterprise deployment is predicted to grow from 1-2% to 35-45%.
Stay Protected From Data Breaches
No business is immune to the risk of a data breach. Thus, every firm must be aware of the changing cybersecurity landscape and take steps to address vulnerabilities before hackers exploit them.
Additional security measures, like using 2-factor authentication and ensuring your team is well-trained to spot suspicious emails and activities, are recommended.
For more information on online privacy tools, check out our comprehensive guide to protecting your privacy online.
- https://assets.lloyds.com/media/35926dc8-c885-497b-aed8-6d2f87c1415d/Y5381 Market Bulletin – Cyber-attack exclusions.pdf