In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

During the third quarter of 2024, data breaches exposed more than 422 million records worldwide. Since the first quarter of 2020, the highest number of data records were exposed in the first quarter of 202, more than 818 million data sets. Data breaches remain among the biggest concerns of company leaders worldwide. The most common causes of sensitive information loss were operating system vulnerabilities on endpoint devices. Which industries see the most data breaches? Meanwhile, certain conditions make some industry sectors more prone to data breaches than others. According to the latest observations, the public administration experienced the highest number of data breaches between 2021 and 2022. The industry saw 495 reported data breach incidents with confirmed data loss. The second were financial institutions, with 421 data breach cases, followed by healthcare providers. Data breach cost Data breach incidents have various consequences, the most common impact being financial losses and business disruptions. As of 2023, the average data breach cost across businesses worldwide was 4.45 million U.S. dollars. Meanwhile, a leaked data record cost about 165 U.S. dollars. The United States saw the highest average breach cost globally, at 9.48 million U.S. dollars.

The largest reported data leakage as of January 2025 was the Cam4 data breach in March 2020, which exposed more than 10 billion data records. The second-largest data breach in history so far, the Yahoo data breach, occurred in 2013. The company initially reported about one billion exposed data records, but after an investigation, the company updated the number, revealing that three billion accounts were affected. The National Public Data Breach was announced in August 2024. The incident became public when personally identifiable information of individuals became available for sale on the dark web. Overall, the security professionals estimate the leakage of nearly three billion personal records. The next significant data leakage was the March 2018 security breach of India's national ID database, Aadhaar, with over 1.1 billion records exposed. This included biometric information such as identification numbers and fingerprint scans, which could be used to open bank accounts and receive financial aid, among other government services.

Cybercrime - the dark side of digitalization As the world continues its journey into the digital age, corporations and governments across the globe have been increasing their reliance on technology to collect, analyze and store personal data. This, in turn, has led to a rise in the number of cyber crimes, ranging from minor breaches to global-scale attacks impacting billions of users – such as in the case of Yahoo. Within the U.S. alone, 1802 cases of data compromise were reported in 2022. This was a marked increase from the 447 cases reported a decade prior. The high price of data protection As of 2022, the average cost of a single data breach across all industries worldwide stood at around 4.35 million U.S. dollars. This was found to be most costly in the healthcare sector, with each leak reported to have cost the affected party a hefty 10.1 million U.S. dollars. The financial segment followed closely behind. Here, each breach resulted in a loss of approximately 6 million U.S. dollars - 1.5 million more than the global average.

In 2023, around 96.75 million e-mail accounts breached originated from the United States, making it the country with the most significant number of user account exposures in the examined year. Russia ranked second, with over 78 million accounts breached, while the France followed, with approximately 10.5 million breached accounts.

As of 2024, the mean number of days to identify the data breaches was 194 days, four percent less than in the previous year. The mean time companies needed to contain the breaches in 2024 was 64 days. In comparison, in 2022, it took organizations 207 days to identify and 70 days to address the data breaches.

Cloud Security Statistics: Cloud computing can bring many benefits to companies. However, they are also susceptible to being ruined because of the inability to ensure the proper security of information and privacy protections when using cloud computing. This in turn results in higher costs and potential losses to businesses. We will explore more details regarding Cloud Security Statistics in this report. Cloud adoption has risen dramatically over the last few years. Although many organizations were already in the cloud the COVID-19 outbreak has helped accelerate this transition. With the widespread use of remote work, organizations are required to provide support and essential services to their remote workforce. In the end, more than 90% of companies employ some form of cloud-based infrastructure. In addition, more than three-quarters (76 percent) are using multi-cloud deployments made up of at least two cloud service providers. These cloud environments host crucial applications for business and also protect sensitive customer and company information. With the shift to cloud computing comes an increased necessity to collect Cloud Security Statistics. Cloud-hosted applications need to be secured against attacks and cloud-hosted information must be secured against unauthorized access as per the applicable laws. Cloud environments are in a significant way from the on-prem infrastructure this means that the traditional security tools and methods don't always work when working in the cloud. In the end, many companies are confronted with major issues when it comes to securing their cloud-based infrastructure. Editor’s Choice 60% of global corporate data are stored on the cloud. 94% of businesses globally use one or more cloud computing services. It is estimated that the global Cloud Security Statistics market is projected to expand from $480 billion in 2022 to $2.297 trillion by 2032. With 32 percent, Amazon AWS owns the largest market share in cloud computing. 39% of businesses said they've been the victim of data breaches in their cloud environments. The amount of public money spent on cloud computing services is forecast to hit $597.3 billion by 2023. This will increase by 21.7 percent. 92% of companies have embraced a multi-cloud strategy. The market for cloud-based technology is predicted to reach $ 864 billion in 2025. It is expected to grow at an annual rate of 12.8 percent per year. Global storage of data will be greater than 200 Zettabytes of data by 2025. In 2025, more than 100 zettabytes of data are expected to remain in cloud storage. (Cloudwards) 89% of businesses have a multi-cloud strategy. (Flexera) 71 percent of Americans use cloud storage such as Dropbox as well as iCloud. (Statista) 48% of data from companies is stored in the cloud. (Panda Security) The market for cloud computing by 2020 is $371.4 billion. (Globe Newswire) Spending by end-users worldwide on public cloud services is expected to increase by 23.1 percent in 2021. (Gartner) With 83% of cloud users, security is the most frequent issue in cloud adoption. (Cloudwards) 52% of businesses want cloud-based solutions that include security tools. (Cloudwards)

In 2022, most healthcare data breaches in the United States happened as a result of hacking or IT-related incidents. The number of such cases was 555 in the examined year. The next-most common cause for data breaches was unauthorized access or disclosure, detected in 113 cases. Loss and theft of data were less common causes of data breaches in the U.S. healthcare system in 2022. Overall, in 2022, there were 707 data breaches of over 500 records in the U.S. healthcare industry.

Analysis of ‘Data Breach Notifications Affecting Washington Residents (Personal Information Breakdown)’ provided by Analyst-2 (analyst-2.ai), based on source dataset retrieved from https://catalog.data.gov/dataset/e046c966-f19a-4d3d-aadb-ac5d1a90ff3d on 27 January 2022.

--- Dataset description provided by original source is as follows ---

• Washington law requires entities impacted by a data breach to notify the Attorney General’s Office (AGO) when more than 500 Washingtonians personal information was compromised as a result of the breach. This dataset breaks out the individual types of breached personal information that were identified in each notice our office received. This data is used to produce the AGO’s Annual Data Breach Report. For additional statistics relating to data breaches, also see the main dataset at: https://data.wa.gov/Consumer-Protection/Data-Breach-Notifications-Affecting-Washington-Res/sb4j-ca4h.

--- Original source retains full ownership of the source dataset ---

Between November 2022 and October 2023, over 10 thousand organizations worldwide experienced data breaches that included confirmed data loss. Among selected industries, firms in the education and healthcare sector saw the highest number of data violations. Regarding organization size, larger ones were victimized by data breaches more than smaller companies.

This dataset provides an overview of the courses offered by the Canadian Centre for Cyber Security, the duration, course fee, number of sessions offered, and total number of participants for the given fiscal year.

The data breach density in Italy during the fourth quarter of 2022 was of six cases for every thousand individuals. Between the end of 2022 and the third quarter of 2023, the number of breached data points per thousand in Italy fluctuated, despite remaining low and not surpassing 20 cased per thousand.

This dataset provides a breakdown of requests to the Cyber Centre Contact Centre by client type and by contact type.

The AWSD is a global compilation of reports on major security incidents involving deliberate acts of violence affecting aid workers. This dataset includes all incidents up to 2022, which have gone through a comprehensive verification process.

Over 24 million data breaches were recorded in Russia between October and December 2023. In the first quarter of 2022, the data breach count exceeded 42.9 million, which was the highest figure over the observed period.

This publication can be accessed here

For English, see below As of 1 January 2023, RIVM will no longer collect additional information. As a result, from January 1, 2023, we will no longer report data on infections among people over 70 living at home . File description: - This file contains the following numbers: (number of newly reported) positively tested individuals aged 70 and older living at home*, by safety region, per date of the positive test result. - (number of newly reported) deceased individuals aged 70 and older living at home who tested positive*, by safety region, by date on which the patient died. The numbers concern COVID-19 reports since the registration of the (residential) institution in OSIRIS with effect from questionnaire 5 (01-07-2020). * For reports from 01-07-2020, it is recorded whether the patient lives in an institution. Reports from 01-07-2020 are regarded as individuals aged 70 and older living at home if, according to the information known to the GGD, they: • Do not live in an institution AND • Are aged 70 or older AND • The person is not employed and is not a healthcare worker Persons whose residential facility/institution is not listed can still be excluded as individuals aged 70 and older living at home if they: • Can be linked to a known location of a disability care institution or nursing home on the basis of their 6-digit zip code OR • Have 'Disabled care institution' or 'Nursing home' as the location of the contamination mentioned. OR • Based on the content of free text fields, can be linked to a disability care institution or nursing home. The file is structured as follows: A set of records per date of with for each date: • A record for each security region (including 'Unknown') in the Netherlands, even if there are no reports for the relevant security region. The numbers are then 0 (zero). • Security region is unknown when a record cannot be assigned to one unique security region. A date 01-01-1900 is also included in this file for statistics whose associated date is unknown. The following describes how the variables are defined. Description of the variables: Version: Version number of the dataset. This version number is adjusted (+1) when the content of the dataset is structurally changed (so not the daily update or a correction at record level. The corresponding metadata in RIVMdata (https://data.rivm.nl) is also changed. Version 2 update (January 25, 2022): • An updated list of known nursing or care home locations and private residential care centers was received from the umbrella organization Patient Federation of the Netherlands on 03-12-2021. taken to determine whether individuals live in an institution Version 3 update (February 8, 2022) • From February 8, 2022, positive SARS-CoV-2 test results will be reported directly from CoronIT to RIVM. such as Testing for Access) and healthcare institutions (such as hospitals, nursing homes and general practitioners) that enter their positive SARS-CoV-2 test results via the Reporting Portal of GGD GHOR directly to RIVM. Reports that are part of the source and contact investigation sample and positive SARS-CoV-2 test results from healthcare institutions that are reported to the GGD via healthcare email are reported to RIVM via HPZone. From 8 February, the date of the positive test result is used and no longer the date of notification to the GGD. Version 4 update (March 24, 2022): • In version 4 of this dataset, records have been compiled according to the municipality reclassification of March 24, 2022. See description of the variable security_region_code for more information. Version 5 update (August 2, 2022): • The classification of persons aged 70 years and parents living independently has not been applied to reports that have only been received by RIVM since February 8, 2022 via an alternative reporting route. From 8 February to 1 August 2022, the number of reports from independently living persons aged 70 and parents was therefore underestimated by approximately 14%. As of August 2, 2022, this format will be retroactively updated. Version 6 update (September 1, 2022): - From September 1, 2022, the data will no longer be updated every working day, but on Tuesdays and Fridays. The data is retroactively updated on these days for the other days. - As of September 1, 2022, this dataset is split into two parts. The first part contains the dates from the start of the pandemic to October 3, 2021 (week 39) and contains "tm" in the file name. This data will no longer be updated. The second part contains the data from October 4, 2021 (week 40) and is updated every Tuesday and Friday. Date_of_report: Date and time on which the data file was created by RIVM. Date_of_statistic_reported: The date used for reporting the 70plus statistic living at home. This can be different for each reported statistic, namely: • For [Total_cases_reported] this is the date of the positive test result. • For [Total_deceased_reported] this is the date on which the patients died. Security_region_code: Security region code. The code of the security region based on the patient's place of residence. If the place of residence is not known, the safety region is based on the GGD that submitted the report, except for the Central and West Brabant and Brabant-Noord safety regions, since the GGD and safety region are not comparable for these regions. See also: https://www.cbs.nl/nl-nl/figures/detail/84721ENG?q=Veiliteiten From March 24, 2022, this file has been compiled according to the municipality classification of March 24, 2022. The municipality of Weesp has been merged into the municipality of Amsterdam . With this division, the Gooi- en Vechtstreek safety region has become smaller and the Amsterdam-Amstelland safety region larger; GGD Amsterdam has become larger and GGD Gooi- en Vechtstreek has become smaller (Municipal division on 1 January 2022 (cbs.nl). Security_region_name: Security region name. Security region name is based on the Security Region Code. See also: https://www.rijksoverheid.nl /topics/safety-regions-and-crisis-management/safety-regions Total_cases_reported: The number of new COVID-19 infected over-70s living at home reported to the GGD on [Date_of_statistic_reported].The actual number of COVID-19 infected over-70s living at home is higher than the number of reports in surveillance, because not everyone with a possible infection is tested. In addition, it is not known for every report whether this concerns a person over 70 living at home. Date_of_statistic_reported] The actual number of deceased people over 70 living at home who died of COVID-19 is higher than the number of reports in the surveillance, because not all deceased patients are tested and deaths are not legally reportable. Moreover, it is not known for every report whether this concerns a person over 70 living at home. Corrections made to reports in the OSIRIS source system can also lead to corrections in this database. In that case, numbers published by RIVM in the past may deviate from the numbers in this database. This file therefore always contains the numbers based on the most up-to-date data in the OSIRIS source system. The CSV file uses a semicolon as a separator. There are no empty lines in the file. Below are the column names and the types of values ​​in the CSV file: • Version: Consisting of a single whole number (integer). Is always filled for each row. Example: 2. • Date_of_report: Written in format YYYY-MM-DD HH:MM. Is always filled for each row. Example: 2020-10-16 10:00 AM. • Date_of_statistic_reported: Written in format YYYY-MM-DD. Is always filled for each row. Example: 2020-10-09. • Security_region_code: Consisting of 'VR' followed by two digits. Can also be empty if the region is unknown. Example: VR01. • Security_region_name: Consisting of a character string. Is always filled for each row. Example: Central and West Brabant. • Total_cases_reported: Consisting of only whole numbers (integer). Is always filled for each row. Example: 12. • Total_deceased_reported: Consisting of only whole numbers (integer). Is always filled for each row. Example: 8. ---------------------------------------------- ---------------------------------- Covid-19 statistics for persons aged 70 and older living outside an institution, by security region and date As of 1 January 2023, the RIVM will no longer collect additional information. As a result, from January 1, 2023, we will no longer report data on infections among people over 70 living at home. File description: This file contains the following numbers: - Number of newly reported persons aged 70 and older living at home who tested positive*, by security region, by date of the positive test result. - Number of newly reported deceased persons aged 70 and older living at home who tested positive*, by security region, by date on which the patient died. The numbers concern COVID-19 reports since the registration of the (residential) institution in OSIRIS with effect from questionnaire 5 (01-07-2020). * For reports from 01-07-2020, it is recorded whether the patient lives in an institution. For reports from 01-07-2020 persons aged 70 and older are considered to be living at home if, according to the information known to the PHS, they: • were not living in an institution AND • Are aged 70 years or older AND • The person is not employed and is not a healthcare worker Persons whose residential facility/institution is not listed can still be excluded as being an persons aged 70 and older living at home if they: • Based on their 6-digit zip code, can be linked to a known location of a care institution for the disabled or a nursing home OR • Have 'Disability care institution' or 'Nursing home' as the stated location of transmission. OR • Based on the content of free text fields, links can be made to a care institution for the disabled or a nursing home. The file is structured as follows: A set of records by date, with for

In 2022, the density of account breaches in Oceania amounted to 116 per 1,000 population, compared to 16 per 1,000 across Asia. In both regions, the density of account breaches decreased significantly from 2021 to 2022.

Between March 2022 and February 2024, the highest average cost of a data breach, nearly 9.77million U.S. dollars, was detected in the healthcare industry. The financial sector ranked second, with 6.08 million U.S. dollars on average per breach. The global average data breach cost in the measured period was 4.88 million U.S. dollars. Data breaches in the public sector cost relatively low, an average of 2.55 million U.S. dollars during the measured period.

Between the third quarter of 2022 and the first quarter of 2023, Singapore's data breach density has significantly decreased. In the third quarter of 2022, the number of exposed data points per thousand individuals in the country reached 24.1, while it dropped to 13 in the first quarter of 2023.