In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

During the third quarter of 2024, data breaches exposed more than *** million records worldwide. Since the first quarter of 2020, the highest number of data records were exposed in the first quarter of ***, more than *** million data sets. Data breaches remain among the biggest concerns of company leaders worldwide. The most common causes of sensitive information loss were operating system vulnerabilities on endpoint devices. Which industries see the most data breaches? Meanwhile, certain conditions make some industry sectors more prone to data breaches than others. According to the latest observations, the public administration experienced the highest number of data breaches between 2021 and 2022. The industry saw *** reported data breach incidents with confirmed data loss. The second were financial institutions, with *** data breach cases, followed by healthcare providers. Data breach cost Data breach incidents have various consequences, the most common impact being financial losses and business disruptions. As of 2023, the average data breach cost across businesses worldwide was **** million U.S. dollars. Meanwhile, a leaked data record cost about *** U.S. dollars. The United States saw the highest average breach cost globally, at **** million U.S. dollars.

The average cyber attack takes 280 days to identify and contain and it costs an average of about $3.86 million to deal with properly.

Did the COVID-19 pandemic really affect cybersecurity? Short answer – Yes. Cybercrime is up 600% due to COVID-19.

Data breaches cost companies and businesses a lot of money. The average cost of a data breach is $3.86 million.

The largest reported data leakage as of January 2025 was the Cam4 data breach in March 2020, which exposed more than 10 billion data records. The second-largest data breach in history so far, the Yahoo data breach, occurred in 2013. The company initially reported about one billion exposed data records, but after an investigation, the company updated the number, revealing that three billion accounts were affected. The National Public Data Breach was announced in August 2024. The incident became public when personally identifiable information of individuals became available for sale on the dark web. Overall, the security professionals estimate the leakage of nearly three billion personal records. The next significant data leakage was the March 2018 security breach of India's national ID database, Aadhaar, with over 1.1 billion records exposed. This included biometric information such as identification numbers and fingerprint scans, which could be used to open bank accounts and receive financial aid, among other government services.

Cybercrime - the dark side of digitalization As the world continues its journey into the digital age, corporations and governments across the globe have been increasing their reliance on technology to collect, analyze and store personal data. This, in turn, has led to a rise in the number of cyber crimes, ranging from minor breaches to global-scale attacks impacting billions of users – such as in the case of Yahoo. Within the U.S. alone, 1802 cases of data compromise were reported in 2022. This was a marked increase from the 447 cases reported a decade prior. The high price of data protection As of 2022, the average cost of a single data breach across all industries worldwide stood at around 4.35 million U.S. dollars. This was found to be most costly in the healthcare sector, with each leak reported to have cost the affected party a hefty 10.1 million U.S. dollars. The financial segment followed closely behind. Here, each breach resulted in a loss of approximately 6 million U.S. dollars - 1.5 million more than the global average.

As of December 2024, the most significant data breach incident in the United States was the Yahoo data breach that dates back to 2013-2016. Impacting over three billion online users, this incident still remains one of the most significant data breaches worldwide. The second-biggest case was the January 2021 data breach at Microsoft, involving about 30 thousand companies in the United States and around 60 thousand companies around the world.

These cybersecurity statistics will help you understand the state of online security and give you a better idea of what it takes to protect yourself.

Between January and September 2024, healthcare organizations in the United States saw 491 large-scale data breaches, resulting in the loss of over 500 records. This figure has increased significantly in the last decade. To date, the highest number of large-scale data breaches in the U.S. healthcare sector was recorded in 2023, with a reported 745 cases.

Over 95% of cybersecurity breaches occur as a result of human error.

The statistic shows the number of data breaches in the United States from 2013 to 2019, by industry. In the last measured period, the majority of the 1,473 annual data breaches affected business and medical or healthcare organizations, with 644 and 525 data breaches respectively.

Introduction

Data Breach Statistics: In the year 2024, data breaches pose a great risk all over the world, and criminals tend to use more advanced methods, making the attacks more frequent and wider. All types of organizations, regardless of their size and in all industries, have been victims of data breaches, often leading to loss of money and facing legal actions as well as damage to their names.

This paper looks at the current data breach statistics, looking into some important figures, costs, and trends to expect in the year 2024.

An extensive dataset offering key insights into cyber security statistics and trends for 2025, including data breaches, cybercrime costs, threat vectors, and industry-specific impacts.

Some industries are affected by cyber attacks more than others. These next cybersecurity statistics detail specifically who is affected by cyber-attacks and why they are.

In 2023, the healthcare industry in the United States remained the most targeted by cyber attacks, resulting in data compromises. Compared to 2022, the number of data compromise incidents in the U.S. healthcare industry increased more than twice. The financial services sector ranked second, with 744 data compromise incidents, representing a significant increase, too.

Washington law requires entities impacted by a data breach to notify the Attorney General’s Office (AGO) when more than 500 Washingtonians personal information was compromised as a result of the breach. This dataset is a collection of various statistics that have been derived from these notices, and is the source of data used to produce the AGO’s Annual Data Breach Report.

In 2024, numerous data breach incidents were disclosed, causing uncertainty among customers. Some of the incidents have refused to disclose the exact number of individuals impacted, so the impact in these cases is only estimated. The largest data breach is believed to have impacted every American, with around three billion records being breached. A UK-based pathology lab, Synnovis, saw a ransomware attack in July 2024, which impacted approximately 300 million patients.

The Cyber Security Breaches Survey, 2025 (CSBS) was run to understand organisations' approaches and attitudes to cyber security, and to understand their experience of cyber security breaches. The aim of the survey was to support the Government by providing evidence that can inform policies which help to make Britain a safer place to do business online. Details of changes for the 2025 survey can be found in the Technical Annex documentation.

These surveys have been conducted annually since 2016 to understand the views of UK organisations on cyber security. Data are collected on topics including online use; attitudes of organisations to cyber security and awareness of Government initiatives; approaches to cyber security (including investment and processes); incidences and impact of a cyber security breach or attack; and how breaches are dealt with by the organisation. This information helps to inform Government policy towards organisations, including how best to target key messages to businesses and charities so that they are cyber-secure (and so that the UK is the safest place in the world to do business online). The study is funded by the Department for Science, Innovation and Technology (DSIT) and the Home Office.

The underlying data are useful for researchers to better understand the response across a range of organisations and for wider comparability over time. The survey originally only covered businesses but was expanded to include charities from the 2018 survey onwards. From 2020, the survey includes a sample of education institutions (primary and secondary schools, further and higher education). Please note that the UK Data Service only holds data from 2018 onwards.

Further information and additional publications can be found on the "http://GOV.UK Cyber Security Breaches Survey 2025https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025" target="_blank"> GOV.UK Cyber Security Breaches Survey 2025 web page.

Between November 2022 and October 2023, the education saw 860 data breach cases caused by system intrusion. Basic web application attacks resulted in 161 data breaches in the finance sector. Social engineering attacks caused 158 data breaches in the construction sector.