During the second quarter of 2025, data breaches exposed more than ** million records worldwide. Since the first quarter of 2020, the highest number of data records were exposed in the third quarter of ****, more than *** billion data sets. Data breaches remain among the biggest concerns of company leaders worldwide. The most common causes of sensitive information loss were operating system vulnerabilities on endpoint devices. Which industries see the most data breaches? Meanwhile, certain conditions make some industry sectors more prone to data breaches than others. According to the latest observations, the public administration experienced the highest number of data breaches between 2021 and 2022. The industry saw *** reported data breach incidents with confirmed data loss. The second were financial institutions, with *** data breach cases, followed by healthcare providers. Data breach cost Data breach incidents have various consequences, the most common impact being financial losses and business disruptions. As of 2023, the average data breach cost across businesses worldwide was **** million U.S. dollars. Meanwhile, a leaked data record cost about *** U.S. dollars. The United States saw the highest average breach cost globally, at **** million U.S. dollars.

The largest reported data leakage as of January 2025 was the Cam4 data breach in March 2020, which exposed more than 10 billion data records. The second-largest data breach in history so far, the Yahoo data breach, occurred in 2013. The company initially reported about one billion exposed data records, but after an investigation, the company updated the number, revealing that three billion accounts were affected. The National Public Data Breach was announced in August 2024. The incident became public when personally identifiable information of individuals became available for sale on the dark web. Overall, the security professionals estimate the leakage of nearly three billion personal records. The next significant data leakage was the March 2018 security breach of India's national ID database, Aadhaar, with over 1.1 billion records exposed. This included biometric information such as identification numbers and fingerprint scans, which could be used to open bank accounts and receive financial aid, among other government services.

Cybercrime - the dark side of digitalization As the world continues its journey into the digital age, corporations and governments across the globe have been increasing their reliance on technology to collect, analyze and store personal data. This, in turn, has led to a rise in the number of cyber crimes, ranging from minor breaches to global-scale attacks impacting billions of users – such as in the case of Yahoo. Within the U.S. alone, 1802 cases of data compromise were reported in 2022. This was a marked increase from the 447 cases reported a decade prior. The high price of data protection As of 2022, the average cost of a single data breach across all industries worldwide stood at around 4.35 million U.S. dollars. This was found to be most costly in the healthcare sector, with each leak reported to have cost the affected party a hefty 10.1 million U.S. dollars. The financial segment followed closely behind. Here, each breach resulted in a loss of approximately 6 million U.S. dollars - 1.5 million more than the global average.

In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

As of January 2025, the most significant data privacy violation fine worldwide was for social media giant Meta. In May 2023, the Data Protection Commission (DPC) of Ireland decided to fine the company with 1.2 billion euros or 1.3 billion U.S. dollars. The Chinese vehicle-for rent company Didi Global ranked second. In July 2022, China's data privacy regulator fined the company 8.026 billion Chinese yuan, or 1.19 billion U.S. dollars. The 2021 Amazon fine issued by Luxembourg's data privacy regulation authorities was 877 million U.S. dollars and was the third-biggest data breach fine as of the measured month. The 2019 fine of 575 million U.S. dollars to Equifax followed. In this incident, because of unpatched vulnerabilities, nearly 150 million people were affected, which caused the American consumer credit reporting agency to pay at least 575 million U.S. dollars.

As of February 2025, the United States ranked first by the average cost of a data breach, ***** million U.S. dollars. The average cost of data breaches in the Middle East was **** million U.S. dollars. Benelux followed in the ranking, with **** million U.S. dollars. In the measured period, the global average data breach cost was **** million U.S. dollars. Phishing scams in the U.S. Breached data often ends up in the hands of threat actors who use it for malicious purposes, including online scams. Phishing continues to be a major threat in North America, particularly on smartphones. In the second quarter of 2023, the region recorded the highest number of phishing and malicious attack attempts globally. The United States was particularly affected, with ** percent of U.S. citizens reporting being targeted by scam texts, e-mails, and calls on a daily basis. Additionally, phishing and spoofing were the most common types of cybercrime, impacting *** thousand individuals in 2023. These attacks led to financial losses, with U.S. victims reporting nearly ** billion U.S. dollars in damages throughout the year. U.S. users and data privacy Despite only ** percent of internet users in the United States being highly knowledgeable about data privacy and cybersecurity, a significant portion of users demonstrated caution and awareness in protecting their information. In fact, over half of surveyed U.S. users reported being somewhat confident in knowing the right steps to take in the event of a cyberattack. Furthermore, ** percent of U.S. users actively decline cookies on websites, reflecting their increasing concern for data protection. Many respondents also take additional steps to safeguard their digital privacy, such as limiting or avoiding clicking on ads as well as not answering phone calls due to cybersecurity risks.

Between March 2024 and February 2025, the highest average cost of a data breach, nearly **** million U.S. dollars, was detected in the healthcare industry. The financial sector ranked second, with **** million U.S. dollars on average per breach. The global average data breach cost in the measured period was **** million U.S. dollars. Data breaches in the public sector cost relatively lower, an average of **** million U.S. dollars during the measured period.

Between November 2022 and October 2023, over 10 thousand organizations worldwide experienced data breaches that included confirmed data loss. Among selected industries, firms in the education and healthcare sector saw the highest number of data violations. Regarding organization size, larger ones were victimized by data breaches more than smaller companies.

Data breach density in the United States has significantly increased between the third quarter of 2022 and the third quarter of 2023. In the third quarter of 2022, the number of exposed data points per thousand individuals in the country was 26, while it went down to 24 in the third quarter of 2023.

Data breach density in Canada decreased between 2022 and 2023. In 2023, the number of exposed data points per thousand individuals in the country was **, down from ** in 2022. In 2023, more than *** thousand data breaches were recorded in Canada.

As of February 2024, the global average cost per data breach amounted to **** million U.S. dollars, an increase from **** million U.S. dollars in the previous year. The average cost of a data breach varied across sectors, with the highest average cost in the healthcare industry.

A 2022 survey found that a quarter of participants reported having experienced up to *** incidents of data leakage via insider. About ** percent of the respondents had encountered ** to ** percent incidents of confidential data loss caused by an insider. A further ** percent said they had seen more than ** incidents involving insider threats.

As of 2024, the average cost of a data breach in the United States amounted to **** million U.S. dollars, down from **** million U.S. dollars in the previous year. The global average cost per data breach was **** million U.S. dollars in 2024. Cost of a data breach in different countries worldwide Data breaches impose a big threat for organizations globally. The monetary damage caused by data breaches has increased in many markets in the past decade. In 2023, Canada followed the U.S. by data breach costs, with an average of **** million U.S. dollars. Since 2019, the average monetary damage caused by loss of sensitive information in Canada has increased notably. In the United Kingdom, the average cost of a data breach in 2024 amounted to around **** million U.S. dollars, while in Germany it stood at **** million U.S. dollars. The cost of data breach by industry and segment Data breach costs vary depending on the industry and segment. For the fourth consecutive year, the global healthcare sector registered the highest costs of data breach, which in 2024 amounted to about **** million U.S. dollars. Financial institutions ranked second, with an average cost of *** million U.S. dollars for a data breach. Detection and escalation was the costliest segment in data breaches worldwide, with **** U.S. dollars on average. The cost for lost business ranked second, while response following a breach came across as the third-costliest segment.

France's data breach density has significantly decreased between the third quarter of 2022 and the third quarter of 2023. In the first measured quarter, the number of exposed data points per thousand individuals in the country reached ***, while it went down to ** in the third quarter of 2023.

In 2022, the density of account breaches in Australia amounted to 133 per 1,000 population, the highest density across the Asia-Pacific region that year. However, this marked a significant decrease from the previous year, when Australia ranked second across APAC with an account breach density of 378 per 1,000 population.

Between the third quarter of 2022 and the first quarter of 2023, Singapore's data breach density has significantly decreased. In the third quarter of 2022, the number of exposed data points per thousand individuals in the country reached ****, while it dropped to ** in the first quarter of 2023.

Data breach density in Spain has fluctuated between the third quarter of 2022 and the third quarter of 2023. In the third quarter of 2022, the number of exposed data points per thousand individuals in the country was **, while it decreased to ** in the next quarter. In the second quarter of 2023, the breach density in Spain reached *.

Between November 2023 and October 2024, over 12 thousand organizations worldwide experienced data breaches that included confirmed data loss. Among selected industries, firms in the manufacturing and healthcare sector saw the highest number of data violations. Furthermore, smaller companies were more likely to be targeted than larger ones.

The data breach density in Italy during the fourth quarter of 2022 was of *** cases for every thousand individuals. Between the end of 2022 and the third quarter of 2023, the number of breached data points per thousand in Italy fluctuated, despite remaining low and not surpassing ** cased per thousand.

Between November 2023 and October 2024, organizations in the manufacturing sector worldwide saw around 818 incidents of data breaches caused by hacking. The healthcare industry ranked second, with 745 data breaches in the measured period. Furthermore, hacking caused 564 data breach incidents in the professional sector.

In 2024, manufacturing saw the highest share of cyberattacks among the leading industries worldwide. During the examined year, manufacturing companies encountered more than a quarter of the total cyberattacks. Organizations in the finance and insurance followed, with around 23 percent. Professional, business, and consumer services ranked third, with 18 percent of reported cyberattacks. Manufacturing industry and cyberattacks The industry of manufacturing has been in the center of cyberattacks in a long time. The share of cyberattacks targeting organizations in this sector in 2018 was at 10 percent, while in 2024, it amounted to 26 percent. The situation is even more compliacted when we look at the cyber vulnerabilities found in this sector. In 2024, critical vulnerabilities in manufacturing companies lasted 205 days on average. IT perspective and prevention With recent technology developments, cybersecurity is crucial to an organization’s success. Realizing this, companies have been gradually increasing cybersecurity investments. Thus, in 2024, the cybersecurity budget worldwide was forecast to increase to nearly 283 billion U.S. dollars. Roughly nine in ten board directors of companies worldwide in professional services and media and entertainment industries say they expect an increase in the cybersecurity budget.