In 2023, the number of data compromises in the United States stood at 3,205 cases. Meanwhile, over 353 million individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2022, healthcare, financial services, and manufacturing were the three industry sectors that recorded most data breaches. The number of healthcare data breaches in the United States has gradually increased within the past few years. In the financial sector, data compromises increased almost twice between 2020 and 2022, while manufacturing saw an increase of more than three times in data compromise incidents. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

During the third quarter of 2024, data breaches exposed more than 422 million records worldwide. Since the first quarter of 2020, the highest number of data records were exposed in the first quarter of 202, more than 818 million data sets. Data breaches remain among the biggest concerns of company leaders worldwide. The most common causes of sensitive information loss were operating system vulnerabilities on endpoint devices. Which industries see the most data breaches? Meanwhile, certain conditions make some industry sectors more prone to data breaches than others. According to the latest observations, the public administration experienced the highest number of data breaches between 2021 and 2022. The industry saw 495 reported data breach incidents with confirmed data loss. The second were financial institutions, with 421 data breach cases, followed by healthcare providers. Data breach cost Data breach incidents have various consequences, the most common impact being financial losses and business disruptions. As of 2023, the average data breach cost across businesses worldwide was 4.45 million U.S. dollars. Meanwhile, a leaked data record cost about 165 U.S. dollars. The United States saw the highest average breach cost globally, at 9.48 million U.S. dollars.

As of September 2024, almost 30 percent of cyber incidents detected in the past 12 months were hacking incidents. A further 28.7 percent were incidents of misuse, and 15.2 percent of detections revealed malware attacks.

In the first half of 2024, the share of health-related U.S. data breaches caused by hacking was 78 percent, which marked a two percent increase from 2023, reaching its highest rate since 2014.

In 2023, manufacturing saw the highest share of cyberattacks among the leading industries worldwide. During the examined year, manufacturing companies encountered nearly a quarter of the total cyberattacks. Finance and insurance organizations followed, with around 18 percent. Professional, business, and consumer services ranked third, with 15.4 percent of reported cyberattacks. Healthcare industry and cyberattacks
The healthcare industry is considered one of the most vulnerable sectors to cybercrime. Between October 2021 and September 2022, healthcare organizations worldwide saw various cyberattacks, mostly network and application, as well as malware. Additionally, this sector had the highest average data breach cost throughout recent years, amounting to nearly 11 million U.S. dollars. IT perspective and prevention
With recent technology developments, cybersecurity is crucial to an organization’s success. Realizing this, companies have been gradually increasing cybersecurity investments. Thus, in 2024, the cybersecurity budget worldwide was forecast to increase to nearly 283 billion U.S. dollars. Roughly nine in ten board directors of companies worldwide in professional services and media and entertainment industries say they expect an increase in the cybersecurity budget.

As of 2024, the average cost of a data breach in the United States amounted to 9.36 million U.S. dollars, down from 9.48 million U.S. dollars in the previous year. The global average cost per data breach was 4.88 million U.S. dollars in 2024. Cost of a data breach in different countries worldwide Data breaches impose a big threat for organizations globally. The monetary damage caused by data breaches has increased in many markets in the past decade. In 2023, Canada followed the U.S. by data breach costs, with an average of 5.13 million U.S. dollars. Since 2019, the average monetary damage caused by loss of sensitive information in Canada has increased notably. In the United Kingdom, the average cost of a data breach in 2024 amounted to around 4.53 million U.S. dollars, while in Germany it stood at 5.31 million U.S. dollars. The cost of data breach by industry and segment Data breach costs vary depending on the industry and segment. For the fourth consecutive year, the global healthcare sector registered the highest costs of data breach, which in 2024 amounted to about nine million U.S. dollars. Financial institutions ranked second, with an average cost of six million U.S. dollars for a data breach. Detection and escalation was the costliest segment in data breaches worldwide, with 1.63 U.S. dollars on average. The cost for lost business ranked second, while response following a breach came across as the third-costliest segment.

Mobile devices connected to the internet are vulnerable to targeted attacks and security threats. In December 2023, the number of global mobile cyberattacks was approximately 5.4 million, up by 147 percent compared to December 2022. Cyberattacks targeting mobile devices have been decreasing since the end of 2020, after experiencing an annual peak of almost 6.4 million in October 2020. Mobile concerns: Smishing While mobile operating systems come with vulnerabilities requiring patching and regular maintenance, watchful usage can reduce the risk for users of incurring security threats. Smishing attacks are especially reliant on users’ accidental mistakes or naivety. Smishing, or SMS phishing, uses text messages to lure users into accessing fake websites requesting personal data, or into clicking on malicious download links that could infect the device with malware. In the first quarter of 2024, AdWare and RiskTool were the most encountered types of mobile malware worldwide, while Trojan malware accounted for 11 percent of the total. Smishing attacks do not interest regular users alone, but can also target organizations and professionals. In 2023, it was found that the share of IT professionals and organizations targeted by smishing attacks was at 75 percent. Mobile app privacy According to a survey of global consumers carried out in August 2021, both Android and iOS users appeared equally keen to stop using an app if their privacy expectations were not met. Mobile apps have to collect different types of data for functionality purposes, including app diagnostic and device data for location-based services. However, mobile apps also collect other types of more personal user data, such as search history, browsing history, health data, and financial information. The data can be then used by the company that collected them in the first place (1st party data), or with entities that do not have a direct relationship with the users, and obtain data from the main tracking source (3rd party data). Social media apps, like other app categories, rely on acquiring 3rd party data from users for their advertisement business. As of February 2022, TikTok was found to have the highest number of potential 3rd party trackers, followed by Telegram, and Twitter.

Between November 2022 and October 2023, organizations in the education sector worldwide saw around 872 instances of data breaches caused by hacking. The professional industry ranked second, with 603 data breach cases in the measured period. Furthermore, hacking caused 598 data breach incidents in the finance sector.

A November 2023 survey of global IT security professionals found that almost 54 percent of respondents claimed about one to five successful cyberattacks against their organization’s global network within the past 12 months. By comparison, nearly eight percent experienced more than ten successful cyberattacks.

Cyber attacks on businesses are becoming more frequent, targeted, and complex. The effects of a cyber attack go well beyond the direct financial consequences. In 2024, 47 percent of respondents indicated greater difficulty in attracting new customers as the main consequence of cyber attacks.

In 2019, 45 percent of global data breaches featured hacking. Errors were the second-most popular cause with a 22 percent presence rate. The majority of data breaches were perpetrated by external actors.

The number of Internet of Things (IoT) cyber attacks worldwide amounted to over 112 million in 2022. Over the recent years, this figure has increased significantly from around 32 million detected cases in 2018. In the latest measured year, the year-over-year increase in the number of Internet of Things (IoT) malware incidents was 87 percent.

In 2019, the number of hacking cybercrime incidents in the Philippines was highest for those within region 4-a, amounting to approximately 467.4 thousand victims. Hacking cyberattacks also occurred more in the National Capital Region and Region 3.

In 2023, individuals over the age of 60 accounted for the highest number of recorded cyber crime victims in the United States. According to the latest data, more than 104,068 people reported cyber crimes in the year examined. The second-most targeted were individuals between 30 and 39 years, with over 88 thousand complaints.

Phishing, smishing, and business e-mail compromise (BEC) have been the most widespread types of cyber attacks in the United States, resulting in data compromises. In 2023, these attacks made up around 18 percent of the total cyber attacks in the country that led to a violation of personal data. Ransomware attacks ranked second, while malware followed. A significant part of the examined attacks, 58 percent, were unspecified.

In the fiscal year 2023, the U.S. government encountered 6,198 e-mail or phishing attacks. The majority of these attacks targeted CFO act agencies. Attacks that occurred due to a violation of an organization's acceptable usage by an authorized user, excluding mentioned categories, amounted to over 12,000 cases.

As of the second quarter of 2022, the average length of interruption after ransomware attacks at businesses and organizations in the United States was 24 days. This was less than the downtime duration in previous quarter, 26 days. Overall, between the first quarter of 2020 and the fourth quarter of 2021, the average duration of the downtime after a ransomware attack had increased from 15 to 24 days.

In 2023, network intrusion was the most common type of cybercrime attack experienced by companies in the United States, accounting for 51 percent of incidents. Business e-mail compromise (BEC) ranked second, with 26 percent of data security incidents in U.S. companies. A further 11 percent of companies reported having encountered inadvertent disclosure.

Manufacturing remains among the most targeted industries by cyberattacks. Among the most significant attacks in this sector, in terms of monetary losses, was the 2023 Clorox attack, where the company lost around 356 million U.S. dollars due to decline in sales, based on lower production volumes due to the attack. Another big hack involved a business partner of semiconductor giant Applied Materials, which cost the company 250 million U.S. dollars.

In 2023, organizations all around the world detected 317.59 million ransomware attempts. Overall, this number decreased significantly between the third and fourth quarters of 2022, going from around 102 million to nearly 155 million cases, respectively. Ransomware attacks usually target organizations that collect large amounts of data and are critically important. In case of an attack, these organizations prefer paying the ransom to restore stolen data rather than to report the attack immediately. The incidents of data loss also damage companies’ reputation, which is one of the reasons why ransomware attacks are not reported. Most targeted industries and regions As a part of critical infrastructure, the manufacturing industry is usually targeted by ransomware attacks. In 2022, manufacturing organizations worldwide saw 437 such attacks. The food and beverage industry ranked second, with over 50 ransomware attacks. By the share of ransomware attacks on critical infrastructure, North America ranked first among other worldwide regions, followed by Europe. Healthcare and public health sector organizations filed the highest number of complaints to the U.S. law enforcement in 2022 about ransomware attacks. Ransomware as a service (RaaS) The Ransomware as a Service (RaaS) business model has existed for over a decade. The model involves hackers and affiliates. Hackers develop ransomware attack models and sell them to affiliates. The latter then use them independently to attack targets. According to the business model, the hacker who created the RaaS receives a service fee per collected ransom. In the first quarter of 2022, there were 31 Ransomware as a Service (RaaS) extortion groups worldwide, compared to the 19 such groups in the same quarter of 2021.