In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

The average cyber attack takes 280 days to identify and contain and it costs an average of about $3.86 million to deal with properly.

The largest reported data leakage as of January 2025 was the Cam4 data breach in March 2020, which exposed more than 10 billion data records. The second-largest data breach in history so far, the Yahoo data breach, occurred in 2013. The company initially reported about one billion exposed data records, but after an investigation, the company updated the number, revealing that three billion accounts were affected. The National Public Data Breach was announced in August 2024. The incident became public when personally identifiable information of individuals became available for sale on the dark web. Overall, the security professionals estimate the leakage of nearly three billion personal records. The next significant data leakage was the March 2018 security breach of India's national ID database, Aadhaar, with over 1.1 billion records exposed. This included biometric information such as identification numbers and fingerprint scans, which could be used to open bank accounts and receive financial aid, among other government services.

Cybercrime - the dark side of digitalization As the world continues its journey into the digital age, corporations and governments across the globe have been increasing their reliance on technology to collect, analyze and store personal data. This, in turn, has led to a rise in the number of cyber crimes, ranging from minor breaches to global-scale attacks impacting billions of users – such as in the case of Yahoo. Within the U.S. alone, 1802 cases of data compromise were reported in 2022. This was a marked increase from the 447 cases reported a decade prior. The high price of data protection As of 2022, the average cost of a single data breach across all industries worldwide stood at around 4.35 million U.S. dollars. This was found to be most costly in the healthcare sector, with each leak reported to have cost the affected party a hefty 10.1 million U.S. dollars. The financial segment followed closely behind. Here, each breach resulted in a loss of approximately 6 million U.S. dollars - 1.5 million more than the global average.

During the third quarter of 2024, data breaches exposed more than *** million records worldwide. Since the first quarter of 2020, the highest number of data records were exposed in the first quarter of ***, more than *** million data sets. Data breaches remain among the biggest concerns of company leaders worldwide. The most common causes of sensitive information loss were operating system vulnerabilities on endpoint devices. Which industries see the most data breaches? Meanwhile, certain conditions make some industry sectors more prone to data breaches than others. According to the latest observations, the public administration experienced the highest number of data breaches between 2021 and 2022. The industry saw *** reported data breach incidents with confirmed data loss. The second were financial institutions, with *** data breach cases, followed by healthcare providers. Data breach cost Data breach incidents have various consequences, the most common impact being financial losses and business disruptions. As of 2023, the average data breach cost across businesses worldwide was **** million U.S. dollars. Meanwhile, a leaked data record cost about *** U.S. dollars. The United States saw the highest average breach cost globally, at **** million U.S. dollars.

Did the COVID-19 pandemic really affect cybersecurity? Short answer – Yes. Cybercrime is up 600% due to COVID-19.

In this document, comprehensive datasets are presented to advance research on information security breaches. The datasets include data on disclosed information security breaches affecting S&P500 companies between 2020 and 2023, collected through manual search of the Internet. Overall, the datasets include 504 companies, with detailed information security breach and financial data available for 97 firms that experienced a disclosed information security breach. This document will describe the datasets in detail, explain the data collection procedure and shows the initial versions of the datasets. Contact at Tilburg University Francesco Lelli

These cybersecurity statistics will help you understand the state of online security and give you a better idea of what it takes to protect yourself.

As of December 2024, the most significant data breach incident in the United States was the Yahoo data breach that dates back to 2013-2016. Impacting over three billion online users, this incident still remains one of the most significant data breaches worldwide. The second-biggest case was the January 2021 data breach at Microsoft, involving about 30 thousand companies in the United States and around 60 thousand companies around the world.

Data breaches cost companies and businesses a lot of money. The average cost of a data breach is $3.86 million.

Over 95% of cybersecurity breaches occur as a result of human error.

As of January 2025, the most significant data privacy violation fine worldwide was for social media giant Meta. In May 2023, the Data Protection Commission (DPC) of Ireland decided to fine the company with 1.2 billion euros or 1.3 billion U.S. dollars. The Chinese vehicle-for rent company Didi Global ranked second. In July 2022, China's data privacy regulator fined the company 8.026 billion Chinese yuan, or 1.19 billion U.S. dollars. The 2021 Amazon fine issued by Luxembourg's data privacy regulation authorities was 877 million U.S. dollars and was the third-biggest data breach fine as of the measured month. The 2019 fine of 575 million U.S. dollars to Equifax followed. In this incident, because of unpatched vulnerabilities, nearly 150 million people were affected, which caused the American consumer credit reporting agency to pay at least 575 million U.S. dollars.

Some industries are affected by cyber attacks more than others. These next cybersecurity statistics detail specifically who is affected by cyber-attacks and why they are.

The Cyber Security Breaches Survey, 2025 (CSBS) was run to understand organisations' approaches and attitudes to cyber security, and to understand their experience of cyber security breaches. The aim of the survey was to support the Government by providing evidence that can inform policies which help to make Britain a safer place to do business online. Details of changes for the 2025 survey can be found in the Technical Annex documentation.

These surveys have been conducted annually since 2016 to understand the views of UK organisations on cyber security. Data are collected on topics including online use; attitudes of organisations to cyber security and awareness of Government initiatives; approaches to cyber security (including investment and processes); incidences and impact of a cyber security breach or attack; and how breaches are dealt with by the organisation. This information helps to inform Government policy towards organisations, including how best to target key messages to businesses and charities so that they are cyber-secure (and so that the UK is the safest place in the world to do business online). The study is funded by the Department for Science, Innovation and Technology (DSIT) and the Home Office.

The underlying data are useful for researchers to better understand the response across a range of organisations and for wider comparability over time. The survey originally only covered businesses but was expanded to include charities from the 2018 survey onwards. From 2020, the survey includes a sample of education institutions (primary and secondary schools, further and higher education). Please note that the UK Data Service only holds data from 2018 onwards.

Further information and additional publications can be found on the "http://GOV.UK Cyber Security Breaches Survey 2025https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025" target="_blank"> GOV.UK Cyber Security Breaches Survey 2025 web page.

Washington law requires entities impacted by a data breach to notify the Attorney General’s Office (AGO) when more than 500 Washingtonians personal information was compromised as a result of the breach. This dataset breaks out the individual types of breached personal information that were identified in each notice our office received. This data is used to produce the AGO’s Annual Data Breach Report. For additional statistics relating to data breaches, also see the main dataset at: https://data.wa.gov/Consumer-Protection/Data-Breach-Notifications-Affecting-Washington-Res/sb4j-ca4h.

📌 Context of the Dataset

The Healthcare Ransomware Dataset was created to simulate real-world cyberattacks in the healthcare industry. Hospitals, clinics, and research labs have become prime targets for ransomware due to their reliance on real-time patient data and legacy IT infrastructure. This dataset provides insight into attack patterns, recovery times, and cybersecurity practices across different healthcare organizations.

Why is this important?

Ransomware attacks on healthcare organizations can shut down entire hospitals, delay treatments, and put lives at risk. Understanding how different healthcare organizations respond to attacks can help develop better security strategies. The dataset allows cybersecurity analysts, data scientists, and researchers to study patterns in ransomware incidents and explore predictive modeling for risk mitigation.

📌 Sources and Research Inspiration This simulated dataset was inspired by real-world cybersecurity reports and built using insights from official sources, including:

1️⃣ IBM Cost of a Data Breach Report (2024)

The healthcare sector had the highest average cost of data breaches ($10.93 million per incident). On average, organizations recovered only 64.8% of their data after paying ransom. Healthcare breaches took 277 days on average to detect and contain.

2️⃣ Sophos State of Ransomware in Healthcare (2024)

67% of healthcare organizations were hit by ransomware in 2024, an increase from 60% in 2023. 66% of backup compromise attempts succeeded, making data recovery significantly more difficult. The most common attack vectors included exploited vulnerabilities (34%) and compromised credentials (34%).

3️⃣ Health & Human Services (HHS) Cybersecurity Reports

Ransomware incidents in healthcare have doubled since 2016. Organizations that fail to monitor threats frequently experience higher infection rates.

4️⃣ Cybersecurity & Infrastructure Security Agency (CISA) Alerts

Identified phishing, unpatched software, and exposed RDP ports as top ransomware entry points. Only 13% of healthcare organizations monitor cyber threats more than once per day, increasing the risk of undetected attacks.

5️⃣ Emsisoft 2020 Report on Ransomware in Healthcare

The number of ransomware attacks in healthcare increased by 278% between 2018 and 2023. 560 healthcare facilities were affected in a single year, disrupting patient care and emergency services.

📌 Why is This a Simulated Dataset?

This dataset does not contain real patient data or actual ransomware cases. Instead, it was built using probabilistic modeling and structured randomness based on industry benchmarks and cybersecurity reports.

How It Was Created:

1️⃣ Defining the Dataset Structure

The dataset was designed to simulate realistic attack patterns in healthcare, using actual ransomware case studies as inspiration.

Columns were selected based on what real-world cybersecurity teams track, such as: Attack methods (phishing, RDP exploits, credential theft). Infection rates, recovery time, and backup compromise rates. Organization type (hospitals, clinics, research labs) and monitoring frequency.

2️⃣ Generating Realistic Data Using ChatGPT & Python

ChatGPT assisted in defining relationships between attack factors, ensuring that key cybersecurity concepts were accurately reflected. Python’s NumPy and Pandas libraries were used to introduce randomized attack simulations based on real-world statistics. Data was validated against industry research to ensure it aligns with actual ransomware attack trends.

3️⃣ Ensuring Logical Relationships Between Data Points

Hospitals take longer to recover due to larger infrastructure and compliance requirements. Organizations that track more cyber threats recover faster because they detect attacks earlier. Backup security significantly impacts recovery time, reflecting the real-world risk of backup encryption attacks.

According to Cognitive Market Research, the Global Information Security Consulting Market is expected to have a market size of XX million in 2024 with a growing CAGR of XX% during the forecast period.

The Asia-Pacific region has the largest market share with an expected market size of XX million in 2024 with a growing CAGR of XX% during the forecast period.
North America is the fastest growing with an expected market size of XX million in 2024 with a growing CAGR of XX% during the forecast period.
Cloud Security has the largest market share with an expected market size of XX million in 2024 with a growing CAGR of XX% during the forecast period.
The cloud segment has the largest market share with an expected market size of XX million in 2024 with a growing CAGR of XX% during the forecast period.
Large Enterprise has the largest market share with an expected market size of XX million in 2024 with a growing CAGR of XX% during the forecast period.
The BFSI segment has the largest market share with an expected market size of XX million in 2024 with a growing CAGR of XX% during the forecast period.

Market Dynamics

Key drivers

The increasing number of cyber-attacks globally is favoring market growth

Strong security solutions are in more demand as a result of the growing anxiety that cyber assaults are causing among both individuals and enterprises. Any hostile action directed towards computer networks, infrastructures, personal computers, smartphones, or computer information systems is called a cyberattack. Because of this and the need for more stringent security and regulatory compliance, the information security consulting industry is growing quickly. For instance, according to McKinsey and company, cyberattacks are on track to cause $10.5 trillion a year in damage by 2025. That’s a 300 percent increase from 2015 levels. To protect against the onslaught, organizations around the world spent around $150 billion on cybersecurity in 2021, and this sum is growing by 12.4 percent a year. In all industries combined, the average cost of a single data breach as of 2022 was approximately 4.35 million US dollars. The healthcare industry was shown to be the most expensive for this, with each leak estimated to have cost the impacted party a whopping 10.1 million dollars. The segment on finances was closely followed. The Cam4 data breach in March 2020, which revealed over 10 billion data records, was the largest known data leak as of January 2024. The Yahoo data breach, which happened in 2013, is currently the second-largest data breach in history. To compact these increasing data breaches and cybercrimes, many company solutions have been in development and adopted. Cloud migration will remain a key component of many organizations' technological agendas. For this reason, cloud providers must be able to safeguard both standard and customized cloud configurations. Furthermore, there is a sharp rise in the demand for cyber security in the fields of healthcare, banking and financial services, aviation, and automobiles. Some of the main factors driving the demand for technologically advanced information security solutions among businesses are the emergence of IoT and connected technologies, the quick adoption of smartphones for digital payments, and the use of unsecured networks for accessing organizational servers. Therefore, the market is expected to grow significantly in the coming years.

(Source-http://https://www.statista.com/statistics/290525/cyber-crime-biggest-online-data-breachesworldwide/#:~:text=The%20largest%20reported%20data%20leakage,data%20breach%2C%20occurred%20in%202013.)

The rise in the number of regulations and developments has favoured the market growth

As cyber risks continue to grow, information security has become a key concern for both individuals and enterprises. The laws and regulatory requirements that are propelling the information security market's expansion are intended to strengthen cybersecurity defenses and shield private information from nefarious individuals. For instance, The United States government enacted two cybersecurity laws into law in June 2022. The first bill, the State and Local Government Cybersecurity Act of 2022, aims to improve cooperation between state, territorial, local, and tribal governments as well as the Cybersecurity and Infrastructure Security Agency (CISA). It is anticipated that these important actions will boost the i...

The Cyber Security Breaches Survey, 2021 (CSBS) was run to understand organisations' approaches and attitudes to cyber security, and to understand their experience of cyber security breaches, especially in light of the COVID-19 pandemic. The aim of the survey was to support the Government by providing evidence that can inform policies which help to make Britain a safer place to do business online. Details of changes for the 2021 survey can be found in the Technical Annex documentation.

These surveys have been conducted annually since 2016 to understand the views of UK organisations on cyber security. Data are collected on topics including online use; attitudes of organisations to cyber security and awareness of Government initiatives; approaches to cyber security (including investment and processes); incidences and impact of a cyber security breach or attack; and how breaches are dealt with by the organisation. This information helps to inform Government policy towards organisations, including how best to target key messages to businesses and charities so that they are cyber secure (and so that the UK is the safest place in the world to do business online). The study is funded by the DCMS as part of the National Cyber Security Programme.

The underlying data are useful for researchers to better understand the response across a range of organisations and for wider comparability over time. The survey originally only covered businesses but was expanded to include charities from the 2018 survey onwards. From 2020, the survey includes a sample of education institutions (primary and secondary schools, further and higher education). Please note that the UK Data Service only holds data from 2018 onwards.

Further information and additional publications can be found on the "http://GOV.UK" target="_blank"> GOV.UK Cyber Security Breaches Survey, 2021 webpage.