In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

The largest reported data leakage as of January 2025 was the Cam4 data breach in March 2020, which exposed more than 10 billion data records. The second-largest data breach in history so far, the Yahoo data breach, occurred in 2013. The company initially reported about one billion exposed data records, but after an investigation, the company updated the number, revealing that three billion accounts were affected. The National Public Data Breach was announced in August 2024. The incident became public when personally identifiable information of individuals became available for sale on the dark web. Overall, the security professionals estimate the leakage of nearly three billion personal records. The next significant data leakage was the March 2018 security breach of India's national ID database, Aadhaar, with over 1.1 billion records exposed. This included biometric information such as identification numbers and fingerprint scans, which could be used to open bank accounts and receive financial aid, among other government services.

Cybercrime - the dark side of digitalization As the world continues its journey into the digital age, corporations and governments across the globe have been increasing their reliance on technology to collect, analyze and store personal data. This, in turn, has led to a rise in the number of cyber crimes, ranging from minor breaches to global-scale attacks impacting billions of users – such as in the case of Yahoo. Within the U.S. alone, 1802 cases of data compromise were reported in 2022. This was a marked increase from the 447 cases reported a decade prior. The high price of data protection As of 2022, the average cost of a single data breach across all industries worldwide stood at around 4.35 million U.S. dollars. This was found to be most costly in the healthcare sector, with each leak reported to have cost the affected party a hefty 10.1 million U.S. dollars. The financial segment followed closely behind. Here, each breach resulted in a loss of approximately 6 million U.S. dollars - 1.5 million more than the global average.

During the third quarter of 2024, data breaches exposed more than *** million records worldwide. Since the first quarter of 2020, the highest number of data records were exposed in the first quarter of ***, more than *** million data sets. Data breaches remain among the biggest concerns of company leaders worldwide. The most common causes of sensitive information loss were operating system vulnerabilities on endpoint devices. Which industries see the most data breaches? Meanwhile, certain conditions make some industry sectors more prone to data breaches than others. According to the latest observations, the public administration experienced the highest number of data breaches between 2021 and 2022. The industry saw *** reported data breach incidents with confirmed data loss. The second were financial institutions, with *** data breach cases, followed by healthcare providers. Data breach cost Data breach incidents have various consequences, the most common impact being financial losses and business disruptions. As of 2023, the average data breach cost across businesses worldwide was **** million U.S. dollars. Meanwhile, a leaked data record cost about *** U.S. dollars. The United States saw the highest average breach cost globally, at **** million U.S. dollars.

Between the third quarter of 2024 and the second quarter of 2025, the number of records exposed in data breaches in the United States decreased significantly. In the most recent measured period, over **** million records were reported as leaked, down from around ****** million in the third quarter of 2024.

View Data Breach Notification Reports, which include how many breaches are reported each year and the number of affected residents.

As of December 2024, the most significant data breach incident in the United States was the Yahoo data breach that dates back to 2013-2016. Impacting over three billion online users, this incident still remains one of the most significant data breaches worldwide. The second-biggest case was the January 2021 data breach at Microsoft, involving about 30 thousand companies in the United States and around 60 thousand companies around the world.

Cyber Security Insurance Market Outlook

The global cyber security insurance market size was valued at approximately USD 11 billion in 2023 and is expected to grow significantly to reach around USD 44 billion by 2032, exhibiting a remarkable compound annual growth rate (CAGR) of roughly 16.5%. This robust growth is primarily driven by the increasing frequency and sophistication of cyber threats, which have compelled organizations across various sectors to invest in insurance solutions that can mitigate potential risks and financial losses associated with data breaches and cyber-attacks. As businesses continue to digitize their operations, the demand for comprehensive cyber security insurance policies is expected to rise exponentially, providing a substantial growth opportunity for insurance providers worldwide.

One of the key growth factors for the cyber security insurance market is the escalating number of cyber incidents globally. The digital transformation journey undertaken by many organizations has exposed them to a wider array of cyber threats, ranging from ransomware attacks to data breaches. These incidents not only result in significant financial losses but also damage brand reputation and customer trust. Consequently, businesses are increasingly recognizing the importance of having a robust insurance plan that can offer financial protection and support in the event of a cyber incident. Additionally, regulatory frameworks around data protection and privacy are becoming more stringent, prompting companies to adopt cyber insurance as part of their compliance strategies.

Moreover, the increasing awareness of cyber risks among small and medium-sized enterprises (SMEs) is another pivotal factor contributing to market growth. SMEs often lack the resources to invest in advanced cybersecurity measures, making them vulnerable to cyber-attacks. As a result, many are turning to cyber insurance as a viable solution to bolster their cyber risk management strategies. Insurers are responding by offering tailored policies suited to the specific needs and budgets of SMEs, thereby expanding their reach and increasing market penetration. This trend is expected to continue, driven by the realization among SMEs of the catastrophic consequences that cyber incidents can have on their operations.

Technological advancements and the proliferation of cloud-based services are also catalyzing the growth of the cyber security insurance market. The shift towards cloud computing and remote work has expanded the attack surface for cybercriminals, thereby elevating the risk of security breaches. In response, insurers are developing innovative products that cover cloud-specific risks, offering protection against potential vulnerabilities in cloud infrastructure. This adaptability and innovation in product offerings are attracting a wider range of customers and are likely to sustain market expansion over the forecast period.

Regionally, North America is expected to maintain its dominance in the cyber security insurance market, driven by the early adoption of technology and a well-established insurance sector. The region's strong regulatory landscape, coupled with the presence of major players, contributes to its leading position. However, Asia Pacific is projected to exhibit the highest growth rate, with a CAGR of over 18% during the forecast period. This growth is fueled by the rapid digitization of economies such as China and India, alongside increasing awareness of cyber risks. Europe is also anticipated to witness substantial growth due to stringent data protection regulations and increasing incidents of cyber threats across the region.

Coverage Type Analysis

The cyber security insurance market is segmented by coverage type, which includes data breach, cyber liability, business interruption, and others. Data breach insurance remains one of the most sought-after coverages, driven by the alarming increase in incidents where sensitive information is compromised. As cybercriminals develop more sophisticated methods to infiltrate systems, businesses are under immense pressure to protect their customer and employee data. Data breach insurance provides critical financial and support services, including coverage for legal fees, notification costs, and credit monitoring services, making it an essential component of an organization's risk management strategy.

Cyber liability insurance is another significant coverage type within the market, addressing the third-party claims associated with cyber incidents. This can include legal costs, settlements, and judgments related to data breaches

Cyber Security as a Service Market Outlook

The global Cyber Security as a Service market size was valued at approximately $14 billion in 2023 and is projected to reach $41 billion by 2032, growing at a compound annual growth rate (CAGR) of 12.5% during the forecast period. This remarkable growth is driven by the increasing prevalence of cyber threats and the growing need for robust security solutions across various sectors.

The growth of the Cyber Security as a Service market can be attributed to several key factors. Firstly, the rapid digitization and adoption of cloud services have exposed businesses to a myriad of cyber threats, necessitating advanced security measures. The rise in sophisticated cyber-attacks, such as ransomware, phishing, and malware, has compelled organizations to seek comprehensive security solutions to safeguard their data and ensure business continuity. Additionally, regulatory requirements and compliance mandates across industries are driving the demand for managed security services, further propelling market growth.

Secondly, the increasing adoption of Internet of Things (IoT) devices has expanded the attack surface, making enterprises more vulnerable to cyber-attacks. As IoT devices become integral to business operations, securing these devices has become paramount. Cyber Security as a Service offers scalable and flexible solutions to monitor and protect IoT ecosystems, thereby addressing the security challenges posed by these interconnected devices. Furthermore, the growing awareness about the financial and reputational damage caused by data breaches is prompting businesses to invest heavily in cybersecurity services.

Thirdly, the shortage of skilled cybersecurity professionals is a significant growth driver for the market. Many organizations lack the in-house expertise required to effectively combat evolving cyber threats. As a result, they are increasingly turning to third-party service providers to manage their cybersecurity needs. Cyber Security as a Service offers access to a pool of experts, advanced technologies, and continuous monitoring capabilities, enabling businesses to strengthen their security posture without the need for extensive internal resources.

The integration of Financial Services Cybersecurity Systems and Services is becoming increasingly vital in the face of evolving cyber threats. Financial institutions are prime targets for cybercriminals due to the sensitive nature of financial data and transactions. As a result, there is a growing emphasis on developing comprehensive cybersecurity frameworks that encompass both preventive and responsive measures. These systems and services are designed to protect financial data, ensure compliance with regulatory requirements, and maintain customer trust. By leveraging advanced technologies such as artificial intelligence and machine learning, financial institutions can enhance their threat detection and response capabilities, thereby safeguarding their operations from potential cyber threats.

From a regional perspective, North America is expected to dominate the Cyber Security as a Service market during the forecast period. The presence of major cybersecurity vendors, coupled with stringent regulatory frameworks and high adoption rates of advanced technologies, contribute to the region's leading position. However, the Asia Pacific region is anticipated to witness the highest growth rate, driven by increasing digital transformation initiatives, rising cybercrime incidents, and growing awareness about cybersecurity solutions.

Service Type Analysis

In the Cyber Security as a Service market, the service type segment is pivotal, covering services such as Threat Intelligence, Managed Security Services, Security Monitoring and Analytics, Incident Response, Compliance Management, and others. The diverse nature of cyber threats necessitates a variety of specialized services, each catering to different facets of cybersecurity.

Threat Intelligence services play a crucial role in the market. These services involve the collection, analysis, and dissemination of information about potential or ongoing cyber threats. By leveraging advanced analytics and machine learning, threat intelligence services provide actionable insights that help organizations anticipate and mitigate cyber risks before they materialize. The growing complexity of cyber threats and the need for proactive threat management

Cyber Security in Financial Services Market Outlook

The global cyber security in financial services market size was valued at approximately USD 45 billion in 2023 and is projected to reach around USD 90 billion by 2032, growing at a compound annual growth rate (CAGR) of about 7.5% during the forecast period. This dynamic growth is fueled by multiple factors, including the increasing frequency and sophistication of cyber threats, the growing adoption of cloud-based services, and regulatory mandates that emphasize the protection of sensitive financial data. As digital transformation sweeps across the financial sector, financial institutions are becoming prime targets for cybercriminals, prompting a heightened focus on robust security measures to safeguard assets and maintain customer trust.

The surge in digital banking, mobile payments, and online financial services has significantly expanded the attack surface for cyber threats, making cyber security paramount in the financial sector. The continuous innovation in financial technologies, while improving service delivery, simultaneously introduces vulnerabilities that cybercriminals exploit. Financial institutions are under pressure to not only adopt new technologies but also ensure these systems are fortified against potential breaches. The integration of artificial intelligence and machine learning in financial services offers enhanced customer experiences and operational efficiencies, yet it also requires advanced security mechanisms to protect against increasingly sophisticated cyber threats.

Regulatory compliance is a critical driver of market growth, compelling organizations to prioritize cyber security investments. Governments and financial regulatory bodies worldwide are instituting stringent policies to protect consumer data and maintain the integrity of financial systems. Regulations such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States highlight the global emphasis on cyber security. Compliance with such regulations necessitates substantial investments in security solutions and services, catalyzing market expansion. Financial institutions are adopting a proactive approach by implementing comprehensive security frameworks to prevent costly breaches and avoid reputational damage.

The increasing reliance on third-party vendors and outsourcing in financial services presents additional security challenges, further driving market growth. As financial institutions engage with a myriad of external service providers, ensuring data protection and securing supply chains becomes complex. Cyber security solutions are critical in managing third-party risks and ensuring that external partnerships do not compromise organizational security. Moreover, the global shift towards remote work, accelerated by the COVID-19 pandemic, has necessitated robust endpoint and network security solutions to protect sensitive information accessed outside traditional office environments.

Financial Security Services are becoming increasingly crucial as financial institutions grapple with the dual challenge of adopting innovative technologies while safeguarding sensitive data. These services encompass a range of protective measures designed to secure financial transactions, customer information, and institutional assets from cyber threats. As the financial landscape evolves, institutions are investing in comprehensive security solutions that not only address current vulnerabilities but also anticipate future risks. This proactive approach is essential in maintaining trust and ensuring the resilience of financial systems in the face of ever-evolving cyber threats.

Regionally, North America holds a substantial share of the cyber security market in financial services, driven by high technological adoption and significant investment in security infrastructure. The presence of major financial institutions and tech companies in this region further propels market growth. Europe is also a significant player, benefiting from stringent data protection regulations and the proactive stance of financial institutions towards cyber security. The Asia Pacific region is expected to witness the highest CAGR during the forecast period due to rapid digitalization, economic growth, and increasing cyber threats. Emerging economies in Latin America and the Middle East & Africa are progressively adopting advanced security solutions to counter the growing prevalence of cyber-attacks, albeit at a more moderate pace compared to other regions.</p&

Healthcare Cyber Security Market Outlook

According to our latest research, the global healthcare cyber security market size in 2024 is valued at USD 17.2 billion, driven by the increasing digitization of healthcare systems and the rising frequency of cyber-attacks targeting sensitive medical data. The market is projected to grow at a CAGR of 16.8% during the forecast period, reaching approximately USD 49.6 billion by 2033. This robust growth is primarily fueled by the proliferation of electronic health records (EHRs), expanding telemedicine adoption, and stringent regulatory mandates for data protection in the healthcare sector.

One of the most significant growth factors for the healthcare cyber security market is the exponential rise in cyber threats and data breaches affecting healthcare organizations globally. With healthcare data being highly valuable on the black market, malicious actors are increasingly targeting hospitals, clinics, insurance companies, and pharmaceutical firms. The proliferation of connected medical devices and the Internet of Medical Things (IoMT) has further expanded the attack surface, making healthcare systems more vulnerable. As a result, organizations are investing heavily in advanced cyber security solutions and services to safeguard patient data, intellectual property, and critical infrastructure, propelling market growth.

Another key driver is the rapid digitization and integration of information technology in healthcare operations. The adoption of electronic health records, telehealth platforms, cloud-based applications, and mobile health apps has transformed patient care delivery but has also introduced new vulnerabilities. Regulatory frameworks such as HIPAA in the United States, GDPR in Europe, and similar mandates worldwide require healthcare providers to implement robust data protection strategies. This regulatory pressure, combined with the reputational and financial risks associated with data breaches, is compelling healthcare organizations to prioritize cyber security investments, further accelerating market expansion.

The growing complexity of healthcare networks, coupled with the need for interoperability and real-time data sharing, has created additional challenges in maintaining security. As healthcare systems integrate third-party vendors, cloud platforms, and mobile devices, the risk of unauthorized access and data leakage increases. The demand for comprehensive security solutions, including network security, endpoint security, application security, and cloud security, is surging. Moreover, the shift towards value-based care and the rise of remote patient monitoring are encouraging healthcare stakeholders to adopt proactive and holistic cyber security frameworks to ensure patient safety and operational continuity.

From a regional perspective, North America dominates the healthcare cyber security market, accounting for the largest revenue share in 2024, followed by Europe and Asia Pacific. The United States, in particular, leads the market due to high healthcare IT adoption, stringent regulatory requirements, and a significant number of cyber incidents reported annually. Europe is witnessing robust growth, driven by GDPR compliance and increasing investments in healthcare IT infrastructure. Meanwhile, the Asia Pacific region is emerging as a high-growth market, fueled by rapid digital transformation in healthcare, rising awareness about data protection, and government initiatives to strengthen cyber security frameworks. Latin America and the Middle East & Africa are also experiencing steady growth, albeit at a slower pace, as healthcare organizations in these regions gradually enhance their cyber security capabilities.

Component Analysis

The healthcare cyber security market is segmented by component into solutions and services, each playing a critical role in the overall security posture of healthcare organizations. Solutions encompass a wide range of software and hardware off

Abstract copyright UK Data Service and data collection copyright owner.

The Cyber Security Longitudinal Survey (CSLS) helps us better understand cyber security policies and processes within medium and large businesses and high-income charities. It explores the links over time between these policies and processes and the likelihood and impact of a cyber incident. The survey is commissioned by The Department of Science, Innovation and Technology as part of the National Cyber Strategy. It aims to support the Government by providing evidence that can inform policies which help to make Britain a safer place to do business online. This is the third research year (or wave) of a multi-year study and the data were collected over 2023.

The core objectives of the study are to:

• explore how and why UK organisations are changing their cyber security profile and how they implement, measure, and improve their cyber defences.

• provide a more in-depth picture of larger organisations, covering topics that are lightly covered in the main Cyber Security Breaches Survey (also available from the UK Data Archive), such as corporate governance, supply chain risk management, internal and external reporting, cyber strategy, and cyber insurance.

• explore the effects of actions adopted by organisations to improve their cyber security on the likelihood and impact of a cyber incident.

Further information and additional publications can be found on the GOV.UK Cyber Security Longitudinal Survey pages.

Wave 1 and 2 data from the Cyber Security Longitudinal Survey can also be found on the UK Data Archive under SNs 8969 and 9067 respectively.

The questionnaire covered the following topic areas:

• cyber profile of organisations
• cyber security policies and processes and any improvements made over the last 12 months
• supplier risks
• influencers of changes in policies and processes
• use and forms of cyber insurance
• board engagement with cyber security
• use of information or guidance from the National Cyber Security Centre (NCSC) to inform approach to cyber security
• cyber security incident prevalence, impact and costs
• cyber security incident management

The Cyber Liability Insurance industry has benefited from more services being conducted online, leading more users to exchange their personal and financial information online. Cyberattacks and hacking could result in customer identity theft and financial loss for a company, placing liability on the business. Cyber liability insurance has become increasingly attractive to companies seeking protection against financial losses from legal issues stemming from data breaches. E-commerce and online auctions have increased demand for services as these online retailers often fall victim to cybersecurity attacks. Over the past five years, revenue has been growing at a CAGR of 18.8% to $6.4 billion, including an expected increase of 5.8% in 2024 alone. Over the past five years, the industry has benefited from companies integrating online services into their business operations. In recent years, financial institutions have been one source of increased demand for insurers' services. These institutions are privy to a wide range of their customer's personal and financial information, making them a prime target for a cybersecurity attack. In addition, many businesses shifted their operations online, increasing demand for cybersecurity. Also, major cybersecurity breaches have contributed to the demand for industry services. Over the next five years, the percentage of business conducted online is expected to accelerate, encouraging more businesses to purchase cyber liability insurance to prevent significant financial loss from potential cyberattacks. Growth in major markets, like healthcare, financial services and retail, is expected to help push the industry forward during the outlook period because of growing concerns regarding identity theft. Also, internet traffic volume is expected to climb rapidly over the next five years, prompting new online businesses to purchase cyber liability coverage. Overall, industry revenue is forecast to grow at a CAGR of 5.2% to $8.3 billion over the five years to 2029.

During this research a Bayesian Network model was created to determine the probability of a data breach caused by insiders of a health care sector. In addition to this, a data breach assessment tool has been created which can be used to obtain observations for the model. To gather information on the impact of the variables a focus group session with assignments was arranged. To explain the research and the assignments to the participants a presentation was given. The model was validated by sensitivity analyses and performing a data breach assessment in three hospitals.

The Cyber Security Training Market size was valued at USD 5.23 billion in 2023 and is projected to reach USD 16.08 billion by 2032, exhibiting a CAGR of 17.4 % during the forecasts period. The cybersecurity training market therefore relates to the offer of programs and courses which aim at imparting knowledge and skills in cybersecurity to the users or organizations. These training programmes encompass different prerequisites of cyber security such as; network security, data security, security breach, and compliance to set regulations. Some of the application of cybersecurity training includes; training IT professional, consolidating employee awareness to cybercrimes and overall readiness in case of an attack. It’s used across the sectors including financial, health, government, and learning, where security is paramount when dealing with data and IT systems. Some present tendencies include the shift towards the virtual and interactive nature of the training, the focus on the practical application and especially on simulation, as well as the specialization of particular trainings that correspond to the existing demands of the market and the threats that can occur in the field. Moreover, advancement in cyber threats and regulation consists of constant change, which has placed an obligation on institutions to conduct cybersecurity training to their personnel on a consistent basis. Recent developments include: In April 2023, Fortinet, a leading global cybersecurity solutions provider, has unveiled enhancements to its flagship Network Security Expert (NSE) Certification program aimed at bolstering cybersecurity skill sets and tackling the industry's talent shortage more effectively. , In May 2023, SANS Institute, a globally recognized cybersecurity training and certifications institute, announced the opening of a third cohort of its Cyber Reskilling Program in Bahrain, with a strategic partnership with (Tamkeen). This Cyber Reskilling Program is aimed at identifying, educating, and conducting rapid reskilling programs for individuals within a span period of eight weeks, with comprehensive training from global industry experts in the cyber security field. , In June 2023, NINJIO, a cyber security certification and training provider, announced the launch of a comprehensive and new approach to cyber security awareness training, with the launch of the advanced personalization engine NINJIO Risk Algorithm, which provides IT security experts with the ability to trailer cyber security training courses according to the specific needs of individuals. .

The market for third-party cyber liability insurance is experiencing robust growth, driven by the increasing frequency and severity of cyberattacks and the expanding regulatory landscape demanding greater data protection. The rising adoption of cloud computing and interconnected digital systems further fuels this expansion, as businesses face heightened exposure to data breaches and resulting liabilities. While precise market sizing data is unavailable, a reasonable estimate based on similar insurance sectors and reported growth rates in cybersecurity spending suggests a 2025 market value in the range of $8-10 billion. This is projected to experience a Compound Annual Growth Rate (CAGR) of 15-20% over the forecast period (2025-2033), reaching a market value exceeding $30 billion by 2033. Key drivers include stringent data privacy regulations (like GDPR and CCPA), increasing cyber insurance mandates from various industries, and the escalating costs associated with data breaches, including legal fees, regulatory fines, and reputational damage. The market is segmented by industry verticals (finance, healthcare, retail, etc.), coverage type (data breach response, regulatory fines, etc.), and deployment mode (cloud-based, on-premise). Major players like American International Group (AIG), Cisco, Aon Plc, IBM, and others are shaping the market through innovative product offerings, strategic partnerships, and technological advancements. However, factors such as the complexity of assessing cyber risk, the high cost of premiums, and the evolving nature of cyber threats pose significant challenges. Insurers are continuously refining their risk assessment methodologies and coverage options to address these challenges. The increasing sophistication of cyberattacks and the emergence of new threats like ransomware and IoT vulnerabilities will continue to influence market growth and product development. The market's success hinges on collaboration between insurers, cybersecurity providers, and businesses to develop comprehensive and effective risk mitigation strategies. This includes investments in robust cybersecurity infrastructure, employee training programs, and proactive risk management practices.

In 2024, numerous data breach incidents were disclosed, causing uncertainty among customers. Some of the incidents have refused to disclose the exact number of individuals impacted, so the impact in these cases is only estimated. The largest data breach is believed to have impacted every American, with around three billion records being breached. A UK-based pathology lab, Synnovis, saw a ransomware attack in July 2024, which impacted approximately 300 million patients.

As of January 2025, the most significant data privacy violation fine worldwide was for social media giant Meta. In May 2023, the Data Protection Commission (DPC) of Ireland decided to fine the company with 1.2 billion euros or 1.3 billion U.S. dollars. The Chinese vehicle-for rent company Didi Global ranked second. In July 2022, China's data privacy regulator fined the company 8.026 billion Chinese yuan, or 1.19 billion U.S. dollars. The 2021 Amazon fine issued by Luxembourg's data privacy regulation authorities was 877 million U.S. dollars and was the third-biggest data breach fine as of the measured month. The 2019 fine of 575 million U.S. dollars to Equifax followed. In this incident, because of unpatched vulnerabilities, nearly 150 million people were affected, which caused the American consumer credit reporting agency to pay at least 575 million U.S. dollars.

The ever-increasing number of data breaches targeting user credentials has become undeniable reality in our digital age. Although there are third-party breach notification services (e.g., Have I Been Pwned, Firefox Monitor) that allow users to check whether their credentials have been involved in data breaches, the number of users who are aware of or use such services may be limited. To better inform users about the breach status of their accounts, we designed a prototype registration system where the website uses readily available information (e.g., email address) to check whether this account was involved in a data breach, and then inform the user about the breach status of the email address while signing up for a website. We investigated the effectiveness of this system by performing an online study (n = 373) in which participants were asked to register to a mock-up website that presented them with a data breach notification based on Protection Motivation Theory (PMT). We found that 64% of participants were exposed in one or more breaches. A follow-up survey, 3 days after the initial survey, was conducted to determine if there were any behavior changes (e.g., changing passwords) of participants whose accounts were involved in some data breaches. We found that 40% of the participants changed their passwords on their some accounts. Finally, we present our qualitative data analysis to shed light on participants’ motivations behind their decisions as well as their perceptions of the integration of our prototype registration system.

Washington law requires entities impacted by a data breach to notify the Attorney General’s Office (AGO) when more than 500 Washingtonians personal information was compromised as a result of the breach. This dataset is a collection of various statistics that have been derived from these notices, and is the source of data used to produce the AGO’s Annual Data Breach Report.