Data Breach Statistics 2023 – A Detailed Security Incident Analysis

Written By Sambita Panigrahy  
Anuraag Singh
Approved By Anuraag Singh 
Published On April 25th, 2023
Reading Time 9 Minutes Reading

This article aims to discuss the implications of cyberattacks and data breach statistics 2023 in the form of facts and numbers. The facts and figures may be modified in the future as per the latest update.

In the era of the ever-growing number of IP addresses and internet access points, cyberspace has become a favorable environment for cyber criminals. No matter how hard we try to deny this fact but it is today’s bitter truth. 

Here’s the comprehensive compiled data that shows the security breach statistics till 2022. Along with that, in this article, we’ll discuss what are the various forms of data breaches, which industries were worst hit, and what security measures you can take to avoid cyber attacks in 2023. 

So, without further ado, let’s start the discussion.

Top Findings on Cyber Security Breaches

Here are the main highlights of past years’ security incidents which could help us assume data breach statistics 2023.

  • According to IBM’s 2022 Data Breach Report, phishing-related breaches took the third-longest amount of time to find and stop, taking 295 days on average.
  • Phishing accounts for about 22% of all data breaches, earning it a spot as one of the most common cybercrimes in the FBI’s 2021 IC3 Report.
  • 79% of organizations responsible for vital infrastructure, didn’t use a zero-trust architecture.
  • 45% of data breaches included the cloud.
  • From $4.24 million in 2021 to $4.35 million in 2022, the average cost of a data breach grew by 2.6%.
  • For critical infrastructure businesses, the average cost of a data breach was estimated to be $4.82 million.
  • The health sector faced 30% of all significant data breaches.
  • Between March 2021 and February 2022, at least 42 million records were exposed due to data breaches.
  • Due to a malevolent outsider who obtained access through identity theft, Yahoo faced a data breach that affected about 1,000,000,000 people.
  • A security failure allowed access to India’s biometric database Aadhar, which houses the personal information of almost all citizens (almost 1.1 billion individuals).

Data Breach Statistics Uncovering The Biggest Cyberattacks in the History

Cyberattacks are happening all over the world regardless of industry type.

data breach statistics 2023

The below data shows some of the biggest cybersecurity incidents that happened worldwide.

  • Due to unprotected cloud storage, the American pharmaceutical company Pfizer unintentionally exposed the private information of the nation’s prescription medicine users.
  • A hacking attack that was disclosed on June 7, 2022, resulted in a data breach at Texas Tech University Health Sciences Center. There were 1,29 million persons impacted by the breach.
  • In a statement, Equifax disclosed that 148 million people were affected by the theft of its servers. Names, residential addresses, phone numbers, dates of birth, social security numbers, and license numbers were among the information that was compromised.
  • Nearly 500 million WhatsApp users’ phone numbers have been exposed and are now for sale. According to a well-known hacking community, the database, which is for sale, includes the personal data of WhatsApp users from 84 different countries.
  • On a Dark Web site, information about 700 million LinkedIn members was advertised for sale in June 2021.
  • In May 2021, Air India Data Breach compromised the personal details of 4.5 million customers.
  • Harbour Plaza, a hospitality management company in Hong Kong, suffered a massive data breach compromising 1.2 million customers’ accommodation reservation details. 

Staggering Report on Data Breach Happened Till 2022

Various research and analysis of security incidents exhibit that:

  • In the past 17 years, 2021 was one of the most expensive years for data breaches caused by phishing scams.
  • Since H1 2022, there have been 817 data breaches recorded in the United States.
  • Ponemon Institute figures show that when it comes to preventing an attack or a data breach, 77% of businesses are dreadfully unprepared and unplanned.
  • Large hospitals with a history of disclosing patients’ private health information are the sites of 30% of data breaches. The most recent intrusion on AIIMS, which compromised 30 million patient records on its five servers, is proof of it.
  • In 2022, stolen or compromised credentials were the cause of 19% of data breaches, which cost an average of USD 4.50 million.
  • Between hybrid cloud breaches and public cloud breaches, the cost differential was 27.6%.
  • Every day, hackers steal around 780,000 records.
  • In the third quarter of 2019, office applications made up 72.85% of all applications that were exploited globally.
  • 71% of breaches are reportedly motivated by money, 16% of breaches included public sector organizations, and 43% involved small enterprises.

data breach statistics

Data Breach Statistics Showing The Financial Impact on Businesses

A data report by Gartner suggests that 60% of infrastructure and operations leaders will endure public cloud cost overruns that negatively affect their available budgets by 2024.

Here are some of the other reports relevant to data breach costs:

  • IBM estimates that between 2020 and 2022, the average cost of data breaches increased by 12.7%, from $3.86 million to $4.35 million.
  • The average cost of ransomware, $4.54 million, is marginally more than the USD 4.35 million average total costs of a data breach.
  • In the United States, the average cost of a data breach is $9.44 USD.
  • Phishing was the most expensive cause of data breaches, accounting for 16% of all breaches and costing an average of $4.91 million in damages.
  • According to statistics, the average cost of a data breach in 2018 was over $150 for each compromised record.
  • As per IBM, the USA saw the highest rate of expensive data breaches in 2021, costing $9.05 million. 
  • The cost of a breach was predicted to be USD 5.01 million for medicines, USD 4.97 million for technology, and USD 4.72 million for energy.
  • According to 2020 research by Sophos, remediation costs for ransomware attacks range between US$732,500 when a ransom is not paid and US$1,448,458 when it is.

The Top 6 Countries & Regions for the Highest Average Cost of a Data Breach Were:

  • United States at USD 9.44 million
  • Middle East at USD 7.46 million
  • Canada at USD 5.64 million
  • United Kingdom at USD 5.05 million
  • Germany at USD 4.85 million
  • India at USD 2.2 million

It’s certain from the above figures that if security measures are not taken promptly then data breach statistics 2023 figures would be only higher.

Security Breach Statistics Revealing the Common Forms of Cyber Attacks

Cybercriminals mostly use ransomware attacks, phishing attacks, and identity theft as their weapon against victims. 

According to Verizon, Ransomware attack has increased this year by about 13%, which is more than they did over the previous five years combined. This continues its rising trend. It’s crucial to keep in mind that, although pervasive and possibly disastrous, ransomware is fundamentally just a method of making money off of an organization’s access.

IBM’s 2022 report says that Ransomware assaults accounted for 11% of breaches, a considerable rise from 2021 when they made up 7.8% of breaches. That is a 41% growth in just one year. However, the average cost of a ransomware assault decreased little, from $4.62 million in 2021 to $4.54 million in 2022.

On the other hand, various cyber investigations reveal that 80% of internet frauds are happening through emails in the form of Phishing attacks. According to 51% of businesses, phishing is the most popular technique attackers employ to obtain legitimate cloud credentials.

Another estimate claims that phishing, in which a fraudster contacts a target (usually via email) and impersonates a reliable source like a bank, mobile phone provider, postal delivery service, or even a friend, is responsible for 25% of all data breaches. 

Studies reveal that In 2016, 59 percent of all data breach occurrences worldwide involved Identity Theft, making it the most prevalent form of incident.

Which Industries Have Suffered The Most from Security Breach?

Though cybercriminals don’t overlook when it comes to carrying out cyber attacks, at times they particularly target specific industries. Data breach reports show that healthcare sectors, financial services, and government organizations are the most frequently targeted industries of all.

Healthcare Sector

Malicious data breaches accounted for 18% of the claims involving healthcare, while unintentional data breaches accounted for 29%. The average healthcare data breach rose by about $1 million to $10,10 million. 

With an increase of 41.6% since 2020, healthcare breach costs have been the most expensive industry for the past 12 years. According to a report, ransomware attacks caused delays in procedures and extended hospital stays in nearly 70% of healthcare organizations. Ransomware attacks were the cause of 8% of claims for healthcare data breaches.

Finance Sector

Both intentional and unintentional data breaches—39% and 35%, respectively—caused significant loss and claim triggers for the insurance industry. The second biggest expenditures were incurred by financial entities, averaging USD 5.97 million.

The financial sector saw a growth of USD 0.25 million or 4.4%, from USD 5.72 million in 2021 to USD 5.97 million in 2022. Nearly 1.7 million accounts were compromised by 137 breaches in the financial industry in 2018.

Small Medium Enterprises

Government, retail, and technology businesses were accountable for 95% of data breaches in 2016. Plus, Manufacturing companies saw 22% of all cyber insurance claims for malicious data breaches. 

Not to mention, in the retail and wholesale industries, malicious data breaches (30%) and unintentional data breaches (8%) were the main reasons for insurance claims.

What’s the Future of Cyberspace Looks Like?

The World Economic Forum showed concern regarding cyber-attacks happening across the globe. And why not? The series of cyber-attacks are not only impacting individuals & enterprises but also acting as a barrier to digital trust.

For digital transformation, 72% of IT security heads rank the cloud as their companies’ top priority. So, the chances of happening cyber attacks on the online environment could increase. And, the biggest concern is that hackers are utilizing new and advanced techniques to breach computer systems.

That means the challenge in front of the organizations is, how can they tackle ever-evolving cyberattacks.

Well, in a manner it’s not that difficult as taking a cyber expert’s help can mitigate the chances of security incidents to a great extent. The expert and team would use industry-proven techniques and tactics. With a professional by your side, you can monitor systems for unexpected behaviors through SOC. And, scan the IT infrastructure for present vulnerabilities through vulnerability assessment and penetration testing or in short VAPT.

Thus, opting for Managed Cybersecurity Services could save industries from falling victim to cyberattacks in 2023.

Note: The facts and numbers discussed in this article were taken from multiple third-party resources.