56 Must Know Data Breach
I found this blog post by Rob Sobers( https://www.varonis.com/blog/data-breach-statistics/ ) very informative , and I wanted to share it with YOU as well.
Data breaches are getting bigger, hackers are getting savvier, and the amount of compromised data is unfortunately on the rise. A quick look at data breach trends shows that hackers are mostly motivated by money to acquire data and that personal information is a highly valued type of data to compromise. It’s also apparent that companies are still not prepared enough for breaches even though they are becoming more commonplace.
In fact, studies find that companies still keep thousands of files unprotected and open for anyone inside the company to access.
We’ve put together 57 data breach statistics to illustrate how they have evolved over the years, plus we outline how costly and damaging each breach can be for companies and consumers.
History of Data Breaches
Computer viruses and cybersecurity incidents have greatly heightened in severity over the years. Take a look at how data breaches have progressed and how dangerous they are today.
- The first computer virus, known as “The Creeper,” was discovered in the early 1970s (History of Information)
- The largest insider attack occurred from 1976 to 2006 when Greg Chung of Boeing stole $2 billion worth of aerospace docs and gave them to China (NBC)
- Yahoo holds the record for the largest data breach of all time with 3 billion compromised accounts
- AOL was the first victim of phishing attacks in 1996 (Phishing)
- Cyber-attacks are considered among the top three risks to global stability (World Economic Forum)
- As of 2015, 25 percent of global data required security but was not protected (Statista)
- Social media data breaches accounted for 56 percent of data breaches in the first half of 2018 (IT Web)
Cost of a Data Breach
It’s no secret that data breaches are costly for a business. See just how expensive it is to experience a breach and what elements cause the cost to rise.
- The average cost of a data breach is $3.86 million (IBM)
- The average cost per lost or stolen record in a data breach is $148 (IBM)
- The average cost savings with an incident response team is $14 per record (IBM)
- Companies that contained a breach in less than 30 days saved more than $1 million compared to those that took more than 30 days (IBM)
- The extensive use of Internet of Things (IoT) devices increased the cost per compromised record by $5 (IBM)
- The cost of lost business after a breach for US organizations adds up to $4.2 million (IBM)
- Notification costs after a breach for US organizations add up to $740,000 (IBM)
- A mega breach of 1 million records has an average total cost of $40 million (IBM)
- A mega breach of 50 million records has an average total cost of $350 million (IBM)
- Hospitals spend 64 percent more annually on advertising over the two years following a breach (American Journal of Managed Care)
Data Breach Risk
There are different factors that put companies at higher risk for a breach, like leaving folders open and unprotected. Some industries are also more susceptible than others. For example, healthcare organizations are the most breached industry. Peruse through the stats below to see what can put you at risk.
- 88 percent of companies with more than 1 million folders have 100,000 folders accessible by every employee. open to everyone (Varonis)
- 30 percent of companies have over 1,000 sensitive folders open to everyone (Varonis)
- 57 percent of companies have over 1,000 folders with inconsistent permissions (Varonis)
- 3 percent of a company’s folders are protected (Varonis)
- 58 percent of data breach victims are small businesses (Verizon)
- 22 percent of data breaches in 2017 involved the use of stolen credentials (Verizon)
- 36 percent of compromised data in 2017 was personal information like name, birthday, and gender (Verizon)
- 93 percent of malware comes from emails (Verizon)
- Routers and connected cameras make up 90 percent of infected devices (Symantec)
- More than 70 million records were stolen or leaked from poorly configured S3 buckets in 2018 (Symantec)
- Supply chain attacks rose by 78 percent in 2018 (Symantec)
- Ransomware attacks are down by 20 percent since 2017 (Symantec)
- A cyber attack occurs every 39 seconds (University of Maryland)
- The larger the data breach, the less likely the organization will have another breach in the following two years (IBM)
- 27 percent of data breaches are caused by human error (IBM)
- Card-not-present fraud is 81 percent more prevalent than point-of-sale fraud (Javelin)
- Nearly one in ten targeted attack groups use malware to destroy or disrupt business operations (Symantec)
Data Breach Prevention
Cybersecurity professionals are taking note of these costs and risks. See how the cybersecurity industry is shifting budget and priorities to protect their organizations from cyber attacks.
- 63 percent of companies have implemented a biometric system or plan to onboard one (Veridium)
- 49 percent of companies will increase their cloud security budget in the next 12 months (Cybersecurity Insiders)
- Enterprise ransomware detections rose by 21 percent since 2017 (Symantec)
- 17 percent of IT security professionals reported information security as the largest budget increase for 2018 (ZDNet)
- 80 percent of organizations planned to increase security spending in 2018 (ZDNet)
Data Breaches by the Numbers
There are many factors to consider when preparing for and managing a data breach, like the amount of time it takes to respond to a data breach and the reputational impact it has on your company. Read below to see how breaches happen, and other crucial information.
- At 287 days, the entertainment industry takes the most time to detect a data breach in comparison to other industries (IBM)
- At 103 days, the healthcare industry takes the most time to contain a data breach compared to other industries (IBM)
- The average time to identify a breach across all industries is 197 days (IBM)
- The average time to contain a breach across all industries is 69 days (IBM)
- The United States saw 1,244 data breaches in 2018 and had 446.5 million exposed records (Statista)
- The global number of web attacks blocked per day increased by 56.1 percent between 2017 and 2018 (Statista)
- Office applications were the most commonly exploited applications worldwide in Q3 of 2018 (Statista)
- There was an 80 percent increase in the number of people affected by health data breaches from 2017 to 2019 (Statista)
- 28 percent of data breaches in 2018 involved internal actors (Verizon)
- 76 percent of breaches are financially motivated (Verizon)
- 62 percent of external data breach actors in 2018 were involved in organized crime (Verizon)
- 40 percent of security incidents in 2017 were DoS attacks (Verizon)
- 95 percent of breached records came from the government, retail, and technology in 2016 (Tech Republic)
- An average of 4,800 websites a month are compromised with formjacking code. Formjacking involves hackers inserting malicious code into e-commerce websites to steal payment information like credit card numbers, names, and more (Symantec)
- By stealing only 10 credit cards per website, cybercriminals earn up to $2.2 million through formjacking attacks (Symantec)
- 48 percent of malicious email attachments are Microsoft Office files (Symantec)
- From 2016 to 2018, the most active attack groups targeted an average of 55 organizations (Symantec)