DATABREACH STATS & NEWS
28,433,149,823
Overview
As more and more companies experience crippling security breaches, the wave of compromised data is on the rise. Data breach statistics show that hackers are highly motivated by money to acquire data, and that personal information is a highly valued type of data to compromise. It’s also apparent that companies are still not prepared enough for breaches even though the cybertechnology landscape has dramatically advanced.
Below are the top 2022 data breach stats covering types of data breaches, industry-specific, risks, costs, as well as data breach defense and prevention resources supporting the importance of cybersecurity and how to better align organizational security budgets.
- The global number of web attacks blocked per day increased by 561 percent
- The number of data breaches has significantly increased within the past decade, from a mere 662 to more than 1,000
- Office applications were the most commonly exploited applications worldwide
- 80 percent increase in the number of people affected by health data breaches
- Formjacking attacks caused an average of 10 credit card breach per website earning cybercriminals over $32M+
Data Breach Cost
- The average total cost of a ransomware breach is $4.62 million, slightly higher than the average data breach of $4.24 million
- The average per record (per capita) cost of a data breach increased by 10.3 percent
- The average total cost for healthcare increased from $7.13 million to $9.23 million, a 29.5 percent increase
- Lost business opportunities represented the largest share of breach costs, at an average total cost of $1.59 million
- The average cost of a breach with a lifecycle over 200 days is $4.87 million
- 39 percent of costs are incurred more than a year after a data breach
- United States was the country with the highest average total cost of a data breach was at $9.05 million
- The average cost of a mega-breach was $401 million for the largest breaches (50 – 65 million records), an increase from $392 million
- Annually, hospitals spend 64 percent more on advertising the two years following a breach
- The cost difference in breaches in which mature Zero Trust was deployed versus not was $1.76 million
- The largest difference for breaches with a high level of compliance failures compared to a low level was $2.30 million
Cause & Source
- An average of 4,800 websites a month are compromised with formjacking code
- 34 percent of data breaches involved internal actors
- 71 percent of breaches are financially motivated
- Ransomware accounts for nearly 24 percent of incidents in which malware is used
- 95 percent of breached records came from the government, retail and technology sectors
- 36 percent of external data breach actors were involved in organized crime
Response & Lifecycle
- It took an average of 287 days to identify a data breach
- The average time to contain a breach was 80-90 days
- Healthcare and financial industries had the longest data breach lifecycle — 329 days and 233 days, respectively
- The data breach lifecycle of a malicious or criminal attack took an average of 315 days
- Microsoft Office files accounted for 48 percent of malicious email attachments
- The most active attack groups targeted an average of 55 organizations
Industry News
Murphy Law Firm investigates legal claims on behalf of all individuals whose information was exposed in the Lockton data breach.... Learn about the Hamilton County government's efforts to address a nationwide data breach affecting EMS patients' financial information and the ... County restructures after data breach. No views · 4 minutes ago ...more. Local 3 News. 50.1K. Subscribe. 0. Share. Save. A reported data breach in Hamilton County is sparking controversy over transparency, accountability, and how leaders handled the situation. A review found that compromised data may include names, addresses, Social Security numbers, driver's licenses, bank account details, payment card ... The cybersecurity team at SafetyDetectives stumbled upon a post on BreachForums, a hacking message board. The post, made by a user named ... Hamilton County Mayor weston wamp says he received notice about a possible data breach weeks after other county officials did. An orthodontic software company has been hit with a proposed class action in Georgia federal court over a November data breach in which the names, ... Download the guide for Data Security Platforms, and learn how combining data security controls and fine-grained authorization leads to more ... A huge data breach has leaked over 50000 profiles from the 'Gay Daddy' dating app, cybersecurity researchers have warned. breach, let's trust David Roddy to work with the county attorney's office to get this thing done." When a data breach affects more than 500 people ... ... data breach targeting the Texas Republican Party. Aubrey Cottle, a 37-year-old Oshawa man who goes by the online alias “Kirtaner,” is facing U.S. ... Royal Mail is investigating claims of a security breach after a threat actor leaked over 144GB of data allegedly stolen from the company's ... A malicious hacker recently offered to sell the security firm's sensitive customer information. On March 31, a user of the dark web forum BreachForum, known as 'GHNA', claimed to have breached Royal Mail. The data breach allegedly impacted ... A substantial data breach has been reported at Elon Musk's social media platform, X, impacting millions of accounts. Opinion Oracle is being accused of poor incident comms as it reels from two reported data security mishaps over the past fortnight, ... Hamilton County Mayor Weston Wamp acknowledged that a data breach of a county contractor's system may have exposed the private information of as ... Almost any data breach (“breach”) incident would result in a class proceeding. But as breaches became more commonplace, courts began to apply more ... ... breach, unfolds. Much of the data referenced in this Part extends beyond breaches implicating personal information; however, all of it remains ...on April 2, 2025 at 3:54 pm on April 2, 2025 at 3:54 pm on April 2, 2025 at 3:27 pm on April 2, 2025 at 3:03 pm on April 2, 2025 at 2:31 pm on April 2, 2025 at 2:25 pm on April 2, 2025 at 2:24 pm on April 2, 2025 at 2:05 pm on April 2, 2025 at 12:52 pm on April 2, 2025 at 12:40 pm on April 2, 2025 at 12:16 pm on April 2, 2025 at 11:58 am on April 2, 2025 at 9:37 am on April 2, 2025 at 9:23 am on April 2, 2025 at 8:46 am on April 2, 2025 at 8:27 am on April 2, 2025 at 8:23 am on April 2, 2025 at 8:17 am on April 2, 2025 at 8:00 am on April 2, 2025 at 8:00 am
Cybersecurity researchers have disclosed details of a now-patched privilege escalation […] Introduction
As the cybersecurity landscape evolves, service providers play an increasingly vital […] Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet […] When assessing an organization’s external attack surface, encryption-related issues (especially […] The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor […] Cybersecurity researchers have discovered an updated version of a malware loader called Hijack […] Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized […] On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to […] A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities […] Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation […]on April 2, 2025 at 6:48 am on April 2, 2025 at 4:25 am on April 2, 2025 at 3:43 am on April 2, 2025 at 3:00 am on April 1, 2025 at 11:52 pm on April 1, 2025 at 10:55 pm on April 1, 2025 at 10:08 am on April 1, 2025 at 8:34 am on April 1, 2025 at 7:18 am on April 1, 2025 at 4:28 am
By using fake references and building connections with recruiters, some North Korean nationals are […] While the House Committee on Government Reform was looking for retaliatory options, cybersecurity […] The US military and law enforcement learned to outthink insurgents. It's time for cybersecurity to […] Attackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered […] Transportation facilities and networks slowly adapt to changes and threats, leaving them vulnerable […] The new Google Workspace features will make it easier for enterprise customers to implement […] A successful enterprise security defense requires a successful endpoint security effort. With […] Over the past few weeks, bad actors from different regions have been scanning devices with the VPN […] In this roundtable, cybersecurity experts — including two former CISA executives — weigh in on […] The bill will allow Japan to implement safeguards and strategies that have been in use by other […]on April 2, 2025 at 2:48 pm on April 2, 2025 at 2:01 pm on April 2, 2025 at 7:00 am on April 2, 2025 at 6:22 am on April 1, 2025 at 6:00 pm on April 1, 2025 at 3:38 pm on April 1, 2025 at 2:59 pm on April 1, 2025 at 1:53 pm on April 1, 2025 at 1:13 pm on April 1, 2025 at 11:54 am
Brian Krebs Updates
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an […] Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for […] Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. […] A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration's continued disregard […] A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is […] Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active […] Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in […] In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves […] At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon Musk's Department of Government Efficiency (DOGE). As the current director of information […] One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and […]on March 30, 2025 at 6:22 pm on March 27, 2025 at 9:39 am on March 21, 2025 at 12:12 pm on March 19, 2025 at 6:26 pm on March 14, 2025 at 3:15 pm on March 11, 2025 at 4:53 pm on March 11, 2025 at 9:49 am on March 7, 2025 at 6:20 pm on March 6, 2025 at 5:54 pm on February 28, 2025 at 1:14 pm
