60+ Key Data Breach Statistics for 2025

• More than 70% of data breaches are traceable to organized crime groups.
• 45% of Americans have had their personal information compromised in the last five years.
• One in three data breaches in 2024 involved shadow data — data outside a company’s centralized system.
• 82% of data breaches involve cloud data.
• 46% of all breaches involve customer PII (Personally Identifiable Information), and 40% involve employee PII.
• 86% of data breaches involve stolen credentials.
• The United States reported over 4,608 data breaches between September 2022 and September 2023, with over 5 billion affected records.
• 32% of cyber incidents involve data theft and leaks.
• More than half of breached organizations face security staffing shortages, a 26.2% increase from 2023.
• 98% of organizations have third-party vendors who have suffered data breaches.

The top ten data breaches of all time had a new entrant in 2024 — coming at number three, the National Public Data breach emerged when PII amounting to an estimated 2.9 billion personal records became available on the dark web. 

• The Cam4 data breach of March 2020 affected 10.88 billion records.
• The second-biggest breach in history affected 3 billion Yahoo accounts in 2017.
• The National Public Data breach of April 2024 compromised 2.9 billion records.
• 1.1 billion people were affected by the Aadhaar data breach of March 2018.
• A breach of Alibaba data affected 1.1 billion people in July 2022.
• First American Financial Corporation suffered a breach in May 2019 that affected 885 million users.
• The Verifications.io breach of February 2019 impacted 763 million users. 
• LinkedIn experienced a data breach in June 2021, affecting 700 million users.
• 533 million Facebook users’ data was compromised in April 2019.
• An incident at Yahoo in 2014 exposed data related to 500 million accounts.

Data breaches are financially disastrous for the organizations affected — and the cost is escalating yearly.

• The cost of cybercrime worldwide is predicted to reach $10.5 trillion in 2025, a 15% annual increase.
• In 2024, the average cost of a single data breach hit an all-time high of $4.88 million, a 10% jump from the previous year. 
• On average, a data breach costs $165 per record.
• Organizations employing fewer than 500 people spent 13.4% more managing data breaches in 2024. The average cost now stands at $3.31 million.

The financial fallout from data breaches extends beyond immediate costs: 

• The average cost per data breach in 2024 was $4.88 million. 
• Breaches involving stolen credentials took the longest to identify and contain, averaging 292 days. Breaches identified and addressed within 200 days cost 23% less to resolve. 
• Organizations with security skills shortages experienced a 20% increase in breach costs.
• In 2024, the average cost of a mega-breach involving between 50 million and 60 million records was $375 million, a $43 million increase from 2023.

No industry sector or geographic region is immune to the risk of cybercrime, but data breaches are more prevalent in some than others.

• Worldwide, 422.61 million data records were leaked in data breaches in the third quarter of 2024.
• More than 25% of attacks in 2023 affected the manufacturing sector.
• For the 14th year running, healthcare data breaches are the most expensive.
• However, healthcare breach costs dropped 10.6% to $9.77 million in 2024
• The average cost of a data breach in the financial sector reached $6.08 million.
• The average cost of a ransomware attack was $5.13 million, not including the ransom payment. 
• Europe accounts for 32% of global cyberattacks. 
• The average breach cost in the Middle East rose to $8.75 million in 2024.
• In 2024, the average cost of a data breach in the United States fell to $9.36 million from $9.48 million the previous year.

Humans are a hugely influential factor in data breaches. In other words, higher levels of manual intervention increase the risk of data breaches. 

• 74% of all breaches include human involvement, whether through error, privilege misuse, stolen credentials, or social engineering. 
• Phishing remains a prevalent threat, accounting for 44% of social engineering incidents. 
• More than 50% of social engineering incidents involve business email compromise (BEC) attacks, in which the criminal tries to dupe a senior executive or budget holder into transferring money or disclosing sensitive information.
• 62% of breaches not prompted by an error, misuse, or physical action involved using stolen credentials, brute force, or phishing.

Not all attacks come from outside. Worryingly, data breaches are often the result of insider involvement.

• Dealing with a malicious insider attack costs an average of $4.99 million. 
• Insider-led cyber incidents cost organizations an average of $16.2 million annually.
• Insider-led incidents take an average of 85 days to contain.
• Non-malicious insiders account for 75% of incidents, often due to negligence or being exploited by external attackers.
• At more than 64% of financial service companies, 1,000-plus sensitive files are accessible to all employees.
• 59% of financial services companies have 500+ passwords with no expiry dates, and almost 40% have over 10,000 ghost users.
• 12% of employees took sensitive information with them before leaving an organization. This information included customer data, employee data, health records, and/or sales contracts.
• Malicious insider attacks are challenging to detect and can cause extensive damage, driving the average cost of tackling one to $4.9 million.

Data breaches are a fact of life, but organizations can mitigate and even eliminate the damage they inflict by prompt action and effective measures to prevent them from happening in the first place. Rather than throwing money at security and employee training after a breach, companies should invest in strong, proactive measures such as implementing cybersecurity solutions and fostering a security-aware culture.

• Organizations spend an average of 204 days trying to identify a data breach.
• Containing a data breach takes an average of 64 days — a drop of nine days from 2023.

As the dominant technology of today, AI offers both opportunities and challenges for cybersecurity. Although AI can enhance security measures, cybercriminals can also exploit it. The likely emergence of AI-engineered phishing emails and other malicious activities makes it vital for organizations to stay ahead of emerging threats.

• Just 24% of gen AI initiatives are secured, which opens data and data models to the threat of breaches.
• Phishing crimes targeting charitable donations are likely to increase as natural disasters caused by climate become more common.
• Legalized sports betting in more U.S. states will encourage phishing scammers to target online gamblers.
• The rise of remote work, education, and games will create new targets for cybercriminals.
• Vulnerabilities in cryptocurrency and NFTs will increase the popularity of digital assets as a focus of identity theft.
• Cybercriminals will target physical infrastructure such as electrical grids, dams, and transportation networks as the U.S. Congress seeks to rebuild aging infrastructure.

What are the best ways to prevent data breaches? Although no organization is entirely inviolable, some security measures are gaining traction.

• 61% of organizations use some level of security AI and automation.
• $2.2 million represents the average cost savings for organizations that use security AI and automation extensively for data breach prevention versus those that don’t.
• 63 % of companies have either introduced a biometric system or plan to do so. 
• Organizations with a strong focus on using AI saved an average of $1.88 million on breach costs.
• Companies that use AI and automation identify and address breaches almost 100 days faster.

No organization can ignore the threat of data breaches. They must prioritize cybersecurity, invest in robust defenses, and inform themselves about the latest trends and threats. By understanding the statistics and taking proactive measures, businesses can become more effective at safeguarding ttheir sensitive data.

• The cost of data breaches continues to escalate.
• Stolen credentials and human error are major contributors to breaches
• Healthcare and manufacturing are key targets.
• Insider threats and social engineering attacks are increasing.
• Proactive security measures and AI-drive solutions are vital to defend against data breaches.

Sources

• 110 of the Latest Data Breach Statistics [Updated 2024]
• Cybercrime To Cost The World $10.5 Trillion Annually By 2025
• ITRC 2023 Annual Data Breach Report
• RSA Data Privacy and Security Survey 2019
• IBM Cost of a Data Breach Report 2024
• DBIR 2023 Data Breach Investigations Report
• United States Data Breach Notification Laws 2023
• Crowdstrike 2024 Global Threat Report
• Most commonly exploited applications worldwide from November 2021 to October 2023
• Opus & Ponemon Institute Announce Results of 2018 Third-Party Data Risk Study
• 82 Must-Know Data Breach Statistics
• Data breaches worldwide – statistics & facts
• Healthcare Data Breach Statistics
• Data Breach Statistics for 2024