James Comey, the former director of the FBI, once said, “There are two kinds of companies. Those that have been hacked and those that don’t know yet that they’ve been hacked.”
The statement speaks volumes about the rising number of crippling security breaches taking over the world. What’s worse is the growing motivation of hackers to acquire personal information and sell it on the dark web.
Read on as we explore data breach global history through statistics, risks, and costs. This Nira guide will help you understand the importance of data security for your organization and your personal information.
What is a Data Breach?
A data breach is a cyberattack or online security incident where information is taken from a system without the owner’s authorization. Common cyberattack methods to carry out a data breach include malware, phishing, ransomware, and denial of service.
The stolen data can involve confidential, sensitive, or proprietary information, like trade secrets, personal details, credit card numbers, or matters of national security.
Here’s how the U.S. Department of Justice defines a breach: “The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, access for an unauthorized purpose, or other unauthorized access, to data, whether physical or electronic.”
One of the biggest consequences of a data breach is the damage it does to the victim company’s reputation. The company’s customers and associates see the lack of security as a betrayal of trust, making it extremely difficult to win their confidence back–much like when customers of a bank that has been robbed choose to move their money elsewhere.
The other impact is the more obvious financial loss. Hundreds of millions of dollars are lost every year because of inadequate data security measures—incidents that could’ve been easily evaded by implementing simple security protocols.
How Do Data Breaches Occur?
Data breaches can occur for multiple reasons—even accidentally—but targeted cyberattacks are typically carried out in the following ways:
- Weak passwords. Malicious hackers can crack weak and insecure user passwords within seconds, which is why experts advise against using simple passwords, especially ones containing whole words or phrases.
- Targeted malware attacks. Spam and phishing email techniques are the oldest tricks in the book that hackers use to deceive the user into revealing user credentials. Alternatively, they may also get the user to download malware attachments or direct them to vulnerable websites. Regardless of the method, this is an easy way for malware to end up on your computer.
- Exploiting system vulnerabilities. Redundant or outdated software makes it easier for attackers to sneak malware into a computer and steal critical or sensitive information.
- Drive-by downloads. You can accidentally download a virus or malware by visiting a compromised web page. A drive-by download uses an outdated browser, application, or operating system—or ones with a security flaw—to get on your computer.
50 Data Breach Statistics That Shook the World
Here are some of the biggest data breach statistics that stood out to us:
- The 2020 DBIR analyzed 32,002 security incidents, out of which 3,950 were confirmed breaches. This was double the previous year’s 2,013 breaches. – Verizon
- The California Department of Motor Vehicles (DMV) cautioned drivers it suffered a data breach after its billing contractor, Automatic Funds Transfer Services, fell victim to an unspecified strain of ransomware. – TechCrunch
- On November 5, 2020, the infamous hacker, ShinyHunters, leaked a database belonging to Mashable.com that contained 1,852,595 records of staff, users, and subscribers’ data. – HackRead
- A customer support database containing 280+ million Microsoft customer records was left unprotected on the web. – CompariTech
- According to Comparitech researchers, Social Data Trading Limited, a company that sells data on social media influencers to marketers, has exposed a database of nearly 235 million social media profiles on the web without a password or any other authentication required to access it. – Comparitech
- More than 10.6 million people who were guests of the MGM Resorts have had their personal information posted on a hacking forum. – ZDNet
- Spotify reset an undisclosed number of user passwords after finding a software vulnerability in its systems that ended up exposing private account information to its business partners. The company filed a data breach notification stating the breach “may have included email addresses, preferred display names, passwords, gender, and date of birth only to certain business partners of Spotify.” – TechCrunch
- About 500,000 Zoom teleconferencing account credentials were put up on sale on the dark web. – Fighting Identity Crimes
- 98% of point-of-sale data breaches that took place in the accommodation and food services industry in 2020 were financially motivated. – Verizon
- Adopting the remote work culture ended up increasing data breach costs in the United States by $137,000. What’s more, 76% of participants said remote work would increase the time to identify and contain a data breach. – IBM
- Scams increased by 400% after the pandemic hit, making COVID-19 the largest-ever security threat. – ReedSmith
- The Small Business Administration (SBA) suffered a data breach that exposed the personal information of nearly 8,000 business owners applying for federal disaster loans. – U.S. PIRG
Data Breach Costs
As mentioned, financial losses are a direct consequence of data breaches. Security institutes collect the breached organization’s direct expenses (hotline support, forensic experts) and indirect expenses (in-house investigations and communication, diminished client acquisition rates) to calculate the average cost of a data breach.
Below are a few statistics to show you how expensive a data breach can be.
- The global average cost of a data breach rose from $3.86 million to $4.24 million, making it the highest average total cost in the 17-year history of the IBM report. – IBM
- A data breach in the healthcare sector was found to be the costliest at $7.13 million. – IBM
- The average cost per lost or stolen record in a data breach is $150, but the faster an organization contains the attack, the less expensive it’ll be. A breach lifecycle under 200 days costs $1 million less than a lifecycle over 200 days. – IBM
- IBM identified compromised credentials as the most common initial attack vector, responsible for 20% of breaches at an average breach cost of USD 4.37 million. – IBM
- When fully deployed, automation and security artificial intelligence (AI) provided the biggest cost mitigation — up to USD 3.81 million — less than organizations without it. – IBM
- Compared to organizations without zero trust, the average cost of a breach for organizations with a mature zero-trust approach was USD 1.76 million. – IBM
- In 2020, the United States had the highest average total cost of a data breach at $8.64 million. – IBM
- A mega breach of 1 million to 10 million records has an average total cost of $50 million, which is 22% more than it was in 2018. – IBM
- A mega breach of 50 million records has an average total cost of $392 million, which is almost 12% higher than in 2018. – IBM
- Hospitals spend 64% more on advertising annually over the next two years after a breach. – American Journal of Managed Care
- Organizations further along in their cloud modernization strategy contained the breach approximately 77 days faster than those in the early stage of their modernization journey, which also meant lower data breach costs. – IBM
Data Breach by Breach Size
Here, we’ll review some of the biggest data breaches that ended up exposing millions of personal data records. Let’s take a quick look.
- In March 2020, the adult video streaming website CAM4 has had its Elasticsearch server breached, exposing 10.88 billion records. – Wired
- The Yahoo data breach of October 2017 compromised approximately 3 billion user accounts. – The New York Times
- In March 2018, a data leak on a system run by a state-owned utility company exposed the private information of more than a billion Indian Aadhaar holders, including their names, unique 12-digit identity numbers, and bank details. – The Guardian
- In May 2019, the website for Fortune 500 real estate title insurance giant First American Financial Corp. leaked 885 million user documents related to mortgage deals dating back to 2003. – Krebs On Security
- verifications.io, an email address validation service, exposed 800+ million unique email addresses in a non-password-protected 150GB-sized MongoDB instance in February 2019. – Softek
- In June 2021, data of over 700 million LinkedIn users, a staggering 92% of the total user base, was posted for sale in a Dark Web forum. – Forbes
- In April 2019, the UpGuard Cyber Risk team uncovered that two third-party Facebook app datasets were exposed to the public internet, affecting 533 million users. – UpGuard
- Yahoo believes that information associated with at least 500 million user accounts was stolen in what could have been a state-sponsored attack. – Data Center Dynamics
- In November 2018, Marriott International announced hackers had stolen data of approximately 500 million Starwood hotel customers after gaining unauthorized access to the Starwood system back in 2014. Surprisingly, this wasn’t discovered until 2018. – The New York Times
- In October 2016, cybercriminals gained access to 20 years of data on six databases belonging to the AdultFriendFinder Network. LeakedSource even dubbed this as the biggest data breach of 2016. – Computer World
Data Breach Historical Statistics
The shift of governments and businesses from paper to digital led to the onset of data breaches. After 2005, the world saw some of the biggest data breaches recorded in history.
Here are data breach statistics that led up to and launched the age of data breaches:
- The first computer virus was discovered in the early 1970s and was dubbed “The Creeper.” – History of Information
- AOL was the first victim of phishing attacks in 1996. – Phishing
- Social media data breaches accounted for 56% of data breaches in the first half of 2018. – IT Web
- As of 2019, cyberattacks are considered among the top five risks to global stability. – World Economic Forum
- The Privacy Rights Clearinghouse started its chronology of data breaches in the year 2005, which is also when the first data breach (DSW Shoe Warehouse) exposed 1.4 million records. – LifeLock
- The infamous 2017 Equifax data breach exposed names, Social Security numbers, dates of birth, addresses, and, in some cases, driver’s license numbers of 145.5 million American consumers. – LifeLock
- The largest insider attack happened between 1976 to 2006. Chinese-born engineer Greg Chung stole $2 billion worth of aerospace documents and gave them to China. – NBC
- As of 2015, an estimated 25% of global data needed security but wasn’t protected. – Statista
- There have been 300 data breaches involving the theft of 100,000 or more records over the past decade. – Forbes
- The United States alone saw 1,244 data breaches in 2018, with over 446.5 million records being exposed. – Statista
- Data breaches exposed 4.1 billion records in the first half of 2019. – Forbes
Data Breach Prevention Statistics
Identifying and eliminating cybersecurity risks to your data is the best way to protect your organization. Read on to learn how companies are shifting their budgets and priorities to protect themselves from falling victim to cyberattacks.
- Worldwide spending on information security and risk management technology and services is forecast to grow 12.4% to reach $150.4 billion in 2021. – Gartner
- The Gartner 2021 CIO Agenda Survey found that cybersecurity was the top priority for new spending, with 61% of the more than 2,000 CIOs surveyed increasing investment in cyber/information security this year. – Gartner
- Around 63% of companies have implemented a biometric system — or plan to soon. – Veridium
- The global cybersecurity spending will likely exceed $1 trillion cumulatively from 2017 to 2021. – Cybersecurity Ventures
- According to Symantec’s 2019 Internet Security Threat Report (ISTR), the number of ransomware attacks fell by 20% in 2018 compared to the 2017 figure. – Symantec
- Spending in the cybersecurity niche is spread over a number of areas, with 20% allocated to on-premises infrastructure and hardware, 19% to skilled staff, and 16% to on-premises tools and software. – CSO
Avoid becoming a data breach statistic by implementing data security measures. Check out the Nira blog to learn data best practices to effectively identify and eliminate cyber threats.