In today's digital age, data breach statistics continue to show that cybercriminals are more forceful than ever before. Although data breaches had already existed way before the internet was invented, the cases became more rampant when online transactions started to be an everyday occurrence. That said, it's good to know that most companies are becoming more vigilant about this matter.
What is a data breach?
A data breach is a security incident where sensitive or confidential information is accessed without permission. It happens when cyberattackers gain unauthorized access to a computer system and steal information for personal and financial gain.
Let's take a look at 30 data breach stats to gain more insight into the subject matter.
Selected Statistics on Data Breach (Editor's Choice)
- The number of passwords used by humans and machines is predicted to grow to 300 billion in 2020.
- 160,000 Nintendo user accounts were hacked in April 2020.
- 64% of Americans don't check if they were affected by a data breach.
- The first computer virus known as the Creeper was discovered in the 1970s.
- AOL was the very first to fall victim to a phishing attack in 1996.
- There have been more than 300 publicly disclosed data breaches involving the theft of 100,000 or more records in the US over the past 10 years.
- 43% of small businesses in the US and the UK don't have a cybersecurity defense plan.
- 83% of SMB data breaches are financially driven.
- 80% of nonprofit organizations don't have any cyberattack policy in place.
Top 10 Facts and Data Breach Statistics 2020
There are varying reports about data breaches amid the recent surge in work from home due to the COVID-19 crisis. Some are good, while most are bad, as usual. Let's take a look at the most significant facts and stats on data breach this year, so far.
1. There was a 33% drop in publicly reported data breaches in the US in the first half of 2020.
According to statistics, there was a 33% drop in data breaches in the US in the first half of 2020 compared to the same period in 2019. The number of affected individuals has also dropped to 66%. Following this, internal attacks have been at 83 cases only so far, since more workers work at home now with less access to their companies' internal access and data.
2. The number of passwords used by humans and machines is predicted to grow to 300 billion in 2020.
Passwords help ensure that only authorized individuals can access computer networks and systems, which is one of the ways to avoid data breaches. One of the data breach trends in 2020 is the increasing requirement for the use of passwords. In fact, the number of passwords used by humans and machines is predicted to grow to 300 billion in 2020.
3. Many Americans don't follow the recommended digital privacy and anti-data breach risk practices.
Digital privacy and anti-data breach risk practices include using a VPN, coming up with complex passwords, disabling cookies, using a private browser, and disabling geolocation data. Unfortunately, not many Americans apply these—only 24% use a VPN, 22% disable cookies or use a private browser, and 23% disable their geolocation data.
4. 330,000 personal information of Slickwraps was reported to have been breached on February 21, 2020.
According to FBI data breach statistics, Slickwraps, a maker of vinyl skins for gadgets, such as laptops, phones, and tablets, experienced a significant data breach of over 300,000 customers' personal information in February of this year. To make matters worse, hackers sent an email blast to all affected users containing their name and home address to show the company's lack of proper security measures.
5. The global information security market is forecast to grow at a five-year CAGR of 8.5%.
According to data breach cost statistics, the global information security market is forecast to reach $170.4 billion by 2022. The leaders in the market have already noted the organizations' increased awareness in addressing more complex threats.
6. Hackers attack computers every 39 seconds or 2,244 times a day.
The data breach index revealed that the average frequency of computers getting hacked is 39 seconds or 2,244 times a day. This quantifiable evidence resulted from the experiment where weak security was set up on computers, and all attacks were recorded.
7. 160,000 Nintendo user accounts were hacked in April 2020.
Nintendo is a Japanese video game giant with a strong global presence. Data breach statistics revealed that 160,000 user accounts were hacked early this year. Hackers must've used powerful malware that gave them access to emails, nicknames, birth dates, residency, etc. Some of them were even used for fraudulent purchases.
8. A new cryptomining malware called Norman was recently discovered.
One of the most common data breach trends these days affected the cryptocurrency world. A new cryptomining malware called Norman was discovered. It's a cryptomining infection that has spread to almost every computer in a mid-sized company.
9. 91 million Tokopedia user records were reported to have been breached in May 2020.
Tokopedia is Indonesia's largest ecommerce platform. Security researchers reported what could be one of the most expensive data breaches this year, with 91 million user records breached. What's more, hackers were selling the information that included names, emails, and password hashes for only $5,000 on the dark web.
10. Data breaches cost companies an average of $3.86 million per breach.
The data breach cost statistics revealed that data breaches cost companies an average of $3.86 million per breach, based on the experiences of over 500 companies worldwide. Moreover, intellectual property data breach to small businesses cost $8.64 million in 2020, intellectual property statistics show.
Meanwhile, employee data breach statistics reveal that compromised employee accounts were the most expensive root cause of those breaches.
Top 10 Historical Facts and Data Breach Statistics
Data breaches have been happening for many years now. It's worth looking back at the most significant facts and statistics about them.
11. Publicly recorded data breaches increased in frequency in the 1980s.
Although data breaches had already been happening before companies started to store confidential information and private records, the publicly reported data breach statistics showed that the frequency of data breaches disclosed publicly increased in frequency in the 1980s. It began with Experian, then called TRW when it was hacked, and 90 million stolen records.
12. Nearly half of all Americans were concerned about data breaches in the healthcare industry.
The healthcare data breach statistics show that nearly half of all Americans were concerned about data breaches in the healthcare industry. As healthcare is one of the most significant concerns of the Americans, it makes data breaches in this industry equally concerning for them.
13. 64% of Americans don't check if they were affected by a data breach.
According to a 2019 data breach report, the data breach literacy in the US doesn't look good as most people don't know what to do if they get affected by a breach. Based on a survey of 1,000 adult Americans, it was concluded that a whopping 64% never bothered to check if they were affected by a breach, and 56% said that they wouldn't know what to do if they were affected by a breach.
14. 2.4 million Dow Jones's identity records were exposed online in March 2019.
The most significant data breach statistics by the financial industry recorded in 2019 was the Dow Jones's breach case of 2.4 million identity records on its watchlist of high-risk individuals, including politicians and government officials.
15. A cyberattack on Careem in Dubai impacted 14 million users in January 2018.
The first on the massive list of cybersecurity statistics of 2018 was the cyberattack on Careem, Uber's counterpart in the Middle East. In January 2018, 14 million Careem users' personal data in Dubai were compromised, including their names, email addresses, phone numbers, and trip data.
16. The first computer virus known as the Creeper was discovered in the 1970s.
According to the federal data breach statistics, the very first recorded computer virus known as the Creeper was discovered in 1971. It was able to infiltrate through Arpanet and access computers that run through the TENEX operating system, displaying a message saying, "I'm the creeper, catch me if you can!"
17. AOL was the very first to fall victim to a phishing attack in 1996, according to data breach stats.
Phishing occurs when someone clicks the URL sent through fraudulent emails sent by hackers who appear to be from reputable companies. One of the first recorded instances happened in 1996 when the attackers were able to access passwords and credit card accounts through emails they sent.
18. Over 500 million guests of Marriott Hotel Starwoods had their personal information exposed in November 2018.
The data breach statistics 2018 showed that over 500 million Marriott Hotel guests had their personal information exposed when the guest reservation system was in November 2018. Hackers stole personal information, such as guests' names, phone numbers, passport numbers, email addresses, dates of birth, and travel dates details.
19. There have been more than 300 publicly disclosed data breaches involving the theft of 100,000 or more records in the US over the past 10 years.
Over the past ten years, the US has had more than 300 publicly disclosed data breaches. These retail data breach statistics include Target, with over 100 million compromised records, and Experian with over 200 million stolen records.
20. The United States Postal Services' (USPS) website exposed 60 million users' data in 2018.
A significant breach included in the massive number of data breaches in 2018 was the USPS' website that exposed 60 million users' data. Due to its security vulnerability, the site exposed phone numbers, home addresses, usernames, and phone numbers.
Top 5 Facts and Small Business Data Breaches Statistics
Small businesses serve as one of the pillars of the global economy, along with medium-sized businesses. That said, they have become favorite targets among criminals on a mission to steal data. Here are the tops five facts and small data breaches statistics worth noting.
21. 43% of small businesses in the US and the UK don't have a cybersecurity defense plan.
Surprising 2019 data breach statistics show that 43% of small businesses in the US and the UK don't have any cybersecurity defense plan. Instead, they would risk exposing their sensitive financial data, customers' information, and other sensitive information that may hurt the business and clients.
22. 70% of small businesses' employees had their passwords lost or stolen last year.
Based on the employee data breach statistics, seven out of ten small businesses' employees had their passwords lost or stolen in 2019. Mitigating the risk of data breaches is not solely an employer's responsibility, but it's a joint effort.
23. 43% of cybercriminals attack small businesses.
Cyberattacks are highest in small businesses. The data breach statistics 2019 confirmed that 43% of cybercriminals attack small businesses due to their lack of knowledge and resources, making them easier targets.
24. 83% of SMB data breaches are financially driven.
With the rise of ecommerce came the rise of data breaches. According to retail data breach statistics, 83% of SMB data breaches are financially motivated since most small businesses these days accept all forms of payments.
25. 85% of MSPs report that ransomware attacks are the biggest threats to small businesses.
Ransomware attacks are on the small business data breach statistics list as the most prominent malware threat to small businesses. On average, one in five small businesses reported having fallen victim to ransomware attacks. Those without IT services are more at risk.
Top 5 Facts and Nonprofit Data Breach Statistics
Even nonprofit organizations are not exempted from data breaches. Here, we look at the five most prominent facts and statistics about nonprofit organizations' data breaches.
26. 110 nonprofit organizations in the US have reported data breaches since 2005.
No matter how big or small nonprofit organizations are, they can fall victim to data breaches. From 2005 to 2019, 110 nonprofits in the US were listed.
27. In 2018, Critical Care, Pulmonary & Sleep Associates informed 23,000 patients that their personal data might have been breached as a result of a phishing attack.
According to healthcare data breach statistics, 23,000 patients' data were exposed in a phishing attack between August and November 2018. It was discovered that hackers gained access to multiple email accounts, but they couldn't determine which information was viewed or copied.
28. More than 70% of nonprofits never run their vulnerability assessment.
All organizations must run their vulnerability assessment so that they can evaluate their potential breach risks. However, for nonprofits, stats on data breach revealed that 70% never run their vulnerability assessment.
29. 80% of nonprofit organizations don't have any cyberattacks policy in place.
Having a policy in place to address cyberattacks mitigates breaches and all risks associated with it. However, cybersecurity statistics of 2018 revealed that only 20% of nonprofits have policies in place, while 80% don't have any.
30. 56% of nonprofit organizations don't require multi-factor authentication when logging in on their online accounts.
Multi-factor authentication (MFA) is vital in increasing safety and security to avoid data breach risks. However, 56% of nonprofits don't require multi-factor authentication when logging in to their online accounts, leaving most of them vulnerable to cyberattacks and data breaches.
Data Breach and the Digital World in a Nutshell
The internet has provided tremendous opportunities to everyone in all parts of the world, including cybercriminals. It has become a common ground for people who prey on individuals or companies. Anyone can fall victim to breaches, fraud, identity theft, or whatever you may call these scams.
There's no rule about who can be affected—small or large businesses, nonprofit organizations, high profile individuals, regular citizens, and even children. While there is no easy way to avoid it, we should all be vigilant about protecting our data. Keep your bank account, email addresses, passwords, and all other personal information safe and secure. Remember, it's better to be safe than sorry.