130 Data Breach Statistics 2023 – The Complete Look

Here is a few main statistics involving the most common kind of attacks that lead to data breaches, ransomware, and phishing.

Global number of breached data sets Q1 2020-Q1 2023

During the first quarter of 2023, more than six million data records were exposed worldwide through data breaches. Since the first quarter of 2020, the highest number of exposed data records was detected in the fourth quarter of 2020, nearly 125 million data sets.

Number of data records exposed worldwide from 1st quarter 2020 to 1st quarter 2023 (in millions)

Characteristic	Number of exposed records in millions
–	–
–	–
–	–
–	–
–	–
–	–
–	–
–	–
–	–
–	–
–	–
–	–
–	–

You need a Statista Account for unlimited access

• Immediate access to 1m+ statistics
• Incl. source references
• Download as PNG, PDF, or XLS

Already have an account? Login
Show source
Source
Show detailed source information? Register for free Already a member? Log in
In cooperation with
Release date
More information
Survey time period

Q1 2020 to Q1 2023

Special properties

Based on the source characteristics, wider industry metrics may vary.

Citation formats
Citation formats View options
Other statistics on the topic

Cyber Crime & Security

Most reported cyber crime in the U.S. 2022, by number of individuals affected

Cyber Crime & Security

Annual amount of financial damage caused by reported cybercrime in U.S. 2001-2022

Cyber Crime & Security

Share of cyber attacks in global industries worldwide 2022

Cyber Crime & Security

Cyber crime incidents worldwide 2021-2022, by industry and organization size

Profit from additional features with an Employee Account

Please create an employee account to be able to mark statistics as favorites. Then you can access your favorite statistics via the star in the header.

Profit from the additional features of your individual account

Currently, you are using a shared account. To use individual functions (e.g., mark statistics as favourites, set statistic alerts) please log in with your personal account. If you are an admin, please authenticate by logging in again.

To download this statistic in XLS format you need a Statista Account

To download this statistic in PNG format you need a Statista Account

To download this statistic in PDF format you need a Statista Account

As a Premium user you get access to the detailed source references and background information about this statistic.

As a Premium user you get access to background information and details about the release of this statistic.

As soon as this statistic is updated, you will immediately be notified via e-mail.

… to incorporate the statistic into your presentation at any time.

You need at least a Starter Account to use this feature.

You need to upgrade your Account to download this statistic

• Immediate access to statistics, forecasts & reports
• Usage and publication rights
• Download in various formats

Already have an account? Login
You need one of our Business Solutions to use this function

• Immediate access to statistics, forecasts & reports
• Usage and publication rights
• Download in various formats

Already have an account? Login
Statista Accounts: Access All Statistics. Starting from $1,788 USD / Year
Basic Account
Get to know the platform

You only have access to basic statistics.
This statistic is not included in your account.

Starter Account
The ideal entry-level account for individual users

• Instant access to 1m statistics
• Download in XLS, PDF & PNG format
• Detailed references

$189 USD $149 USD / Month *
in the first 12 months
Professional Account
Full access

Business Solutions including all features.

* Prices do not include sales tax.

Statistics on ” Cybercrime in Canada “

The most important statistics

• Number of police-reported cyber crimes in Canada 2014-2021
• Number of police-reported cyber crimes in Canada 2014-2021, by type
• Number of affected users in data breaches in selected markets 2021
• Most reported cyber crime in the U.S. 2022, by number of individuals affected
• Cyber crime incidents worldwide 2021-2022, by industry and organization size
• Data breaches worldwide 2021-2022, by target industry and organization size
• Global malware types detected most frequently 2020-2021

The most important statistics

• Annual amount of financial damage caused by reported cybercrime in U.S. 2001-2022
• Frequency of successful cyberattacks against businesses worldwide 2022
• Leading cyber crime victim loss categories U.S. 2022
• Share of cyber attacks in global industries worldwide 2022
• Number of breached accounts worldwide 2021-2022, by country
• Global number of breached data sets Q1 2020-Q1 2023
• Number of breached data points in Canada Q1 2020-Q1 2023
• Average total cost per data breach worldwide 2023, by country or region

The most important statistics

• Canada: share of companies that experienced data breaches 2022
• Forecasted YOY changes in reportable incidents in Canada 2022, by type
• Maturity level of Canadian and global organizations in data trust practices 2021
• Forecasted YOY changes in reportable incidents in Canada 2022, by threat vector
• Awareness level of of cyber risks in Canadian organizations 2021, by type
• Canada: organizations taking actions toward third-party risk management 2021, by type
• Organizations hit by ransomware attacks 2022, by country
• Canada: main concerns of small to medium-sized enterprise (SME) leaders 2022

The most important statistics

• Canada: practices of privacy policy in companies 2022
• Canada: safety from cyber bullying on social media 2022, by gender
• Canada: share of users providing financial information only on safe websites 2022
• Canada: changing passwords on sites requiring financial information 2022
• Canada: personal information available online to third parties 2022
• Canada: ways of securing passwords connected to financial information 2022
• Canada: importance of customer data protection 2022
• Canada: companies usage of customer information 2022

The most important statistics

• Canada: actions toward cyber simplification in organizations 2021, by action type
• Canada: companies with privacy risk assessment policies 2022
• Main security skills worldwide 2022
• Effectiveness of cybersecurity-related actions in global organizations 2022
• Countries with most cyber-resilient enterprises 2021
• Cyber security concerns of cyber leaders worldwide 2022
• Technologies used to enable secure work from home worldwide 2022
• Global companies at risk for cyber attacks according to CISOs 2021-2023, by country

Other statistics that may interest you Cybercrime in Canada

• Premium Statistic Number of police-reported cyber crimes in Canada 2014-2021
• Premium Statistic Number of police-reported cyber crimes in Canada 2014-2021, by type
• Premium Statistic Number of affected users in data breaches in selected markets 2021
• Basic Statistic Most reported cyber crime in the U.S. 2022, by number of individuals affected
• Basic Statistic Cyber crime incidents worldwide 2021-2022, by industry and organization size
• Basic Statistic Data breaches worldwide 2021-2022, by target industry and organization size
• Basic Statistic Global malware types detected most frequently 2020-2021

Cybercime and data breaches

• Basic Statistic Annual amount of financial damage caused by reported cybercrime in U.S. 2001-2022
• Basic Statistic Frequency of successful cyberattacks against businesses worldwide 2022
• Basic Statistic Leading cyber crime victim loss categories U.S. 2022
• Basic Statistic Share of cyber attacks in global industries worldwide 2022
• Basic Statistic Number of breached accounts worldwide 2021-2022, by country
• Premium Statistic Global number of breached data sets Q1 2020-Q1 2023
• Basic Statistic Number of breached data points in Canada Q1 2020-Q1 2023
• Premium Statistic Average total cost per data breach worldwide 2023, by country or region

Impact on businesses

• Premium Statistic Canada: share of companies that experienced data breaches 2022
• Basic Statistic Forecasted YOY changes in reportable incidents in Canada 2022, by type
• Premium Statistic Maturity level of Canadian and global organizations in data trust practices 2021
• Basic Statistic Forecasted YOY changes in reportable incidents in Canada 2022, by threat vector
• Basic Statistic Awareness level of of cyber risks in Canadian organizations 2021, by type
• Basic Statistic Canada: organizations taking actions toward third-party risk management 2021, by type
• Premium Statistic Organizations hit by ransomware attacks 2022, by country
• Premium Statistic Canada: main concerns of small to medium-sized enterprise (SME) leaders 2022

Online data protection

• Basic Statistic Canada: practices of privacy policy in companies 2022
• Basic Statistic Canada: safety from cyber bullying on social media 2022, by gender
• Premium Statistic Canada: share of users providing financial information only on safe websites 2022
• Premium Statistic Canada: changing passwords on sites requiring financial information 2022
• Premium Statistic Canada: personal information available online to third parties 2022
• Premium Statistic Canada: ways of securing passwords connected to financial information 2022
• Premium Statistic Canada: importance of customer data protection 2022
• Basic Statistic Canada: companies usage of customer information 2022

IT perspective and prevention

• Premium Statistic Canada: actions toward cyber simplification in organizations 2021, by action type
• Premium Statistic Canada: companies with privacy risk assessment policies 2022
• Premium Statistic Main security skills worldwide 2022
• Basic Statistic Effectiveness of cybersecurity-related actions in global organizations 2022
• Basic Statistic Countries with most cyber-resilient enterprises 2021
• Basic Statistic Cyber security concerns of cyber leaders worldwide 2022
• Premium Statistic Technologies used to enable secure work from home worldwide 2022
• Premium Statistic Global companies at risk for cyber attacks according to CISOs 2021-2023, by country

Further Content: You might find this interesting as well

Topics

Cybercrime in Canada Cyber bullying U.S. companies and cyber crime Media in Canada Cyber insurance

130+ Data Breach Statistics 2023 – The Complete Look

Data breach statistics reveal that the average cost of a data breach increased by 2.6% to $4.35 million in 2022 from $ 4. 24 million dollars in 2021. The average cost of a data breach for critical infrastructure organizations, however, was increased to $4.82 million dollars.

This Blog Includes show

The cyber world and all sectors in it have been increasingly under scrutiny for implementing, updating, and maintaining its cybersecurity measures in this increasingly risky cyberspace.

This article aims to reflect and ponder on the implications of data breaches plaguing the cyber world. Without further ado, here are the compiled data breach statistics 2023.

Top Data Breach Statistics for 2023

Here are the top data breach statistics for 2023:

1. Breaches caused by phishing took the third longest mean time to identify and contain at 295 days according to IBM’s 2022 Data Breach Report.
2. Nearly 22 percent of all data breaches are accounted for by phishing thus securing it a position as one of the most prevalent cybercrimes in the FBI’s 2021 IC3 Report.
3. 79% of critical infrastructure organizations didn’t employ a zero-trust architecture.
4. 45% of the data breaches were cloud-based.
5. 30% of all large data breaches occur in hospitals.
6. Data breaches exposed at least 42 million records between March 2021 and February 2022.
7. Yahoo experienced a data breach affecting nearly 1,000,000,000 individuals due to a malicious outsider who gained access through identity theft.
8. India’s biometric database Aadhar containing the personal data of almost every citizen (nearly 1.1 billion people) was exposed in a security breach.

General Data Breach Statistics 2023

• Around 817 data breaches have been reported in the U.S. since H1 2022.
• 2021 was one of the costliest years in terms of data breaches through phishing attacks in the last 17 years.
• 19% of data breaches occurred due to a compromise with a business partner.
• According to Ponemon Institute statistics, 77% of companies are woefully ill-prepared and planned when it comes to thwarting an attack or a data breach.
• 73% of cyber insurance claims from 2013-2019 were due to data breaches, incident response, and crisis management.
• 27% of data breach claims and 24% of first-party claims had exclusions within the insurance package that resulted in non-payout or partial payouts.
• Inconsistent cloud security configurations have led to over 69% of companies facing data breaches.
• In a cyber insurance claim due to a data breach, 71% of the loss falls under cyber policy coverage which is made up of insurer payments up to 44% and insured payments with retention at 27%.
• In a data breach insurance claim, the major chunk of its average cost can be broken down accordingly, forensic costs at 21%, defense at 18%, legal advice and cybersecurity experts at 13%, and credit monitoring and theft monitoring services come up to 14%.
• 36% of all data breaches involved phishing according to Verizon’s 2022 report.
• 90% of healthcare institutions have experienced at least one security data breach in the previous few years.
• 30% of most data breaches occur in large hospitals with a record of exposing patients’ private health information.
• In 2019, Facebook breaches were a major cause of data leakages.
• Major reasons for insurance claims in the IT and Communications sector were malicious data breaches (24%) and accidental data breaches (18%).
• More than 83% of organizations included in IBM’s Data Breach Report have experienced more than one breach.
• According to the statistics provided by IBM, 60% of organizations that were breached resulted in a price hike that was passed on to customers.
• Companies with fully deployed security AI experienced on average a 74-day shorter time to identify and contain data breaches, than those without — 249 days versus 323 days.
• The use of security AI and automation jumped by nearly one-fifth in two years, from 59% in 2020 to 70% in 2022.
• 19% of data breaches occurred due to stolen or compromised credentials in 2022 at an average cost of USD 4.50 million.
• Stolen and or compromised credentials were also the top vector of data breaches in 2021 by 20%.
• The cost difference was 27.6% between hybrid cloud breaches and public cloud breaches.
• The mean or average time to identify and contain a data breach fell from 287 days in 2021 to 277 days in 2022, a decrease of 10 days or 3.5%.
• 51% of healthcare organizations reported an increase in data breaches since 2019.
• 61% of healthcare data breach threats come from negligent employees.
• Nearly 93% of healthcare organizations have experienced a data breach in the past three years according to Herjavec Group’s 2020 Healthcare Cybersecurity Report and 57 percent have had more than five data breaches during the same timeframe.
• 2020 saw a 58% increase in healthcare industry targetted data breaches.
• Data breaches in healthcare went up by 42% since 2020 having the highest breach costs for the 12th year in a row.
• More than 2100 healthcare data breaches have been reported since 2009.
• 34% of data breaches in healthcare organizations came in the form of authorized access or disclosure.
• 6 percent of pediatric hospitals reported data breaches.
• At least 18% of teaching hospitals experienced a data breach.
• 47% of healthcare data breaches come from hackers or various IT incidents.
• According to HIPAA, healthcare data breaches in the U.S. have decreased by 48%.
• The U.S. pharma company Pfizer mistakenly leaked private data of the country’s prescription drug users in a data breach caused due to unsecured cloud storage.
• OneTouchPoint reported a massive data breach that affected over 1,073,316 individuals in mid-July of 2022.
• Broward Health based in Florida reported a data breach affecting 1.35 million people on January 2nd of 2022.
• The Shields healthcare data breach is the largest data breach reported in 2022 affecting over 2 million individuals.
• Tenet Healthcare-affiliate Baptist Medical Center suffered a cyberattack on April 24th, 2022 affecting 1.24 million individuals.
• Singapore-based Farrer Park Hospital had a breach between March 8, 2018, and Oct 25, 2019. The confidential medical information of 2000 individuals was automatically forwarded to a third party.
• Texas Tech University Health Sciences Center was hit by a data breach due to a hacking incident that was reported on June 7, 2022. The breach affected over 1,29 million people.
• In highly regulated industries such as healthcare, financial, energy, pharmaceuticals and education industries, an average of 24% of data breach costs were accrued more than two years after the breach occurred.
• Other common vectors of data breaches included cloud misconfiguration at 15% of breaches and vulnerability in third-party software at 13% of breaches.
• Breaches caused by business email compromise had the second highest mean time to identify and contain, at 308 days.
• Nearly three-quarters of organizations in the study said they had an IR plan, with 73% saying they did have an IR plan and 27% saying they didn’t have a plan for IR against data breaches.
• 63% of organizations with an IR plan said they regularly tested it, with 37% saying they didn’t regularly test the IR plan.
• Forty-five percent said the data breach occurred in the cloud, whereas 55% said the data breach didn’t occur in the cloud.
• In September 2017, Equifax announced that its systems had been breached affecting 148 million individuals. The data compromised included names, home addresses, phone numbers, dates of birth, social security numbers, and driver’s license numbers.
• Two-thirds of the people online have had their records stolen or compromised by bad actors by 2018.
• Identity theft is the most common type of data breach incident, accounting for 59 percent of all global data breach incidents in 2016.
• In 2019, the United States had 1,473 reported data breaches involving 164.68 million exposed records.
• Just 38% of organizations said their security teams were sufficiently staffed to meet their security management needs, while 62% said they weren’t sufficiently staffed.
• Myspace had a similar source of breach by malicious outsiders which resulted in account access to almost 360,000,000 records in 2013.
• From 2013 to 2017 the U.S.A. experienced a large number of data breaches at nearly 6550 while for the U.K. it was 570.
• The most targeted sector remains healthcare with over 2,248 breaches between 2013-2016.
• From 2013 to 2016, data breaches by malicious outsiders increased steadily.
• Twitter notified 330 million users of a glitch that stored passwords unmasked in an internal log, making all user passwords accessible to the internal network. This happened in May 2018.
• Clearview AI, a facial-recognition company that contracts with powerful law-enforcement agencies had its entire client list and over 3 billion photos stolen in 2020 February.
• Canva, in 2019 May, suffered a data breach that impacted 137 million users. The exposed data included email addresses, names, usernames, cities, and passwords stored as crypt hashes.
• 780,000 records are lost to hacking each day.
• Office applications accounted for 72.85% of exploited applications worldwide in the third quarter of 2019.
• 71% of breaches are financially motivated.
• 16% of data breaches involved Public sector entities.
• 43% of data breaches involved small businesses.
• 63% of organizations that have experienced a data breach are implementing biometric authentication.
• Organized crime groups were behind 39% of breaches.

Cost of a Data Breach

• According to IBM, the average cost of data breaches from 2020 to 2022 has seen a 12.7% hike from $3.86 million to $4.35 million.
• The average ransomware cost of $4.54 million is slightly higher than the overall average total cost of a data breach, USD 4.35 million.
• Data breaches in the U.S. cost up to 9.44 USD on average.
• USD 2.10 million was the cost savings of breaches at organizations that use risk quantification techniques versus those that don’t.
• At 16% phishing was the second most common reason for data breaches and the costliest averaging $ 4.91 million in breach costs.
• Statistics showed that in 2018 showed the average cost per data breach was around $150 for each compromised record.
• USA had the highest rate of costly data breaches in 2021 at $9.05 million according to IBM.
• Risk quantification had a considerable effect on data breach costs, saving up to USD 2.10 million on average.
• The average data breach cost during remote working was $1 million higher than the pre-pandemic scenario.
• Savings from data breaches when compared between fully AI-integrated organizations to those that haven’t revealed a $3.05 million dollar cost saving when compared to the $6.02 million loss for the undeployed companies.
• 41% of organizations in the study said they deploy a zero trust security architecture incurring up to $1 million when compared to 59% of organizations that do not deploy this.
• Factoring in remote work causing the breach, costs were an average of nearly USD 1 million greater than in breaches where remote working wasn’t a factor — USD 4.99 million versus USD 4.02 million.
• Remote work-related breaches cost on average about USD 600,000 more compared to the global average.
• Data breaches that happened in a hybrid cloud environment cost an average of USD 3.80 million, compared to USD 4.24 million in private clouds and USD 5.02 million in public clouds.
• Breach costs for pharmaceuticals were estimated at USD 5.01 million, technology at USD 4.97 million, and energy at USD 4.72 million.
• The top five countries and regions for the highest average cost of a data breach were:

1. United States at USD 9.44 million
2. Middle East at USD 7.46 million
3. Canada at USD 5.64 million
4. United Kingdom at USD 5.05 million
5. Germany at USD 4.85 million

• The per-record cost of a data breach hit a seven-year high from $158 in 2016 to $164 in 2022.
• With costs of $408 per record healthcare data breaches cost the highest of any industry.
• A recent study found that the average cost of a data breach is $ 4.24 million.
• The average cost of a healthcare data breach surpassed the general average of $ 9.23 million per incident.
• $10.10 million was the average cost of a data breach in the healthcare industry.
• An average of $ 9.3 million was the cost of healthcare data breaches per incident in 2021.
• Healthcare data breaches cost an average of $408 per record, which is three times higher than the cross-industry average of $148 per record.
• A data breach lifecycle of fewer than 200 days was associated with an average cost of USD 3.74 million in 2022.
• USD 5.57 million was the average cost of a breach for organizations with high levels of compliance failures.
• USD 2.66 million was the average breach cost savings at organizations with an IR team that tested an IR plan versus those with no IR team and who had not tested an IR plan.
• USD 1.51 million was the average breach cost savings associated with a mature zero trust deployment versus early adoption of zero trust.
• Ransomware breaches took 49 days longer than average to identify and contain.
• For those organizations that didn’t pay the ransom, the average cost of the breach was USD 5.12 million.
• For organizations that did pay the ransom, the cost of the breach was USD 4.49 million. The difference in average cost was USD 0.63 million, or 13.1%.
• For those organizations with the largest share of employees working remotely — 81% to 100% — the average cost of a data breach was USD 5.10 million.
• For organizations with the smallest share of employees working remotely — less than 20% — the average cost was USD 3.99 million.
• USD 550,000 was the average data breach cost savings of a sufficiently staffed organization versus an insufficiently staffed one.
• According to a 2020 report by Sophos, ransomware attack remediation efforts on average cost US$732,500 when a ransom is not paid, and US $1,448,458 when a ransom is paid.

Data Breach Statistics by Industry

28% of critical infrastructure organizations were targeted by malicious ransomware attacks. These sectors included healthcare, financial services, government organizations, and more.

Here are some industry-specific data breach statistics:

1. Healthcare

• In the case of healthcare-related claims, the triggering causes were malicious data breaches at 18% and accidental data breaches at 29%.
• The average breach in healthcare increased by nearly USD 1 million to reach USD 10.10 million.
• Healthcare breach costs have been the most expensive industry for 12 years running, increasing by 41.6% since 2020.
• A survey conducted revealed that nearly 70% of healthcare organizations saw longer hospital stays and delays in procedures due to ransomware attacks.
• 8% of healthcare data breach claims were triggered by ransomware attacks.

2. Finance

• The insurance sector faced major loss and claims triggers through malicious data breaches at 39% and accidental data breaches at 35%.
• Financial organizations had the second highest costs, averaging USD 5.97 million.
• The financial industry saw an increase from USD 5.72 million in 2021 to USD 5.97 million in 2022, an increase of USD 0.25 million or 4.4%.
• The financial sector experienced 137 breaches in 2018 that exposed 1.7 million accounts.

3. SMEs

• 95 percent of breached records came from three industries in 2016: Government, retail, and technology.

• Manufacturing organizations faced cyber insurance claims the most for malicious data breaches at 22%.
• With retail and wholesale businesses, the significant causes of an insurance claim were malicious data breaches (30%) and accidental data breaches (8%).

How do Data Breaches Occur?

Here is a few main statistics involving the most common kind of attacks that lead to data breaches, ransomware, and phishing.

1. Ransomware

Ransomware is malicious malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware is spread mainly through phishing emails.

• Eleven percent of breaches in an IBM study were ransomware attacks, a 7.8% increase from 2021, for a growth rate of 41%.
• The average cost of a ransomware attack went down slightly, from USD 4.62 million in 2021 to USD 4.54 million in 2022.
• 27% of malware breaches involve ransomware.
• A business will fall victim to a ransomware attack every 11 seconds in 2021.
• Compared to 2019, Malware attacks increased by 358%, and ransomware attacks increased by 435%.

2. Phishing

Phishing attacks are a type of social engineering that aims to trick you into revealing sensitive information like usernames or passwords.

• Phishing was the second most common cause of a breach at 16% and the costliest at USD 4.91 million in breach costs.
• Phishing attacks grew by 250% over the course of 2018.
• According to AICPA (2018), out of the 60% of Americans that have been exposed to fraud schemes, 26% were through phishing emails.
• Breaches caused by stolen or compromised credentials had an average cost of USD 4.50 million.

• Unless you’re sure of the source of links or attachments received, do not click on them.
• Use multi-factor authentication identity yourself by more than just your username and password.
• Do not entertain any requests for information.
• Use password manager to securely save all your passwords, credit cards, and personal info.

Conclusion

This article has provided a detailed compilation of data breach statistics for 2023. It has included relevant statistics revealing the costs of a data breach, specific incidents, and general data breach statistics that one needs to consider.