30 Things You Need To Know About Data Breaches

Data Breach History

1. March 2005 marks the first data breach to compromise more than 1 million records (DSW, 1.4 million credit card numbers and names on those accounts). (Norton)

2. The 2016 FriendFinder breach was noteworthy because of the 412 million accounts affected,  but also due to the adult nature of the sites. (Norton)

3. In January 2005, First data breach affecting a college – George Mason University; names, pictures and SSN of 32,000 students and staff. (Norton)

4. Just in the first half of 2019, over 4.1 billion records have been exposed because of data breaches. (Forbes)

5. In 2014, Yahoo breaks the record for the largest data breach of all time with an astounding 3 billion accounts breached. (CSO Online)

6. By 2018, social media incidents accounted for over 56% (or over 2.6 billion) of the 4.5 billion data records compromised worldwide. (IT Web)

Cost of a Data Breach

7. The average cost of a data breach in the United States is $8.19 million. (IBM)

8. Healthcare organizations had the highest cost of a breach – $6.45 million on average (over 60% more than other industries in the study). (IBM)

9. Globally, the average cost of a data breach is $3.92 million. (IBM)

10. The average cost of lost business globally after a data breach is $1.42 million. (IBM)

11. Malicious attacks were the most common attacks in 2019 (over human error and system glitches), and also the most expensive costing an average of 4.45 million. (IBM)

12. Companies with a well-tested incident response team saved an average of $1.2 million. (IBM)

Risk of a Data Breach

13. 62% of small businesses experienced phishing and social engineering attacks in 2018. (Cybint)

14. 58% of companies have over 100,000 folders open to every employee. (Varonis)

15. 43% of cyber attacks target small businesses. (Varonis)

16. 30% of companies have over 1,000 sensitive folders open to everyone. (Varonis)

17. 29% of all breaches, regardless of attack type, involved the use of stolen credentials. (Verizon)

18. In healthcare, 59% of data breaches involve internal actors, compared to an average of a 34% average across all industries. (Verizon)

Data Breach Prevention

19. Many breaches are a result of poor security hygiene and a lack of attention to detail. Keep it clean, and create baseline security standards. (2019 DBIR)

20. Scrub those packets! DDoS protection is an essential control for many industries. Guard against nonmalicious interruptions with continuous monitoring and capacity planning for traffic spikes. (2019 DBIR)

21. Track insider behavior by monitoring and logging access to sensitive data. (2019 DBIR)

22. Use Two Factor Authentication for everything! (2019 DBIR)

23. Monitor email for links and executables. Give your team a way to report potential phishing. (2019 DBIR)

24. Consider adding file integrity monitoring on payment sites, in addition to patching operating systems and coding payment applications. (2019 DBIR)

Data Breach Overview

25. It takes an average of 279 days to identify and contain a data breach. (IBM)

26. Currently, 71% of all data breaches are financially motivated and 25% are motivated by espionage. (Verizon)

27. A breach lifecycle under 200 days costs $1.2 million less than a breach lifecycle over 200 days. (IBM)

28. In 2018, actors identified as nation-state or state-affiliated were involved in 23% of breaches. (Verizon)

29. 33% of data breaches include a social engineering attack. (Verizon)

30. In 2018, 1 in 10 URLs analyzed were malicious, up from 1 in 16 in 2017. (Symantec)

PlexTrac Team Editorial Group At PlexTrac, we bring together insights from a diverse range of voices. Our blog features contributions from industry experts, ethical hackers, CTOs, influencers, and PlexTrac team members—all sharing valuable perspectives on cybersecurity, pentesting, and risk management.