The Average Cost of A Data Breach: 11 Statistics to Shock You

Data breaches are one of the most lucrative ways to make money in the wild wild west of cybercrime, averaging $4.35 million per data breach in 2022. Hackers then use stolen data to compromise company activities, expenses, and confidential information. 

Sadly, no one is safe from cybercrime. Just ask this 2023’s victims; American Airlines, UPS Canada, Reddit, and many others that were hit with massive data breaches.

Read the following section to see which familiar names were victims of data breaches.

How Much Does a Data Breach Cost Companies on Average?

Significant technological advances come with many strings attached, increasing the risk of losing your data. Hackers turn to cybercrime to use your data against you and make a profit. In 2021 alone, cybercrime cost the world a whopping $6 trillion.

The global average data breach cost increased from $4.24 million in 2021 to $4.35 million in 2022. An IBM study showed that data breaches affected 17 countries and regions in 17 industries. 

In 2022 the average cost of a breach reached an all-time high. Is your company prepared for a multimillion-dollar data breach? Learn how security AI and automation can help you spend more money on your business and less money getting your business back up and running.

— IBM (@IBM) September 30, 2022

The high costs of data breaches rely on two factors:

• The absence and underrepresentation of security automation

• Incident response protocols within organizations. 

Many businesses go bankrupt due to lost revenue, low customer trust, and possible lawsuits. Unfortunately, data breaches aren’t going away anytime soon, with 83% of organizations reporting multiple breaches in 2022.

Average Data Breach Cost Per Industry

In this data-driven world, more cybercriminals are finding ways to exploit organizations to make a quick buck. Stealing data is one of the most lucrative activities for cyber attackers nowadays, with 4.1 billion records compromised in 2019 alone. 

Data breaches can happen because of weak passwords, malicious insiders, stolen devices, and ransomware. Ransomware is especially crippling for organizations. Businesses were attacked every 14 seconds by ransomware.

Who are the targets for these data breaches? Check out the facts.

1. On average, the healthcare industry paid $10.10 million for data breaches in 2022.

(UpGuard)

30% of all massive data breaches happen in the healthcare sector. Since 2018, 50% of healthcare institutions have reported a significant increase in data breaches.

In the first few months of 2022, this sector experienced 337 attacks, which affected 19,992,810 lives. 

Many healthcare organizations typically give in to any ransoms asked for in attacks because of the value of sensitive patient data and because healthcare services can mean life and death for patients.

Data breaches are exceptionally costly for the healthcare sector due to the following:

• legal and regulatory requirements
• notification and remediation costs
• legal expenses
• damage to reputation
• disruption of activities and lost productivity
• added cost of cybersecurity measures and insurance

The total cost of data breaches can be devastating for healthcare providers. In June 2023, an Illinois hospital fell into a financial spiral and declared bankruptcy after a crippling ransomware attack.

2. The financial industry ranked second, averaging $5.97 million per breach. 

(Statista)

Since cybercriminals can also maximize their impact and profit by attacking the industry, which revolves around money. They attack financial institutions because they store valuable and vital data, including sensitive information of high-value individuals who can be targeted too.

Most of these organizations are also shifting to digital apps and programs, which makes them vulnerable to cyber attackers.  Aside from data breaches, 60% of financial services were also targeted by phishing attacks.

One of the biggest cyberattacks in the financial sector occurred in 2019 when Capital One Bank’s records were exposed. The leak included social security numbers, bank account details, addresses, and phone numbers of more than 100 million clients.

MORE: Capital One discloses information that was compromised, including 140K social security numbers, 80K linked bank account numbers, and “personal information” from credit card applications from 2005 through early 2019. https://t.co/vpyWbVRRy9 pic.twitter.com/PtTBbzjH5U

— CNBC Now (@CNBCnow) July 29, 2019

3. The average data breach cost for small businesses is $108,000. 

(ProWriters, Forbes)

Since the rise of cybercrime and hackers, small businesses have been unlikely targets for cyber attacks. However, they've recently become frequent targets because criminals think they are less prepared. 

In 2021, 57% of small businesses believed cybercriminals wouldn't target them, but around 20% experienced a breach in the past year.

4. Critical infrastructure organizations became targets for data breaches in the United States. 

(CNet)

Cybercrime groups have been targeting the critical infrastructure industry in recent years. Ransomware attacks occurred against two major U.S. companies: Colonial Pipeline and JBS. 

This disruption caused panic buying among consumers as prices of meat and gasoline spiked. It also shut down both companies for days, even after paying millions as ransom.

Colonial Pipeline paid $4.4 million, and JBS shelled out $11 million. 

5. The overall cost of attacks on the education sector is around $3.56 billion. 

(Comparitech, Educause Review)

Almost 13% of breaches are linked to the education sector. These attacks impacted many students, educators, and parents through canceled learning sessions and inaccessible educational platforms. 

52% of the data breaches in this sector were ransomware attacks. Personal records were the main target of the attackers, exposing over 40 billion records worldwide. 

Average Data Breach Cost Per Country

In this data-driven world, more cybercriminals are finding ways to exploit organizations to make a quick buck. However, the average cost of data breaches differs from country to country, taking into consideration:

• regulatory environments
• cost of living
• cybersecurity maturity
• currency exchange and rates

Regardless, data breaches have significant financial implications globally, and trends predict that they will only grow bigger. The global cost of cybercrime will reach $10.5 trillion by 2025.

Let's check out the effects of data breaches per country!

6. In 2022, the average rate of a data breach in the US was $9.44 million. 

(Statista, IBM)

For 83% of companies, it's not a matter of whether a breach will occur. A data breach's actual cost should alarm large organizations, as the initial financial loss is only the start. Data breaches harm an institution's reputation and decrease future and current consumers.

While the average cost of a data breach in the US, the Middle East, Canada, and the UK, have risen, those of Germany, Japan, South Korea, France, Scandinavia, and Turkey saw a decrease.

7. India's average data breach cost is $2.2 million for the fiscal year 2022.

(IBM)

India's top attacks are stolen or compromised credentials, phishing, and accidental device and data loss. 50% of every ten compromised accounts are grabbed together with their passwords. 

Since 2004, 18% of every 100 Indians have suffered from personal information theft from cybercrime. The targeted data types are names, passwords, and phone numbers.

8. Russian companies and citizens spent up to $49 billion due to cyberattacks in 2020. 

(Reuters)

Russia urged its citizens to limit cash use and switch to bank cards. With this, the number of crimes associated with bank cards has risen to 500% in 2020. 

Deputy chairman Stanislav Kuznetsov expressed that Russian private sectors are the most vulnerable. Client's financial information and tender documents are the most targeted, with 2.3 million darknet accounts offering stolen data. 

9. The Health Service Executive of Ireland shelled out around $650 million because of a major ransomware attack. 

(UpGuard)

This attack impacted 520 patients and staff, compromised confidential corporate data, and forced a shutdown of local and national HSE networks - making it the most significant security breach against an Irish state agency organization. 

The National Cyber Security Centre claimed that the "Wizard Spider" hacker group used Cobalt Strike, a penetration testing tool, to infect the HSE's databases.  

10. LockBit attacked Kingfisher Insurance in 2022 and demanded $300,000 to return their data. 

(Insurance Age)

LockBit, one of the most notorious groups in ransomware attacks, infiltrated the Kingfisher Insurance databases in 2022, claiming that they had stolen 1.4TB of the company's data. This includes the employees' and customers' personal information. 

Lockbit #ransomware group added Kingfisher Insurance (https://t.co/2RQPr0jcHw) to their victim list. They claim to have access to 1.4 Tb of data which contains personal data of employees & customers, contacts, etc.#UnitedKingdom 🇬🇧#databreach #darkweb #cyberrisk #deepweb pic.twitter.com/3AXEFrt4dk

— FalconFeedsio (@FalconFeedsio) October 17, 2022

Kingfisher acknowledged this attack but said the cyber attackers couldn't have grabbed as much data as they claimed. Once their IT team discovered they were being attacked, they quickly blocked all external access to ensure less damage would occur. The investigation concluded that the attack did not impact the company's operations. 

11. Norwegian state-owned investment fund "Norfund" spent $10 million in the 2020 BEC scam. 

(UpGuard)

The hackers breached the company's email systems and started intercepting messages. They spent months learning how the investment fund operates by gathering valuable data and monitoring their correspondences. 

The criminals impersonated staff and faked communications to access payment details between the investment fund and a borrowing organization. They also intercepted a $10 million loan for a Cambodian microfinance group and sent the money to a Mexican bank account with the same name as the Cambodian group. 

Final Thoughts

Data breaches are costly and devastating for individuals and organizations alike. They span multiple industries in countries all around the world. While the average data breach cost differs from country to country, the global average was $4.35 million in 2022.

Cyberattacks can cripple entire companies within an hour, causing immense damage. Companies should prioritize securing data and invest in modern, innovative cybersecurity measures.