Suffering a data breach is no longer a question of if but when. Planning for data security is mission-critical now for all businesses, no matter whether you are a small company or a large enterprise. We have been researching data breaches and data security for a while now and we’ve compiled some of the more interesting stats into 50 Startling Data Breach Facts Every Business Should Know:

Control where your data is and how it’s stored, shared and accessed

Get Started Now

Suffering a data breach is no longer a question of if but when Click To Tweet

1. Most data breaches are now done for the purpose of identity theft rather than e.g. stealing financial information.
2. 55% of data breaches were perpetrated by malicious outsiders, 25% due to accidental loss, 15% by malicious insiders.
3. Only 4% of data breaches involved encrypted data and all these stolen records were not usable.
4. Accidental breaches accounted for just 18% of incidents but 76% of breached records.
5. 11% drop in the number of data breaches from 1,981 in 2016 to 1,765 in 2017. But security incidents are getting faster and larger in scope.
6. The total number of records breached every day, hour, minute, and second nearly doubled in the span of a year.
7. Incidents involving accidental loss increased significantly from under 250 million in 2016 to nearly 2 billion the following year.
8. Identity theft continues to be a major type of data breach, responsible for 682,506,529 compromised records and 1,222 incidents in 2017.
9. The average size of data breaches increased 1.8% to more than 24,000 records per breach.
10. Average days to identify a data breach was 191 days in 2017
11. Average days to contain a data breach was 66 days in 2017
12. Average cost of a stolen data record to an organisation is $221.
13. 55%of respondents said complying with privacy and data regulations was their top driver for adopting encryption technology.
14. The average global cost of data breach per lost or stolen record was $141.
15. Health care stolen record average cost was $380
16. Financial services stolen record average cost was $245
17. Media sector stolen record average cost was $119
18. Research sector stolen record average cost was research $101
19. Public sector stolen record average cost was $71
20. The more records lost, the higher the cost of the data breach from $1.9 million for incidents with less than 10,000 compromised records to $6.3 million for incidents with more than 50,000 compromised records.
21. Incident response teams reduced cost by as much as $19 per compromised record.
22. Extensive use of encryption reduced cost by $16 per compromised record.
23. The 4 top factors that can influence data breach costs are (1) compliance failures, (2) the extensive use of mobile platforms, (3) CPO appointment and (4) the use of security analytics.
24. 90% of CIOs expect to be attacked because they’re blind to new threats.
25. 87% of CIOs believe their security defences are less effective since they can’t inspect encrypted traffic for attacks.
26. 79% of CIOs agree that their core strategy to accelerate IT and innovation is in jeopardy because these initiatives introduce new vulnerabilities.
27. Hacking and malware was responsible for 25% of all data breach incidents over that time.
28. Health care is the most impacted industry for data breaches, followed by the government and retail sectors.
29. 89% of healthcare organizations reported a breach involving the loss of patient data in the past two years.
30. Identity theft rates: health care industry 29.8%, Retail 15.9% and Education 10.9%.
31. 43% percent of cyber attacks target small business.
32. 64% of companies have experienced web-based attacks.
33. Human error accounted for almost two-thirds (62%) of the incidents reported to the ICO UK’s Information Commissioner’s Office.
34. Data breaches that result from malicious attacks are the most costly.
35. 59% of employees steal proprietary corporate data when they quit or are fired.
36. There are 4 types of insider threats:
a. Malicious insiders
b. Administrators with privileged identities
c. Exploited insiders who are “tricked” by external parties into providing data or passwords they shouldn’t.
d. Careless insiders who press the wrong key and accidentally delete or modify critical information.
37. External breaches account for 75% while Insider breaches are 25%.
38. 63% of employees share sensitive data over email frequently, making it a significant risk factor for businesses.
39. 45% of employees have accidentally shared key information in emails to unintended recipients.
40. 27% of employees have received emails containing personal information in error from people outside of their company.
41. 26% of employees also admit to receiving attachments in error from people outside of their company.
42. Less than half of employees are fully aware of the agreed process in their organisation when they receive an email in error from outside their company.
43. 62% of outside attackers used hacking techniques targeting misconfigurations, vulnerabilities and exploits.
44. There was a 5x increase in the theft of usernames and passwords between 2012 and 2016.
45. Breaches that used hacking techniques (misconfigurations, vulnerabilities or exploits) also leveraged stolen or weak passwords.
46. 14% percent of breaches were the result of privilege misuse.
47. The number of privilege misuse incidents dropped 26% year over year, however, the number of confirmed data losses increased by 61%.
48. Only 3% of breaches come from partners.
49. Data breaches must be reported to your data commissioner office within 72 hours of becoming aware of the incident under new rules for the GDPR.
50. Companies can be fined up to 4% of the annual revenue or EUR 20 million under the GDPR for non-compliance.

Recommended reading: These are the Colossal Facts and Costs of a Data Breach

Ready to give Rinodrive a go? Signing up for a free trial is just

a click away

Which of the 50 data breach facts was most startling to you? Tell us your thoughts in the comments below. 

Join our conversation ‘all about data’ on Twitter and LinkedIn. And keep up with what’s going on in the world of data by trusting us with your email for monthly mailings (and we store it on Rinodrive so it’s super safe).