<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

Cost of a Data Breach: 19 Facts and Stats to Know in 2023

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

Data breaches are a growing concern for businesses and consumers alike. Not only do data breaches put sensitive information in the hands of cybercriminals, but they also cost organizations large sums of money to remediate and recover from.

Businesses need to be aware of the cost of a data breach as well as the latest trends in cybersecurity to develop appropriate prevention and response strategies. This article will review the latest statistics on data breach costs and several best practices for eliminating unauthorized data access.

Easy Data Breach Cost Facts and Stats Finder

1. The average data breach costs globally in 2022 were $4.35 million, a 2.6% rise from the 2021 amount of $4.24 million.

2. The average cost of a data breach in the healthcare industry is $10.10 million. And the average cost of a data breach in the financial industry is $5.97 million.

3. The average data breach cost in the United States is $9.44 million as of 2022.

4. From 2011 through 2021, the number of data compromises in the United States is up over 340%.

5. Cybercrime is expected to inflict annual damages of $10.5 trillion by 2025.

6. The global cybersecurity market is expected to grow 9.7% annually and reach $345.4 billion by 2026.

7. Investment in privacy and security companies reached $9.9 billion in 2019. This is up nearly sevenfold compared to the $1.5 billion invested in 2011.

8. Compromised credentials are the leading cause of data breaches.

9. 53% of global internet users are more concerned about their online privacy than they were previously.

10. 88% of company boards view cybersecurity as a core business risk.

11. Gartner predicts that more than 50% of C-suite executives will have cybersecurity performance reviews built into their contracts by 2026.

12. The average data breach took 277 days to resolve in 2022.

13. The average cost of a data breach due to ransomware is $4.54 million. And the average cost of a destructive attack is $5.12 million.

14. Organizations with a private cloud save an average of $780,000 in data breach costs.

15. The average security breach cost is more than $1 million higher when remote work is a contributing factor.

16. Organizations who have tested their incident response plan save an average of $2.66 million in data breach costs.

17. 4,800+ websites per month are compromised with malicious code in form-jacking attacks.

18. Small businesses are the victims of more than 28% of data breaches.

19. The World Economic Forum considers large-scale cyber attacks one of the top five most likely global risks.

19 Facts and Stats to Know About Data Breach Costs in 2023

Data breaches happen every day, and they are only becoming more common. These 12 staggering statistics put the problem into perspective and demonstrate why data security is worth investing in — before it's too late.

1. The average data breach costs globally in 2022 were $4.35 million, a 2.6% rise from the 2021 amount of $4.24 million.

According to Statista, the cost of a data breach is on the rise. [1] And the most significant contributor to data breach costs is time until detection.

The sooner businesses can identify a vulnerability, the fewer resources they will typically need to spend on remediating it. This is, in part, because undetected data breaches expose more and more customer data over time.

2. The average cost of a data breach in the healthcare industry is $10.10 million. And the average cost of a data breach in the financial industry is $5.97 million.

As of March 2022, the healthcare industry faces the most expensive data breach costs of any sector. At just over $10 million per incident, the industry has seen a 42% spike in this figure since 2020.

Meanwhile, the financial industry experiences the second-highest data breach costs. Each occurrence costs nearly $6 million on average. [2]

3. The average data breach cost in the United States is $9.44 million as of 2022.

Data breaches cost U.S. businesses more than any other country — and more than twice the global average. For the 12th consecutive year, the United States has earned this unfortunate distinction, according to data from IBM. [3]

4. From 2011 through 2021, the number of data compromises in the United States is up over 340%.

Not only are data breach costs up, but data breaches are also becoming much more common. In 2021, the U.S. saw 1,862 data compromises. [4] This broad definition includes data breaches, leaks, and exposures in which an unauthorized actor gains access to sensitive data. This figure represents a 340% uptick compared to the 419 such instances in 2011, just one decade earlier.

5. Cybercrime is expected to inflict annual damages of $10.5 trillion by 2025.

Cybersecurity Ventures predicts a 15% annual growth rate in cybercrime costs through 2025. [5] This estimation factors in both an increase in hacking activity and a larger digital attack surface for criminals to target.

In 2015, cybercrime cost $3 trillion globally in data destruction, stolen funds, business disruption, and reputational harm. And if Cybersecurity Ventures is correct, this number will exceed every national GDP except for the U.S. and China within 2 years.

6. The global cybersecurity market is expected to grow 9.7% annually and reach $345.4 billion by 2026.

As data breach costs and frequency grow, so does the cybersecurity market size. Businesses that protect computer networks from cyber threats are seeing significant tailwinds as consumers,  governments, and corporations invest more in prevention and recovery. These investments are predicted to generate almost 10% annual growth over the next few years. [6]

7. Investment in privacy and security companies reached $9.9 billion in 2019. This is up nearly sevenfold compared to the $1.5 billion invested in 2011.

Fortunately, the explosion in data breach costs and the prevalence of cyber-attacks are not going unnoticed. Investors around the world are pouring more resources than ever before into data security and data privacy solutions. [7] With nearly $10 billion deployed toward these software startups in 2019 alone, data protection is a major focus for the modern global economy.

8. Compromised credentials are the leading cause of data breaches.

Compromised or stolen login credentials represent 19% of cyber attacks, narrowly surpassing phishing as the most common cause of security breaches. IBM reports that compromised credentials also take the longest time to identify at 327 days. [3]

9. 53% of global internet users are more concerned about their online privacy than they were previously.

Although data breaches are difficult to detect, their potential consequences are well understood. In fact, according to data from Statista, more than half of global internet users report an increased level of concern about their data privacy — a clear sign of data breach fatigue. [8]

As online security threats and data breach costs continue to rise, businesses must remain vigilant and invest in data privacy initiatives to mitigate their risks. Users will likely continue to focus on data privacy issues, and businesses that prioritize data security will gain a competitive edge.

10. 88% of company boards view cybersecurity as a core business risk.

If the security breach cost statistics outlined in this article are unsettling you — you are not alone. Prominent companies around the world are increasingly viewing data security as a core business risk, and boards of directors are taking proactive steps to ensure data protection. 

According to data from Gartner, 88% of boards have deemed cybersecurity a business risk rather than "a technical IT problem." [9] And 13% of boards have gone a step further in creating committees specifically designated to managing data security topics. 

11. Gartner predicts that more than 50% of C-suite executives will have cybersecurity performance reviews built into their contracts by 2026.

As boards take data security more seriously, C-suite executives are being held to a higher standard as well. Gartner expects that within three years more than half of C-level executive reviews will be tied to data security performance metrics.

This trend makes one thing clear: large corporations recognize that data breaches must be taken seriously, and data breach costs must be managed.

12. The average data breach took 277 days to resolve in 2022.

Organizations must take data security seriously, but they’re not always successful. Despite efforts to thwart cyber attacks, the average data breach took 277 days to detect and resolve in 2022 (up slightly from the previous year). Businesses that were able to resolve breaches quickly in under 200 days — saved an average of $1.12 million in data breach costs.

13. The average cost of a data breach due to ransomware is $4.54 million. And the average cost of a destructive attack is $5.12 million.

Ransomware is a category of malware designed to block access to computer systems until a ransom is paid. Destructive attacks, on the other hand, are malicious data breaches designed to disrupt or destroy an information system or the information itself.

Data from IBM shows that these types of breaches are particularly costly. [3] Plus, ransomware is on the rise. The share of cyber attacks perpetrated with ransomware increased by 41% year over year.

14. Organizations with a private cloud save an average of $780,000 in data breach costs.

Approximately 45% of breaches happen in the cloud, but not all clouds are created equal. IBM reports that the average security breach cost for an organization with public clouds is $5.02 million. Organizations with private clouds, however, experience data breach costs of $4.24 million on average. 

15. The average security breach cost is more than $1 million higher when remote work is a contributing factor.

Unfortunately, the rise of remote work is contributing to the increase in data breach costs. Businesses that experience a cyber attack in which remote work is a factor shell out more than $1 million more, on average, in recovery costs. The additional time until detection and complexity in diagnosing a data breach when remote work is involved makes data security even more critical in today's work environment.

16. Organizations who have tested their incident response plan save an average of $2.66 million in data breach costs.

Simply having an incident response plan isn't enough companies also need to proactively test their plan. While this may seem like an unnecessary step, data gathered by IBM shows otherwise. Companies that have practiced implementing their plan save $2.66 million in data breach costs on average.

17. 4,800+ websites per month are compromised with malicious code in form-jacking attacks.

Large-scale data breaches like Equifax and Yahoo are not the only data security threats businesses need to consider. More targeted form-jacking attacks have grown in popularity over the last few years.

Form-jacking refers to malicious code that is injected into websites, usually through a security vulnerability, to steal shoppers' credit card details. Symantec reports that more than 4,800 unique websites are attacked in this way each month. [10] Even well-known businesses like Ticketmaster and British Airways have been subjected to these cyber attacks.

18. Small businesses are the victims of more than 28% of data breaches.

Big businesses may be the primary target of cybercrime, but small businesses are just as vulnerable. Data from Verizon shows that small businesses are the victims of more than a quarter of all data breaches. [11]

Small businesses often lack the necessary data security measures to protect their data, leaving them more prone to attacks. And given the extraordinary cost of a data breach, these attacks can be financially devastating for most SMBs. 

19. The World Economic Forum considers large-scale cyber attacks one of the top five most likely global risks.

Data breach costs are not the only concern associated with cyber attacks. In fact, global leaders surveyed by the World Economic Forum (WEF) named large-scale cyber attacks one of the biggest global risks facing our world. [12] After three environmental threats, the WEF lists data theft and cyber attacks as the fourth and fifth most likely threats.

What Determines the Cost of a Data Breach?

As cyber-attacks become more frequent and the cost of a data breach continues to rise, businesses may wonder what goes into making data breaches so expensive.

Here are the four main categories of data breach costs:

1. Detection and response

This category includes the costs associated with identifying a data breach and mitigating the damage. Detection requires both data monitoring and data analysis tools such as honeypots, antivirus software, firewalls, and data loss prevention (DLP) tools. Response requires a data breach assessment, containment, and IT support or consulting services.

2. Legal expenses

If customer data is breached, companies may have to pay for legal representation and any associated fines or settlements. This can include data privacy lawyers, data protection compliance experts, and advisory services.

Legal expenses can vary widely depending on the size, scope, and severity of the data breach. For example, in 2019 Equifax agreed to a $425 million settlement to resolve all outstanding class action claims related to their mega-breach. [13] Similarly, Yahoo penned a $117 million deal for their multiple data breaches that affected billions of users. [14]

These cases are known to take years of litigation before a final judgment is reached. And even after a data breach is resolved, legal costs often remain an ongoing expense for afflicted companies.

3. Data loss and data recovery

First and foremost, data loss and data recovery costs include forgone revenue from data that can no longer be used. In the event of data destruction, businesses may lose customer relationships, data backups, and other monetizable assets.

But even when the data is recoverable, data breach response teams must often pay for data restoration services and data recovery software. Data forensics investigations can be costly, especially if specialized software and data analysis experts are required. And in the meantime, businesses are unable to generate revenue from the temporarily unusable data.

4. Customer notifications

Businesses must notify their afflicted customers after a data breach. Initially, this requires data mapping and classification to identify the correct subjects and exposed data. After this process is complete, data breach notification letters must be drafted, printed, and mailed out to customers.

Companies typically have to pay for data breach phone hotlines and websites as well. These services provide customers with an outlet to contact security response teams and receive information about the breach and how to best respond.

When taken together, these data breach costs can add up quickly. To mitigate data loss and minimize associated expenses, businesses can develop data breach response plans or take out insurance for potential cyber-attacks. These proactive measures will help to protect data and reduce data breach costs in the long term.

How Are Data Breaches Resolved?

Data breaches are resolved in a variety of ways depending on the cause of the attack and the severity of the exposed data.

For small-scale data breaches, data security teams will typically perform an analysis to determine the cause of the leak and patch up any vulnerabilities. This may include data protection system updates, data deletion protocols, or data encryption processes. Afterward, the cybersecurity team will perform data restoration processes and data recovery tests.

For more severe data breaches, data security teams may need to work with data privacy lawyers to address any outstanding legal claims. They will take data breach response measures such as data protection compliance reviews, data monitoring services, and data security awareness training.

Business executives will also review data breach insurance policies to determine if data breach costs can be offset or reimbursed. And after the remediation process is complete, the affected data is securely destroyed or returned to the original owners.

Lastly, companies may need to replace outdated digital infrastructure and data storage systems to prevent breaches from occurring in the future. Data security teams must then deploy data loss prevention and data governance frameworks to protect the new systems.

This entire operation is both time-consuming and costly, which is why companies need 9 months on average to fully resolve a cyber attack. Even then, data breach costs rarely cease after the incident has been rectified. Companies may take years to recover from data breaches depending on the volume of data exposed and any legal ramifications.

Avoid the Cost of a Data Breach with StrongDM

Data breach costs are a concern for every organization. As these cyber-attacks happen more and more often and become increasingly expensive to resolve, data security is more important than ever.

StrongDM helps you avoid costly data breach incidents entirely. With strict access and authentication controls built in, StrongDM lets you manage and secure access across clouds, databases, applications, and more.

Track and capture every session, query, and command across all infrastructure, so you can quickly detect and respond to suspicious data activities. StrongDM lets you see that your data is safe—so you can rest assured that your business won't be the victim of a breach.

To strengthen your data protection strategy, give StrongDM a spin and sign up for a 14-day free trial today.


References

  1. Global average cost of a data breach 2022 | Statista
  2. Global average cost of a data breach by industry 2022 | Statista
  3. Cost of a data breach 2022 | IBM
  4. Data breaches and individuals impacted U.S. 2022 | Statista
  5. Cybercrime To Cost The World $10.5 Trillion Annually By 2025
  6. Global cybersecurity market forecast 2026 | Statista
  7. Investment in privacy and security companies worldwide 2019 | Statista
  8. Global opinion: concern about online privacy 2019 | Statista
  9. Gartner Reprint: Cybersecurity Leaders Are Losing Control in a Distributed Ecosystem
  10. Internet Security Threat Report | Symantec
  11. 2022 Data Breach Investigations Report | Verizon
  12. These are the biggest global risks for this year | World Economic Forum
  13. The Equifax Breach Settlement Offer is Real, For Now – Krebs on Security
  14. Yahoo Data Breach Class Action Settlement - Top Class Actions

About the Author

, Marketing Expert, Daniel Anderson is a marketing expert who writes about entrepreneurship, business, and personal finance. Learn how to launch an ecommerce business, scale through digital marketing, and plan for financial freedom with step-by-step guides at . TheMoneyManiac.com

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

Cloud Native Security: Definition, Challenges, and Solutions
Cloud Native Security: Definition, Challenges, and Solutions
Cloud native security solutions can help organizations like yours protect your cloud resources, no matter when you transitioned to the cloud. Here’s everything you need to know about integrating cloud native security.
25 Surprising Employee Onboarding Statistics
25 Surprising Employee Onboarding Statistics in 2023
Today there are numerous technologies and solutions to help organizations create an active onboarding experience for employees. But what do the employee onboarding statistics say about the process?
LDAP vs. Active Directory: Everything You Need to Know
LDAP vs. Active Directory: Everything You Need to Know
Struggling to understand the difference between Active Directory and LDAP? Don't worry, we’ll make it simple. These are just two among many methods that can provide secure user authentication and authorization. The information in this article will help you decide if LDAP or Active Directory is right for your organization. Robust security and a seamless user experience are attainable, and you can have both!
What is an Attack Vector? 15 Common Attack Vectors to Know
What is an Attack Vector? 15 Common Attack Vectors to Know
In this article, we’ll take a deep dive into attack vectors. You’ll learn what they are, the most common types, how they’re used, and why hackers continually use them to exploit vulnerabilities. By the end of this article, you'll have a thorough understanding of the fifteen most common types of attack vectors and what you can do to prevent your organization from falling victim to them.
Top 7 Identity and Access Management (IAM) Solutions
Top 7 Identity and Access Management (IAM) Solutions for 2023
In this article, we’ll compare the top IAM solutions: StrongDM, CyberArk Identity, Okta, BeyondTrust, ManageEngine AD360, Saviynt, and Twingate. We’ll explore what business needs identity and access management solutions address, and review the pros and cons of each. By the end of this article, you’ll know how to choose the right IAM solution for your organization.