Overview
As more and more companies experience crippling security breaches, the wave of compromised data is on the rise. Data breach statistics show that hackers are highly motivated by money to acquire data, and that personal information is a highly valued type of data to compromise. It’s also apparent that companies are still not prepared enough for breaches even though the cybertechnology landscape has dramatically advanced.
Below are the top 2022 data breach stats covering types of data breaches, industry-specific, risks, costs, as well as data breach defense and prevention resources supporting the importance of cybersecurity and how to better align organizational security budgets.
- The global number of web attacks blocked per day increased by 561 percent
- The number of data breaches has significantly increased within the past decade, from a mere 662 to more than 1,000
- Office applications were the most commonly exploited applications worldwide
- 80 percent increase in the number of people affected by health data breaches
- Formjacking attacks caused an average of 10 credit card breach per website earning cybercriminals over $32M+
Data Breach Cost
- The average total cost of a ransomware breach is $4.62 million, slightly higher than the average data breach of $4.24 million
- The average per record (per capita) cost of a data breach increased by 10.3 percent
- The average total cost for healthcare increased from $7.13 million to $9.23 million, a 29.5 percent increase
- Lost business opportunities represented the largest share of breach costs, at an average total cost of $1.59 million
- The average cost of a breach with a lifecycle over 200 days is $4.87 million
- 39 percent of costs are incurred more than a year after a data breach
- United States was the country with the highest average total cost of a data breach was at $9.05 million
- The average cost of a mega-breach was $401 million for the largest breaches (50 – 65 million records), an increase from $392 million
- Annually, hospitals spend 64 percent more on advertising the two years following a breach
- The cost difference in breaches in which mature Zero Trust was deployed versus not was $1.76 million
- The largest difference for breaches with a high level of compliance failures compared to a low level was $2.30 million
Cause & Source
- An average of 4,800 websites a month are compromised with formjacking code
- 34 percent of data breaches involved internal actors
- 71 percent of breaches are financially motivated
- Ransomware accounts for nearly 24 percent of incidents in which malware is used
- 95 percent of breached records came from the government, retail and technology sectors
- 36 percent of external data breach actors were involved in organized crime
Response & Lifecycle
- It took an average of 287 days to identify a data breach
- The average time to contain a breach was 80-90 days
- Healthcare and financial industries had the longest data breach lifecycle — 329 days and 233 days, respectively
- The data breach lifecycle of a malicious or criminal attack took an average of 315 days
- Microsoft Office files accounted for 48 percent of malicious email attachments
- The most active attack groups targeted an average of 55 organizations
Industry News
The suit concerns a February 2024 data breach that compromised the banks' clients' full names, financial account numbers and Social Security numbers. Health New Zealand - Te Whatu Ora has already said it was carrying out “very detailed analysis of the data” involved in the breach. He says he has ... Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, ... Laurentian University confirms data breach in cyber incident. The fall economic statement contained direct references to LU's use of the CCAA, changes ... Personal details of at least 12,000 people, including many Covid-19 vaccinators, were leaked as a result of the data breach. Young has been ... Practically every other week, news breaks of some sort of data breach. Just last month, AT&T revealed sensitive information for more than 70 ... With so many large-scale data breaches, is your personal information already out there? | Local News from KRQE News 13 in Albuquerque, New Mexico. The Catholic Diocese of Cleveland recently determined that an unauthorized person accessed an email account that contained personal information ... Jay Jacobs, an analyst who worked on Verizon's data breach reporting, told NPR in 2015 he believed 60% to 80% of Social Security numbers had already ... Five months ago, MongoDB was hit by a security breach, which, while relatively contained, did momentarily risk its reputation in an industry where ... With so many large-scale data breaches, is your personal information already out there? But before you panic, remember that not everyone who has been victimized in a data breach will end up victimized by identity theft. “If you're a high- ... (NEXSTAR) – Practically every other week, news breaks of some sort of data breach. Just last month, AT&T revealed sensitive information for more ... Theft of Social Security numbers is so common, the federal government won't just give you a new one, even if you can prove yours has been stolen. You' ... “If it's not, it will be,” said Kyle Hanslovan, CEO of cybersecurity firm Huntress. Jay Jacobs, an analyst who worked on Verizon's data breach ... ... data breach at valuation firm HTW was a hack and that information · HTW employee details may have been compromised in valuer data breach. Apr 23 ... Credential stuffing is a type of cyber attack in which credentials obtained from a data breach on one service are used to attempt to sign in to ... When there inevitably is some sort of breach involving Direct File, detractors likely will attempt to co-opt privacy and security concerns to destroy ... A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. 5,000 PSNI workers in legal action over data breach. The details of around 9,500 workers were mistakenly published last August, in response to a ...
Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency […] Cybersecurity researchers have discovered a targeted operation against Ukraine that has been […] An ongoing social engineering campaign is targeting software developers with bogus npm packages […] Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) […] In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a […] Fake browser updates are being used to push a previously undocumented Android malware […] Palo Alto Networks has shared remediation guidance for a recently disclosed critical security […] Threat actors are attempting to actively exploit a critical security flaw in the ValvePress […] The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated […] Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data […]
The volume of malicious cyber activity against the Philippines quadrupled in the first quarter of […] The business intelligence servers contain vulnerabilities that Qlik patched last year, but which […] The semiconductor manufacturing giant's security team describes how hardware hackathons, such as […] You can't thinking about inclusion in the workplace without first understanding what kinds of […] Though PAN originally described the attacks exploiting the vulnerability as being limited, they are […] Our collection of the most relevant reporting and industry perspectives for those guiding […] Attackers will likely use software bills-of-material (SBOMs) for searching for software potentially […]
Brian Krebs Updates
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe […] For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue […] The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the […] The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow […] On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been […] If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be […] A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they […] Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called "The Manipulaters," a sprawling web hosting network of phishing and spam delivery platforms. In […] Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone […] Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a […]