Overview
As more and more companies experience crippling security breaches, the wave of compromised data is on the rise. Data breach statistics show that hackers are highly motivated by money to acquire data, and that personal information is a highly valued type of data to compromise. It’s also apparent that companies are still not prepared enough for breaches even though the cybertechnology landscape has dramatically advanced.
Below are the top 2022 data breach stats covering types of data breaches, industry-specific, risks, costs, as well as data breach defense and prevention resources supporting the importance of cybersecurity and how to better align organizational security budgets.
- The global number of web attacks blocked per day increased by 561 percent
- The number of data breaches has significantly increased within the past decade, from a mere 662 to more than 1,000
- Office applications were the most commonly exploited applications worldwide
- 80 percent increase in the number of people affected by health data breaches
- Formjacking attacks caused an average of 10 credit card breach per website earning cybercriminals over $32M+
Data Breach Cost
- The average total cost of a ransomware breach is $4.62 million, slightly higher than the average data breach of $4.24 million
- The average per record (per capita) cost of a data breach increased by 10.3 percent
- The average total cost for healthcare increased from $7.13 million to $9.23 million, a 29.5 percent increase
- Lost business opportunities represented the largest share of breach costs, at an average total cost of $1.59 million
- The average cost of a breach with a lifecycle over 200 days is $4.87 million
- 39 percent of costs are incurred more than a year after a data breach
- United States was the country with the highest average total cost of a data breach was at $9.05 million
- The average cost of a mega-breach was $401 million for the largest breaches (50 – 65 million records), an increase from $392 million
- Annually, hospitals spend 64 percent more on advertising the two years following a breach
- The cost difference in breaches in which mature Zero Trust was deployed versus not was $1.76 million
- The largest difference for breaches with a high level of compliance failures compared to a low level was $2.30 million
Cause & Source
- An average of 4,800 websites a month are compromised with formjacking code
- 34 percent of data breaches involved internal actors
- 71 percent of breaches are financially motivated
- Ransomware accounts for nearly 24 percent of incidents in which malware is used
- 95 percent of breached records came from the government, retail and technology sectors
- 36 percent of external data breach actors were involved in organized crime
Response & Lifecycle
- It took an average of 287 days to identify a data breach
- The average time to contain a breach was 80-90 days
- Healthcare and financial industries had the longest data breach lifecycle — 329 days and 233 days, respectively
- The data breach lifecycle of a malicious or criminal attack took an average of 315 days
- Microsoft Office files accounted for 48 percent of malicious email attachments
- The most active attack groups targeted an average of 55 organizations
Industry News
Senior White House officials will hold a series of high-level conversations with Chinese counterparts on the security and risks associated with ... Chinese hacking contest Matrix Cup is offering rewards for exploits targeting OS, smartphones, enterprise software, and security products. Computer maker Dell discloses a data breach, with 49 million customers potentially affected, customers told to scrutinise comms from Dell. A dark web hacker, known as “makishimaaaa,” has recently advertised a significant data breach on the Nuovo BreachForums. It allows threat actors to view all the leaked data about a person, tying together different data points from different leaks and breaches.” Check if ... ... security practices across all sectors, not just healthcare, with hefty fines for non-compliance. Australia's Mandatory Data Breach Notification ... According to TechCrunch, a security researcher (requesting anonymity) discovered an unprotected Amazon-hosted storage bucket, which had been exposed ... “IntelBroker” took to hacking site BreachForums on Friday to advertise their wares. “In May 2024 Europol suffered a data breach and lead [sic] to the ... The breach, detected on February 22, 2024, involved unauthorized access to Bridgeway's computer network, potentially compromising personal data, ... ... security, preventing future data breaches before they can happen. Stephen ... If an organisation experiences a data breach as a result of a cyber ... Integrity. An information security (“infosec”) policy should keep data accurate and complete and provide measures to protect data from corruption or ... Firstmac Limited disclosed a data breach after the new Embargo extortion group leaked over 500GB of data allegedly stolen from the company. ... breach that compromised the data of hundreds of thousands of current and former military personnel. The data breach, orchestrated by a suspected ... The inability to protect customer data from cyberattacks or breaches can dismantle this trust. Although the short-term impacts of a cyberattack ... We have to protect our people as much as our networks, and that means looking after their mental health as well as their security education. Dell confirms data breach affecting customer personal details · Court agrees to early hearing of Ryanair's challenge over search of Dublin headquarters. In the aftermath of Barnett's Couriers cyber attack, workers and customers raise questions about potential data breaches and privacy concerns. "Companies forget about the security of the application in their rush to use generative AI," Betz told The Register during an interview at the RSA ... ... security breaches, thus enhancing the overall preparedness of systems. ... Digital Forensics: Services such as Cybercrime investigations, Data breach ... Dropbox, a popular drive and file sharing service, revealed that they had recently faced a security breach which led to sensitive information being ...
With the browser becoming the most prevalent workspace in the enterprise, it is also turning […] In the last decade, there has been a growing disconnect between front-line analysts and senior […] Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that […] The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private […] Cybersecurity researchers have identified a malicious Python package that purports to be an […] The financially motivated threat actor known as FIN7 has been observed leveraging malicious […] The North Korean threat actor tracked as Kimsuky has been observed deploying a previously […] Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using […] Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has […] A guide to finding the right endpoint detection and response (EDR) solution for […]
Ransomware groups have always created problems for their victims that only they could solve. Black […] At least 15 television channels were interrupted in Ukraine alone, which, reportedly, is not out of […] Europe's cross-border law enforcement agency says the well-known hacking outfit, contrary to […] When setting authentication token expiry policies, always lean in to security over employee […] Researchers discovered seven vulnerabilities — including an unauthenticated RCE issue — in […] Enterprises are increasingly recognizing that a CISO's skills and experience building risk-based […] CISA's agreement is voluntary and, frankly, basic. Signatories say that's a good thing. In a field thick with cybersecurity startups showing off how they use AI and LLMs, Reality Defender […] The attack cut off access to electronic healthcare records (EHRs) and ordering systems, plunging […] Episode 1 of Dark Reading Confidential brings Frederick “Flee” Lee, CISO of Reddit, Beth Burgin […]
Brian Krebs Updates
The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware […] Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption […] A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient […] The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers -- including AT&T, Sprint, T-Mobile and Verizon -- for […] The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe […] For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue […] The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the […] The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow […] On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been […] If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be […]