Key Takeaways
- The average global cost of a data breach in 2023 reached $4.45 million, a 15% increase over three years.
- In the US, the average cost of a data breach in 2023 was $9.44 million, the highest of any region.
- Healthcare organizations faced an average breach cost of $10.93 million in 2023, the most expensive industry.
- There were 8,295 reported data breaches in the US in 2023.
- Verizon's 2023 DBIR reported 16,216 security incidents analyzed, with 5,199 confirmed breaches.
- 83% of breaches involved external actors in 2023 per Verizon DBIR.
- 22 billion records exposed in breaches worldwide in 2023.
- Equifax breach of 2017 exposed 147 million records.
- Yahoo's 2013 breach affected 3 billion accounts.
- Phishing was involved in 16% of breaches per Verizon 2023 DBIR.
- Stolen credentials facilitated 49% of breaches in 2023 Verizon DBIR.
- Ransomware was a factor in 24% of breaches analyzed in 2023.
- Government breaches 40% from insider actions.
- Healthcare represented 20% of all US breaches in 2023.
- Financial services accounted for 15% of US data breaches in 2023.
Data breach costs are rising sharply worldwide, hitting businesses hardest through lost customers and revenue.
Attack Vectors
- Phishing was involved in 16% of breaches per Verizon 2023 DBIR.
- Stolen credentials facilitated 49% of breaches in 2023 Verizon DBIR.
- Ransomware was a factor in 24% of breaches analyzed in 2023.
- Use of compromised credentials initial access in 63% of web app breaches.
- Vulnerability exploitation used in 26% of initial access vectors 2023.
- Supply chain compromise initial access in 15% of cases 2023 Verizon.
- Social engineering involved in 18% of breaches 2023 Verizon DBIR.
- Brute force attacks present in 8% of incidents 2023 Verizon.
- Malware was used in 30% of confirmed breaches 2023.
- 80% of breaches involved brute force or lost/stolen credentials.
- DDoS attacks preceded data breaches in 13% of cases 2023.
- Insider threats caused 19% of breaches 2023 Verizon DBIR.
- Phishing emails led to breaches in 44% of social engineering cases.
- SQL injection vulnerabilities exploited in 8% of web app attacks.
- 74% of breaches exploitable by external attackers via known vulnerabilities.
- Cloud misconfigurations led to 20% of cloud breaches in 2023 IBM.
- Business email compromise (BEC) scams cost $2.9B in 2023.
- 91% of cyberattacks begin with phishing email.
- Ransomware attacks grew 93% year-over-year in 2023.
- MFA fatigue attacks succeeded in 50% of cases in MGM breach.
- Third-party breaches caused 44% of incidents in 2023 IBM.
- 60% of healthcare breaches due to ransomware in 2023.
- 29% of financial breaches from phishing per Verizon.
- Retail phishing success rate 3x higher than average.
- Education sector 32% of breaches from stolen credentials.
Attack Vectors Interpretation
Breach Incidents
- There were 8,295 reported data breaches in the US in 2023.
- Verizon's 2023 DBIR reported 16,216 security incidents analyzed, with 5,199 confirmed breaches.
- 83% of breaches involved external actors in 2023 per Verizon DBIR.
- 2023 saw a 72% increase in US data breaches compared to 2022.
- MOVEit breaches affected over 60 million individuals in 2023.
- 3,205 organizations suffered ransomware attacks in 2023.
- UK reported 2,216 cyber incidents to NCSC in 2023.
- Australia had 1,193 data breach notifications in FY2023.
- EU GDPR fines for breaches totaled €2.9 billion by end of 2023.
- 74% of breaches involved a human element in 2023 per Verizon.
- State-sponsored attacks made up 12% of analyzed breaches in 2023 Verizon DBIR.
- 1,300+ data breaches reported in first half of 2023 alone in US.
- Healthcare breaches numbered 540 in US 2023.
- Financial sector saw 1,062 breaches in 2023 US.
- Retail had 325 breaches in 2023 US.
- Education sector reported 418 breaches in 2023 US.
- Government agencies faced 247 breaches in 2023 US.
- 2022 had 1,802 US breaches, up 21% from 2021.
- Q4 2023 saw record 230 US breaches in one quarter.
- Canada reported 721 data breaches in 2023.
- India saw over 1.6 million cyber attacks daily in 2023.
- Brazil had 80,000+ cyber incidents reported in 2023.
Breach Incidents Interpretation
Financial Impacts
- The average global cost of a data breach in 2023 reached $4.45 million, a 15% increase over three years.
- In the US, the average cost of a data breach in 2023 was $9.44 million, the highest of any region.
- Healthcare organizations faced an average breach cost of $10.93 million in 2023, the most expensive industry.
- Lost business was the largest cost component at 36% ($1.6 million on average) in 2023 breaches.
- Breaches costing over $5 million affected 47% of organizations in 2023.
- Customer PII breaches cost $205 per record in 2023.
- Organizations with extensive cloud use had breach costs 23.5% lower at $3.99 million average in 2023.
- The mega breach threshold (50M+ records) average cost was $140 million in 2023.
- Detection and escalation costs averaged $1.74 million per breach in 2023.
- Post-breach response costs were $1.39 million on average in 2023.
- Notification costs per breach averaged $0.31 million in 2023.
- Lost business costs due to customer churn were $1.32 million average in 2023.
- Average breach cost for financial services was $5.9 million in 2023.
- Retail sector breach costs averaged $3.36 million in 2023.
- Energy sector saw average breach costs of $5.47 million in 2023.
- Public sector breach costs were $2.87 million average in 2023.
- Manufacturing industry breach costs averaged $4.96 million in 2023.
- Education sector had the lowest average breach cost at $3.83 million in 2023.
- Breaches with stolen credentials cost $4.88 million average in 2023.
- Phishing-related breaches cost $4.76 million on average in 2023.
- Supply chain breaches cost $5.24 million average in 2023.
- Average time to identify a breach was 204 days in 2023, contributing to higher costs.
- Average time to contain a breach was 73 days in 2023.
- Organizations using AI/security analytics had 40% lower breach costs in 2023.
- Zero trust implementation reduced breach costs by 50% in 2023.
- Incident response testing reduced costs by 38% in 2023 breaches.
- Breaches in critical infrastructure cost $5.12 million average in 2023.
- Ransomware breach costs averaged $5.13 million in 2023.
- Business email compromise costs were $5.27 million average in 2023.
- Global cybercrime costs projected to reach $10.5 trillion annually by 2025.
Financial Impacts Interpretation
Records Compromised
- 22 billion records exposed in breaches worldwide in 2023.
- Equifax breach of 2017 exposed 147 million records.
- Yahoo's 2013 breach affected 3 billion accounts.
- MOVEit Transfer vulnerability exposed 62 million records in 2023.
- MGM Resorts ransomware breach impacted 10.6 million guests in 2023.
- Change Healthcare breach potentially affected one-third of Americans (100M+).
- National Public Data breach exposed 2.9 billion records in 2024.
- 23andMe breach compromised data of 6.9 million users.
- AT&T breach leaked call records of nearly all customers (109M).
- Snowflake breaches across customers exposed 165 million records.
- Optus breach in Australia exposed 10 million customer records.
- Uber breach of 2022 affected 57 million users.
- LinkedIn breach scraped 700 million user profiles.
- Twitter (X) breach exposed 200 million user emails.
- Colonial Pipeline ransomware impacted 100GB of data.
- US healthcare breaches exposed 112 million records in 2023.
- Financial services breaches exposed 253 million records in 2023 US.
- Retail sector breaches compromised 92 million records in 2023.
- Education breaches exposed 42 million records in 2023 US.
- Government breaches affected 17 million records in 2023 US.
- Healthcare sector accounted for 45% of records exposed in mega-breaches.
Records Compromised Interpretation
Sectors Affected
- Government breaches 40% from insider actions.
- Healthcare represented 20% of all US breaches in 2023.
- Financial services accounted for 15% of US data breaches in 2023.
- Retail sector saw 10% of total US breaches in 2023.
- Education sector had 13% share of US breaches 2023.
- Government and public administration 8% of breaches US 2023.
- Manufacturing faced 12% higher breach likelihood than average.
- Energy sector 18% of critical infrastructure incidents.
- Transportation sector 9% of ransomware targets 2023.
- 82% of healthcare execs reported breaches in past year 2023.
- Retail breach costs 20% below average due to quick detection.
- Financial firms invested 15% of IT budget on security 2023.
- Education had longest breach identification time at 295 days.
- Public sector quickest containment at 57 days average.
- Pharma industry 25% of intellectual property theft breaches.
- Tech sector 22% of supply chain breaches 2023.
- Hospitality like MGM saw operational downtime from ransomware.
- Logistics firms 35% increase in attacks post-Colonial Pipeline.
- Telecom breaches up 50% in 2023 due to SIM swapping.
- Insurance sector 11% of all ransomware payments 2023.
- Healthcare 54% paid ransomware in 2023 Sophos survey.
Sectors Affected Interpretation
Sources & References
- Reference 1IBMibm.comVisit source
- Reference 2CYBERSECURITYVENTUREScybersecurityventures.comVisit source
- Reference 3IDENTITYTHEFTCENTERidentitytheftcenter.orgVisit source
- Reference 4VERIZONverizon.comVisit source
- Reference 5UPGUARDupguard.comVisit source
- Reference 6STATISTAstatista.comVisit source
- Reference 7NCSCncsc.gov.ukVisit source
- Reference 8OAICoaic.gov.auVisit source
- Reference 9ENFORCEMENTTRACKERenforcementtracker.comVisit source
- Reference 10PRNEWSWIREprnewswire.comVisit source
- Reference 11HIPAAJOURNALhipaajournal.comVisit source
- Reference 12PRIVpriv.gc.caVisit source
- Reference 13CERT-INcert-in.org.inVisit source
- Reference 14GOVgov.brVisit source
- Reference 15SURFSHARKsurfshark.comVisit source
- Reference 16FTCftc.govVisit source
- Reference 17CYBERSECURITYDIVEcybersecuritydive.comVisit source
- Reference 18MGMRESORTSmgmresorts.comVisit source
- Reference 19HHShhs.govVisit source
- Reference 20BLEEPINGCOMPUTERbleepingcomputer.comVisit source
- Reference 21BLOGblog.23andme.comVisit source
- Reference 22ABOUTabout.att.comVisit source
- Reference 23MANDIANTmandiant.comVisit source
- Reference 24UBERuber.comVisit source
- Reference 25CYBERNEWScybernews.comVisit source






