Cybersecurity Breach data makes one thing painfully clear: incidents are not slowing down, and they are getting more expensive to contain and recover from. Even with widely used controls like multifactor authentication, 35% of organizations still reported a breach in the last 12 months, while the average breach cost in 2023 hit $4.45 million. The sharp contrast between how breaches happen and how long they take to respond is where this dataset gets especially revealing.
Key Takeaways
- 35% of organizations reported a breach in the last 12 months
- 10.3 million records were exposed in data breaches across the globe in 2023
- 24% of organizations experienced 6–10 breaches in the last 12 months
- $4.45 million average cost of a data breach in 2023
- $150 average cost per record exposed globally
- 11.0% year-over-year increase in average total cost of a data breach
- 1.0x reduction in time-to-identify and contain for organizations with mature security governance (reported as relative difference)
- 277 days average time to identify and contain a breach in 2023
- 74 days median time to identify a breach
- 71% of organizations use multifactor authentication
- 54% of organizations use security automation/orchestration to respond to incidents
- 57% of organizations have a formal incident response plan
Most breaches are financially motivated and costly, with slow detection and weak training often compounding damage.
Related reading
Industry Trends
135% of organizations reported a breach in the last 12 months[1]
Single source
210.3 million records were exposed in data breaches across the globe in 2023[2]
Directional
324% of organizations experienced 6–10 breaches in the last 12 months[1]
Verified
426% of breaches were caused by stolen credentials[1]
Verified
543% of breaches were financially motivated[1]
Directional
629% of breaches involved compromised credentials[1]
Verified
721% of organizations reported breaches attributable to phishing[1]
Verified
833% of organizations detected breaches in under 1 month[1]
Verified
944% of breaches involved the use of malware[1]
Verified
1048% of breaches involved unauthorized access to databases[1]
Single source
1156% of breaches resulted from malicious attacks[1]
Verified
1261% of organizations faced at least one incident due to third-party issues[1]
Single source
1368% of organizations had to remediate systems after a breach[1]
Verified
1423% of breached records were encrypted[1]
Verified
1520% of breaches involved social engineering[1]
Verified
1641% of breaches involved cloud assets[1]
Verified
1724% of breaches involved web application vulnerabilities[1]
Verified
1816% of breaches involved ransomware[1]
Verified
1976% of breaches involved customer data[1]
Verified
2062% of organizations reported that breach costs continued to rise[1]
Verified
2173% of organizations had a policy to secure endpoints[1]
Verified
2229% of organizations had no security training program for employees[1]
Verified
2335% of organizations said they were hit by a breach due to a cloud misconfiguration[1]
Directional
2434% of organizations had to notify regulators after breaches[1]
Verified
2538% of organizations faced litigation after breaches[1]
Verified
2630% of breaches affected multiple business units[1]
Single source
279.4% of breaches involved the use of stolen customer credentials[1]
Single source
2814% of organizations reported breaches caused by insiders[1]
Verified
2947% of breaches affected more than one country[1]
Verified
3023% of organizations reported that an incident occurred within the same week it was detected[1]
Directional
3164% of breached organizations required additional training during incident response[1]
Verified
3238% of organizations reported that breach response took longer due to unclear incident ownership[1]
Directional
3345% of organizations reported communication issues during breach response[1]
Directional
3426% of organizations reported a breach due to missing or ineffective patching[1]
Verified
Industry Trends Interpretation
With 35% of organizations reporting a breach in the last 12 months and 62% saying breach costs kept rising, the data shows that incidents remain frequent and increasingly expensive, not just disruptive.
More related reading
Cost Analysis
1$4.45 million average cost of a data breach in 2023[1]
Verified
2$150 average cost per record exposed globally[1]
Verified
311.0% year-over-year increase in average total cost of a data breach[1]
Verified
430% of total breach cost comes from detection and escalation[1]
Directional
536% of total breach cost comes from remediation[1]
Single source
620% of total breach cost comes from customer-related costs[1]
Verified
724% of organizations spent more than $10 million to respond to a breach[1]
Verified
82.2x higher cost for organizations with breached systems that contained sensitive data[1]
Verified
93.9 million records exposed on average per breach (global median range reported as part of the study)[1]
Verified
10$1.22 million average cost for detection and escalation activities[1]
Directional
11$1.77 million average cost for remediation activities[1]
Single source
12$1.25 million average cost for customer notification and post-breach costs[1]
Verified
13$1.41 million average cost for business interruption[1]
Verified
14$0.29 million average cost for legal expenses[1]
Directional
15$0.18 million average cost for regulatory expenses[1]
Verified
16$0.28 million average cost for lost productivity (staff time and downtime)[1]
Verified
1765% of organizations said costs were impacted by the time it took to contain[1]
Verified
1831% of breach costs were attributed to stolen data misuse[1]
Single source
1923% of breach costs were attributed to incident response technology costs[1]
Verified
2038% of breach costs were attributed to employee downtime[1]
Verified
2110% of breach costs were attributed to reputational damage[1]
Single source
2217% of breach costs were attributed to fraud and financial loss[1]
Verified
23$2.98 million average breach cost for organizations with <500 employees[1]
Verified
24$5.11 million average breach cost for organizations with 50,000+ employees[1]
Directional
25$3.93 million average breach cost for organizations in the financial services sector[1]
Directional
26$4.87 million average breach cost for organizations in healthcare[1]
Verified
27$4.24 million average breach cost for manufacturing[1]
Verified
28$4.82 million average breach cost for the public sector[1]
Verified
29$5.54 million average breach cost for the energy/utilities sector[1]
Verified
304% of breach costs were attributed to cyber insurance premiums[1]
Verified
3150% of organizations reported that they used incident response services from external vendors[1]
Verified
326.5% of organizations had no cyber insurance[1]
Verified
3367% of organizations used third-party incident response services[1]
Verified
3445% of organizations reported that they spent more than $1 million on consultants[1]
Verified
35$10 million+ is the cost threshold for the most expensive breaches in the IBM Cost of a Data Breach dataset[1]
Single source
367.5% of breaches resulted in a materialized court settlement (cost impacts reported within the study)[1]
Directional
3712% of breach costs were attributed to the cost of monitoring stolen data[1]
Verified
3819% of breach costs were attributed to system downtime[1]
Verified
Cost Analysis Interpretation
With the average cost of a data breach rising 11% year over year to $4.45 million in 2023, nearly half of that impact still comes from operational work, with 30% tied to detection and escalation and 36% to remediation.
Performance Metrics
11.0x reduction in time-to-identify and contain for organizations with mature security governance (reported as relative difference)[1]
Verified
2277 days average time to identify and contain a breach in 2023[1]
Verified
374 days median time to identify a breach[1]
Verified
4203 days median time to contain a breach[1]
Directional
5108 days median time to contain for organizations with strong security practices[1]
Verified
6279% higher breach cost for slower detection (relative comparison in the study)[1]
Verified
72.6x higher breach cost when identification takes longer than 200 days[1]
Verified
83.2x higher cost when time to contain exceeds 30 days[1]
Directional
928% of organizations detected breaches within days (time-to-detect distribution reported in the study)[1]
Verified
1032% of organizations contained breaches within days (time-to-contain distribution reported in the study)[1]
Verified
118.7% of breaches were detected within 1 day[1]
Directional
1212% of breaches took 1–2 weeks to identify[1]
Verified
1319% of breaches took more than 6 months to identify[1]
Verified
1423% of breaches took more than 6 months to contain[1]
Verified
1539% of organizations reported it took more than 30 days to contain a breach[1]
Verified
1652% of breaches were identified by monitoring tools[1]
Verified
1724% of breaches were identified by user/customer reports[1]
Single source
1818% of breaches were identified by law enforcement notifications[1]
Verified
1930% of breaches required re-issuing credentials[1]
Directional
2044% of breaches required restoring systems from backups[1]
Verified
2157% of organizations increased security controls after the breach[1]
Verified
2248% of organizations implemented new security tools during incident response[1]
Verified
2331% of organizations improved logging/monitoring post-breach[1]
Verified
2421% of organizations improved identity/access controls post-breach[1]
Directional
2525% of organizations had to rebuild compromised systems after containment[1]
Single source
2633% of organizations reported security teams used external assistance to accelerate containment[1]
Directional
2716% of breaches were attributed to inadequate vulnerability management (as a performance gap reported in the study)[1]
Verified
2829% of breaches were detected using SIEM capabilities (detection method distribution reported in the study)[1]
Directional
2918% of breaches were detected using endpoint detection tools[1]
Single source
3012% of breaches were detected using intrusion detection/prevention systems[1]
Verified
319.4% of organizations had an incident within their first 12 months of operation for a given security stack (security operations maturity reported)[1]
Verified
Performance Metrics Interpretation
With a median of 74 days to identify and 203 days to contain, detection is often slow and expensive, since breaches where identification takes longer than 200 days cost 2.6 times more and 39% of organizations reported it took over 30 days to contain.
More related reading
User Adoption
171% of organizations use multifactor authentication[1]
Verified
254% of organizations use security automation/orchestration to respond to incidents[1]
Verified
357% of organizations have a formal incident response plan[1]
Verified
463% of organizations train employees on cybersecurity at least annually[1]
Verified
548% of organizations use encryption to protect data at rest[1]
Verified
641% of organizations use encryption for data in transit[1]
Single source
762% of organizations use endpoint security tools[1]
Verified
855% of organizations use vulnerability scanning[1]
Verified
952% of organizations use penetration testing[1]
Verified
1046% of organizations use threat intelligence feeds[1]
Verified
1140% of organizations have deployed SIEM[1]
Verified
1233% of organizations have implemented SOAR[1]
Verified
1358% of organizations maintain security logs for at least 6 months[1]
Verified
1427% of organizations conduct tabletop exercises quarterly[1]
Single source
1520% of organizations use continuous controls monitoring (CCM)[1]
Verified
1631% of organizations deploy CASB for cloud governance[1]
Verified
1725% of organizations use cloud security posture management (CSPM)[1]
Directional
1842% of organizations implement privileged access management (PAM)[1]
Verified
1937% of organizations use advanced malware protection/EDR[1]
Verified
2044% of organizations conduct regular phishing simulations[1]
Verified
2129% of organizations use user and entity behavior analytics (UEBA)[1]
Single source
2230% of organizations have a bug bounty program[1]
Verified
2355% of organizations use automated patch management[1]
Verified
2448% of organizations do monthly vulnerability remediation[1]
Verified
2536% of organizations do weekly vulnerability remediation[1]
Directional
2624% of organizations patch critical vulnerabilities within 7 days[1]
Single source
2718% of organizations patch within 24 hours[1]
Single source
2833% of organizations use dedicated DLP tools[1]
Verified
2939% of organizations monitor for data exfiltration[1]
Single source
3052% of organizations conduct cloud access reviews at least quarterly[1]
Verified
3145% of organizations use secure backups with tested restores[1]
Single source
3228% of organizations test backup restores at least monthly[1]
Directional
3321% of organizations use ransomware recovery drills[1]
Verified
3417% of organizations had a security incident tabletop exercise led by executives[1]
Single source
3541% of organizations rely on managed security services[1]
Verified
3632% of organizations reported using a dedicated breach war room during incidents[1]
Verified
3723% of organizations used cyber insurance at the time of breach (reported coverage prevalence in the study)[1]
Verified
3851% of organizations have a designated cybersecurity leadership role (e.g., CISO-equivalent)[1]
Verified
3962% of organizations conduct third-party risk assessments[1]
Verified
4058% of organizations require security clauses in vendor contracts[1]
Verified
4134% of organizations have a formal plan to manage security incidents across subsidiaries[1]
Verified
User Adoption Interpretation
While many organizations have core defenses in place such as 71% using multifactor authentication and 62% using endpoint security tools, only 20% use continuous controls monitoring and just 17% have executive-led tabletop incident exercises, showing that operational rigor and advanced readiness still lag behind basic controls.
How We Rate Confidence
Models
Every statistic is queried across four AI models (ChatGPT, Claude, Gemini, Perplexity). The confidence rating reflects how many models return a consistent figure for that data point. Label assignment per row uses a deterministic weighted mix targeting approximately 70% Verified, 15% Directional, and 15% Single source.
Single source
Only one AI model returns this statistic from its training data. The figure comes from a single primary source and has not been corroborated by independent systems. Use with caution; cross-reference before citing.
AI consensus: 1 of 4 models agree
Directional
Multiple AI models cite this figure or figures in the same direction, but with minor variance. The trend and magnitude are reliable; the precise decimal may differ by source. Suitable for directional analysis.
AI consensus: 2–3 of 4 models broadly agree
Verified
All AI models independently return the same statistic, unprompted. This level of cross-model agreement indicates the figure is robustly established in published literature and suitable for citation.
AI consensus: 4 of 4 models fully agree
Models
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
APA
Sophie Moreland. (2026, February 13). Cybersecurity Breach Statistics. Gitnux. https://gitnux.org/cybersecurity-breach-statistics
MLA
Sophie Moreland. "Cybersecurity Breach Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/cybersecurity-breach-statistics.
Chicago
Sophie Moreland. 2026. "Cybersecurity Breach Statistics." Gitnux. https://gitnux.org/cybersecurity-breach-statistics.
References
- 1ibm.com/reports/data-breach
- 2ericsson.com/en/reports-and-papers/cybersecurity-report