Cybersecurity Breach Statistics

GITNUXREPORT 2026

Cybersecurity Breach Statistics

Recent record-breaking global cyberattacks highlight escalating threats across all sectors.

144 statistics2 sources4 sections10 min readUpdated 10 days ago

Key Statistics

Statistic 1

35% of organizations reported a breach in the last 12 months

Statistic 2

10.3 million records were exposed in data breaches across the globe in 2023

Statistic 3

24% of organizations experienced 6–10 breaches in the last 12 months

Statistic 4

26% of breaches were caused by stolen credentials

Statistic 5

43% of breaches were financially motivated

Statistic 6

29% of breaches involved compromised credentials

Statistic 7

21% of organizations reported breaches attributable to phishing

Statistic 8

33% of organizations detected breaches in under 1 month

Statistic 9

44% of breaches involved the use of malware

Statistic 10

48% of breaches involved unauthorized access to databases

Statistic 11

56% of breaches resulted from malicious attacks

Statistic 12

61% of organizations faced at least one incident due to third-party issues

Statistic 13

68% of organizations had to remediate systems after a breach

Statistic 14

23% of breached records were encrypted

Statistic 15

20% of breaches involved social engineering

Statistic 16

41% of breaches involved cloud assets

Statistic 17

24% of breaches involved web application vulnerabilities

Statistic 18

16% of breaches involved ransomware

Statistic 19

76% of breaches involved customer data

Statistic 20

62% of organizations reported that breach costs continued to rise

Statistic 21

73% of organizations had a policy to secure endpoints

Statistic 22

29% of organizations had no security training program for employees

Statistic 23

35% of organizations said they were hit by a breach due to a cloud misconfiguration

Statistic 24

34% of organizations had to notify regulators after breaches

Statistic 25

38% of organizations faced litigation after breaches

Statistic 26

30% of breaches affected multiple business units

Statistic 27

9.4% of breaches involved the use of stolen customer credentials

Statistic 28

14% of organizations reported breaches caused by insiders

Statistic 29

47% of breaches affected more than one country

Statistic 30

23% of organizations reported that an incident occurred within the same week it was detected

Statistic 31

64% of breached organizations required additional training during incident response

Statistic 32

38% of organizations reported that breach response took longer due to unclear incident ownership

Statistic 33

45% of organizations reported communication issues during breach response

Statistic 34

26% of organizations reported a breach due to missing or ineffective patching

Statistic 35

$4.45 million average cost of a data breach in 2023

Statistic 36

$150 average cost per record exposed globally

Statistic 37

11.0% year-over-year increase in average total cost of a data breach

Statistic 38

30% of total breach cost comes from detection and escalation

Statistic 39

36% of total breach cost comes from remediation

Statistic 40

20% of total breach cost comes from customer-related costs

Statistic 41

24% of organizations spent more than $10 million to respond to a breach

Statistic 42

2.2x higher cost for organizations with breached systems that contained sensitive data

Statistic 43

3.9 million records exposed on average per breach (global median range reported as part of the study)

Statistic 44

$1.22 million average cost for detection and escalation activities

Statistic 45

$1.77 million average cost for remediation activities

Statistic 46

$1.25 million average cost for customer notification and post-breach costs

Statistic 47

$1.41 million average cost for business interruption

Statistic 48

$0.29 million average cost for legal expenses

Statistic 49

$0.18 million average cost for regulatory expenses

Statistic 50

$0.28 million average cost for lost productivity (staff time and downtime)

Statistic 51

65% of organizations said costs were impacted by the time it took to contain

Statistic 52

31% of breach costs were attributed to stolen data misuse

Statistic 53

23% of breach costs were attributed to incident response technology costs

Statistic 54

38% of breach costs were attributed to employee downtime

Statistic 55

10% of breach costs were attributed to reputational damage

Statistic 56

17% of breach costs were attributed to fraud and financial loss

Statistic 57

$2.98 million average breach cost for organizations with <500 employees

Statistic 58

$5.11 million average breach cost for organizations with 50,000+ employees

Statistic 59

$3.93 million average breach cost for organizations in the financial services sector

Statistic 60

$4.87 million average breach cost for organizations in healthcare

Statistic 61

$4.24 million average breach cost for manufacturing

Statistic 62

$4.82 million average breach cost for the public sector

Statistic 63

$5.54 million average breach cost for the energy/utilities sector

Statistic 64

4% of breach costs were attributed to cyber insurance premiums

Statistic 65

50% of organizations reported that they used incident response services from external vendors

Statistic 66

6.5% of organizations had no cyber insurance

Statistic 67

67% of organizations used third-party incident response services

Statistic 68

45% of organizations reported that they spent more than $1 million on consultants

Statistic 69

$10 million+ is the cost threshold for the most expensive breaches in the IBM Cost of a Data Breach dataset

Statistic 70

7.5% of breaches resulted in a materialized court settlement (cost impacts reported within the study)

Statistic 71

12% of breach costs were attributed to the cost of monitoring stolen data

Statistic 72

19% of breach costs were attributed to system downtime

Statistic 73

1.0x reduction in time-to-identify and contain for organizations with mature security governance (reported as relative difference)

Statistic 74

277 days average time to identify and contain a breach in 2023

Statistic 75

74 days median time to identify a breach

Statistic 76

203 days median time to contain a breach

Statistic 77

108 days median time to contain for organizations with strong security practices

Statistic 78

279% higher breach cost for slower detection (relative comparison in the study)

Statistic 79

2.6x higher breach cost when identification takes longer than 200 days

Statistic 80

3.2x higher cost when time to contain exceeds 30 days

Statistic 81

28% of organizations detected breaches within days (time-to-detect distribution reported in the study)

Statistic 82

32% of organizations contained breaches within days (time-to-contain distribution reported in the study)

Statistic 83

8.7% of breaches were detected within 1 day

Statistic 84

12% of breaches took 1–2 weeks to identify

Statistic 85

19% of breaches took more than 6 months to identify

Statistic 86

23% of breaches took more than 6 months to contain

Statistic 87

39% of organizations reported it took more than 30 days to contain a breach

Statistic 88

52% of breaches were identified by monitoring tools

Statistic 89

24% of breaches were identified by user/customer reports

Statistic 90

18% of breaches were identified by law enforcement notifications

Statistic 91

30% of breaches required re-issuing credentials

Statistic 92

44% of breaches required restoring systems from backups

Statistic 93

57% of organizations increased security controls after the breach

Statistic 94

48% of organizations implemented new security tools during incident response

Statistic 95

31% of organizations improved logging/monitoring post-breach

Statistic 96

21% of organizations improved identity/access controls post-breach

Statistic 97

25% of organizations had to rebuild compromised systems after containment

Statistic 98

33% of organizations reported security teams used external assistance to accelerate containment

Statistic 99

16% of breaches were attributed to inadequate vulnerability management (as a performance gap reported in the study)

Statistic 100

29% of breaches were detected using SIEM capabilities (detection method distribution reported in the study)

Statistic 101

18% of breaches were detected using endpoint detection tools

Statistic 102

12% of breaches were detected using intrusion detection/prevention systems

Statistic 103

9.4% of organizations had an incident within their first 12 months of operation for a given security stack (security operations maturity reported)

Statistic 104

71% of organizations use multifactor authentication

Statistic 105

54% of organizations use security automation/orchestration to respond to incidents

Statistic 106

57% of organizations have a formal incident response plan

Statistic 107

63% of organizations train employees on cybersecurity at least annually

Statistic 108

48% of organizations use encryption to protect data at rest

Statistic 109

41% of organizations use encryption for data in transit

Statistic 110

62% of organizations use endpoint security tools

Statistic 111

55% of organizations use vulnerability scanning

Statistic 112

52% of organizations use penetration testing

Statistic 113

46% of organizations use threat intelligence feeds

Statistic 114

40% of organizations have deployed SIEM

Statistic 115

33% of organizations have implemented SOAR

Statistic 116

58% of organizations maintain security logs for at least 6 months

Statistic 117

27% of organizations conduct tabletop exercises quarterly

Statistic 118

20% of organizations use continuous controls monitoring (CCM)

Statistic 119

31% of organizations deploy CASB for cloud governance

Statistic 120

25% of organizations use cloud security posture management (CSPM)

Statistic 121

42% of organizations implement privileged access management (PAM)

Statistic 122

37% of organizations use advanced malware protection/EDR

Statistic 123

44% of organizations conduct regular phishing simulations

Statistic 124

29% of organizations use user and entity behavior analytics (UEBA)

Statistic 125

30% of organizations have a bug bounty program

Statistic 126

55% of organizations use automated patch management

Statistic 127

48% of organizations do monthly vulnerability remediation

Statistic 128

36% of organizations do weekly vulnerability remediation

Statistic 129

24% of organizations patch critical vulnerabilities within 7 days

Statistic 130

18% of organizations patch within 24 hours

Statistic 131

33% of organizations use dedicated DLP tools

Statistic 132

39% of organizations monitor for data exfiltration

Statistic 133

52% of organizations conduct cloud access reviews at least quarterly

Statistic 134

45% of organizations use secure backups with tested restores

Statistic 135

28% of organizations test backup restores at least monthly

Statistic 136

21% of organizations use ransomware recovery drills

Statistic 137

17% of organizations had a security incident tabletop exercise led by executives

Statistic 138

41% of organizations rely on managed security services

Statistic 139

32% of organizations reported using a dedicated breach war room during incidents

Statistic 140

23% of organizations used cyber insurance at the time of breach (reported coverage prevalence in the study)

Statistic 141

51% of organizations have a designated cybersecurity leadership role (e.g., CISO-equivalent)

Statistic 142

62% of organizations conduct third-party risk assessments

Statistic 143

58% of organizations require security clauses in vendor contracts

Statistic 144

34% of organizations have a formal plan to manage security incidents across subsidiaries

Sources
Trusted by 500+ publications
Harvard Business ReviewThe GuardianFortune+497
Sophie Moreland

Written by Sophie Moreland·Fact-checked by Rebecca Hargrove

Published Feb 13, 2026·Last verified Apr 16, 2026
Fact-checked via 4-step process
01Primary Source Collection

Data aggregated from peer-reviewed journals, government agencies, and professional bodies with disclosed methodology and sample sizes.

02Editorial Curation

Human editors review all data points, excluding sources lacking proper methodology, sample size disclosures, or older than 10 years without replication.

03AI-Powered Verification

Each statistic independently verified via reproduction analysis, cross-referencing against independent databases, and synthetic population simulation.

04Human Cross-Check

Final human editorial review of all AI-verified statistics. Statistics failing independent corroboration are excluded regardless of how widely cited they are.

Read our full methodology →

Statistics that fail independent corroboration are excluded.

With the average cost of a data breach in 2023 hitting $4.45 million and the median time to contain stretching to 203 days, this post breaks down the key cybersecurity breach statistics that explain where the damage comes from and what organizations can do to reduce it.

Key Takeaways

  • 35% of organizations reported a breach in the last 12 months
  • 10.3 million records were exposed in data breaches across the globe in 2023
  • 24% of organizations experienced 6–10 breaches in the last 12 months
  • $4.45 million average cost of a data breach in 2023
  • $150 average cost per record exposed globally
  • 11.0% year-over-year increase in average total cost of a data breach
  • 1.0x reduction in time-to-identify and contain for organizations with mature security governance (reported as relative difference)
  • 277 days average time to identify and contain a breach in 2023
  • 74 days median time to identify a breach
  • 71% of organizations use multifactor authentication
  • 54% of organizations use security automation/orchestration to respond to incidents
  • 57% of organizations have a formal incident response plan

Breaches are rising, with stolen credentials, financially driven attacks, and slow detection driving millions in costs.

Cost Analysis

1$4.45 million average cost of a data breach in 2023[1]
Verified
2$150 average cost per record exposed globally[1]
Verified
311.0% year-over-year increase in average total cost of a data breach[1]
Verified
430% of total breach cost comes from detection and escalation[1]
Directional
536% of total breach cost comes from remediation[1]
Single source
620% of total breach cost comes from customer-related costs[1]
Verified
724% of organizations spent more than $10 million to respond to a breach[1]
Verified
82.2x higher cost for organizations with breached systems that contained sensitive data[1]
Verified
93.9 million records exposed on average per breach (global median range reported as part of the study)[1]
Directional
10$1.22 million average cost for detection and escalation activities[1]
Single source
11$1.77 million average cost for remediation activities[1]
Verified
12$1.25 million average cost for customer notification and post-breach costs[1]
Verified
13$1.41 million average cost for business interruption[1]
Verified
14$0.29 million average cost for legal expenses[1]
Directional
15$0.18 million average cost for regulatory expenses[1]
Single source
16$0.28 million average cost for lost productivity (staff time and downtime)[1]
Verified
1765% of organizations said costs were impacted by the time it took to contain[1]
Verified
1831% of breach costs were attributed to stolen data misuse[1]
Verified
1923% of breach costs were attributed to incident response technology costs[1]
Directional
2038% of breach costs were attributed to employee downtime[1]
Single source
2110% of breach costs were attributed to reputational damage[1]
Verified
2217% of breach costs were attributed to fraud and financial loss[1]
Verified
23$2.98 million average breach cost for organizations with <500 employees[1]
Verified
24$5.11 million average breach cost for organizations with 50,000+ employees[1]
Directional
25$3.93 million average breach cost for organizations in the financial services sector[1]
Single source
26$4.87 million average breach cost for organizations in healthcare[1]
Verified
27$4.24 million average breach cost for manufacturing[1]
Verified
28$4.82 million average breach cost for the public sector[1]
Verified
29$5.54 million average breach cost for the energy/utilities sector[1]
Directional
304% of breach costs were attributed to cyber insurance premiums[1]
Single source
3150% of organizations reported that they used incident response services from external vendors[1]
Verified
326.5% of organizations had no cyber insurance[1]
Verified
3367% of organizations used third-party incident response services[1]
Verified
3445% of organizations reported that they spent more than $1 million on consultants[1]
Directional
35$10 million+ is the cost threshold for the most expensive breaches in the IBM Cost of a Data Breach dataset[1]
Single source
367.5% of breaches resulted in a materialized court settlement (cost impacts reported within the study)[1]
Verified
3712% of breach costs were attributed to the cost of monitoring stolen data[1]
Verified
3819% of breach costs were attributed to system downtime[1]
Verified

Cost Analysis Interpretation

With the average cost of a data breach rising 11% year over year to $4.45 million in 2023, nearly half of that impact still comes from operational work, with 30% tied to detection and escalation and 36% to remediation.

Performance Metrics

11.0x reduction in time-to-identify and contain for organizations with mature security governance (reported as relative difference)[1]
Verified
2277 days average time to identify and contain a breach in 2023[1]
Verified
374 days median time to identify a breach[1]
Verified
4203 days median time to contain a breach[1]
Directional
5108 days median time to contain for organizations with strong security practices[1]
Single source
6279% higher breach cost for slower detection (relative comparison in the study)[1]
Verified
72.6x higher breach cost when identification takes longer than 200 days[1]
Verified
83.2x higher cost when time to contain exceeds 30 days[1]
Verified
928% of organizations detected breaches within days (time-to-detect distribution reported in the study)[1]
Directional
1032% of organizations contained breaches within days (time-to-contain distribution reported in the study)[1]
Single source
118.7% of breaches were detected within 1 day[1]
Verified
1212% of breaches took 1–2 weeks to identify[1]
Verified
1319% of breaches took more than 6 months to identify[1]
Verified
1423% of breaches took more than 6 months to contain[1]
Directional
1539% of organizations reported it took more than 30 days to contain a breach[1]
Single source
1652% of breaches were identified by monitoring tools[1]
Verified
1724% of breaches were identified by user/customer reports[1]
Verified
1818% of breaches were identified by law enforcement notifications[1]
Verified
1930% of breaches required re-issuing credentials[1]
Directional
2044% of breaches required restoring systems from backups[1]
Single source
2157% of organizations increased security controls after the breach[1]
Verified
2248% of organizations implemented new security tools during incident response[1]
Verified
2331% of organizations improved logging/monitoring post-breach[1]
Verified
2421% of organizations improved identity/access controls post-breach[1]
Directional
2525% of organizations had to rebuild compromised systems after containment[1]
Single source
2633% of organizations reported security teams used external assistance to accelerate containment[1]
Verified
2716% of breaches were attributed to inadequate vulnerability management (as a performance gap reported in the study)[1]
Verified
2829% of breaches were detected using SIEM capabilities (detection method distribution reported in the study)[1]
Verified
2918% of breaches were detected using endpoint detection tools[1]
Directional
3012% of breaches were detected using intrusion detection/prevention systems[1]
Single source
319.4% of organizations had an incident within their first 12 months of operation for a given security stack (security operations maturity reported)[1]
Verified

Performance Metrics Interpretation

With a median of 74 days to identify and 203 days to contain, detection is often slow and expensive, since breaches where identification takes longer than 200 days cost 2.6 times more and 39% of organizations reported it took over 30 days to contain.

User Adoption

171% of organizations use multifactor authentication[1]
Verified
254% of organizations use security automation/orchestration to respond to incidents[1]
Verified
357% of organizations have a formal incident response plan[1]
Verified
463% of organizations train employees on cybersecurity at least annually[1]
Directional
548% of organizations use encryption to protect data at rest[1]
Single source
641% of organizations use encryption for data in transit[1]
Verified
762% of organizations use endpoint security tools[1]
Verified
855% of organizations use vulnerability scanning[1]
Verified
952% of organizations use penetration testing[1]
Directional
1046% of organizations use threat intelligence feeds[1]
Single source
1140% of organizations have deployed SIEM[1]
Verified
1233% of organizations have implemented SOAR[1]
Verified
1358% of organizations maintain security logs for at least 6 months[1]
Verified
1427% of organizations conduct tabletop exercises quarterly[1]
Directional
1520% of organizations use continuous controls monitoring (CCM)[1]
Single source
1631% of organizations deploy CASB for cloud governance[1]
Verified
1725% of organizations use cloud security posture management (CSPM)[1]
Verified
1842% of organizations implement privileged access management (PAM)[1]
Verified
1937% of organizations use advanced malware protection/EDR[1]
Directional
2044% of organizations conduct regular phishing simulations[1]
Single source
2129% of organizations use user and entity behavior analytics (UEBA)[1]
Verified
2230% of organizations have a bug bounty program[1]
Verified
2355% of organizations use automated patch management[1]
Verified
2448% of organizations do monthly vulnerability remediation[1]
Directional
2536% of organizations do weekly vulnerability remediation[1]
Single source
2624% of organizations patch critical vulnerabilities within 7 days[1]
Verified
2718% of organizations patch within 24 hours[1]
Verified
2833% of organizations use dedicated DLP tools[1]
Verified
2939% of organizations monitor for data exfiltration[1]
Directional
3052% of organizations conduct cloud access reviews at least quarterly[1]
Single source
3145% of organizations use secure backups with tested restores[1]
Verified
3228% of organizations test backup restores at least monthly[1]
Verified
3321% of organizations use ransomware recovery drills[1]
Verified
3417% of organizations had a security incident tabletop exercise led by executives[1]
Directional
3541% of organizations rely on managed security services[1]
Single source
3632% of organizations reported using a dedicated breach war room during incidents[1]
Verified
3723% of organizations used cyber insurance at the time of breach (reported coverage prevalence in the study)[1]
Verified
3851% of organizations have a designated cybersecurity leadership role (e.g., CISO-equivalent)[1]
Verified
3962% of organizations conduct third-party risk assessments[1]
Directional
4058% of organizations require security clauses in vendor contracts[1]
Single source
4134% of organizations have a formal plan to manage security incidents across subsidiaries[1]
Verified

User Adoption Interpretation

While many organizations have core defenses in place such as 71% using multifactor authentication and 62% using endpoint security tools, only 20% use continuous controls monitoring and just 17% have executive-led tabletop incident exercises, showing that operational rigor and advanced readiness still lag behind basic controls.

References

ibm.comibm.com
  • 1ibm.com/reports/data-breach
ericsson.comericsson.com
  • 2ericsson.com/en/reports-and-papers/cybersecurity-report