GITNUXREPORT 2026

Data Security Statistics

Data breach costs are soaring and human error remains the primary security risk.

Sarah Mitchell

Sarah Mitchell

Senior Researcher specializing in consumer behavior and market trends.

First published: Feb 13, 2026

Our Commitment to Accuracy

Rigorous fact-checking · Reputable sources · Regular updatesLearn more

Key Statistics

Statistic 1

GDPR fines totaled €2.7 billion by 2023 per Enforcement Tracker.

Statistic 2

Average GDPR fine €1.7 million per incident per DLA Piper.

Statistic 3

92% of firms increased security budgets post-breach per Ponemon.

Statistic 4

CCPA violations fined $1.2 million average per Osano.

Statistic 5

68% of breaches cost over $1 million per IBM 2023.

Statistic 6

HIPAA fines reached $6.8 million average for large breaches per HHS.

Statistic 7

77% of CISOs report compliance as top priority per Deloitte.

Statistic 8

Post-breach notification costs $0.31-$5.64 per record per Ponemon.

Statistic 9

SOX compliance costs $2.3 million annually for public cos per FEI.

Statistic 10

41% of orgs fined for non-compliance in 2023 per Risk Based Security.

Statistic 11

Detection costs 31% of total breach expenses per IBM.

Statistic 12

PCI DSS non-compliance fines up to $100k/month per Visa.

Statistic 13

55% budget increase for compliance post-GDPR per IAPP.

Statistic 14

Notification within 72 hours required by GDPR, 83% comply per IAPP.

Statistic 15

Average litigation cost $1.6 million per breach per IBM.

Statistic 16

96 countries have data protection laws per UNCTAD 2023.

Statistic 17

Fines represent 10% of breach costs on average per IBM.

Statistic 18

62% of CISOs worried about regulatory changes per PwC.

Statistic 19

Remediation costs $1.58 million average per IBM 2023.

Statistic 20

45% of breaches led to regulatory investigations per Verizon.

Statistic 21

EU fines for cookies consent €20 million+ per CNIL.

Statistic 22

DDoS attacks rose 500% in 2023 per Cloudflare.

Statistic 23

2,365 DDoS attacks per day on average in 2023 per Cloudflare.

Statistic 24

Ransomware payments averaged $1.54 million in 2023 per Sophos.

Statistic 25

75% of organizations hit by ransomware in 2023 per Sophos State of Ransomware.

Statistic 26

Phishing attacks increased 58% in 2023 per Proofpoint.

Statistic 27

300,000 new malware samples daily in 2023 per AV-TEST.

Statistic 28

91% of cyberattacks start with phishing email per State of the Phish 2023.

Statistic 29

IoT devices targeted in 30% more attacks in 2023 per SonicWall.

Statistic 30

Cryptojacking incidents up 89% in 2023 per SonicWall.

Statistic 31

5.3 billion phishing emails sent daily per Keepnet.

Statistic 32

Zero-day exploits used in 25% of attacks per Google TAG 2023.

Statistic 33

Mobile malware up 17% to 6.52 million samples in 2023 per Kaspersky.

Statistic 34

Supply chain attacks doubled to 125 incidents in 2023 per CISA.

Statistic 35

97% of businesses experienced phishing attempts in 2023 per Barracuda.

Statistic 36

BEC scams caused $2.9 billion losses in 2023 per FBI IC3.

Statistic 37

1 in 10 organizations faced nation-state attacks in 2023 per CrowdStrike.

Statistic 38

Deepfake incidents rose 550% in 2023 per Sumsub.

Statistic 39

80% of breaches involved brute force or credential stuffing per Akamai.

Statistic 40

Android malware grew 8% to 5.52 million in 2023 per Check Point.

Statistic 41

4.2 million attacks on healthcare in 2023 per Orca Security.

Statistic 42

MFA fatigue attacks up 346% in 2023 per Proofpoint.

Statistic 43

68% of organizations hit by supply chain compromise per ENISA 2023.

Statistic 44

Botnets launched 7.9 billion attacks in 2023 per Imperva.

Statistic 45

99% of firewalls vulnerable to attacks per Automox study.

Statistic 46

83% increase in vishing attacks in 2023 per KnowBe4.

Statistic 47

2.9 million phishing sites blocked in 2023 per APWG.

Statistic 48

76% of CISOs fear AI-powered attacks per ISC2 survey.

Statistic 49

Quantum computing threats to encryption by 2030 per NIST.

Statistic 50

The average cost of a data breach in 2023 reached $4.45 million, marking a 15% increase over the past three years according to IBM's Cost of a Data Breach Report.

Statistic 51

In 2023, 82% of organizations experienced at least one data breach, up from 76% in 2022 per Verizon's DBIR.

Statistic 52

Healthcare data breaches cost an average of $10.93 million in 2023, the highest among industries per IBM.

Statistic 53

Over 5,000 data breaches were reported in the US in 2023 by Identity Theft Resource Center.

Statistic 54

74% of breaches involved a human element like phishing per Verizon DBIR 2023.

Statistic 55

The global average time to identify and contain a breach was 277 days in 2023 per IBM.

Statistic 56

Ransomware attacks caused 20% of breaches in 2023 according to Verizon.

Statistic 57

83% of breaches involved external actors per Verizon DBIR 2023.

Statistic 58

Financial services breaches averaged $5.9 million in costs per IBM 2023 report.

Statistic 59

16,000+ US data records exposed per day on average in 2022 per ITRC.

Statistic 60

95% of cybersecurity issues due to human error per Stanford University study.

Statistic 61

Equifax breach exposed 147 million records in 2017 per FTC report.

Statistic 62

88% of organizations faced ransomware in 2023 per Sophos survey.

Statistic 63

Average breach cost in retail sector was $3.37 million in 2023 per IBM.

Statistic 64

2.6 billion personal records exposed in breaches in first half of 2023 per Surfshark.

Statistic 65

43% of breaches exploited stolen credentials per Verizon 2023.

Statistic 66

Public cloud breaches cost $4.75 million on average per IBM 2023.

Statistic 67

28% increase in supply chain breaches in 2023 per Verizon.

Statistic 68

Marriott breach in 2018 exposed 500 million guest records per company disclosure.

Statistic 69

99% of breaches involved AWS S3 misconfigurations in some cases per UpGuard.

Statistic 70

Phishing was initial access in 44% of breaches per Verizon DBIR 2023.

Statistic 71

Average cost of insider-related breach was $4.9 million per IBM 2023.

Statistic 72

1,800+ health records breaches in 2023 per HHS.

Statistic 73

Capital One breach exposed 100 million records in 2019 per company.

Statistic 74

60% of small businesses fail after cyber attack per US National Cyber Security Centre.

Statistic 75

Lost business costs 36% of total breach cost per IBM 2023.

Statistic 76

22 billion records leaked in 2023 per LeakCheck database.

Statistic 77

System intrusion pattern in 29% of breaches per Verizon 2023.

Statistic 78

Average detection time for breaches dropped to 204 days for AI users per IBM.

Statistic 79

MOVEit breaches affected 62 million individuals in 2023 per HHS.

Statistic 80

AI threats awareness low at 24% per ISC2.

Statistic 81

Quantum threats to RSA by 2035 per IBM.

Statistic 82

5G attacks expected to rise 300% per GSMA.

Statistic 83

85% of firms plan zero-trust by 2025 per Forrester.

Statistic 84

AI-driven attacks to dominate 75% by 2025 per Gartner.

Statistic 85

Ransomware-as-a-Service to grow 50% yearly per Chainalysis.

Statistic 86

IoT devices to be 75 billion by 2025, 25% insecure per Statista.

Statistic 87

Deepfake fraud to cost $40 billion by 2027 per Juniper.

Statistic 88

Supply chain risks to affect 45% more orgs by 2025 per Gartner.

Statistic 89

Post-quantum crypto standards finalized 2024 per NIST.

Statistic 90

Cloud breaches to rise 150% by 2025 per Palo Alto.

Statistic 91

90% of new attacks use AI by 2025 per McAfee.

Statistic 92

Metaverse security market to $100B by 2030 per MarketsandMarkets.

Statistic 93

6G to introduce new attack vectors by 2030 per Ericsson.

Statistic 94

Biometric spoofing attacks up 200% by 2025 per ID R&D.

Statistic 95

Edge computing vulnerabilities to triple per IDC.

Statistic 96

80% of enterprises adopt AI security by 2026 per IDC.

Statistic 97

Cyber insurance premiums up 50% by 2025 per Marsh.

Statistic 98

Autonomous vehicle hacks to rise per Upstream.

Statistic 99

50% of attacks unpatchable by 2025 per Black Duck.

Statistic 100

64% encryption adoption rate in enterprises per nCipher survey.

Statistic 101

Zero-trust implementations grew 50% in 2023 per Zscaler.

Statistic 102

94% of organizations use multi-factor authentication per Microsoft 2023.

Statistic 103

AI-based threat detection reduced breach costs by $2.22 million per IBM.

Statistic 104

78% of companies use EDR tools per Ponemon 2023.

Statistic 105

Endpoint encryption used by 89% of large enterprises per Thales.

Statistic 106

Cloud security posture management adopted by 62% per Gartner.

Statistic 107

55% reduction in phishing success with DMARC per Valimail.

Statistic 108

SIEM tools in 76% of SOCs per SANS Institute.

Statistic 109

Passwordless authentication pilots in 35% of firms per Okta.

Statistic 110

92% effectiveness of behavioral analytics in fraud detection per Nuance.

Statistic 111

DLP solutions prevented 87% of data exfiltration per Forcepoint.

Statistic 112

45% of orgs use SASE architecture per Cato Networks.

Statistic 113

Quantum-safe encryption tested by 23% of enterprises per Entrust.

Statistic 114

81% use next-gen firewalls per Palo Alto Networks survey.

Statistic 115

XDR platforms reduced MTTD by 55% per Gartner.

Statistic 116

67% deployed CASBs for SaaS security per Netskope.

Statistic 117

Biometric auth success rate 99.9% vs passwords per Aware.

Statistic 118

70% incident reduction with SOAR per IBM study.

Statistic 119

88% use antivirus/EDR on endpoints per Sophos.

Statistic 120

Blockchain for data integrity adopted by 15% per Deloitte.

Statistic 121

87% of employees failed phishing test per Proofpoint.

Statistic 122

95% of breaches involve human error per Cybint.

Statistic 123

Only 26% of employees receive regular security training per SANS.

Statistic 124

Phishing simulation training reduces clicks by 90% per KnowBe4.

Statistic 125

74% of breaches from social engineering per Verizon DBIR.

Statistic 126

22% of users share passwords per LastPass study.

Statistic 127

Security awareness training ROI 300% per ROI Institute.

Statistic 128

91% of attacks via email per Google.

Statistic 129

Only 52% report phishing attempts per Proofpoint.

Statistic 130

Password reuse by 59% of users per NordPass.

Statistic 131

Training reduced incidents by 70% per NIST study.

Statistic 132

Awareness programs cut costs by $1.2M per breach per IBM.

Statistic 133

Remote workers 3x more likely phished per Verizon.

Statistic 134

82% don't recognize spear-phishing per Proofpoint.

Statistic 135

Gamified training improves retention 90% per Terranova.

Statistic 136

68% use same password across sites per Dashlane.

Statistic 137

47% of employees bypass security policies per Varonis.

Statistic 138

Annual training mandatory for 65% compliance per ISACA.

Statistic 139

Social media phishing fools 65% per Wombat Security.

Statistic 140

85% awareness gap in SMEs per CybSafe.

Statistic 141

MFA ignored by 30% despite training per Microsoft.

Statistic 142

40% don't update software per Keeper Security.

Statistic 143

Training ROI up to 4.8x per Aberdeen Group.

Statistic 144

96% success in bypassing MFA via social engineering per Microsoft.

Statistic 145

57% of millennials share credentials per Deloitte.

Statistic 146

Only 29% trained quarterly per Gartner.

Statistic 147

USB drop attacks succeed 45% without training per Infosec.

Statistic 148

70% reduction in errors post-training per Keepnet.

Sources
Trusted by 500+ publications
Harvard Business ReviewThe GuardianFortune+497
Imagine a year where the staggering $4.45 million average cost of a data breach is just the starting point for understanding the urgent and costly threat landscape businesses now face.

Key Takeaways

  • The average cost of a data breach in 2023 reached $4.45 million, marking a 15% increase over the past three years according to IBM's Cost of a Data Breach Report.
  • In 2023, 82% of organizations experienced at least one data breach, up from 76% in 2022 per Verizon's DBIR.
  • Healthcare data breaches cost an average of $10.93 million in 2023, the highest among industries per IBM.
  • DDoS attacks rose 500% in 2023 per Cloudflare.
  • 2,365 DDoS attacks per day on average in 2023 per Cloudflare.
  • Ransomware payments averaged $1.54 million in 2023 per Sophos.
  • 64% encryption adoption rate in enterprises per nCipher survey.
  • Zero-trust implementations grew 50% in 2023 per Zscaler.
  • 94% of organizations use multi-factor authentication per Microsoft 2023.
  • GDPR fines totaled €2.7 billion by 2023 per Enforcement Tracker.
  • Average GDPR fine €1.7 million per incident per DLA Piper.
  • 92% of firms increased security budgets post-breach per Ponemon.
  • 87% of employees failed phishing test per Proofpoint.
  • 95% of breaches involve human error per Cybint.
  • Only 26% of employees receive regular security training per SANS.

Data breach costs are soaring and human error remains the primary security risk.

Compliance and Costs

  • GDPR fines totaled €2.7 billion by 2023 per Enforcement Tracker.
  • Average GDPR fine €1.7 million per incident per DLA Piper.
  • 92% of firms increased security budgets post-breach per Ponemon.
  • CCPA violations fined $1.2 million average per Osano.
  • 68% of breaches cost over $1 million per IBM 2023.
  • HIPAA fines reached $6.8 million average for large breaches per HHS.
  • 77% of CISOs report compliance as top priority per Deloitte.
  • Post-breach notification costs $0.31-$5.64 per record per Ponemon.
  • SOX compliance costs $2.3 million annually for public cos per FEI.
  • 41% of orgs fined for non-compliance in 2023 per Risk Based Security.
  • Detection costs 31% of total breach expenses per IBM.
  • PCI DSS non-compliance fines up to $100k/month per Visa.
  • 55% budget increase for compliance post-GDPR per IAPP.
  • Notification within 72 hours required by GDPR, 83% comply per IAPP.
  • Average litigation cost $1.6 million per breach per IBM.
  • 96 countries have data protection laws per UNCTAD 2023.
  • Fines represent 10% of breach costs on average per IBM.
  • 62% of CISOs worried about regulatory changes per PwC.
  • Remediation costs $1.58 million average per IBM 2023.
  • 45% of breaches led to regulatory investigations per Verizon.
  • EU fines for cookies consent €20 million+ per CNIL.

Compliance and Costs Interpretation

The data screams that while compliance has become a costly and all-consuming corporate obsession, the true financial hemorrhage lies in the breach itself, where fines are merely the splashy headline atop a deep, expensive pool of detection, notification, litigation, and remediation.

Cyber Threats

  • DDoS attacks rose 500% in 2023 per Cloudflare.
  • 2,365 DDoS attacks per day on average in 2023 per Cloudflare.
  • Ransomware payments averaged $1.54 million in 2023 per Sophos.
  • 75% of organizations hit by ransomware in 2023 per Sophos State of Ransomware.
  • Phishing attacks increased 58% in 2023 per Proofpoint.
  • 300,000 new malware samples daily in 2023 per AV-TEST.
  • 91% of cyberattacks start with phishing email per State of the Phish 2023.
  • IoT devices targeted in 30% more attacks in 2023 per SonicWall.
  • Cryptojacking incidents up 89% in 2023 per SonicWall.
  • 5.3 billion phishing emails sent daily per Keepnet.
  • Zero-day exploits used in 25% of attacks per Google TAG 2023.
  • Mobile malware up 17% to 6.52 million samples in 2023 per Kaspersky.
  • Supply chain attacks doubled to 125 incidents in 2023 per CISA.
  • 97% of businesses experienced phishing attempts in 2023 per Barracuda.
  • BEC scams caused $2.9 billion losses in 2023 per FBI IC3.
  • 1 in 10 organizations faced nation-state attacks in 2023 per CrowdStrike.
  • Deepfake incidents rose 550% in 2023 per Sumsub.
  • 80% of breaches involved brute force or credential stuffing per Akamai.
  • Android malware grew 8% to 5.52 million in 2023 per Check Point.
  • 4.2 million attacks on healthcare in 2023 per Orca Security.
  • MFA fatigue attacks up 346% in 2023 per Proofpoint.
  • 68% of organizations hit by supply chain compromise per ENISA 2023.
  • Botnets launched 7.9 billion attacks in 2023 per Imperva.
  • 99% of firewalls vulnerable to attacks per Automox study.
  • 83% increase in vishing attacks in 2023 per KnowBe4.
  • 2.9 million phishing sites blocked in 2023 per APWG.
  • 76% of CISOs fear AI-powered attacks per ISC2 survey.
  • Quantum computing threats to encryption by 2030 per NIST.

Cyber Threats Interpretation

If you feel overwhelmed by the fact that nearly every cyber threat imaginable skyrocketed last year, you’re not paranoid—you’re just paying attention.

Data Breaches

  • The average cost of a data breach in 2023 reached $4.45 million, marking a 15% increase over the past three years according to IBM's Cost of a Data Breach Report.
  • In 2023, 82% of organizations experienced at least one data breach, up from 76% in 2022 per Verizon's DBIR.
  • Healthcare data breaches cost an average of $10.93 million in 2023, the highest among industries per IBM.
  • Over 5,000 data breaches were reported in the US in 2023 by Identity Theft Resource Center.
  • 74% of breaches involved a human element like phishing per Verizon DBIR 2023.
  • The global average time to identify and contain a breach was 277 days in 2023 per IBM.
  • Ransomware attacks caused 20% of breaches in 2023 according to Verizon.
  • 83% of breaches involved external actors per Verizon DBIR 2023.
  • Financial services breaches averaged $5.9 million in costs per IBM 2023 report.
  • 16,000+ US data records exposed per day on average in 2022 per ITRC.
  • 95% of cybersecurity issues due to human error per Stanford University study.
  • Equifax breach exposed 147 million records in 2017 per FTC report.
  • 88% of organizations faced ransomware in 2023 per Sophos survey.
  • Average breach cost in retail sector was $3.37 million in 2023 per IBM.
  • 2.6 billion personal records exposed in breaches in first half of 2023 per Surfshark.
  • 43% of breaches exploited stolen credentials per Verizon 2023.
  • Public cloud breaches cost $4.75 million on average per IBM 2023.
  • 28% increase in supply chain breaches in 2023 per Verizon.
  • Marriott breach in 2018 exposed 500 million guest records per company disclosure.
  • 99% of breaches involved AWS S3 misconfigurations in some cases per UpGuard.
  • Phishing was initial access in 44% of breaches per Verizon DBIR 2023.
  • Average cost of insider-related breach was $4.9 million per IBM 2023.
  • 1,800+ health records breaches in 2023 per HHS.
  • Capital One breach exposed 100 million records in 2019 per company.
  • 60% of small businesses fail after cyber attack per US National Cyber Security Centre.
  • Lost business costs 36% of total breach cost per IBM 2023.
  • 22 billion records leaked in 2023 per LeakCheck database.
  • System intrusion pattern in 29% of breaches per Verizon 2023.
  • Average detection time for breaches dropped to 204 days for AI users per IBM.
  • MOVEit breaches affected 62 million individuals in 2023 per HHS.

Data Breaches Interpretation

If the price of complacency feels steep at $4.45 million per breach, remember that the real cost is a human-shaped hole in your defenses, through which most attacks patiently walk while your data leisurely bleeds out for 277 days.

Future Trends

  • AI threats awareness low at 24% per ISC2.
  • Quantum threats to RSA by 2035 per IBM.
  • 5G attacks expected to rise 300% per GSMA.
  • 85% of firms plan zero-trust by 2025 per Forrester.
  • AI-driven attacks to dominate 75% by 2025 per Gartner.
  • Ransomware-as-a-Service to grow 50% yearly per Chainalysis.
  • IoT devices to be 75 billion by 2025, 25% insecure per Statista.
  • Deepfake fraud to cost $40 billion by 2027 per Juniper.
  • Supply chain risks to affect 45% more orgs by 2025 per Gartner.
  • Post-quantum crypto standards finalized 2024 per NIST.
  • Cloud breaches to rise 150% by 2025 per Palo Alto.
  • 90% of new attacks use AI by 2025 per McAfee.
  • Metaverse security market to $100B by 2030 per MarketsandMarkets.
  • 6G to introduce new attack vectors by 2030 per Ericsson.
  • Biometric spoofing attacks up 200% by 2025 per ID R&D.
  • Edge computing vulnerabilities to triple per IDC.
  • 80% of enterprises adopt AI security by 2026 per IDC.
  • Cyber insurance premiums up 50% by 2025 per Marsh.
  • Autonomous vehicle hacks to rise per Upstream.
  • 50% of attacks unpatchable by 2025 per Black Duck.

Future Trends Interpretation

It seems we’re confidently sprinting toward a future where nearly everything is hackable, yet we’re largely unprepared and only mildly aware of the specific threats, which is an impressive feat of collective optimism.

Security Technologies

  • 64% encryption adoption rate in enterprises per nCipher survey.
  • Zero-trust implementations grew 50% in 2023 per Zscaler.
  • 94% of organizations use multi-factor authentication per Microsoft 2023.
  • AI-based threat detection reduced breach costs by $2.22 million per IBM.
  • 78% of companies use EDR tools per Ponemon 2023.
  • Endpoint encryption used by 89% of large enterprises per Thales.
  • Cloud security posture management adopted by 62% per Gartner.
  • 55% reduction in phishing success with DMARC per Valimail.
  • SIEM tools in 76% of SOCs per SANS Institute.
  • Passwordless authentication pilots in 35% of firms per Okta.
  • 92% effectiveness of behavioral analytics in fraud detection per Nuance.
  • DLP solutions prevented 87% of data exfiltration per Forcepoint.
  • 45% of orgs use SASE architecture per Cato Networks.
  • Quantum-safe encryption tested by 23% of enterprises per Entrust.
  • 81% use next-gen firewalls per Palo Alto Networks survey.
  • XDR platforms reduced MTTD by 55% per Gartner.
  • 67% deployed CASBs for SaaS security per Netskope.
  • Biometric auth success rate 99.9% vs passwords per Aware.
  • 70% incident reduction with SOAR per IBM study.
  • 88% use antivirus/EDR on endpoints per Sophos.
  • Blockchain for data integrity adopted by 15% per Deloitte.

Security Technologies Interpretation

While enterprises are commendably bolting the doors with widespread encryption and multi-factor authentication, the fact that less than a quarter have even tested quantum-safe crypto reveals we're still alarmingly busy winning yesterday's security battles while the future's threats are already at the gate.

User Awareness and Training

  • 87% of employees failed phishing test per Proofpoint.
  • 95% of breaches involve human error per Cybint.
  • Only 26% of employees receive regular security training per SANS.
  • Phishing simulation training reduces clicks by 90% per KnowBe4.
  • 74% of breaches from social engineering per Verizon DBIR.
  • 22% of users share passwords per LastPass study.
  • Security awareness training ROI 300% per ROI Institute.
  • 91% of attacks via email per Google.
  • Only 52% report phishing attempts per Proofpoint.
  • Password reuse by 59% of users per NordPass.
  • Training reduced incidents by 70% per NIST study.
  • Awareness programs cut costs by $1.2M per breach per IBM.
  • Remote workers 3x more likely phished per Verizon.
  • 82% don't recognize spear-phishing per Proofpoint.
  • Gamified training improves retention 90% per Terranova.
  • 68% use same password across sites per Dashlane.
  • 47% of employees bypass security policies per Varonis.
  • Annual training mandatory for 65% compliance per ISACA.
  • Social media phishing fools 65% per Wombat Security.
  • 85% awareness gap in SMEs per CybSafe.
  • MFA ignored by 30% despite training per Microsoft.
  • 40% don't update software per Keeper Security.
  • Training ROI up to 4.8x per Aberdeen Group.
  • 96% success in bypassing MFA via social engineering per Microsoft.
  • 57% of millennials share credentials per Deloitte.
  • Only 29% trained quarterly per Gartner.
  • USB drop attacks succeed 45% without training per Infosec.
  • 70% reduction in errors post-training per Keepnet.

User Awareness and Training Interpretation

We're patching servers with the vigilance of elite commandos while leaving the front door propped open with a sticky note that says "Password123," because our most sophisticated threat vector remains the magnificently distractible human being.

Sources & References

Logos provided by Logo.dev