Written By: Security.org Team | Published: May 25, 2020

As businesses collect more data on consumers than ever, high profile data breaches have become common. A single data breach can expose hundreds of millions of records, cost millions of dollars and drag on for years. Businesses and consumers both continue to increase spending on data security, or the protection of digital information. Cyber criminals then change and update their tactics to thwart new security measures.

A patchwork of various state laws and industry standards attempt to protect consumers and hold businesses accountable for the data they collect, but the majority of people worry about the security of their data online. Cyber crime is the fastest growing type of crime around the world and shows no signs of slowing down as it continues to be highly lucrative for the perpetrators, costing the world up to $6 trillion annually1.


Data breaches of businesses

There were more than 3,800 publicly disclosed breaches in the first six months of 2019 exposing 4.1 billion compromised records2. This is a 54% increase over the first six months of 2018.

68% of businesses believe their cybersecurity risks are increasing3.

Employees of smaller organizations were more likely to be hit by email threats—including spam, phishing, and email malware—than those in large organizations in 20184.

The financial services sector was targeted in over 25% of all malware attacks in 2018, more than any other industry tracked5.

Because small businesses are often less protected than large companies, 43% of data breaches in 2019 involved small business victims6.

Cybercrimes against consumers

In 2018, 16,128 cases of online identity theft were reported to the U.S. Internet Crime Complaint Center7.

Formjacking, where criminals steal credit card data from ecommerce sites, is up with 4,818 websites compromised every month8.

Over 60 percent of people surveyed reported falling victim to some kind of hack, scam, or financial information theft9.

There was a 43% increase in social media fraud attacks in 20189.

What precautions do businesses and people take

49% of security decision makers said their cloud security manpower is inadequate to deal with all incoming alerts. Cloud apps are being deployed faster than companies can keep up10.

Security intelligence and threat sharing yield the highest amount of savings for organizations and 67% of organizations report using this3.

Implementing an incident response team and having an incident response plan reduced costs up to $360,000 per breach11.

Worldwide spending on information security products and services will reach more than $114 billion in 2018, an increase of 12.4 percent from last year12.

Two-factor authentication is an important way to protect personal information, but only 28% of adults can identify an example of it13.

Ad-blocking software is used on more than 600 million devices around the world, and incognito browsers are used by more than 40 percent of internet users globally14.

Many Americans do not follow recommended digital privacy practices, including using a VPN (24 percent), always or rarely using a different password (53 percent), disabling cookies or using a private browser (22 percent) or disabling geolocation data (23 percent)9.

How much money do data breaches cost

The US is the most expensive country in the world to have a data breach with an average cost of a data breach being $8.19M. The worldwide average is $3.9M11.

The healthcare industry carries the highest average cost for a data breach11.

Malware is the most expensive attack type for organizations. The cost of malware attacks has increased by 11%3.

Information loss is the greatest cost of a cyber attack above business disruption, revenue loss and equipment damage3.

It takes an average of 279 days to identify and contain a data breach11.

Data protection laws

There is no single federal level privacy and security legislation in the US, but rather hundreds of laws at both the federal and state level designed to protect the data of US citizens. The FTC can enforce protections for consumers.

There are many laws specific to an industry such as HIPPA for healthcare and the Gramm- Leach-Bliley Act for banking.

The EU’s General Data Protection Regulation (GDPR) became enforceable on May 25, 2018. Those companies who are close to or have reached compliance with GDPR have fewer data breaches and lower overall costs per breach than companies who aren’t close, showing benefits for spending on investment in privacy15.

In 2018 California adopted one of toughest privacy laws of any state with the Consumer Privacy Act. It introduced new obligations for businesses to disclose information about data collection, and protections for consumers that include a right to delete personal information and a right to opt out of having their information sold16.