Written By: Security.org Team | Updated: May 10, 2021

As businesses collect more data on consumers than ever, high-profile data breaches have become common. A single data breach can expose hundreds of millions of records, cost millions of dollars and drag on for years. Both businesses and consumers both continue to increase spending on data security or the protection of digital information. Cybercriminals then change and update their tactics to thwart new security measures.

A patchwork of various state data protection laws and industry standards attempts to protect consumers and hold businesses accountable for the data they collect, but the majority of people worry about the security of their data online. Cybercrime is the fastest-growing type of crime around the world and shows no signs of slowing down as it continues to be highly lucrative for the perpetrators - cybercrime is estimated to cost the world an annual $10.5 trillion by 20251. And unfortunately, the coronavirus pandemic has exacerbated the amount of cybercrime that has happened. According to our article on COVID-19 cybercrimes, the Federal Trade Commission (FTC) saw a large spike in reported scams during 2020, peaking in May with 1,479 reports on a single day.

Contents

Data Breaches of Businesses

  • From 2019 to 2020, the number of data breaches actually decreased from 1,473 to 1,0012.
  • The largest data breach occurred in 2013. Yahoo’s data breach exposed the records of 3 billion user accounts3.
  • In 2020, 524 organizations were breached in 17 different countries and 17 different industries, according to IBM4.

Cybercrimes Committed Against Consumers

  • Account takeovers increased by 250 percent from 2019 to 2020, according to account takeover research from Security.org and digital security company Deduce. Learn more in our account takeover guide.
  • According to our research on the personal antivirus market, half of U.S. adults have had a computer virus or malware on their computer.
  • Nearly 1 in 10 personal computer viruses occurred from February 2020 to February 2021. Read more in our antivirus guide.
  • Forty-nine percent of VPN users employ the software for general security, the most common reason for using a VPN according to our VPN usage research.

What Precautions Do Businesses and People Take?

  • Twenty-four percent of VPN users use them for business purposes only, while another 15 percent use them for both business and personal reasons, according to our VPN consumer research.
  • In the next six months, 22 percent of U.S adults said that they plan to buy a VPN service, if a business and/or personal need arises.
  • Seventy-four percent of U.S. parents of children ages 10 to 18 monitor their child’s or children’s online activity, according to our cyberbullying research.
  • Our research on child identity theft found that, in order to protect their child’s identity, parents have taken preventive measures such as:
    • Shredding documents with sensitive information about their child’s identity: 56 percent
    • Storing documents and electronic records with sensitive information about their child’s identity in a secure page: 52 percent
    • Only providing their child’s Social Security number when it’s necessary: 58 percent
    • Inspecting and reviewing their child’s education records: 17 percent
    • Requesting that their child’s school not disclose any of their directory information: 21 percent
    • Limiting information posted about their child on social media: 42 percent
  • Eighty-two percent of U.S. adults use antivirus software, or 45 million households total.

How Much Money Do Data Breaches Cost Individuals and Organizations?

  • For the average account takeover victim, the loss was nearly $12,000, our research found.
  • For organizations in 2020, the average cost of a data breach was $3.86 million.
  • On average, it took 280 days for organizations to identify and contain data breaches in 2020.

Data Protection Laws

  • Forty-seven U.S. states have nonexistent or consumer data privacy laws. However, bills are pending in 16 states, six states have study committees or task forces, and just three states have modern data privacy regulations.
  • There is no single federal level privacy and security legislation in the US, but rather hundreds of laws at both the federal and state level designed to protect the data of US citizens. The FTC can enforce protections for consumers.
  • There are many laws specific to an industry such as HIPPA for healthcare and the Gramm- Leach-Bliley Act for banking.
  • The EU’s General Data Protection Regulation (GDPR) became enforceable on May 25, 2018. Those companies who are close to or have reached compliance with GDPR have fewer data breaches and lower overall costs per breach than companies who aren’t close, showing benefits for spending on investment in privacy5.
  • In 2018, California adopted one of toughest privacy laws of any state with the Consumer Privacy Act. It introduced new obligations for businesses to disclose information about data collection and protections for consumers that include a right to delete personal information and a right to opt out of having their information sold6.