Data Security:
25 Important Facts & Statistics

Written By: Team | Updated: August 24, 2023

Businesses collect more data than ever these days, and one of the unfortunate side effects of that is the sharp increase in high-profile data breaches. Criminals know there’s a trove of data that includes personal and payment information in businesses’ records, and they are trying to profit off of that.

Despite the increased spending on data security and a patchwork of various state data protection laws, cybercrime is the fastest-growing type of crime today. It shows no sign of slowing down as it continues to be lucrative for perpetrators – cybercrime is estimated to cost the world an annual $10.5 trillion by 20251.

On this page, we’ll look at 25 important facts and statistics about data security – what crimes are committed, how much they affect businesses and individuals, and what businesses are doing about it.


Data Breaches of Businesses

  • There was a sharp incline of data breach incidents between 2022 and 2023. From 1,802 data compromises in 2022, it rose to 3,205 in 2023, marking a 78 percent increase.2
  • The single largest data breach to date occurred in 2013. Yahoo’s data breach exposed the records of 3 billion user accounts.3 However, in January 2024, security analysts discovered a breach that affected high-profile companies like X, MySpace, LinkedIn, Adobe, and more. It was dubbed the Mother of All Breaches (MOAB) due to it having 26 billion records.
  • In 2020, 524 organizations were breached in 17 different countries and 17 different industries, according to IBM.4

Cybercrimes Committed Against Consumers

What Precautions Do Businesses and People Take?

  • Twenty-four percent of VPN users use them for business purposes only, while another 15 percent use them for both business and personal reasons, according to our VPN consumer research.
  • In the next six months, 22 percent of U.S adults said that they plan to buy a VPN service, if a business and/or personal need arises.
  • Seventy-four percent of U.S. parents of children ages 10 to 18 monitor their child’s or children’s online activity, according to our cyberbullying research.
  • Our research on child identity theft found that, in order to protect their child’s identity, parents have taken preventive measures:
    • 58 percent only provide their child’s Social Security Number when absolutely necessary.
    • 56 percent shred documents with sensitive information about their child’s identity.
    • 52 percent store documents and electronic records about their child’s identity in a secure digital file storage.
    • 42 percent limit information they post on social media about their child.
    • 21 percent request that their child’s school do not disclose any of their directory information.
    • 17 percent inspect and review their child’s education records.
  • Eighty-two percent of U.S. adults use antivirus software, or 45 million households total.

How Much Money Do Data Breaches Cost Individuals and Organizations?

  • For the average account takeover victim, the loss was nearly $12,000, our research found.
  • For organizations, the average cost of a data breach was $3.86 million.
  • On average, it took 280 days for organizations to identify and contain data breaches.


Data Protection Laws

  • Forty-seven U.S. states have nonexistent consumer data privacy laws. However, bills are pending in 16 states, six states have study committees or task forces, and just three states have modern data privacy regulations.
  • There is no single federal level privacy and security legislation in the US, but rather hundreds of laws at both the federal and state level designed to protect the data of US citizens. The FTC can enforce protections for consumers.
  • There are many laws specific to an industry such as HIPPA for healthcare and the Gramm- Leach-Bliley Act for banking.
  • The EU’s General Data Protection Regulation (GDPR) became enforceable on May 25, 2018. Those companies who are close to or have reached compliance with GDPR have fewer data breaches and lower overall costs per breach than companies who aren’t close, showing benefits for spending on investment in privacy5.
  • In 2018, California adopted one of toughest privacy laws of any state with the Consumer Privacy Act. It introduced new obligations for businesses to disclose information about data collection and protections for consumers that include a right to delete personal information and a right to opt out of having their information sold6.