Understanding the current threat landscape is not just a risk management exercise — it's a strategic imperative for organizations to safeguard their information assets and maintain customer trust.

Drawing from the latest research reports from authorities including IBM, Verizon, the Ponemon Institute, and the Identity Theft Resource Center, this post shares a comprehensive collection of up-to-date and trusted statistics to help organizations get a complete picture of the current threat landscape and the implications for their cybersecurity strategy.

Key findings

Here are some of the most significant data breach statistics pulled from the list below:

• The number of publicly reported data compromises increased by 78% in 2023 compared to 2022. 
• The average cost of a data breach reached an all-time high in 2023 of $4.45 million, a 15.3% increase from 2020.
• It takes organizations an average of 204 days to identify a data breach and 73 days to contain it.
• Breach notification costs rose to $370k in 2023, a 19.4% increase over 2022.
• Cyberattacks using stolen or compromised credentials increased 71% year-over-year. 
• 74% of all breaches include the human element. 
• 12% of employees took sensitive IP with them when they left an organization, including customer data, employee data, health records, and sales contracts. 
• 98% of organizations have at least one third-party vendor that has suffered a data breach.
• 61% of organizations use some level of security AI and automation.

Must-know data breach statistics and trends for 2024

Dive into the critical numbers and emerging patterns shaping the cybersecurity domain in 2024. 

1. 2023 saw 3,205 publicly reported data compromises that impacted an estimated 353,027,892 individuals. That’s a 78% increase over 2022. (Identity Theft Resource Center, 2023)

2. 45% of Americans have had their personal information compromised by a data breach in the last five years. (RSA, 2023)

3. 82% of data breaches involve data stored in the cloud. 39% of breaches span multiple environments and incur a higher-than-average data breach cost of $4.75 million. (IBM, 2023)

4. 52% of all breaches involved some form of customer PII, an increase of 5% compared to 2022. (IBM, 2023)

5. 40% of all records compromised involved employee PII, up from 26% in 2022. (IBM, 2023)

6. 86% of data breaches involve the use of stolen credentials. (Verizon, 2023)

7. Compromises involving sensitive personal information remain the most common type of data breach in 2023. (Identity Theft Resource Center, 2023)

8. In the 12 months between September 2022 and September 2023, there were over 4,608 data breaches reported in the US, with over 5 billion affected records (5,283,133,090). (Privacy Rights Clearinghouse, 2023)

9. 32% of cyber incidents involved data theft and leak, indicating more attackers favor stealing and selling data over encrypting it for extortion. IBM X-Force, 2024) 

10. 2023 saw (Identity Theft Resource Center, 2023): 

• 3,122 data breaches (349,221,481 victims)
• 25 data exposures (960,700 victims)
• 2 data leaks (2,696,728 victims)
• 56 unknown compromises (148,984 victims)

11. 40% of breaches were identified by a benign third party or outsider, compared to 33% which were identified by internal teams and tools. 27% of breaches were disclosed by the attacker as part of a ransomware attack. (IBM, 2023)

12. T-Mobile recorded the largest data compromise of 2023, with an estimated 37 million victims impacted. (Identity Theft Resource Center, 2023):

The financial impact of data breaches in 2024

Data breaches carry a hefty price tag, from regulatory fines to reputational damage. This section dives into the hidden costs that can ripple through businesses for years.

13. The average cost of a data breach reached an all-time high in 2023 of $4.45 million, a 15.3% increase from 2020. (IBM, 2023)

14. Organizations with fewer than 500 employees reported that the average impact of a data breach increased from $2.92 million to $3.31 million — a 13.4% increase. (IBM, 2023)

15. In 2023, customer PII such as names and Social Security numbers cost organizations $183 per record. Employee PII cost $181 per record. (IBM, 2023)

16. Data breaches with identification and containment times under 200 days cost organizations $3.93M. Those over 200 days cost $4.95M—a difference of 23%. (IBM, 2023)

17. Detection and escalation costs, such as forensic and investigative activities, assessment and audit services, and crisis management, rose from $1.44 million in 2022 to $1.58 million in 2023, an increase of 9.7%. (IBM, 2023)

18. Breach notification costs rose to $370k in 2023, a 19.4% increase over 2022. (IBM, 2023)

19. Shorter data breach lifecycles (fewer than 200 days) were associated with 23% cost savings ($1.02 M). (IBM, 2023)

20. The average cost of a data breach for organizations with high levels of security skills shortage was $5.36 million — a 20% increase over the average. (IBM, 2023)

21. The three factors most likely to increase the cost of a data breach are: (IBM, 2023)

• Security skills shortage
• Security system complexity
• Noncompliance with regulations 

The three factors most likely to decrease the cost of a data breach are: 

• DevSecOps approach
• IR planning and testing
• Employee training 

22. 20% of organizations that experienced a data breach paid $250k or more in regulatory fines. (IBM, 2023)

23. The average total cost of a mega breach (50-60 million records) was $332 million. (IBM, 2023)

Data breach statistics by industry and geography

Not all fields and regions are affected equally by data breaches. This section dives into the areas that are hardest hit by data breaches and most targeted by threat actors. 

24. Manufacturing was the most affected industry in 2023, accounting for over 25% of attacks. (IBM X-Force, 2024)

25. Number of Compromises by Industry, 2023: (Identity Theft Resource Center, 2023) 

• Healthcare: 809 compromises
• Financial Services: 744 compromises
• Professional Services: 308 compromises
• Manufacturing: 259 compromises
• Education: 173 compromises

26. Healthcare data breach costs have increased 53.3% since 2020, with an average cost of $10.93 million in 2023. (IBM, 2023)

27. Europe was the most affected region, accounting for 32% of global cyberattacks in 2023. (IBM X-Force, 2024)

28. The US experienced the highest average total cost of a data breach for the 13th year in a row. (IBM, 2023)

Understanding the threat: Top attack vectors

This section delves into the predominant attack vectors of 2024, providing insights into the tactics and techniques that cyber adversaries favor today.

29. Cyberattacks using stolen or compromised credentials increased 71% year-over-year. (IBM X-Force, 2024) 

30. Security misconfigurations make up 30% of web application vulnerabilities identified by IBM X-Force penetration tests. Of these misconfigurations, top offenses include allowing concurrent user sessions within the application. (IBM X-Force, 2024) 

31. 32% of incidents that IBM X-Force responded to in 2023 were cases where legitimate tools were used for malicious purposes, such as credential theft, reconnaissance, remote access, or data exfiltration. IBM X-Force, 2024) 

32. Security misconfigurations were the top web application security risks identified by OWASP in 2023. (IBM X-Force, 2024)

33. Extortion incidents more than doubled in 2023, and the share of all incidents that were extortion increased from 21% in 2022 to 24% in 2023. (IBM X-Force, 2024)

34. External actors were responsible for 83% of breaches, while internal ones account for 19%. (Verizon, 2023)

35. In 2023, the volume of interactive intrusion activity against the financial services industry increased by over 80%. (CrowdStrike, 2023)

36. 2023 saw a 160% increase in attempts to gather secret keys and other credential materials via cloud instance metadata/APIs. (CrowdStrike, 2023)

37. Remote Monitoring and Management tools were used in approximately 14% of all intrusions in 2023, and the volume of intrusions where RMM tools were leveraged by threat actors increased by 312% year over year. (CrowdStrike, 2023)

38. Top attack vectors in 2023: (Identity Theft Resource Center, 2023):

• Cyberattacks: 2,365 breaches
• System and human error: 729 breaches/exposures
• Physical attacks: 53 breaches/exposures
• Supply chain attacks: 242 breaches/exposures

39. Top cyberattack vectors in 2023: (Identity Theft Resource Center, 2023)

• 18.5% Phishing/Smishing/BEC
• 10.4% Ransomware
• 4.9% Malware
• 4.6% Zero-Day Attack
• 1.2% Credential Stuffing
• 0.5% Non-Secured Cloud Environment
• 1.2% - Other
• 58% - Not Answered 

40. Malware deployment was the most common action threat actors took against victim networks, occurring in 43% of all reported incidents. Most common threat actions on objectives: (IBM X-Force, 2024)

• Ransomware
• Credential theft
• Data exfiltration
• Remote access
• Recon and scanning
• Backdoor
• Cryptomizer
• Infostealer
• Loader
• Bot
• Other
• Downloader
• Webshell
• Worm

The human factor: Social engineering breach statistics

This section examines the statistics behind social engineering attacks, shedding light on how deception and psychological manipulation continue to be effective tools for cybercriminals.

41. The average cost of a ransomware attack in 2023 was $5.13 million — a 13% increase over 2022. (IBM, 2023)

42. 63% of organizations affected by a ransomware attack involved law enforcement. The 37% that didn’t ultimately paid 9.6% ($470k) more and experienced a 33-day longer breach lifecycle. (IBM, 2023)

43. More than 50% of BEC victims were able to recover at least 82% of their stolen money. (Verizon, 2023)

44. Business Email Compromise (BEC) attacks now represent more than 50% of social engineering incidents. (Verizon, 2023)

45. Social Engineering incidents have increased from the previous year largely due to the use of Pretexting, which is commonly used in BEC, almost doubled since last year. Compounding the frequency of these attacks, the median amount stolen from these attacks has also increased to $50,000. (Verizon, 2023)

46. 2022 saw 1,700 incidents of social engineering attacks, 928 (54.5%) with confirmed data disclosure. This accounts for 17% of data breaches. Data compromised includes credentials (76%), internal data (28%), other (27%), and personal data (26%). (Verizon, 2023)

47. Phishing makes up 44% of all social engineering incidents. (Verizon, 2023)

48. Nearly 15% of all incident response engagements involve a malware infection, not including ransomware. (Deepwatch ATI, 2024)

49. In 2023, the top three most reported malware were Cobalt Strike, MimiKatz, and Qakbot. (Deepwatch ATI, 2024)

50. Although still one of the most common attack vectors (tied for first place with valid accounts), phishing incidents decreased by 44% in 2023 compared to 2022. (IBM X-Force, 2024) 

51. Phishing was the initial attack vector in 16% of all data breaches. (IBM, 2023)

52. The three primary ways in which attackers access an organization are stolen credentials, phishing, and exploitation of vulnerabilities. (Verizon, 2023)

53. 24% of all attacks involve ransomware. (IBM, 2023)

The impact of insider threats

Explore the extent and nuances of insider threats, from accidental data leaks to malicious insider actions, and the significant challenges they pose to organizational security.

54. 74% of all breaches include the human element, with people being involved either via Error, Privilege Misuse, Use of stolen credentials, or Social Engineering. (Verizon, 2023)

55. Most common types of human error: (Verizon, 2023)

• Misdelivery (sending something to the wrong recipient): 43% of error-related breaches
• Publishing errors (showing something to the wrong audience): 23% of error-related breaches
• Misconfiguration: 21% of error-related breaches 

56. 12% of employees took sensitive IP with them when they left an organization, including customer data, employee data, health records, sales contracts, and more. This 12% statistic does not account for non-sensitive IP (such as presentations and templates) employees take when they leave an organization, which is believed to be more than half of all departing employees. (DTEX, 2023)

57. Unsanctioned third-party work on corporate devices increased by nearly 200%, and unsanctioned application usage increased by 55%. (DTEX, 2023)

58. 2022 saw a 35% increase in data theft incidents caused by employees leaving companies. (DTEX, 2023)

59. The average annual cost of insider-led cyber incidents is $16.2 million. (Ponemon Institute, 2023) 

60. Insider incidents take an average of 85 days to contain. (Ponemon Institute, 2023)

61. In 2023, the total average annual cost of an insider risk increased to $16.2 million per organization while the average number of days to contain an incident stretched to 86 (up from $15.4 million and 85 days in 2022, respectively). (Ponemon Institute, 2023)

62. The number of insider incidents in 2023 increased by nearly 8% in 2023. 

63. Containment and remediation are the most expensive costs associated with insider risks, at an average of $179k and $125k per incident, respectively. (Ponemon Institute, 2023)

64. Non-malicious insiders account for 75% of incidents, from either: (Ponemon Institute, 2023)

• Negligent or mistaken insiders: 55%
• Outsmarted insiders who were exploited by an external attack or adversary: 20%
• Malicious insider incidents: 25%

65. 88% of organizations devoted less than 10% of their IT security budget to insider risk management. 46% of organizations plan to increase investment in insider risk programs in 2024. (Ponemon Institute, 2023)

66. 64% of organizations believe AI and ML is essential for managing insider risks. (Ponemon Institute, 2023)

67. 77% of organizations have started or are planning to start an insider risk program. (Ponemon Institute, 2023)

68. Organizations that took more than 91 days to respond to an insider incident had costs exceeding $18.3 million. (Ponemon Institute, 2023)

69. Only 10% of insider risk management budget was spent on pre-incident activity such as monitoring and surveillance. The remaining 90% was spent on post-incident activities such as containment, remediation, investigation, and incident response. (Ponemon Institute, 2023)

70. Internal departments most commonly responsible for insider risk management: (Ponemon Institute, 2023)

• Legal: 34%
• IT: 23%
• Risk and compliance: 21%
• IT security: 6%
• No single function is most responsible: 7%

71. 2023 saw 4,019 insider incidents related to employee negligence or mistakes, equating to 55% of all incidents experienced by organizations represented in Ponemon research, costing an average $505,113 per incident. (Ponemon Institute, 2023)

72. Average annual remediation costs for insider threats in 2023 rose to $7.2 million, up from $6.6 million in 2022. (Ponemon Institute, 2023)

73. Credential theft incidents average $679,621 per incident. (Ponemon Institute, 2023)

74. 71% of companies are experiencing between 21-40+ insider incidents per year. (Ponemon Institute, 2023)

75. Large enterprises with more than 75k employees spent an average of $25.6 million in 2023 to resolve insider-related incidents. Smaller organizations with fewer than 500 employees spent an average of $8 million. (Ponemon Institute, 2023)

76. Data compromises related to system and human errors more than tripled in 2023, led by a 590% increase in data being exposed in emails and correspondence. (Identity Theft Resource Center, 2023)

Third-party data breach statistics

The interconnected nature of modern business means that a breach outside your walls can still spell disaster. Here, we look at the ripple effect of third-party breaches across the supply chain.

77. 98% of organizations have at least one third-party vendor that has suffered a data breach. (SecurityScorecard)

78. 15% of organizations identified a supply chain compromise as the source of a data breach in 2023. (IBM, 2023)

79. Business partner supply chain compromises cost 11.8% more and took 12.8% longer to identify and contain than other types of data breaches. (IBM, 2023)

80. 82% of organizations have experienced one or more third-party data breaches, costing an average of $7.5 million to remediate. (CyberCGX and Ponemon Institute, 2019)

81. Only 36% of surveyed organizations say they are highly effective in vetting third parties’ security capabilities. (CyberCGX and Ponemon Institute, 2019)

82. Only 24% of respondents say their organizations are proactive in improving the third party’s security measures through collaboration. Almost half (47% of respondents) say their organizations request—but do not require— mitigation. (CyberCGX and Ponemon Institute, 2019)

83. The average company shares confidential information with 583 third-party vendors  — and 82% of companies provide those third parties with access to their sensitive data (Ponemon Institute, 2018, and Wiz Research)

Data breach response statistics

A fast, effective response can significantly reduce the cost and impact of a data breach. This section assesses how organizations are currently responding to breaches, including response times, breach notifications, and areas for improvement.

84. It takes organizations an average of 204 days to identify a data breach and 73 days to contain it. (IBM, 2023)

85. 57% of responding organizations indicated that data breaches led to an increase in the pricing of their business offerings, passing on costs to consumers. (IBM, 2023)

86. 51% of organizations increased security spending following a data breach. Of those organizations, 50% increased investment in IR planning and testing, and 46% increased investment in employee training. (IBM, 2023)

87. More than 9% of publicly traded US companies issued a data breach notice in 2023, impacting approximately 143 million victims. (Identity Theft Resource Center, 2023)

88. Public companies withheld information about the root cause of the attack in 47% of breach notices — a 98% increase over 2022. (Identity Theft Resource Center, 2023)

89. Since 2020, the percentage of breach notices with actionable information that can help companies and individuals take precautions against cyberattacks has dropped from 100% to 54%. (Identity Theft Resource Center, 2023)

New challenges: AI and emerging threats

With innovation comes new risks. This section examines how advancements in AI and other emerging technologies are reshaping the threat landscape

90. Analysis conducted by IBM X-Force indicates that once a single AI technology approaches 50% market share, or when the market consolidates to three or fewer technologies, the cybercriminal ecosystem will be incentivized to invest in developing tools and attack paths targeting AI technologies. (IBM X-Force, 2024) 

91. A human-crafted phishing email takes an average of 16 hours to create. AI can generate a deceptive phish in 5 minutes. (IBM X-Force, 2024)

92. While IBM X-Force hasn’t observed confirmed AI-engineered campaigns to date, it’s expected that cybercriminals will seek to leverage AI in their operations and, as illustrated by WormGPT and FraudGPT, they’re already exploring how. X-Force has observed AI and GPT mentioned in over 800,000 posts in illicit markets and dark web forums in 2023, as evidence of cybercriminals’ interest in the technology. (IBM X-Force, 2024)

93. 2023 saw a 266% increase in the use of infostealers, a type of malware used to steal sensitive information such as saved login credentials, session tokens, etc. (IBM X-Force, 2024) 

Building a strong defense: Proven mitigation tactics

Equipping yourself against cyber threats requires more than just awareness—it demands action. This section outlines proven strategies and best practices for building a resilient cybersecurity posture.

94. 84% of critical infrastructure incidents occurred where initial access vectors could have been mitigated with security best practices such as asset and patch management, credential hardening, and the principle of least privilege. (IBM X-Force, 2024) 

95. Organizations with high DevSecOps adoption saved USD 1.68 million compared to those with low or no adoption. Compared to other cost-mitigating factors, DevSecOps demonstrated the largest cost savings. (IBM, 2023)

96. Organizations with high levels of incident response planning and testing saw a data breach cost savings of $1.49M. (IBM, 2023)

97. Organizations with extensive use of security AI and automation identified and contained a data breach 108 days faster and saw cost savings of nearly $1.8 million compared to organizations with no use. (IBM, 2023)

98. 61% of organizations use some level of security AI and automation. (IBM, 2023)

99. Organizations using threat intelligence services identified breaches 28 days faster. (IBM, 2023)

100. Organizations that use robust risk-based analysis experienced 10% lower than average breach costs. (IBM, 2023)

101. Organizations with MSSPs experienced a 21% shorter breach lifecycle. (IBM, 2023)

Top 4 takeaways for organizations

With these compelling statistics in mind, we’ve distilled essential insights and actionable takeaways for organizations navigating this complex landscape.

1. Be prepared

In today's rapidly evolving threat landscape, where new vulnerabilities and sophisticated cyber-attacks are constantly emerging, organizations must adopt a proactive stance towards cybersecurity. Acknowledging that data breaches are a matter of when, not if is the first critical step in this direction. To be effectively prepared, organizations need to:

• Develop a comprehensive incident response plan: Your IRP should outline specific procedures for detecting, responding to, and recovering from security incidents. It should include clear communication channels, roles, and responsibilities for the incident response team, as well as guidelines for external communication with stakeholders and regulatory bodies.
• Conduct regular drills and simulations: Regularly scheduled drills and tabletop exercises are essential to ensure that the incident response team and all relevant staff are familiar with their roles in the event of a breach. Post-drill reviews and after-action reports should be used to refine and update the IRP and close any gaps identified.

2. Invest in proven mitigation tactics

To defend against the increasing sophistication of cyber threats, organizations must leverage proven security strategies and technologies:

• Adopt DevSecOps practices: Security considerations must be an integral part of the development process, rather than an afterthought. A DevSecOps approach is proven to help organizations identify and mitigate vulnerabilities early, reducing the risk of exploitation.
• Implement security AI and automation: Artificial Intelligence (AI) and automation technologies can significantly enhance your organization's ability to detect and respond to threats. Machine learning algorithms can analyze vast amounts of data to identify suspicious patterns that may indicate a breach, while automation can speed up response times, shrinking the window of opportunity for attackers.

3. Act now to mitigate insider threats

Insider threats, whether malicious or accidental, represent a significant risk to organizations. To mitigate these risks, organizations should:

• Strengthen security training programs: Regular, engaging, and comprehensive security awareness training is crucial to educate employees about the risks and their responsibilities in protecting sensitive information.
• Implement strict access controls: Enforce the principle of least privilege, granting employees access only to the information and resources necessary for their job functions. Regular audits and reviews of access rights can prevent privilege creep and reduce the risk of insider threats.
• Secure onboarding and offboarding processes: Ensuring that employees have access to necessary resources from day one and that access is promptly revoked upon termination or role change is critical in mitigating insider threats.

4. Prioritize third-party risk management

As organizations increasingly rely on vendors and third-party service providers, the risk posed by these external entities cannot be overlooked. Organizations need to:

• Conduct thorough due diligence: Before onboarding new vendors, organizations should assess their security practices through detailed security questionnaires. Request information about their data handling practices, regulatory and security compliance status, and their own incident response capabilities.
• Implement continuous monitoring: Establish mechanisms for ongoing monitoring of third-party compliance with security standards and contractual obligations. This can include regular security assessments, audits, and reviews of third-party incident response plans.
• Create a vendor management policy: Develop a comprehensive vendor management policy that outlines the standards and expectations for all third-party service providers. This policy should include requirements for transparency, reporting, and cooperation in the event of a data breach.

By proactively addressing these risks, organizations can significantly improve their resilience against data breaches, minimize potential damage, and recover faster in the event of an incident.

Protect against data breaches with security automation and AI

Security automation and AI are reshaping the way organizations defend against data breaches and cyber threats. Tools like Secureframe offer the visibility, efficiency, and innovative capabilities organizations need to fully understand their risk profile, build an effective security posture, and improve organizational resilience. 

Secureframe’s GRC automation platform empowers organizations with:

• Continuous monitoring: Secureframe continuously monitors your security posture, flags misconfigurations and failing controls, and offers tailored remediation guidance. Ensure your organization stays secure as it scales and new threats emerge. 
• AI capabilities: Harness the power of artificial intelligence and machine learning to assess and treat risk, remediate vulnerabilities, and automate manual processes prone to human error. 
• Vendor risk management: Secureframe simplifies third-party risk management by automating vendor assessments and monitoring vendor compliance status. This is crucial for ensuring security across your entire ecosystem and protecting your organization from costly third-party breaches. 
• Personnel management and training: Automate employee onboarding and offboarding to ensure secure processes at every step. Our platform also includes proprietary training for employees to understand information security best practices. Educated employees are less likely to cause data breaches and more likely to recognize and respond to potential threats.

To learn more about Secureframe’s capabilities, schedule a demo with a product expert.