Data Breach Overview in the US as of 2023

Alex Popa

By Alex Popa . 27 November 2023

Cybersecurity Journalist

Miklos Zoltan

Fact-Checked this

Did you know that in 2022, there were 1,802 data breaches in the US, affecting 422.14 million individuals? In the same year, the average cost of a data breach reached $9.44 million in the US.

According to IBM, a data breach is “any security incident in which unauthorized parties gain access to sensitive data or confidential information, including personal data or corporate data”.

Moreover, a data breach is a cyberattack, but not all cyberattacks are data breaches. For instance, a DDoS attack does not constitute a data breach because not data was lost or stolen.

Below, I’ll tell you about the:

  • Annual number of data breaches and individuals affected in the US from 2005 to 2022
  • Average cost of a data breach in the US from 2006 to 2023
  • Distribution of data exposed because of data breaches in the US from 2014 to 2019, by sector

Interested? Then, keep reading to find out more!

Annual Number of Data Breaches and Individuals Affected in the US from 2005 to 2022

In this section, I’ll show you the annual number of data breaches, the number of affected individuals, and the number of records exposed between 2005 and 2022.

This will give us a preliminary observation of how severe the situation has become over the years.

Here’s the data from Statista:

Year Data Compromises Number of Records Exposed Individuals Impacted
2005 157 66.9 million Unknown
2006 321 (+104.45%) 19.1 million (-71.44%) Unknown
2007 446 (+38.94%) 127.7 million (+567.58%) Unknown
2008 656 (+47.08%) 35.7 million (-72.04%) Unknown
2009 498 (-24.08%) 222.5 million (+523.34%) Unknown
2010 662 (+32.93%) 16.2 million (-92.71%)Unknown Unknown
2011 419 (-36.7%) 22.9 million (+41.35%) Unknown
2012 446 (+6.68%) 17.3 million (-24.45%) Unknown
2013 783 (+27.52% 91.98 million (+431.67%) Unknown
2014 785 (+0.25%) 85.61 million (-6.92%) Unknown
2015 1,099 (+405%) 169.1 million (+97.52%) 318.28 million
2016 1,506 (+37.03%) 36.6 million (-78.35%) 2.541 trillion (+698.37%)
2017 1,175 (-21.97%) 198 million (+440.98%) 1.825 trillion (-28.16%)
2018 1,279 (+8.85%) 471.23 million (+137.99%) 2.228 trillion (+22.10%)
2019 1,108 (-13.36%) 164.68 million (-65.05%) 883.56 million (-60.35%)
2020 1,862 (+67.05%) Unknown 310.12 million (-64.9%)
2021 1,802 (-3.22%) Unknown 298.08 million (-3.88%)
2022 0 Unknown 422.14 million (+41.61%)

Here’s how much the data breaches, records exposed, and individuals impacted increased from 2005 to 2022:

  • Data breaches increased by 1,047% between 2005 – 2022
  • Number of records exposed by 146% between 2005 – 2019
  • Individuals impacted by 32% between 2015 – 2022

From what we see, the number of data breaches has increased significantly between 2005 and 2022 in the US.

With the emergence of Cybercrime-as-a-Service and the post-Pandemic remote-work environment, the numbers have gone up considerably.

Almost half a billion individuals have been affected by data breaches in 2022, and this doesn’t take corporate entities into consideration.

Average Cost of a Data Breach in the US from 2006 – 2023

In this section, we’ll see how costly a data breach is in the US, and how much that cost has grown throughout the years.

Here’s the data:

Year Average Cost of a Data Breach
2006 $3.54 million
2007 $4.79 million (+35.31%)
2008 $6.36 million (+32.77%)
2009 $6.66 million (+4.71%)
2010 $6.75 million (+1.35%)
2011 $7.24 million (+7.25%)
2012 $5.5 million (-24.03%)
2013 $5.4 million (-1.81%)
2014 $5.85 million (+8.33%)
2015 $6.53 million (+11.62%)
2016 $7.01 million (+4.85%)
2017 $7.35 million (+4.85%)
2018 $7.91 million (+7.61%)
2019 $8.19 million (+3.53%)
2020 $8.64 million (+5.49%)
2021 $9.05 million (+4.74%)
2022 $9.44 million (+4.3%
2023 $9.48 million (+0.42%)

From 2006 to 2023, the average cost of a data breach in the US has grown by 167.79%, from $3.54 million to $9.48 million.

According to another Statista study, the global average cost per data breach was $4.45 million in 2023. Clearly, cybercrime has grown considerably in recent years, and the US isn’t an exception to the rule.

From 2014 onward, the average cost of data breaches in the US has grown consistently, with no decrease in sight.

This shows that cybercrime has only gotten worse over the years. Factors that have influenced this rapid increase in cybercrime severity include the IoT (Internet-of-Things), post-pandemic remote work culture, the rise of cybercrime-as-a-service, and the emergence of new technologies.

Zero-day vulnerabilities have increased in number due to the higher number of IT companies launching services and products.

While cybersecurity has evolved as well, it’s still a far cry compared to the unstoppable growth of cybercriminal activities.

According to Cybersecurity Ventures, cybercrime costs will hit an estimated $10.5 trillion worldwide by 2025.

Judging by how the situation is evolving, this might be a conservative estimation. It remains to be seen…

Distribution of Records Exposed because of Data Breaches in the US from 2014 to 2019, by Sector

Data breaches target different industries in varying degrees of severity and commonality.

Below, I’ll show you the most targeted sectors by data breaches from 2014 to 2019, in an attempt to better understand cybercrime patterns:

Year Banking/Credit/Financial Business Education Medical/Healthcare Government/Military
2014 1.4% 79.7% 1.5% 9.7% 7.8%
2015 3% 9.6% 0.4% 66.7% 20.2%
2016 0.2% 15.5% 2.9% 43.6% 37.9%
2017 1.7% 91.3% 0.8% 2.8% 3.3%
2018 0.4% 93% 0.3% 2.2% 4.1%
2019 61.1% 23.91% 1.37% 23.91% 2.19%

In 2019, the financial sector was the most targeted by data breaches, accounting for 61.1% of all data breach cases.

Throughout the years, we can see that the financial, business, and medical sectors have been the primary targets for data breaches.

The government/military sector became one of the primary targets of data breaches in 2015 and 2016 only, while the education sector has been largely ignored by cybercriminals.

This tells us one thing – cybercriminals follow the money trail. Where there’s money, there’s an increased likelihood of a data breach occurring.

The business and financial sectors deal with money directly, while stolen medical records can be sold on the Dark Web for a tidy sum of money.

Number of Serious Healthcare Data Breaches in the US from 2009 to 2022

Statista gives us a more thorough overview of the US healthcare industry and how it has been affected by data breaches from 2009 to 2022.

The study paints a worrisome picture. Take a look below:

Year Number of Data Breaches
2009 18
2010 199 (+1,005%)
2011 200 (+0.5%)
2012 218 (+9%)
2013 277 (+27.06%)
2014 314 (+13.35%)
2015 270 (-14.01%)
2016 329 (+21.85%)
2017 358 (+8.81%)
2018 369 (+3%)
2019 512 (+38.75%)
2020 663 (+29.49%
2021 715 (+7.85%)
2022 707 (-1.11%)

From 2009 to 2022, the number of data breaches in the US healthcare sector with over 500 lost records has increased by 3,827.78%.

Back in 2021, the number had reached the all-time high of 715 reported data breaches, with 2022 recording 707.

According to Cleaver Fulton Rankin, the majority of data breaches in the EU end up unreported by companies and institutions.

And the EU is governed by the GDPR, which is notoriously stricter than its US data privacy counterparts.

Imagine how many data breaches go unreported in the US in the healthcare industry and not only.

The situation is much worse than it initially appears, and the initial impression was quite bad in the first place.

Conclusion

Data breaches are plaguing the US as we speak. There have been 1,802 data breaches in 2022, affecting 422 million individuals and costing an average of $9.44 million.

The most targeted industries are the financial, business, and medical industries because they’re the most profitable.

It is also estimated that the cybercrime industry will cost around $10.5 trillion worldwide in 2025, and this is largely due to the selling of data stolen through data breaches.

Stay tuned to PrivacyAffairs for more cybersecurity guides!

Sources

IBMWhat Is a Data Breach?
StatistaAnnual Number of Data Compromises and Individuals Affected in the United Sttes from 2005 to 2022
StatistaAverage Cost of a Data Breach in the United States from 2006 to 2023
Cybersecurity Ventures Cybercrime to Cost the World $10.5 Trillion Annually by 2025
StatistaDistribution of Redords Exposed Due to Data Breaches in the United States from 2014 to 2019, by Sector
StatistaNumber of Healthcare Data Breaches Involving the Loss of 500 or More Records in the United States from 2009 to 2022
Cleaver Fulton RankinOver 75% of Data Breaches Unreported

Leave a Comment