Almost every day you’ll hear about a data breach.
Of course, it’s generally the biggest data breaches that make the news, such as the one experienced by Cam4 in March 2020 which resulted in the loss of over 10 billion records.
However, what you don’t always hear about in the news is the smaller data breaches. These are happening daily.
It’s generally small and medium businesses which are affected although anyone can be a victim of a data breach.
The problem is, more and more data is being held online. It’s a direct result of a society increasingly reliant on the internet.
In short, as the following data breach statistics will show you, your data is at risk.
You need to be aware of the following data breach statistics for 2025 and what you can do to protect yourself from becoming a victim.
That’s without leaving the internet altogether!
Key Statistics
- In 2022 the average cost of a data breach was $4.35 million
- Phishing breaches take the most time to identify
- 22% of breaches start with a phishing attack
- 56% of businesses are now actively looking at cybersecurity
- 45% of US companies have already experienced at least one data breach
- The US has more data breaches than any other country in the world
- Reports show companies still feel the effects of data breaches three years later
- 62% of businesses suffered a data breach in 2021
- 28% of data breaches involve SMBs
- 80% of breaches are conducted by organized crime groups
Top Data Breach Statistics in 2025
1. In 2022 The Average Cost Of A Data Breach Was $4.35 Million
The annual Verison report reviewed all the data breach statistics and discovered that the average cost of a data breach was a whopping $4.35 million.
In 2021 it was $4.24 million, demonstrating the cost to businesses is continuing to rise year after year.
Estimates suggest this trend will continue and the cost to the entire industry could be as much as $10 trillion as soon as 2025.
Much of this cost will be to cybersecurity experts in a bid to prevent data breaches from happening.
(Verizon)
2. Phishing Breaches Take The Most Time To Identify
Phishing attacks are simple emails with a link to the login page of a website.
These emails appear to be from genuine businesses, often financial institutions.
Employees will use the link to check on the concerns voiced in the email. In many cases, the employee won’t be able to access the account.
After a couple of attempts they will close the link and open a browser page, allowing them to login properly.
Unfortunately, many employees won’t realize that they have just succumbed to a phishing scam.
That means the scammers have business data and the issue often won’t be discovered for some time.
In fact, IBM’s data breach report found that it can take up to 295 days for a phishing attack to be discovered and contained!
(IBM Data breach report)
3. 22% Of Breaches Start With A Phishing Attack
Considering that phishing breaches take the longest time to identify it’s particularly alarming that this is the most common type of breach.
It’s twice as likely that a breach will have occurred this way as opposed to via any other method.
Technically, this isn’t surprising. Most businesses have employees and they will not all be as dedicated to cybersecurity as you.
In other words, they may not realize they are clicking on a phishing link because they are not really thinking about it.
That’s preferable to clicking on it and not caring.
(FBI’s 2021 IC3 Report)
4. 56% Of Businesses Are Now Actively Looking At Cybersecurity
The cybersecurity industry is worth billions as more companies become invested in protecting their data and their systems.
According to the latest Gartner report much of this is being driven by consumers.
It’s estimated that 56% of consumers now ask about a company’s cybersecurity arrangements before deciding to share information with them.
In effect, social media has made it popular to check cybersecurity and this is driving businesses to pay more attention to what security measures they have in place.
That’s a good thing in the fight against cybercriminals.
(Gartner)
5. 45% Of US Companies Have Already Experienced At Least One Data Breach
Reports suggest there are 2,244 attacks daily. The good news is that the majority of attacks are unsuccessful.
Unfortunately, even one of these attacks being successful adds up to a significant amount of data loss over the course of a year.
The latest report shows that 45% of US businesses have experienced a data breach within the last 12 months.
This isn’t entirely surprising as there are so many US businesses.
The good news is that this figure is reducing. In 2019 65% of US businesses had experienced a breach.
(Thales Data Threat report 2021)
6. The US Has More Data Breaches Than Any Other Country In The World
The SurfShark 2021 report shows that data breaches in the US affected over 212 million people.
That’s a significant increase on 2020 when 174 million were affected.
The second most affected country is Iran! Data breaches affected 156 million of its users in 2021.
This was also an increase on 2020 when 1.4 million were affected.
In short, while the US may top the table, it appears that the number of data breaches across the board are increasing.
(SurfShark)
7. Reports Show Companies Still Feel The Effects Of Data Breaches Three Years Later
Data breaches mean companies lose data, often personal data relating to customers.
Of course, they can also lose financial data which can affect the company’s cash flow.
The biggest issue of these two is consumer data.
While many consumers will take prompt action to prevent damage to their accounts, the data breach causes a loss of trust in the business.
This has a long-term effect on the business.
The report shows that share prices for companies with major data breaches dropped by an average of 3.5%.
They start to recover roughly three weeks after the breach.
However, three years later the businesses are still performing below industry average share prices.
After a year the businesses were 8.6 percent below average on the NASDAQ and as much as 15.6% after three years.
In short, any business that suffers a major data breach will take many years to fully recover.
(Comparitech Study)
8. 62% Of Businesses Suffered A Data Breach In 2021
Cybercrime is on the increase. This is borne out by the 2022 KPMG survey which found 62% of US businesses have suffered a data breach.
The survey doesn’t categorize the size of the breach.
What is interesting is that the report also finds 62% of businesses suffered an economic loss in the same year, potentially a direct result of cybercrime.
(KPMG Survey 2022)
9. 28% Of Data Breaches Involve SMBs
The 2021 Verizon report looked at nearly 80,000 cybersecurity incidents. At least 5,200 of these were classified as security breaches.
Several pertinent facts arise from this report. Firstly, SMBs are increasingly being targeted. 28% of the breaches involved SMBs.
Secondly, it’s also interesting to note that in 60% of cases, the breach was performed using stolen credentials.
Of course, it can’t be confirmed exactly how the credentials were stolen.
95% of the cybersecurity incidents cost the business between $250 and $984,648.
(Verizon)
10. 80% Of Breaches Are Conducted By Organized Crime Groups
Organized crime is very much alive. It’s simply not the mafia of the movies.
Today, criminals band together to target a business, perhaps by using DOS or phishing scams.
Working together the groups have more success and can target multiple organizations.
Alarmingly, this trend means that 80% of data breaches are conducted by a group, effectively creating a new organized crime problem.
With this fact in mind it’s not surprising that 70% of the breaches were motivated by financial gain.
(Verizon)
Protecting Yourself from Data Breaches
Any business can be targeted by an organized crime group and the rewards for the criminals can be lucrative, potentially leaving your business on the edge of closure.
However, while businesses need to increase their cybersecurity and protect customer data, there are several things individuals can do to protect their data and reduce the effects of any data breach.
Review Your Passwords
A strong password is much harder to hack.
That means a password which is at least 12 characters long and uses upper and lowercase letters, numbers, and special characters.
Of course, if a hacker gets data directly from the company they may acquire your password.
To prevent this from being an issue, combine strong passwords with unique ones for every account. You should also change all your passwords every month.
That does make it difficult to keep track of all your passwords.
However, you can use a password manager and generator which will do everything for you. All you have to do is remember one password to access the tool.
Monitor Breaches
Large data breaches will be announced in the news.
Smaller ones are often not mentioned. However, you can read about the latest data breaches online.
It’s a good idea to monitor data breaches daily or weekly.
If you find any company that you deal with has experienced a breach you should change your passwords immediately.
It also helps to minimize the personal data you list with any site.
Be Aware Of Phishing
Phishing scams are becoming increasingly realistic, making it harder to detect them.
However, the basic premise remains the same, the scammer wants you to click a link and enter personal information.
The simplest way to avoid phishing scams is to never click a link in an email.
Always open a browser and navigate to the site yourself.
Use VPNs
VPNs effectively hide your online activity and your IP address.
This makes it much harder for any hacker to locate your personal information and use it against you.
The good news is VPNs are surprisingly affordable, meaning that everyone should set one up.
Dual-Factor Authentication
An increasing number of businesses are offering dual-factor authentication. This means your password isn’t enough to get you into an account.
You also need a code sent by SMS or biometric authentication.
If the business offers this extra layer of security, use it. So far hackers have been unable to get around this.
Keep Your Eyes Open
The fastest way to spot a breach is to look at your accounts every day.
If you notice any strange or suspicious activity, report it and change your passwords.
One thing everyone should check every time they login, is the logging in report.
It shows you who last logged in and when.
If it’s not you and no one else should have access to the account, take immediate steps to notify the site and protect your account.
Summing Up
The data breach statistics for 2025 show that anyone, business or individual can be targeted and lose data.
If you are a victim then the data loss can cause you issues for years to come.
That’s why you should take steps today to protect your data.
It’s not as difficult as you think, just be aware of the main statistics and how you can protect yourself.
It’s all listed above, all you have to do is follow the advice given.