Joseph Johnson
Research expert covering internet use, cybercrime, digital privacy, and online search
Get in touch with us nowCyber crime: number of breaches and records exposed 2005-2020
In 2020, the number of data breaches in the United States came in at a total of 1001 cases. Meanwhile, over the course of the same year over 155.8 million individuals were affected by data exposures - that is, accidental revelation of sensitive information due to less-than-adequate information security.
While the number of data breaches in the U.S. has significantly skyrocketed within the past decade from a mere 662 in 2010 to over a thousand by 2020, the number of data exposures (also known as data leaks) has not seen such noticeable change. This peaked in 2009 and 2018 with over 223 and 471 million sensitive records being leaked in both years respectively. This was most recently reported to be 156 million in 2020. While data breaches result from planned cyber-attacks on an organization’s database, data exposures are caused by human error such as weak internal cyber-security which results in record vulnerability. On average, the two highest factors that added to the cost of a single data breach were security system complexity (exacerbated by lack of in-house expertise) and cloud migration. Meanwhile, incidence response plan testing and business continuity management helped lower the potential damage from an attack.
The largest data breach to date was uncovered in late 2016, as online platform Yahoo announced that hackers had stolen user information associated with at least 1 billion accounts in 2013. The full impact of this breach only came to light in October 2017 however, when it was revealed after further investigation that 3 billion accounts had in fact been compromised. The medical and business sectors have consistently been the most affected by data breaches, with the business industry accounting for the majority of all exposed records since 2016. Cost-wise, large enterprises with over 1000 employees were the hardest hit by cyber-attacks, with each incidence costing affected companies an average of 500 thousand U.S. dollars in 2020. For large companies with up to less than 1000 employees however, this only amounted to 133 thousand on average per attack.
Data breaches vs. Data exposures
While the number of data breaches in the U.S. has significantly skyrocketed within the past decade from a mere 662 in 2010 to over a thousand by 2020, the number of data exposures (also known as data leaks) has not seen such noticeable change. This peaked in 2009 and 2018 with over 223 and 471 million sensitive records being leaked in both years respectively. This was most recently reported to be 156 million in 2020. While data breaches result from planned cyber-attacks on an organization’s database, data exposures are caused by human error such as weak internal cyber-security which results in record vulnerability. On average, the two highest factors that added to the cost of a single data breach were security system complexity (exacerbated by lack of in-house expertise) and cloud migration. Meanwhile, incidence response plan testing and business continuity management helped lower the potential damage from an attack.
Yahoo’s 2013 breach remains largest to date
The largest data breach to date was uncovered in late 2016, as online platform Yahoo announced that hackers had stolen user information associated with at least 1 billion accounts in 2013. The full impact of this breach only came to light in October 2017 however, when it was revealed after further investigation that 3 billion accounts had in fact been compromised. The medical and business sectors have consistently been the most affected by data breaches, with the business industry accounting for the majority of all exposed records since 2016. Cost-wise, large enterprises with over 1000 employees were the hardest hit by cyber-attacks, with each incidence costing affected companies an average of 500 thousand U.S. dollars in 2020. For large companies with up to less than 1000 employees however, this only amounted to 133 thousand on average per attack.
