Data Breach Statistics 2026: What the Latest Numbers Reveal

Data breaches continue to reshape how companies, governments, and individuals think about digital security. In 2025 alone, tens of millions of records were exposed globally, forcing businesses to rethink their defense postures and regulatory strategies. From financial losses hitting an average of millions per breach to millions of personal records compromised each year, the impact is pervasive. Real‑world cases include major settlements in the US for widespread exposures and nation‑spanning breaches in critical services. These trends make understanding the latest statistics essential for security leaders, policymakers, and everyday internet users. Read on for an in‑depth look at the most current data breach figures.

Editor’s Choice

• Global cybercrime costs are projected to reach about $10.5 trillion in 2025, up dramatically from prior years, highlighting the scale of economic damage.
• In 2025, the average global cost of a data breach fell to roughly $4.44 million, down from $4.88 million in 2024.
• The average breach cost in the United States hit a record high of about $10.22 million in 2025, more than double the global average.
• Over 4,100 publicly disclosed data breaches occurred in just one recent year, averaging about 11 per day.
• It can take organizations an average of 241 days to detect and contain a breach.
• 60% of breaches involve human factors such as phishing or stolen credentials.
• 16% of breaches involved attackers using AI in 2025, underlining the emerging threat landscape.

Recent Developments

• In January 2026, an investment platform breach exposed over 1.4 million user accounts after an employee was tricked by social engineering.
• A separate incident has revealed that at least 25 million Americans’ data was exposed through a ransomware attack on a major tech contractor.
• European regulators issued more than €1.2 billion in GDPR fines in 2025 as data breach notifications surged 22%.
• A major $177 million settlement was reached by a US telecom over breaches that affected tens of millions of customers.
• Settlement terms for those breaches allow eligible consumers up to $5,000 for documented losses.
• Reports indicate credential theft surged by about 160% in 2025, driving a rise in account takeovers.
• Increased AI‑driven phishing campaigns have expanded attackers’ capabilities, influencing attack sophistication.
• Regulatory environments continue evolving as breach disclosures and compliance requirements expand globally.

Data Breach Costs by Incident Type

• Malicious Insider attacks are the costliest type of data breach, with an average loss of $4.92 million, highlighting the severe financial risk of internal threats.
• Supply-chain breaches closely follow, costing organizations around $4.91 million, showing how third-party vulnerabilities can lead to major financial damage.
• Phishing attacks result in an average breach cost of $4.80 million, proving that social engineering remains one of the most expensive and effective cybercrime tactics.
• On-premises breaches are relatively less costly but still significant, with average losses of $4.01 million, emphasizing the ongoing risks in traditional IT environments.
• Overall, all major breach types cause losses exceeding $4 million per incident, underlining the high financial impact of cybersecurity failures across industries.

Key Data Breach Statistics

• Over 8,000 data breaches were reported globally in the first half of 2025, with around 345 million records exposed.
• In one year, nearly 109 million accounts were breached in just one quarter.
• The average cost of a data breach globally in 2025 was approximately $4.44 million.
• U.S. average breach costs reached about $10.22 million in 2025, a record high.
• It takes roughly 241 days on average to identify and contain a breach.
• Breaches involving AI accounted for about 16% of incidents in 2025.
• 60% of breaches involve human error, such as phishing or misuse of credentials.
• Global cybercrime economic impact is projected to hit $10.5 trillion in 2025.

Data Breach Trends Over Time

• Between 2020 and 2025, average breach costs fluctuated, peaking in 2024 before a slight dip in 2025.
• The U.S. average cost trend has risen consistently, outpacing global averages.
• Detection and escalation costs peaked at around $1.63 million in 2024 before decreasing.
• Lost business costs have become a significant component of overall breach expenditures.
• The average time to identify a breach has been relatively stable at approximately 241 days.
• Human‑associated factors have consistently driven the majority of breaches over the past years.
• AI’s involvement in breaches grew noticeably between 2024 and 2025.
• Ransomware and phishing continue as cyclical top threats year over year.

Average Cost of Data Breaches by Industry

• Healthcare records have the highest breach cost at $7.42M, highlighting the extreme financial risk linked to sensitive patient data and regulatory penalties.
• The Financial sector follows closely, with an average loss of $5.56M per incident, reflecting high exposure to fraud and compliance costs.
• Industrial organizations face substantial losses, averaging $5.00M per breach, due to operational disruptions and intellectual property theft.
• In the Energy sector, data breaches cost around $4.83M, emphasizing growing cyber risks in critical infrastructure.
• Technology companies report an average breach cost of $4.79M, driven by high-value digital assets and large user bases.
• Pharmaceutical firms incur about $4.61M per breach, largely due to research data theft and regulatory consequences.
• The Services industry experiences average losses of $4.56M, reflecting widespread customer data exposure.
• Entertainment businesses lose roughly $4.43M per breach, often due to piracy, leaks, and subscriber data theft.
• Media companies report breach costs of $4.22M, linked to content theft and advertising revenue losses.
• Hospitality firms face average damages of $4.03M, driven by payment data and loyalty program breaches.
• Transportation companies incur around $3.98M per incident, as logistics systems and customer databases are targeted.
• The Education sector reports losses of $3.80M, showing rising cyber risks in universities and digital learning platforms.
• Research institutions experience average breach costs of $3.79M, mainly due to intellectual property exposure.
• Communications companies face losses of about $3.75M, reflecting attacks on network and customer systems.
• Consumer-focused businesses lose approximately $3.72M per breach, driven by e-commerce and CRM data leaks.
• The Retail sector records average costs of $3.54M, largely tied to POS systems and payment card compromises.
• The Public sector has the lowest reported impact at $2.86M per breach, though reputational and trust damage remain significant.

Common Attack Vectors

• Phishing attempts are involved in over 80% of cyber attacks and data breaches.​
• Social engineering caused 39% of initial access incidents in early 2025.​
• Phishing accounts for 65% of social engineering initial access cases.​
• Compromised credentials surged 160% in 2025 compared to 2024.​
• Ransomware was found in 44% of all cybersecurity attacks per Verizon 2025 DBIR.​
• AI-generated content was used in 82.6% of phishing emails in 2025.​
• Third-party compromises originated 35.5% of data breaches in 2024, rising in 2025.​
• Living-off-the-land (LOTL) techniques in 84% of major cyberattacks analyzed.​
• Compromised credentials initial access in 22% of breaches per Verizon 2025 DBIR.​

Largest Data Breaches

• In 2025, more than 4,100 publicly disclosed breaches were recorded, averaging about 11 per day.
• Nearly 109 million accounts were breached in one quarter of 2025 alone, highlighting the scale of high‑impact incidents.
• The ShinyHunters group claimed over 200 million user records from a major adult content site in a single breach.
• Luxury fashion brands reportedly saw approximately 50 + million customer records exposed by the same threat actor.
• A government contractor breach in the US compromised 25 million Americans’ sensitive data, spanning Social Security numbers and health insurance details.
• A multi‑company breach disclosed 23 million customer records on dark forums in late 2025.
• In New Zealand, a healthcare portal incident exposed 400,000+ medical documents affecting over 120,000 patients.
• A major US insurance provider reported breach exposure for 1.4 million customers due to a third‑party system compromise.
• Several other large multinational breaches, while not fully disclosed, have continued to surface in regulatory filings and public reports throughout 2025.

Human and Third-Party Factors Dominate Data Breaches

• The human element accounts for 68% of all data breaches, making people-related risks the single largest contributing factor.
• Errors alone contribute 28% of breaches, highlighting the significant impact of misconfigurations, accidental disclosures, and process failures.
• Third-party involvement is responsible for 15% of data breaches, underscoring growing supply chain vulnerabilities.
• Notably, third-party-related breaches increased by 68%, signaling a sharp rise in vendor and partner risk exposure.
• The data clearly shows that human behavior and external vendor risks drive the majority of breaches, reinforcing the need for stronger security training, tighter internal controls, and robust third-party risk management programs.

Phishing Statistics

• 93% of organizations reported experiencing phishing attempts in 2025, up from 86% in 2023.
• Global phishing attacks increased by 56% year-over-year in 2025, marking the highest surge since 2019.
• Over 3.4 billion phishing emails are sent daily, accounting for nearly 1 in every 3 malicious messages online.
• 83% of companies experienced at least one successful phishing breach in 2025.
• The average cost of a successful phishing attack reached $4.9 million in 2025, a 12% increase from the previous year.
• AI-generated phishing emails had a 70% higher click‑through rate compared to traditional phishing messages.
• 52% of phishing campaigns in 2025 targeted cloud credentials and MFA fatigue exploits.
• Businesses receive an average of 137 phishing emails per month, up 25% year over year.
• Employee awareness training reduced successful phishing attempts by 60% in organizations with mature programs.
• Phishing was responsible for 36% of all data breaches globally in 2025.

Ransomware Statistics

• Ransomware was involved in roughly 44% of data breaches in 2025, up significantly from previous years.
• Early 2025 saw ransomware attack volumes increase sharply compared to 2024.
• Ransomware activity surged about 34% year‑over‑year in early 2025.
• Ransomware attack frequency in some sectors reached record heights, with attacks traced to automated tools and botnets.
• In larger organizations, ransomware was a component of nearly 39% of breaches.
• Small and mid‑sized businesses saw ransomware involvement in up to 88% of breaches in certain reports.
• Ransomware payouts remain high in targeted industries, though refusal to pay has reduced overall attacker profits.
• Critical infrastructure and healthcare continue to attract high‑impact ransomware incidents.
• Attackers increasingly exfiltrate sensitive data as part of double extortion strategies.

Data Breaches by Country

• In 2025, the US faced 3,810 ransomware attacks, leading globally.
• Canada recorded 392 ransomware attacks, second worldwide.​
• Germany had 303 ransomware attacks in 2025.​
• The UK experienced 251 ransomware attacks.​
• Brazil and India showed credential exposure rates over 7%.​
• Indonesia, Vietnam, and Pakistan had high credential exposures between 3-4.3%.​
• The US had 142.9 million breached accounts, topping global lists.​
• France saw 40.3 million compromised accounts in 2025.​
• Canada‘s average breach cost reached $4.84 million.
• Germany averaged $4.03 million per data breach.

Insider Threat Statistics

• 83% of organizations reported at least one insider attack in the past year.​
• 76% of organizations noted insider threats becoming more frequent over the past year.​
• 55% of insider incidents stem from negligent insiders rather than malicious intent.
• Human error contributes to about 60% of breaches alongside external attacks.
• 37% of security professionals cite insufficient training as the top driver of insider risks.
• The average annual cost of insider threats reached $17.4 million in 2025.​
• 62% of insider incidents involve negligence or compromised credentials.​
• Organizations with insider risk programs report 81 days average containment time.​
• 65% of departing employees take confidential data upon role changes.​
• 54% of enterprises use AI monitoring to reduce repeat insider threat events.​

Third‑Party Breach Statistics

• Third‑party involvement accounted for about 30% of all data breaches in 2025, meaning nearly one in three incidents traced back to vendors, suppliers, or partner systems.
• Compromise of third‑party systems is now one of the most prevalent attack vectors after credential theft and phishing.
• In some sectors, breaches through third‑party software environments cost roughly $4.9 million on average.
• A third‑party cloud platform breach affected about 1.4 million customers of a major US insurer.
• A massive government contractor breach exposed 25 million Americans’ data due to third‑party vulnerabilities.
• Device vulnerabilities and supply chain gaps contributed significantly to third‑party breach counts.
• Organizations that fail to monitor external partners closely often discover breaches long after the initial compromise.
• Regulatory enforcement actions increasingly cite third‑party weaknesses as a factor in compliance failures.
• Industry risk assessments now recommend comprehensive vendor risk management programs to cut exposure levels.

Breach Response Times

• The mean time to identify and contain a breach fell to 241 days in 2025, a nine-year low.
• Organizations identifying breaches under 200 days save an average of $1.14 million compared to longer cycles.​
• The healthcare sector averages 279 days to identify and contain breaches, the longest among industries.
• Financial services detect breaches in 218 days on average, 23 days below the global benchmark.
• AI-powered detection systems identify breaches 80 days faster than manual methods.
• Internal security teams identified 50% of breaches in 2025, up from 42% in 2024.
• US breach costs averaged $10.22 million, driven by slower detection and regulatory fines.
• Breaches across multiple environments take 276 days to resolve, the longest lifecycle recorded.
• Supply chain compromises average 267 days total timeline, 26 days above the global average.
• Phishing attacks, causing 16% of breaches, average 240 days of detection-to-containment.

AI in Data Breaches

• About 16% of data breaches in 2025 involved AI‑enabled attack methods, such as automated phishing and deepfake impersonations.
• AI has accelerated phishing creation, reducing crafting time and increasing campaign volumes.
• Phishing was involved in approximately 37% of AI‑linked breaches.
• Deepfake technologies accounted for about 35% of AI‑enabled breach vectors.
• 63% of breached organizations had no formal AI governance policy.
• AI‑driven cyberattacks could grow faster than defensive AI deployments through 2026.
• AI also helps defenders detect anomalies and speed incident response.
• CEOs increasingly list AI‑related data leaks among their top security concerns for 2026.
• AI‑based breach simulation tools are becoming strategic assets.

Regulatory & Compliance Statistics

• Over €1.2 billion in GDPR fines in 2025 were issued amid a 22% rise in breach notifications.
• EU data breach reports exceeded 400 per day for the first time.
• Regulatory bodies intensified scrutiny on breach disclosures and privacy safeguards.
• Non‑compliance penalties contribute significantly to total breach costs.
• Mandatory breach reporting laws have shortened the discovery‑to‑notification window.
• Healthcare and finance face layered regulatory regimes.
• Data protection impact assessments are now required in many high‑risk systems.
• Strong compliance teams report breaches more quickly, reducing penalties.
• Emergent laws around AI and privacy are shaping preparedness frameworks.

Impact of Data Breaches on Business Operations

• More than half of organizations (52%) reported experiencing significant business disruption, making it the most common impact level after a data breach.
• 18% of businesses faced very significant disruption, indicating severe operational and financial consequences.
• Nearly three in ten companies (29%) experienced moderate disruption, showing that even non-critical breaches can still affect daily operations.
• Only 1% of organizations reported low disruption, highlighting that minimal impact from data breaches is extremely rare.
• Overall, 70% of businesses (52% + 18%) suffered major disruption, emphasizing the high operational risk associated with cybersecurity incidents.
• The data demonstrates that data breaches almost always lead to noticeable business interruptions, reinforcing the need for strong security measures and rapid response strategies.

Cyber Insurance & Economic Impact

• The global cyber insurance market is valued at $26.25 billion in 2025, projected to reach $33.05 billion in 2026.​
• Large enterprises hold 53.98% market share in 2026 due to high data volumes.​
• Cyber insurance claims dropped 50% overall in 2025, averaging $115,000 per claim.​
• Ransomware accounts for 60% of large claims and 91% of incurred losses.
• Small businesses average $79,000 claims, medium $139,000, and large $228,000.​
• 62% of firms had cyber insurance in 2025, up from 49% in 2024.​
• Manufacturing firms filed 33% of total cyber insurance claims in 2025.​
• Average ransomware claim cost rose to over $1.18 million in 2025 from $705,000.​
• North America dominates with 36.4% global market share in 2025.​

Data Breach Prevention

• MFA blocks 99.9% of account compromise attacks.
• Employee training cuts phishing click rates from 31.4% to 4.8% after a year.​
• Zero trust market reaches $33.9 billion in 2025 with 16.32% CAGR.​
• 72% of enterprises have adopted or are implementing zero trust frameworks.​
• 74% of data breaches start with privileged credential abuse.​
• Patching delays lead to 28.3% of vulnerabilities being exploited within 24 hours.​
• Organizations with incident response plans achieve significantly lower recovery costs.​
• AI threat hunting improves detection by 60% and cuts response from 168 hours to seconds.​
• Vendor assessments reveal 28% faced third-party incidents in the past two years.​
• Data minimization shrinks breach impact by limiting collected data volume.​

Frequently Asked Questions (FAQs)

Conclusion

Data breaches remain a defining challenge of the digital age, reshaping how organizations approach risk, compliance, and security investments. With nearly one in three breaches involving third‑party systems and AI playing an increasing role in attack methods, the landscape demands adaptive, holistic defenses. Regulatory burdens and rising breach costs make proactive strategies and preparedness essential. Prevention measures such as MFA, zero trust, and active vendor risk management are indispensable.

As breach response continues to speed up and cyber insurance markets mature, the emphasis on early detection and cross‑organizational resilience grows ever stronger. The data breach narrative will continue evolving, and understanding these statistics is critical for informed decisions, smarter defenses, and better protection of digital assets.