Data Breach Statistics

68% of incidents in the Automotive and Smart Mobility involve data and privacy breaches.

The fastest ransomware case observed, involving Akira ransomware, takes just three hours from breach to encryption.

In 2025 breach data, AI platforms and tooling accounted for 15% of API-related breaches, tying software as the largest category in the dataset.

Organizations that use an integrated, automated approach to risk management report a 27% breach rate in 2025.

58% of organizations that experienced a breach anticipate spending more time on IT risk management and compliance in 2026.

Organizations that manage risk ad hoc or only after a negative event report a 50% breach rate in 2025.

75% of consumers who experienced a data breach changed their behavior, compared to 36% of consumers who have not experienced a data breach.

Company breaches are the leading cause of consumer data exposure at 30%.

57% of consumers say their personal information has been compromised at least once.

The Identity Theft Resource Center tracks 3,322 data compromises in 2025 (2025)

The number of victim notices in 2025 is 278,827,933, a decrease of 79 percentage points from 2024 (1,367,117,021) (2025)

The number of data compromises in 2025 (3,322) increases by five percentage points compared to 2024 (3,152) (2025)

Data compromises in 2025 represent a 79 percent jump over five years (2025)

Seventy percent (2,324) of data breach notices in 2025 do not include attack information, compared to 65 percent (2,049) in 2024 and 45 percent (1,449) in 2023 (2023–2025)

The number of victim notices in 2025 (278,827,933) is the lowest number of victim notices since 2014 and the lowest number since the last U.S. state and territories adopted data breach laws in 2018 (2025)

The Identity Theft Resource Center sets a new record with 3,322 data compromises in 2025, up four percentage points from the previous all-time high in 2023 (3,202) (2025)

In 2025, Financial Services had 739 compromises; Healthcare had 534 compromises; Professional Services had 478 compromises; Manufacturing had 299 compromises; Education had 188 compromises (2025)

Eighty percent of the 1,040 consumers surveyed by the Identity Theft Resource Center report having received a data breach notice in the last 12 months (2025)

Nearly 40 percent of the 1,040 consumers surveyed received three to five separate data breach notices in the past 12 months (2025)

In 2025, 55% of Chief Information Security Officers (CISOs) in the US and UK reported that their organization experienced a cyberattack, ransomware infection, compromise, or data breach that rendered mobile, remote, or hybrid endpoint devices inoperable.

In 2025, 61% of CISOs indicated that their organization’s board and C-suite expect the cybersecurity group to guarantee zero breaches and ransomware incidents.

16% of email-related healthcare breaches in 2025 involved business associates.

Organizations classified as 'Exceptional' in AppSec maturity are 1.9 times less likely to experience a data breach than Emerging programs.

Over 85% of New Yorkers indicated they would (41.8%) or might (43.7%) stop using a company if it suffered a data breach.

62.5% of small businesses that suffered a breach reported a total financial impact of more than $250,000 in 2025.

36.7% of victims among breached small businesses faced costs exceeding $500,000.

81% of small businesses reported suffering a security breach, a data breach, or both in the past year.

38.3% of small business leaders reported raising prices to address the financial impacts of a cyber incident.

29% of global respondents ranked ransomware attacks and privacy breaches as their leading cyber concerns.

72% of cybersecurity professionals agree that reducing security personnel significantly increases the risk of a breach in their organizations.

43.3% of healthcare email breaches involved Microsoft 365.

IT leaders estimate only 5% of known phishing attacks are reported by healthcare employees to their security teams.

There was a 264% increased surge of ransomware attacks on healthcare organizations.

Barracuda, Mimecast, and Proofpoint account for 26.7% of healthcare email breaches in 2024.

1.1% of healthcare organizations analyzed had a 'Low Risk' email security posture.

68.8% of healthcare organizations analyzed had a 'Medium Risk' email security posture.

31.1% of healthcare organizations analyzed had a 'High Risk' email security posture.

97% of organizations reported negative impacts from supply chain breaches over the past twelve months, an increase from 81% in 2024.

67% of retail executives who reported high-profile breaches indicated that cybersecurity has become a higher priority on the C-suite agenda in 2025.

34% of retailers stated that their organization has suffered a breach in the past 12 months.