Data Breach Overview in the US as of 2023
Did you know that in 2022, there were 1,802 data breaches in the US, affecting 422.14 million individuals? In the same year, the average cost of a data breach reached $9.44 million in the US.
According to IBM, a data breach is “any security incident in which unauthorized parties gain access to sensitive data or confidential information, including personal data or corporate data”.
Moreover, a data breach is a cyberattack, but not all cyberattacks are data breaches. For instance, a DDoS attack does not constitute a data breach because not data was lost or stolen.
Below, I’ll tell you about the:
- Annual number of data breaches and individuals affected in the US from 2005 to 2022
- Average cost of a data breach in the US from 2006 to 2023
- Distribution of data exposed because of data breaches in the US from 2014 to 2019, by sector
Interested? Then, keep reading to find out more!
Annual Number of Data Breaches and Individuals Affected in the US from 2005 to 2022
In this section, I’ll show you the annual number of data breaches, the number of affected individuals, and the number of records exposed between 2005 and 2022.
This will give us a preliminary observation of how severe the situation has become over the years.
Here’s the data from Statista:
| Year | Data Compromises | Number of Records Exposed | Individuals Impacted |
| 2005 | 157 | 66.9 million | Unknown |
| 2006 | 321 (+104.45%) | 19.1 million (-71.44%) | Unknown |
| 2007 | 446 (+38.94%) | 127.7 million (+567.58%) | Unknown |
| 2008 | 656 (+47.08%) | 35.7 million (-72.04%) | Unknown |
| 2009 | 498 (-24.08%) | 222.5 million (+523.34%) | Unknown |
| 2010 | 662 (+32.93%) | 16.2 million (-92.71%)Unknown | Unknown |
| 2011 | 419 (-36.7%) | 22.9 million (+41.35%) | Unknown |
| 2012 | 446 (+6.68%) | 17.3 million (-24.45%) | Unknown |
| 2013 | 783 (+27.52% | 91.98 million (+431.67%) | Unknown |
| 2014 | 785 (+0.25%) | 85.61 million (-6.92%) | Unknown |
| 2015 | 1,099 (+405%) | 169.1 million (+97.52%) | 318.28 million |
| 2016 | 1,506 (+37.03%) | 36.6 million (-78.35%) | 2.541 trillion (+698.37%) |
| 2017 | 1,175 (-21.97%) | 198 million (+440.98%) | 1.825 trillion (-28.16%) |
| 2018 | 1,279 (+8.85%) | 471.23 million (+137.99%) | 2.228 trillion (+22.10%) |
| 2019 | 1,108 (-13.36%) | 164.68 million (-65.05%) | 883.56 million (-60.35%) |
| 2020 | 1,862 (+67.05%) | Unknown | 310.12 million (-64.9%) |
| 2021 | 1,802 (-3.22%) | Unknown | 298.08 million (-3.88%) |
| 2022 | 0 | Unknown | 422.14 million (+41.61%) |
Here’s how much the data breaches, records exposed, and individuals impacted increased from 2005 to 2022:
- Data breaches increased by 1,047% between 2005 – 2022
- Number of records exposed by 146% between 2005 – 2019
- Individuals impacted by 32% between 2015 – 2022
From what we see, the number of data breaches has increased significantly between 2005 and 2022 in the US.
With the emergence of Cybercrime-as-a-Service and the post-Pandemic remote-work environment, the numbers have gone up considerably.
Almost half a billion individuals have been affected by data breaches in 2022, and this doesn’t take corporate entities into consideration.
Average Cost of a Data Breach in the US from 2006 – 2023
In this section, we’ll see how costly a data breach is in the US, and how much that cost has grown throughout the years.
Here’s the data:
| Year | Average Cost of a Data Breach |
| 2006 | $3.54 million |
| 2007 | $4.79 million (+35.31%) |
| 2008 | $6.36 million (+32.77%) |
| 2009 | $6.66 million (+4.71%) |
| 2010 | $6.75 million (+1.35%) |
| 2011 | $7.24 million (+7.25%) |
| 2012 | $5.5 million (-24.03%) |
| 2013 | $5.4 million (-1.81%) |
| 2014 | $5.85 million (+8.33%) |
| 2015 | $6.53 million (+11.62%) |
| 2016 | $7.01 million (+4.85%) |
| 2017 | $7.35 million (+4.85%) |
| 2018 | $7.91 million (+7.61%) |
| 2019 | $8.19 million (+3.53%) |
| 2020 | $8.64 million (+5.49%) |
| 2021 | $9.05 million (+4.74%) |
| 2022 | $9.44 million (+4.3% |
| 2023 | $9.48 million (+0.42%) |
From 2006 to 2023, the average cost of a data breach in the US has grown by 167.79%, from $3.54 million to $9.48 million.
According to another Statista study, the global average cost per data breach was $4.45 million in 2023. Clearly, cybercrime has grown considerably in recent years, and the US isn’t an exception to the rule.
From 2014 onward, the average cost of data breaches in the US has grown consistently, with no decrease in sight.
This shows that cybercrime has only gotten worse over the years. Factors that have influenced this rapid increase in cybercrime severity include the IoT (Internet-of-Things), post-pandemic remote work culture, the rise of cybercrime-as-a-service, and the emergence of new technologies.
Zero-day vulnerabilities have increased in number due to the higher number of IT companies launching services and products.
While cybersecurity has evolved as well, it’s still a far cry compared to the unstoppable growth of cybercriminal activities.
According to Cybersecurity Ventures, cybercrime costs will hit an estimated $10.5 trillion worldwide by 2025.
Judging by how the situation is evolving, this might be a conservative estimation. It remains to be seen…
Distribution of Records Exposed because of Data Breaches in the US from 2014 to 2019, by Sector
Data breaches target different industries in varying degrees of severity and commonality.
Below, I’ll show you the most targeted sectors by data breaches from 2014 to 2019, in an attempt to better understand cybercrime patterns:
| Year | Banking/Credit/Financial | Business | Education | Medical/Healthcare | Government/Military |
| 2014 | 1.4% | 79.7% | 1.5% | 9.7% | 7.8% |
| 2015 | 3% | 9.6% | 0.4% | 66.7% | 20.2% |
| 2016 | 0.2% | 15.5% | 2.9% | 43.6% | 37.9% |
| 2017 | 1.7% | 91.3% | 0.8% | 2.8% | 3.3% |
| 2018 | 0.4% | 93% | 0.3% | 2.2% | 4.1% |
| 2019 | 61.1% | 23.91% | 1.37% | 23.91% | 2.19% |
In 2019, the financial sector was the most targeted by data breaches, accounting for 61.1% of all data breach cases.
Throughout the years, we can see that the financial, business, and medical sectors have been the primary targets for data breaches.
The government/military sector became one of the primary targets of data breaches in 2015 and 2016 only, while the education sector has been largely ignored by cybercriminals.
This tells us one thing – cybercriminals follow the money trail. Where there’s money, there’s an increased likelihood of a data breach occurring.
The business and financial sectors deal with money directly, while stolen medical records can be sold on the Dark Web for a tidy sum of money.
Number of Serious Healthcare Data Breaches in the US from 2009 to 2022
Statista gives us a more thorough overview of the US healthcare industry and how it has been affected by data breaches from 2009 to 2022.
The study paints a worrisome picture. Take a look below:
| Year | Number of Data Breaches |
| 2009 | 18 |
| 2010 | 199 (+1,005%) |
| 2011 | 200 (+0.5%) |
| 2012 | 218 (+9%) |
| 2013 | 277 (+27.06%) |
| 2014 | 314 (+13.35%) |
| 2015 | 270 (-14.01%) |
| 2016 | 329 (+21.85%) |
| 2017 | 358 (+8.81%) |
| 2018 | 369 (+3%) |
| 2019 | 512 (+38.75%) |
| 2020 | 663 (+29.49% |
| 2021 | 715 (+7.85%) |
| 2022 | 707 (-1.11%) |
From 2009 to 2022, the number of data breaches in the US healthcare sector with over 500 lost records has increased by 3,827.78%.
Back in 2021, the number had reached the all-time high of 715 reported data breaches, with 2022 recording 707.
According to Cleaver Fulton Rankin, the majority of data breaches in the EU end up unreported by companies and institutions.
And the EU is governed by the GDPR, which is notoriously stricter than its US data privacy counterparts.
Imagine how many data breaches go unreported in the US in the healthcare industry and not only.
The situation is much worse than it initially appears, and the initial impression was quite bad in the first place.
Conclusion
Data breaches are plaguing the US as we speak. There have been 1,802 data breaches in 2022, affecting 422 million individuals and costing an average of $9.44 million.
The most targeted industries are the financial, business, and medical industries because they’re the most profitable.
It is also estimated that the cybercrime industry will cost around $10.5 trillion worldwide in 2025, and this is largely due to the selling of data stolen through data breaches.
Stay tuned to PrivacyAffairs for more cybersecurity guides!
Sources
IBM – What Is a Data Breach?
Statista – Annual Number of Data Compromises and Individuals Affected in the United Sttes from 2005 to 2022
Statista – Average Cost of a Data Breach in the United States from 2006 to 2023
Cybersecurity Ventures – Cybercrime to Cost the World $10.5 Trillion Annually by 2025
Statista – Distribution of Redords Exposed Due to Data Breaches in the United States from 2014 to 2019, by Sector
Statista – Number of Healthcare Data Breaches Involving the Loss of 500 or More Records in the United States from 2009 to 2022
Cleaver Fulton Rankin – Over 75% of Data Breaches Unreported