30 statistics about data breaches

July 14, 2025 | 9 min read

Data breaches remain a massive concern and have seemed to shift from rare occurrences to disturbingly common ones. Companies barely have time to react before another breach makes the news, keeping software developers on their toes to mend the cracks in their infrastructure before they’re exposed. Though becoming numb to the risks is easy, complacency can carry a risk all on its own. Nearly every business has something these bad actors want: customer contact details, proprietary software or employee information. In a digital environment that’s constantly shifting, threats are never far behind, and it’s a problem that’s growing more complex with each passing year.

Because this is an important issue here at Ooma, we decided to pull back the curtain and share 30 eye-opening statistics that reveal the true scope of data breaches today.

30 Statistics About Data Breaches - Ooma.com - Infographic

Embed to your site:

<a href="https://www.ooma.com/blog/30-statistics-about-data-breaches/"><img decoding="async" src="https://www.ooma.com/wp-content/uploads/statistics-data-breaches-6.png" alt="30 Statistics About Data Breaches - Ooma.com - Infographic" title="30 Statistics About Data Breaches - Ooma.com - Infographic"></a><br><a href="https://www.ooma.com" alt="Ooma VoIP Business Phone Systems" title="Ooma Secure Communication">By Ooma.com</a>

What is a data breach?

A data breach happens when someone gains unauthorized access to confidential or protected information. This can involve emails, financial records, medical files, trade secrets or any other sensitive data. Often, the attackers accessing the data don’t stop there. They steal, leak, sell or manipulate the information for personal or financial gain.

Data breaches don’t always involve sophisticated methods. Sometimes, a single employee clicking on a suspicious link is enough. Regardless, the concerns reach far beyond the IT department once a breach occurs.

Types of data breaches

Attackers and their methods adapt, meaning every branch of a company needs to be on alert. Some of the most common types of breaches include:

Malicious attacks: These made up 55 percent of all data breaches in 2024; the remainder were due to IT failures and human error. This category includes hackers or criminal insiders who target organizations to exploit weaknesses and steal data.
Human errors: In 2024, 22 percent of data breaches occurred because someone inside the organization made a mistake, such as opening a phishing email or accidentally divulging company information.
System glitches and IT failures: Technology isn’t foolproof. In fact, 23 percent of data breaches were linked to technical issues, like poorly secured networks or software failure.
Ransomware: These attacks involve threatening the target in some way until a ransom is paid. Sadly, they’re on the rise, and between 2023 and 2024, average ransom payments jumped by nearly 500 percent. Recovery now costs companies an average of $2.73 million.
Malicious insiders: When an employee goes rogue, the damage can be even greater due to their intimate knowledge of the company. In 2024, these attacks cost businesses an average of $4.99 million.

What causes data breaches?

There isn’t always a single smoking gun behind these attacks, and they tend to result from a mix of internal and external failings. For example, 40 percent of breaches in 2024 involved data stored across multiple environments. In these cases, having many fronts to monitor makes it harder to track who has access and where vulnerabilities lie. Shadow data, which refers to data created or shared outside of secure systems, played a role in 35 percent of breaches and added time and cost to the response (on average, it took 204 days to detect a breach and another 73 days to contain it). Outdated tools, unpatched software and legacy systems also continue to leave doors open to breaches.

At the same time, human error is a major chink in the armor that is cybersecurity. Even today, many employees lack the training to recognize phishing and other social engineering schemes, leaving companies vulnerable. All of these issues combined make breaches harder to stop and more expensive to clean up.

Consequences of a breach

Data breaches can be very expensive for the victims, but the financial toll is unfortunately only the beginning of the mess. Some of the most common costs include:

Money: In 2024, the average global cost of a breach hit $4.88 million. In the U.S., that number climbed to $9.36 million.
Time: From detection to recovery, the average timeline is around 10 months. Breaches involving personal data can take an average of 292 days to address.
Reputation: Trust is hard to win and easy to lose, as evidenced by the fact that only 12 percent of companies reported full recovery post-breach.
Disruption: Seventy percent of breached organizations experienced major business disruptions. Just 1 percent reported a low impact.
Industry fallout: Healthcare saw the highest costs, at an average of $9.77 million per breach. A 2024 breach involving Change Healthcare compromised 190 million medical records and was estimated to have caused more than $2 billion in damages.

How to prevent data breaches

When it comes to cybersecurity, prevention is more about being prepared than being perfect. Start with the basics: Don’t neglect training. A well-prepared team can stop a bad attack before it snowballs into a catastrophe. Make sure your employees know how to identify and avoid phishing and are on the same page regarding your security policies.

It’s equally important to keep your software patched and updated. Microsoft Office, one of the most exploited targets in recent years, is a prime example of why updates matter. Don’t ignore your data sprawl, either. And don’t be afraid to use AI and automation to keep your data safe.

Finally, if ransomware strikes, don’t face it alone. Law enforcement involvement saves companies a million dollars on average.

While no company can eliminate the risk of a data breach, your preparedness and response can affect the severity of the outcome. At Ooma, we recognize that safeguarding your data is vital for providing uninterrupted service, maintaining customer trust and forming the foundation of your business.

With more than 100 advanced communication features, Ooma Office empowers businesses to collaborate efficiently with their teams and customers. We would love the opportunity to connect and share best practices to enhance your organization’s security, agility and readiness for whatever the future may bring.

Data breach statistics

Statistic	Description
In 2024, the average global cost of a data breach was $4.88 million.¹	This represents a 10 percent increase from the previous year and is the highest total ever recorded.
It takes an average of 204 days to identify a data breach and an additional 73 days to contain it.¹
Forty percent of data breaches involved data stored across multiple types of environments.²	The decentralized nature of multi-cloud data storage means that it takes longer to identify and contain a breach.
Forty-six percent of breaches in 2024 involved customer data.²	This includes tax identification numbers, emails, phone numbers and home addresses.
Among all attack types, breaches involving personal data took the longest to identify and contain (292 days).¹	Phishing attacks lasted an average of 261 days, and social engineering attacks lasted an average of 257 days.
There was a 26.5 percent rise in IP theft between 2023 and 2024, making it the second most common form of data breach at 43 percent of all cases.²	Lost intellectual property costs also rose from $156 to $173 per case, an 11 percent increase.
In 2024, the United States had the highest average total cost of a data breach at $9.36 million.¹	The Middle East had the second-highest average cost ($8.75 million).
Malicious attacks accounted for 55% of all data breaches in 2024.¹	These are committed by outside attackers or criminal insiders.
IT failures and human error caused nearly half of all breaches.¹	IT failure contributed to 23 percent, and 22 percent were due to human error.
Insider attacks were the most expensive, averaging $4.99 million in 2024.¹	An insider attack originates from within the target organization. Generative AI may be contributing to the rise of successful attacks.
Forty-two percent of data breaches are found by security teams.¹	Thirty-four percent are found by a benign third party.
Twenty-four percent of data breaches are disclosed by the attackers themselves.¹	In these cases, the average cost of the breach was $5.53 million.
The use of AI in data breach prevention saved organizations an average of $2.2 million in 2024.¹	Two out of three organizations studied reported the deployment of AI and automation in their security operations.
The industrial sector experienced the highest increase in breach-related costs ($830,000 per breach) in 2024.¹	This indicates a need for preventative action, as this industry is highly affected by operational downtime.
Seventy percent of breached organizations experienced a significant to very significant disruption of business.¹	Only 1 percent of organizations described the impact as low.
Only 12 percent of businesses reported a full recovery from data breaches in 2024.¹
The average cost of a mega-breach in 2024 was $375 million.¹	A mega-breach involves more than 1 million compromised records. This cost is a 13 percent increase from 2023.
From 2021 to 2023, Microsoft Office applications were the most commonly exploited.³	Microsoft Office accounted for 69.1 percent of exploited applications.
Shadow Data
In 2024, 35 percent of breaches involved shadow data.²	Shadow data refers to data that is created, stored or shared outside of a regulated and secure data management framework.
Twenty-five percent of data breaches involving shadow data occurred on-premises.²	This underscores significant unmanaged risks, such as data privacy concerns, data governance gaps and regulatory impacts.
Breaches involving shadow data took 26.2 percent longer to identify and 20.2 percent longer to get under control.²	This averaged 291 days of uncontained breaches, costing an average of $5.27 million when shadow data was involved.
Shadow data breaches cost 16.2 percent more than non-shadow data breaches.⁴
Healthcare Data
The healthcare industry had the highest average breach cost in 2024 ($9.77 million).¹	It has been the costliest industry for breaches since 2011.
The largest breach of medical data in U.S. history occurred in February 2024.⁵	A ransomware attack on Change Healthcare compromised the medical records of approximately 190 million people.
The number of breached medical records increased by 64.1 percent from 2023 to 2024.⁵	There were 276,775,457 breached records, the equivalent of 81.38 percent of the United States population.
Hospitals spend 79 percent more on advertising per year during the two years following a breach.⁶
Ransomware
The average ransom payment increased nearly 500 percent from 2023 to 2024.⁷
The average recovery cost of a ransomware attack in 2024 was $2.73 million, a massive increase of nearly $1 million from the previous year.⁷
Thirty-four percent of ransomware attacks began with a malicious email.⁷
Law enforcement involvement in ransomware attacks lowered the cost of breaches by an average of $1 million.¹	That excludes the cost of any ransom paid.

________________________

Sources

¹ IBM’s Cost of a Data Breach 2024. https://www.ibm.com/reports/data-breach

² IBM – Hidden risk of shadow data and shadow AI leads to higher breach costs. https://www.ibm.com/think/insights/hidden-risk-shadow-data-ai-higher-costs

³ Statista – Most commonly exploited applications worldwide from November 2021 to October 2023. https://www.statista.com/statistics/434880/cyber-crime-common-exploits-global/

⁴ IT Brew – With ‘shadow’ data, breach costs get even darker. https://www.itbrew.com/stories/2024/08/05/with-shadow-data-breach-costs-get-even-darker

⁵ The HIPAA Journal – The Biggest Healthcare Data Breaches of 2024. https://www.hipaajournal.com/biggest-healthcare-data-breaches-2024/

⁶ The HIPAA Journal – Advertising Expenditures Increase 64% Following a Healthcare Data Breach. https://www.hipaajournal.com/advertising-expenditures-increase-64-following-a-healthcare-data-breach/

⁷ Sophos – State of Ransomware 2024. https://www.sophos.com/en-us/press/press-releases/2024/04/ransomware-payments-increase-500-last-year-finds-sophos-state

About the Author

Husain Sumra

Husain Sumra is a former journalist who reported on the biggest companies in tech, from Apple to Amazon, covering cloud services, consumer technology and communication solutions. His journalism background has helped him bring a customer-first approach to content marketing, creating pieces of content aimed at helping people.