Data Breach Statistics 2026: Costs & Causes
On-device OCR. Secure, built for iOS.
Data Breach Statistics 2026: Costs & Causes
Data breaches now reach a scale that is hard to picture. The Identity Theft Resource Center counted 3,158 US data compromises in 2024 and a staggering 1.73 billion victim notices, a 312% jump in one year. IBM puts the global average cost of a breach at USD 4.44 million, while the US average hit a record USD 10.22 million. Most breaches are not exotic hacks: Verizon found 68% involve a non-malicious human element, and stolen or compromised credentials were the single most common entry point. Breaches still took organizations a mean of 241 days to identify and contain. The numbers below show where the risk lives and why minimizing the data you expose is the strongest defense.
These statistics matter more in 2026 because nearly every document now flows through a phone or a cloud account. People scan IDs, sign contracts, and store receipts inside apps and services they rarely vetted, and each upload widens the surface attackers can reach. The same forces driving rising data privacy statistics also drive breach risk: the more copies of your data that exist, the more places a single failure can leak them.
This post covers 16 verified statistics on data breaches, spanning volume, cost, root causes, response time, and sector impact. It is written for individuals, freelancers, and small businesses that handle sensitive paperwork. Here are the 16 numbers worth knowing.
1. 1.73 billion victim notices were issued in the US in 2024
1,728,519,397 data breach victim notices went out in the US during 2024, a 312% increase over the 419 million issued in 2023, according to the Identity Theft Resource Center. The count is so large because six "mega-breaches" each generated at least 100 million notices, together producing more than 1.4 billion of the total. The Ticketmaster breach alone accounted for 560 million notices, followed by Advance Auto Parts at 380 million. A victim notice is a legal alert sent to a person whose data was exposed, so one individual can receive several. The headline takeaway is blunt: in a single year, the number of US exposure notices exceeded five times the country's population. Breach impact is no longer a rare event affecting a few unlucky people. It is a routine background condition of modern digital life.
Source: Identity Theft Resource Center - 2024 Annual Data Breach Report
2. There were 3,158 US data compromises in 2024
3,158 data compromises were tracked across all US sectors in 2024, the Identity Theft Resource Center reports, just 44 events short of the all-time record set in 2023. The total broke down into 2,850 data breaches, 18 data exposures, 2 data leaks, and 288 events of unknown root cause. The slight one percent dip from 2023's 3,202 offers little comfort, because the number of people affected exploded even as the event count held steady. Cyberattacks drove the vast majority, causing about 80% of compromises and 93% of all victim notices. This split matters: the threat is concentrated in deliberate attacks rather than accidental leaks. For anyone storing sensitive files, the lesson is that breaches are frequent and overwhelmingly intentional, so reducing how much data you expose is more reliable than hoping any single provider stays attack-free.
Source: Identity Theft Resource Center - 2024 Annual Data Breach Report
3. The global average cost of a data breach is USD 4.44 million
USD 4.44 million is the global average cost of a data breach in 2025, according to IBM's Cost of a Data Breach Report, down 9% from USD 4.88 million the year before. IBM credits the drop to faster containment driven by AI-powered defenses, the first decline in five years. The figure is built from a deep analysis of real breaches at hundreds of organizations worldwide, conducted with the Ponemon Institute over 20 consecutive years. The cost covers detection, response, lost business, legal fallout, and regulatory penalties combined. A lower global average does not mean breaches got cheap. It means organizations that invested in detection and response shaved the worst costs, while those that did not still paid dearly. The clearest way to avoid the bill is to hold less sensitive data in the first place, so a breach has less to expose.
Source: IBM - Cost of a Data Breach Report 2025
4. The US average breach cost hit a record USD 10.22 million
USD 10.22 million is the average cost of a data breach in the United States in 2025, a record high and up 9% year over year, IBM reports, even as the global average fell. The US has long carried the highest breach costs of any region, driven by aggressive litigation, dense regulation, and steep customer churn after an incident. The gap between the US figure and the global average is now more than double. This regional split tells US-based individuals and businesses that the financial stakes of a leak are uniquely severe where they live. Regulatory fines, mandatory notifications, and credit monitoring all stack up fast. For a small business, a single breach at this scale can be existential. The defensive logic is the same at every size: data that never leaves your control cannot trigger these costs.
Source: IBM - Cost of a Data Breach Report 2025
5. 68% of breaches involve a non-malicious human element
68% of data breaches involve a non-malicious human element, such as a person falling for social engineering or making an error, according to the Verizon 2024 Data Breach Investigations Report. This is the most important number in breach prevention. It means most incidents do not start with a genius hacker breaking encryption. They start with an ordinary mistake: a clicked link, a misdirected email, a reused password. Verizon analyzed 10,626 confirmed breaches for the report, nearly double the prior year's sample, which gives the figure real weight. The practical implication is sobering. No amount of technical security fully protects data once a human can be tricked into handing it over. The most durable defense is to shrink the number of systems and accounts where a single human error can expose your files, rather than trusting that no one will ever slip.
Source: Verizon - 2024 Data Breach Investigations Report
6. Stolen credentials were the top initial attack vector at 16%
16% of breaches in 2024 started with stolen or compromised credentials, the most common initial attack vector, with phishing close behind at 15%, according to IBM's Cost of a Data Breach Report. Together these two account for nearly a third of all breaches, and both exploit the same weakness: people and the passwords they reuse. Verizon's data aligns, finding stolen credentials behind 24% of breaches in its sample. Credential-based attacks are dangerous not just because they are common but because they are quiet. An attacker logging in with a valid password looks like a normal user, which is why these breaches take the longest to catch. The takeaway for individuals and small teams is that strong, unique passwords and multi-factor authentication block the single most popular door attackers use. Reducing the number of accounts holding your documents removes that door entirely.
Source: IBM - Escalating Data Breach Disruption Pushes Costs to New Highs
7. Phishing/spoofing was the most-reported cybercrime to the FBI
193,407 complaints about phishing and spoofing reached the FBI's Internet Crime Complaint Center in 2024, more than any other crime type, the FBI IC3 Annual Report shows. Personal data breaches ranked third by complaint volume at 64,882. The report pulled together 859,532 total complaints and documented reported losses exceeding USD 16.6 billion, a 33% jump from 2023. Phishing losses specifically rocketed from USD 18.7 million in 2023 to USD 70 million in 2024, a 274% rise. These numbers come straight from victim reports filed with a US federal agency, so they reflect real harm, not modeled estimates. Phishing remains the workhorse of cybercrime because it is cheap, scalable, and exploits trust rather than technology. For anyone who handles sensitive documents, the message is that the attack most likely to reach you arrives as a convincing message, not a brute-force hack against a server.
Source: FBI - FBI Releases Annual Internet Crime Report
8. 15% of breaches involve a third party or supplier
15% of data breaches involved a third party or supplier in 2024, such as a software supply chain, hosting provider, or data custodian, according to the Verizon 2024 Data Breach Investigations Report. This share roughly doubled from prior years as attackers learned that hitting one vendor can expose hundreds of downstream organizations at once. Several of 2024's largest US breaches followed exactly this pattern, where customer data leaked not from the brand people trusted but from a back-end processor they never knew existed. Third-party risk is uniquely hard to manage because you cannot audit a vendor you do not even know your data passed through. The lesson connects directly to document handling: every cloud scanner or storage service that copies your files becomes a third party that can be breached on your behalf. Each upload adds a link to the chain, and any link can break.
Source: Verizon - 2024 Data Breach Investigations Report
9. Cloud misconfigurations caused 15% of breaches
15% of breaches in 2024 stemmed from cloud misconfigurations, according to IBM's Cost of a Data Breach Report, making simple setup mistakes one of the most common ways sensitive data spills. A misconfiguration is rarely a sophisticated attack. It is usually a storage bucket left public, a permission set too broadly, or a default setting no one changed. These errors expose data that was never even targeted, because anyone who finds the open door can walk in. As organizations spread workloads across multiple cloud platforms, the number of settings that must be correct grows, and so does the chance one is wrong. The risk scales with complexity. For individuals, the parallel is direct: every app that syncs your scans to a cloud account introduces a configuration you do not control and cannot verify. Keeping files on your own device removes the misconfiguration risk entirely, because there is no cloud bucket to leave open.
Source: IBM - Surging Data Breach Disruption Drives Costs to Record Highs
10. 40% of breaches involve data spread across multiple environments
40% of data breaches in 2024 involved data stored across multiple environments, such as public cloud, private cloud, and on-premises systems at once, IBM reports, and these breaches were the most expensive to resolve. The reason is intuitive: the more places data lives, the harder it is to track, secure, and clean up after an incident. IBM found these multi-environment breaches cost the most and took longer to contain than breaches confined to a single location. The finding exposes a core tension of modern data handling. Convenience pushes people to sync everything everywhere, yet every additional copy multiplies the attack surface. This is the strongest statistical case for data minimization. Fewer copies in fewer places means fewer ways to be breached and a faster, cheaper recovery when something does go wrong. For sensitive documents, one local copy beats five scattered across services you do not manage.
Source: IBM - Escalating Data Breach Disruption Pushes Costs to New Highs
11. 35% of breaches involve hidden shadow data
35% of data breaches in 2024 involved shadow data, meaning data sitting in unmanaged or forgotten systems that IT teams do not know exists, according to IBM's Cost of a Data Breach Report. Breaches involving shadow data cost an average of USD 5.27 million, 16% higher than breaches without it, and took 26% longer to identify. You cannot protect what you do not know you have. Shadow data accumulates quietly every time a file is copied into an unsanctioned app, an old account, or a stray cloud folder and then forgotten. It becomes a silent liability, fully exposed yet completely unmonitored. The pattern mirrors how personal documents pile up across scanner apps, email attachments, and photo libraries over years. Each abandoned copy is shadow data of your own making. The cleanest fix is to stop creating extra copies, so sensitive scans never drift into systems you no longer watch.
Source: IBM - Hidden Risk of Shadow Data and Shadow AI Leads to Higher Breach Costs
12. Breaches took a mean of 241 days to identify and contain
241 days was the mean time organizations took to identify and contain a data breach in 2025, the lowest figure in nine years, according to IBM's Cost of a Data Breach Report. The improvement came from AI-assisted detection, yet 241 days still means a breach typically festers for roughly eight months before it is fully resolved. During that window, attackers can move through systems, copy more data, and cover their tracks. The longer a breach runs, the more it costs: IBM has repeatedly found that breaches contained quickly cost far less than those left open. In the prior year's data, incidents involving stolen credentials stretched to 292 days, the longest of any type, because valid logins look legitimate. The core insight is that breaches are slow-burning, not instant. The smaller and simpler your data footprint, the faster any breach can be spotted and the less it can spread while it goes unnoticed.
Source: IBM - Cost of a Data Breach Report 2025
13. Healthcare had the costliest breaches for 14 years running
USD 9.77 million was the average cost of a healthcare data breach in 2024, the highest of any industry and the 14th consecutive year healthcare topped the list, according to IBM's Cost of a Data Breach Report. Healthcare breaches cost the most because medical records are richly detailed, heavily regulated, and impossible to reissue like a credit card. A leaked diagnosis or insurance ID follows a person for life. The sector breakdown matters because it shows breach cost tracks the sensitivity of the data, not just the size of the company. Financial services, technology, and energy also rank among the costliest, all fields handling high-value personal information. The lesson generalizes well beyond hospitals. The more sensitive the documents you hold, such as medical forms, IDs, and financial records, the higher the stakes if they leak. Sensitive paperwork deserves the strictest handling, which means keeping it off services that pool it with everyone else's.
Source: IBM - Escalating Data Breach Disruption Pushes Costs to New Highs
14. Ransomware appeared in 88% of small-business breach incidents
88% of breach incidents at small and medium businesses involved ransomware or extortion in 2024, compared with 39% at large enterprises, according to Verizon's Data Breach Investigations Report. Small organizations are hit hardest because they often lack dedicated security staff, yet still hold valuable customer data attackers can ransom. The median adjusted loss for victims who paid a ransom rose to roughly USD 46,000, a sharp increase over the prior year. This disparity dismantles the comforting myth that breaches only happen to big corporations. In reality, small businesses are the preferred target precisely because they are softer. A freelancer or small firm storing client contracts and IDs sits squarely in the crosshairs. The defensive takeaway is practical and affordable: you cannot outspend an enterprise on security, but you can refuse to centralize sensitive files in places ransomware can reach. Local, account-free storage gives attackers far less to seize.
Source: Infosecurity Magazine - Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks
15. Personal information made up 48% of all compromised records
48% of all breached records worldwide in 2024 were personally identifiable information, the most common type of data compromised, according to Statista. Nearly half of everything exposed was the kind of data that directly enables fraud: names, addresses, government IDs, and account details. This is precisely the data that scanned documents contain. A driver's license, a passport page, a signed contract, or a tax form is a dense package of exactly the identifiers attackers prize most. The statistic links breach risk straight back to identity crime, since exposed PII is the raw fuel behind the rising identity theft statistics seen across recent years. Once this information leaks, it cannot be recalled, and victims can spend years untangling the damage. The defensive principle follows directly: documents packed with personal identifiers are the highest-value target in any breach, so they warrant the most cautious, most private handling you can manage.
Source: Statista - Type of compromised data worldwide 2024
16. 13% of organizations reported breaches of their AI systems
13% of organizations reported breaches of their AI models or applications in 2025, and 97% of those that suffered an AI-related incident lacked proper AI access controls, according to IBM's Cost of a Data Breach Report. The report also found that one in six breaches now involves attackers using AI, most often for phishing and deepfake impersonation. Organizations with high levels of ungoverned "shadow AI" saw breach costs about USD 670,000 higher than those without. This marks a new and fast-growing front in the breach landscape. As people feed documents into AI tools for summarizing, scanning, or sorting, sensitive files flow into systems with weak or absent access controls. The data shows this is already producing breaches. The cautious response is to keep sensitive document processing local rather than routing private files through cloud AI services whose governance you cannot see or verify.
Source: IBM - 13% of Organizations Reported Breaches of AI Models or Applications
What These Data Breach Statistics Reveal Together
The data points to one consistent conclusion: breaches are common, costly, and overwhelmingly caused by ordinary failures rather than elite hacking. 68% involve a human slip, stolen credentials and phishing are the top two entry points, and the most expensive breaches are the ones where data is scattered across many systems. The theme running through every number is exposure. The more data you hold and the more places you hold it, the more ways it can leak and the more it costs when it does.
For individuals and small businesses, the practical lesson is uncomfortable but clear. You cannot match an enterprise security budget, and 88% of SMB breach incidents involving ransomware shows attackers know it. What you can control is your footprint. Every cloud account, every synced app, and every forgotten copy is shadow data waiting to be breached. Sensitive scans like IDs, contracts, and medical forms are exactly the PII that makes up 48% of all breached records, which makes them the worst possible thing to scatter.
The trajectory reinforces the point. Third-party and supply-chain breaches are climbing, multi-environment sprawl drives the highest costs, and AI is opening an entirely new attack surface. Both the threat data and the cost data push toward the same defense: hold less, in fewer places, under your own control. Mobile and on-device workflows that keep files local fit this direction precisely, because data that never leaves your device cannot be exposed by a vendor's mistake.
The single most effective way to survive a data breach is to never put your sensitive files where one can reach them.
Turn Sensitive Paperwork Into Sharp, Searchable PDFs
Every statistic above traces back to the same root cause: sensitive data sitting in too many systems you do not control. Scanned IDs, contracts, and medical forms are the personal information that makes up nearly half of all breached records, so the documents you most need to digitize cleanly are also the ones you most need to keep close.
Filewise is the fast, reliable scanner professionals use to get that job done. It turns IDs, contracts, and medical forms into sharp, searchable, professional multi-page PDFs in seconds, running scanning and OCR text recognition directly on your iPhone so your files stay on the device you already carry. With on-device OCR, a built-in e-signature, and Face ID to lock your most sensitive scans, you get a professional digital copy reliably, every time.
Join the Filewise waitlist and turn sensitive paperwork into sharp, searchable PDFs right on your iPhone.
Filewise is launching soon - the fast, reliable PDF and document scanner for iPhone, built for professionals.
Join the Filewise Waitlist
On-device OCR · Face ID security · Launching soon on iOS
Frequently Asked Questions
How many data breaches happen each year?
The Identity Theft Resource Center tracked 3,158 US data compromises in 2024, just short of the all-time record, which generated more than 1.73 billion victim notices, a 312% increase over 2023. Six mega-breaches each produced over 100 million notices, with the Ticketmaster breach alone accounting for 560 million. Breaches are now a routine event affecting billions of records every year.
How much does a data breach cost on average?
IBM's 2025 Cost of a Data Breach Report puts the global average at USD 4.44 million, down 9% from the prior year thanks to faster AI-assisted containment. In the United States, however, the average reached a record USD 10.22 million. Healthcare remains the costliest sector at USD 9.77 million, the 14th year in a row it has topped the list.
What is the most common cause of a data breach?
Most breaches start with people, not sophisticated hacking. Verizon's 2024 report found 68% involve a non-malicious human element such as error or falling for social engineering. IBM identifies stolen or compromised credentials as the top initial attack vector at 16%, with phishing second at 15%, while third-party suppliers and cloud misconfigurations each account for 15% of breaches.
How long does it take to detect a data breach?
Organizations took a mean of 241 days to identify and contain a breach in 2025, the lowest in nine years according to IBM, though that still means roughly eight months before full resolution. Breaches involving stolen credentials took the longest at around 292 days, because attackers using valid logins blend in with legitimate users. Faster containment consistently lowers the total cost of a breach.
🔒 Secure & on-device | 📱 Built for iOS