You are here

25 data security stats that matter

public://pictures/Jaikumar-Vijayan-Freelance-Writer.png
Jaikumar Vijayan, Freelance writer

Organizations are under tremendous pressure to protect customer and business data.

Laws such as the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have considerably upped the ante for entities that experience data breaches. Failure to comply with such requirements can result in costly fines and other legal implications.

Cloud migration, digital transformation, and enterprise mobility initiatives are other major issues. Data that used to be located on premises is now scattered across public cloud, private cloud, hybrid, and mobile environments, making it much harder for security organizations to protect it.

Here are key statistics culled from reliable sources on the current state of the data protection challenge

[ Get up to speed on new privacy laws with this Webcast: California’s own GDPR? It’s not alone. Plus: Learn about data-centric protection with TechBeacon's guide, and get Gartner’s Data Masking Market Guide. ]

Data breaches and cyber-attacks

4.1 billion: Number of data records compromised during just the first six months of 2019

Those numbers, from more than 3,800 publicly disclosed data breaches, put 2019 on track to be the worst ever for data breaches.

Source: 2019 State of Security Operations (Micro Focus)

70 million: Data records stolen or leaked in 2018 due to poorly configured AWS S3 cloud storage buckets

The growth in the number of tools available that let attackers search for misconfigured cloud resources is adding to the seriousness of the issue.

Source: 2019 Internet Security Threat Report (Symantec)

$8.19 million: Average total cost of a data breach for US companies

That's more than double the global average of $3.92 million per breach.

Source: 2019 Cost of a Data Breach Report (Ponemon Institute, for IBM Security)

34%: Percentage of data breaches Verizon investigated in 2018 caused by internal actor

Outside actors perpetrated 69% of breaches, and 5% involved both.

Source: 2019 Data Breach Investigations Report (Verizon)

45%: Share of healthcare organizations attacked whose primary motive was data destruction

Some 66% have been targeted in a ransomware attack over the past year.

Source: Healthcare Cyber Heists in 2019 (VMWare Carbon Black)

Sensitive data deluge

53%: Proportion of organizations that leave 1,000 or more files with sensitive data open to all employees

This is whether the employees actually need access to the data or not. Every employee, on average, has access to 17% of all files containing sensitive data at their organizations.

Source: 2019 Global Data Risk Report (Varonis)

534,465: Number of files containing sensitive data at the average company

More than half of the data (53%) at the average organization is stale; 58% of organizations have at least 1,000 stale user accounts.

Source: 2019 Global Data Risk Report (Varonis)

1:2.2: Ratio of companies found to have mobile apps that access high-risk data in 2018

That number is lower than the 54.6% of organizations (1 in 1.8) that had mobile apps doing the same thing in 2017.

Source: 2019 Internet Security Threat Report (Symantec)

$40: The upper price limit on the dark web for a fullz

This is a packet of personally identifiable information that includes a victim's full name, date of birth, Social Security number, phone number, address, mother's maiden name, driver's license number, and other data. For a fullz from the US, the cost can range from $30 to $40. In the UK, the same data costs between $35 and $50.

Source: The Black Market Report (Armor)

$1,000 to $1,200: Average price for credentials to a bank account with $20,000 balance or more

At the lower end, the price for credentials to a bank account with $3,000 or less ranges from $150 to $300.

Source: The Black Market Report (Armor)

[ Get on top of access with TechBeacon's guide to identity governance, and see the IGA leaders. Plus: Learn how to secure and manage cloud-based Linux resources with Active Directory in this Webinar. ]

Data regulations and the cloud security challenge

66%: Industry influencers who cited data security as biggest challenge in moving to the public cloud

Nearly six in 10 (57%) expressed the same concern over data privacy in cloud environments.

Source: Cloud Vision 2020: The Future of the Cloud Study (LogicMonitor)

27%: Organizations that say 95% of their critical workloads will run in the cloud in five years

The survey asked specifically about public, private, or hybrid cloud. Another 20% expect the migration to happen in 10 years, and 11% believe they will get there in seven years.

Source: Cloud Vision 2020: The Future of the Cloud Study (LogicMonitor)

44%: Proportion of organizations that rated complexity as the top barrier to good data security

This was based on a survey of 1,200 IT and security executives. The move from single on-premises environments to multiple SaaS, IaaS, and PaaS environments is driving much of the complexity.

Source: 2019 Thales Data Threat Report — Global Edition (IDC, for Thales)

31%: Share of organizations that encrypt data at rest on PCs

Though awareness is high about the need for data encryption, fewer than 30% have implemented it for a vast majority of user cases, including full disk encryption, workloads in the public cloud, big-data environments, mobile devices, IoT, and containers.

Source: 2019 Thales Data Threat Report — Global Edition (IDC, for Thales)

59%: Proportion who said their organizations are currently meeting all GDPR requirements

This is based on a survey of 3,200 security professionals in 18 countries. Another 29% hope to be similarly ready by early 2020.

Source: Data Privacy Benchmark Study (Cisco)

42%: The percentage of security leaders who say security is the biggest challenge to GDPR compliance

In this study of 3,200 professionals, 39% pointed to internal training as their biggest challenge, and 35% said it was hard for them to remain on top of constantly evolving requirements of GDPR.

Source: Data Privacy Benchmark Study (Cisco)

10%: Share of US companies actively working to comply with 50 or more privacy laws

Some 13% reported working actively on between 6 and 10 data privacy laws at the same time, and 13% on between 11 and 49 laws.

Source: IAPP and TrustArc Report

47%: Number of organizations that updated website cookie policies more than once over the past year

Over three-quarters (80%) of respondents in this global survey said they had done the same thing with their privacy policy.

Source: IAPP and TrustArc Report

$55 billion: The initial cost to California companies of complying with the CCPA

Legal, operational, technical, and business-related costs include renegotiating contracts and changing data-handling practices.

Source: Standardized Regulatory Impact Assessment (California Office of the Attorney General)

Consumer awareness and response

78%: Percentage of respondents who care most about the security and privacy of their financial data 

Some 70% feel protective about their identity information, 61% about medical information, and 57% about their contact information.

Source: RSA Data Security & Privacy Survey 2019

45%: Share of users who said personal information was compromised at least once in the past five years  

US users are likelier to have experienced a personal data compromise compared to users from other countries.

Source: RSA Data Security & Privacy Survey 2019

34%: Percentage of US users who say their personal data is 'very vulnerable' to compromise 

Another 47% feel "somewhat vulnerable" on the issue. A bare 2% don't feel their data is vulnerable at all to compromise.

Source: Statista

45%: Proportion of US users who avoid opening emails from people they do not know 

Some 41% share less information online than they used to, and 40% avoid visiting sites they perceive as being risky to mitigate data breach risk.

Source: Statista

49%: European online users who are aware of domestic data protection and privacy rules

This is compared to barely 29% of North American online users.

Source: Statista

64%: Percentage of US users who would hold a company responsible for loss of personal data

In contrast, 72% of UK residents would blame the company—and not hackers—for losing personal data.

Source: RSA Data Security & Privacy Survey 2019

(Registration is required to download several of the reports referenced above.)

[ Explore TechBeacon's guide to SecOps challenges and opportunities. Plus: Download the 2019 State of Security Operations report. ]