Data Breach

4 Must-Know Data Breach Statistics

Hike up your data britches –– we’re about to dive headfirst into statistics about data breaches. With each passing year, cybersecurity becomes a growing concern for businesses across every industry. The pandemic, hybrid work environments, and the rapid pace of digital transformation are all driving factors behind an uptick in workplace technology use. More people are logging in from home than ever, and with more organizations integrating software solutions into their digital strategies, it’s vital to integrate data privacy and security solutions as well. In this article, we analyze data from the IBM Security X-Force Intelligence Index 2022 to highlight the most important data breach statistics of the year.


What are the top industries facing data breaches?

For the first time in five years, manufacturing overtook finance and insurance as the top-attacked industry. IBM theorizes that “the onslaught of ransomware and BEC (business email compromise) attacks targeting manufacturing organizations –– compounding supply chain pressure created by the COVID-19 pandemic –– possibly contributed to this shift.” The financial industry’s drop from the most-attacked industry could also indicate that heightened security measures and transitions to hybrid cloud environments are yielding groundbreaking results, with improved use and protection of sensitive data.


What are the top infection vectors for ransomware or malware?

An “infection vector” is how a threat actor gains initial access to a victim’s network. Phishing surpassed vulnerability exploitation as the top infection vector in 2021 and was observed in 41% of incidents remediated by IBM. In phishing attacks, cybercriminals pose as legitimate institutions to garner sensitive information from targeted individuals. They often deploy malware or ransomware after a victim engages with an email, text message, or other digital communication.

Phishing emails are perhaps the most known mechanism for these attacks, but cybercriminals have perfected the art of the dupe. Even with the advent of two-factor authentication as an enhanced security measure, cybercriminals are able to bypass additional layers of protection and acquire sensitive information. Attackers will use real-time phishing to dynamically mimic real websites through a proxy site, where the proxy’s appearance is identical to the legitimate institution’s. Victims will enter their information in real-time, meaning any 2FA codes entered by a victim would be immediately stolen by an attacker and entered into a real site. When a victim completes a sign-in process, an attacker could take hold of the cookie session generated after the initial “authentication” process. The attacker then uses this to impersonate the user, gain access to the website’s server, and gain access to a user’s account.

In 2021, the 5 most spoofed brands were:

  1. Microsoft
  2. Apple
  3. Google
  4. BMO Harris Bank
  5. Chase


What are the top attack types in a data breach?

An “attack type” is an attacker’s end goal after gaining unauthorized access to a victim’s network. Attack types are not the same as initial infection vectors, which are defined as “the initial method of entry into a network” (IBM Security X-Force, 2022). “Other” attacks include adware, banking trojans, botnets, crypto miners, defacements, fraud, and more.

Ransomware has been the top attack type observed by IBM over the last three years. Ransomware attackers gain initial access via phishing, vulnerability exploitation, and remote desktop protocols. They may also utilize intermediary remote access tools or malware before creating “interactive access” with offensive security tools, like Cobalt Strike or Metasploit. Interactive access allows attackers to continuously infiltrate servers through remote access clients, as opposed to temporarily deploying malware. Then, attackers begin identifying valuable data and exfiltrating it to demand a future ransomware payload.


How much does the average data breach cost per-incident?

In 2021, data breach costs per incident rose from USD 3.86 million to USD 4.24 million, the highest average total cost in the past 17 years of IBM’s Cost of a Data Breach report. Factors in the total cost of a data breach include detection and escalation, notification, post-breach response, and lost business costs –– such as business disruption and revenue losses from system downtime, cost of lost customers and acquisition of new customers, and reputational losses. 

The largest amplifier of data breach costs? Compliance failures. Organizations with high levels of compliance failures faced average breach costs of $5.65 million, as opposed to $3.35 million at organizations with low levels of compliance failures.


Want to learn more?

We’ve written about the most expensive types of data breaches and how to tackle data security in healthcare. We’ve also built a software-only solution that can unlock the intellectual property of sensitive data without compromising privacy or violating regulations. 

TripleBlind enables organizations to pursue ambitious data projects between vendors. By building on well-understood principles such as federated learning, secure multi-party computation, and more, we radically improve the practical use of privacy-enhancing technologies. Unlike most third-party solutions, TripleBlind’s software is fully containerized on the end users’ infrastructure, minimizing the attack surface for most threats. With over two dozen documented use cases for mission-critical business problems, we’re ready to help you scale up data collaboration –– instead of cutting it back. 

Check out our whitepaper or schedule a demo with us. We’d love to explore how privacy-enhancing computation can help your business!



IBM. (2022, February 23). IBM Security X-Force Threat Intelligence Index. IBM. Retrieved June 3, 2022, from

IBM. (2021). Cost of a Data Breach Report 2021. IBM. Retrieved June 3, 2022, from