Solutions The best route to security compliance
Platform A powerful suite of ISMS features
Resources Everything you need to know
Knowledge Base Learn more about infosec
Company Security and customers first
Back to Knowledge & Insights

The World’s Largest Data Breaches And The Financial Cost to Businesses Revealed

As we navigate the digital revolution, businesses are handling data every day. Not just any data – your personal data.

With this comes a great deal of responsibility, but not everyone is up for the task. According to Selfkey, a minimum of 16 billion records have been leaked in data breaches since 2019 – many of which containing sensitive information such as credit card details, home addresses and phone numbers.

To find out the extent of the problem, we delved into some of the world’s biggest data breaches so far, along with analysing which industries have been most impacted. Businesses must keep their customer data safe and secure otherwise consumers might think twice about who they’re giving their private information to in the years to come.

Key Findings

  • Since 2018, there has been a 122% average increase in data breaches across European countries, although the UK has the strongest cyber security in Europe.
  • The total cost of data breaches to businesses was £46.14bn as of 2020.
  • Of the largest data breach settlements already confirmed, companies are having to pay out an average of £144.80 per individual record leaked.
  • There was a 32% increase in healthcare data breaches in 2020, with some speculating this was down to COVID.
  • CAM4 reported the largest data breach on record, with 10.88bn records leaked in total.
  • Our top tips revealed on how to protect your business from a data leak.

Continue reading to find out more about the scale of the world’s data breach problem – and how to avoid falling victim to it.

The Largest Data Breaches The World Has Seen – So Far

The largest data breach on record of a single company was of 10.88bn customer records by CAM4 – an adult streaming website. The breach occurred in 2020 when the company’s Elasticsearch server was compromised, leading to their customer’s information being exposed. The breach included private records such as:

  • Full names
  • Email addresses
  • Sexual orientation
  • Chat transcripts
  • Email correspondence transcripts
  • Password hashes
  • IP addresses
  • Payment logs

To put the size of the breach into context, the second largest was of 3bn records by Yahoo back in 2017. The web service provider had its customer’s private information exposed when a group of hackers used a series of social engineering techniques to gain access to Yahoo’s database. Yahoo made all users change their passwords before using the service again after the breach.

Aadhaar, the world’s largest biometric database, faced a similar breach in 2019 when 1.1bn personal records of Indian citizens were leaked online. Not only did the breach reveal users name and identity numbers, but also their bank details and photographs.

But where in the world are you most likely to suffer a data breach? Do some countries get hit more than others?

Data Breaches Have Increased 112% In Europe Since 2018

Since 2018, data breaches have increased by an average of 112% in European countries – a staggering rise in only a couple of years. The country most impacted is Iceland, after recently seeing an exponential rise in data breaches. In 2018, the country suffered only 25 leaks. However, fast forward to 2020 and that number had risen to 313. Although 313 data breaches is still a small number compared to some other countries, the increase from 2018 represents a 1,152% rise – the largest in Europe by some margin.

Excluding Lichtenstein, the UK has been the least impacted. Although the number of data breaches has still risen, a comparatively modest 9% increase means that the UK has the strongest cyber security in Europe. Other countries to perform well include Malta, Finland, and Romania.

Across Europe, there wasn’t a single country who presided over a decrease in data breaches during this period. This shows what an ever-increasing threat data breaches are to modern businesses with vast amounts of consumer information in their databases.

Data Breaches Have Cost Businesses A Total Of £46.14bn

The amount of data breaches currently happening is having a massive impact on businesses – costing them vast amounts of money to correct the issue. The total amount is £46.14bn as of 2020, according to IBM and the Ponemon Institute, and that figure is set to rise substantially in 2021 and beyond.

The biggest sector to be impacted in terms of the cost is healthcare, totalling £5.16bn. Due to the nature of the sector, where it’s important to have the maximum amount of information on a patient in order to provide them with the best care, its being targeted by unscrupulous individuals seeking to get their hands on valuable data to sell on. Over 40 million patient records were breached in 2020 alone, according to data from Protenus, a healthcare compliance analytics company.

Unfortunately, it seems that COVID may have accelerated the issue.

There Was A 32% Increase Of Data Breaches In The Health Industry Last Year

The number of data breaches experienced by healthcare companies increased by 32% in 2020, hitting a total of 758 compared to the previous year’s number of 572. During this time there was 8m records alone breached by insiders at healthcare companies, given the value of the data. There was at least two health data breaches per day in 2020, a considerable increase since 2016 when there was nearer one breach per day.

According to experts, one of the major reasons for this was due to the impact of COVID.

Hospitals and healthcare systems faced unprecedented challenges as they bore the brunt of the virus. Due to the fast-moving nature of the pandemic, certain security measures may not have been as stringent as before. According to one researcher at Nebraska Medicine, “these results demonstrate the heightened impact of cybersecurity breaches, the shifting strategies of malicious actors, as well as how healthcare organizations are grappling with cybersecurity in today’s dynamic, cloud-first world.”

Businesses Are Forced To Pay An Average Of £145 Per Record Leaked

Since 2019, there has been sizeable fines dished out for companies that have experienced data breaches – suggesting that regulators are finally starting to get serious about the risks they pose. When a company is fined for a data breach, most result in settlements after months, if not years, of legal jostling. The company who has paid the largest settlement so far was Equifax, who were fined £417m back in 2019. Nearly 150m records were leaked because of an unpatched Apache Struts framework in one of its databases. Home Depot and Uber have also reached hefty settlements.

Over time, the cost per record (what your data is worth) changes depending on the settlement agreed by the business and the authorities. Yahoo were lucky enough to only have to pay 0.02p per record leaked due to a data breach in 2013. Around 3 billion customer records were compromised, which accounted for nearly the entire population on the internet at the time. However, some companies haven’t been so lucky. In 2018, Tesco Bank received a fine of £16.4m fine due to £3m being stolen from 9,000 customer accounts – or a staggering £1,822 per leaked account. The average of the top 15 settlements is £144.80 per record.

How Businesses Can Avoid A Data Breach

There are several ways that businesses can protect themselves from data breaches, including:

Improving Password Security

Even in 2021, the most common password used today remains 123456 according to CyberNews, while ‘password’ remains high on the list in fourth place. In order to protect your organisations data, having strong passwords in place that can’t easily be deciphered is absolutely vital.

Updating Software Regularly

Professionals recommend keeping all application software and operating systems updated regularly. It sounds obvious, but a lot of business fail to monitor the current version of their anti-virus infrastructure. Make sure to install updates as soon as possible after they are released. This is perhaps the most cost-effective way to strengthen your network and stop attacks before they happen.

Avoiding Phishing Emails

Phishing emails attempt to gain private information such as email addresses and passwords by attempting to appear to be from a genuine source. Around 72% of all cyber-attacks can be traced back to staff members receiving fraudulent phishing emails. To prevent this, some general rules to follow are to never open an attachment or click a link from an unknown sender.

Educating Staff

It’s extremely important that all staff are kept up to date with the best practices of internet security – and all the latest scams trying to catch them out! We recommend providing security training on a regular basis due to the fast-changing nature of cyber threats. This will enable staff to identity suspicious emails and learn beneficial internet security habits.

Conducting Regular Audits

Another important tip to avoid a data breach is carrying out regular audits to identify if best practice is being maintained by staff, and that your business is sufficiently protected. Audits also can identity new, unique risks that are new to the business which can be immediately action upon in order to minimise.

Develop an Information Security Management System (ISMS)

An ISMS contains all the policies and procedures need to manage cyber risks as well as showing you understand what your assets are, have identified and managed all associated risks and implemented all the relevant controls to protect business and customer data.

How Can Hicomply Help?

Hicomply is a software platform that gives you the tools to build your information security management system (ISMS) as well as protect your business data. An ISMS can help you manage all your security processes in one place, consistently and cost-effectively. It is a system of processes, documents, technology, and people, that manage information risks, such as cyber-attacks, hacks, data leaks or theft. Book a demo today to find out how Hicomply can help to secure the data in your business.

Make sure to bookmark the Hicomply blog for more insights into data breaches and how to protect your company’s private information. Also, if you want to learn even more about how a Hicomply ISMS system can help to safeguard your business from data breaches, check out our handy infographic which outlines the benefits.

More Insights

How to solve a problem like third-party vendors
Spread your ISMS audit over three years
Understanding e-commerce requirements for PCI DSS