Financial Data Breach Statistics for 2024

Written By
G. Dautovic
Updated
November 29,2024

There is no doubt technology is rapidly changing how every aspect of the world works. But in our digitized lives, there is perhaps no other realm that has evolved more dramatically than the way we manage our money.

Data breach statistics show that cybercriminals know exactly how sensitive online banking data is in the 21st century. In this ever-expanding sea of data, new pirates set sail by the minute, and the need for better security becomes more and more urgent.

This has become more evident in the past few years, with the number of cyberattacks skyrocketing. 

To show you just how advanced cybercrime has become and how much it costs society, we’ve created this article. Use the information to help protect your personal finances and those of your business. And, just as importantly, spread the word about this serious threat.

Key Statistics on Data Breaches for 2024 - Editor’s Choice

  • 71% of all data breaches are financially motivated.
  • The cost of cyberattacks in the banking industry reached $18.3 million annually per company.
  • The United States suffered 1,473 cyberattacks over the last year, leading to 164.6 million successful data breaches.
  • It’s estimated that spending on cybersecurity training will reach $10 billion by 2027.
  • 8 out of 10 US citizens fear that businesses are not able to secure their financial information.
  • According to FBI, the amount paid to ransomware scammers has reached nearly $1 billion per year.
  • 92% of ATMs are vulnerable to hacks.
  • The number of unfilled data breach protection jobs will rise to 3.5 million by the year 2021.

(SecurityMetrics)

When we look at the number of data breaches over the last decade, it becomes evident just how heavily we now rely on digital finance. Consumers are increasingly shopping online, so much so that the same research from just four years earlier had the exact opposite result. Six years ago, 80% of payment-card related investigations on data breaches were for point-of-sale merchants, while in 2020 that figure is only 20%.

71% of all data breaches are financially motivated.

(Verizon)

It’s no surprise that money is the motivation behind the majority of hacks. The same Verizon research shows that 39% of all data breaches are perpetrated by organized crime groups. For 56% of data breaches it took months or even longer before they were discovered. The danger is not only real, but the people behind these attacks are often experts in cybercrime.  

The cost of cyberattacks is highest in the banking industry, reaching $18.3 million annually per company.

(Accenture)

Recent statistics showed a massive increase in the number of cyberattacks, which is why the financial industry is spending record amounts on security measures.

Successful attacks on banks and financial institutions are the most costly of all, not only because of the financial losses, but also because these breaches erode user trust.

In 2017, banks were the target of 47% of financial data breaches.

(ERPScan)

The huge boom in blockchain popularity meant that in 2017, 21% of cyberattacks targeted crypto-related businesses. This shafted loan companies into third spot, with 11%.

Stolen cardholder data remains captured for an average of 127 days.

(SecurityMetrics)

Data breach facts like this show just how long a single instance of cyber theft can cause problems for those affected. Having your data “captured” in this sense means that it is being recorded, gathered, and stored by an unauthorized source, so cardholders remains vulnerable for an average of six months after an attack.

Organizations that fall victim to data breaches remain vulnerable for an average of 257 days.

92% of ATMs are vulnerable to hacks.

(Positive Technologies)

ATMs remain vulnerable to a wide variety of attacks. For instance, 85% of ATMs are poorly secured against network attacks, including the spoofing of the processing center.

Of the ATMs tested, 69% were vulnerable to black box attacks, while 76% allowed hackers to exit kiosk mode and gain access to the machine’s operating system.

Over 500 million users don’t realize their device is infected with crypto-mining software.

(AdGuard)

220 websites with a total of 500 million visitors infected users’ computers with crypto-mining programs during a three-week period.

Those sites made an average of $43,000 during that time. Considering the damage crypto-mining scripts can cause to computers, this was a significant issue for victims.

A staggering 97% of all records stolen are from the United States.

(Gemalto)

While it’s not surprising that the most powerful economy in the world is the main target of cyberattacks, it is still shocking how many of the world’s data breaches are directed at the United States. More than 59% of all breaches happen in the USA, and a staggering 97% of all stolen records are American.

The average total cost of a data breach amounts to $3.92 million.

(IBM)

A single data breach can cost the victim immensely. While the damage caused by successful cyberattacks varies from country to country, the average of almost $4 million is shockingly high. The country where the average data breach costs the most is the United States, with an average of $8.19 million per breach.

Global spending on cybersecurity is expected to surpass $6 trillion by 2021.

(Cybersecurity Ventures)

In 2015, the United States declared a national emergency to combat the very real threat of cyber crime. Since then, global spending on the cyber war has continued to rise. To put things in perspective, global spending on cybersecurity in 2015 amounted to $1 trillion.

This means the costs of preventing such attacks have been rising by almost a trillion dollars each year since, with no signs of slowing down. 

66% of businesses that fall victim to data breaches aren’t confident they can recover.

(Fortune)

A three-year-old report by IBM found that cybercrime was metastasizing as technology became more advanced and more readily available. Of the 2,400 IT and security professionals surveyed, 75% confirmed that they had no formal response plans in case of a cybersecurity incident.

The financial impact of ransomware attacks rose by 60% in 2018.

(Internet Society)

An Internet Society report on cyber incidents and data breaches concluded that, while the overall number of data breaches and records stolen has fallen compared to last year, their financial impact has increased substantially.

Losses from compromised business emails doubled in that same period, while cryptojacking incidents more than tripled. The report also found a constant increase in high-level breaches throughout the year.

65% of the top 100 US banks failed web security testing in 2017.

(IBS Intelligence)

The largest US banks have some of the worst-secured websites in the country.

Considering how important banks are to the economy, it’s unacceptable that only 27% of them made the grade as being safe from breaches. What’s worse, that number marked a staggering 28% drop compared to the year before.

On average, 4,818 websites per month were compromised with formjacking code in 2018.

(Symantec)

The same Symantec report found that formjacking - the use of malicious JavaScript code in order to steal credit card details and other payment information on eCommerce sites - rose in 2018 compared to the previous year.

Symantec projected that stealing a mere 10 credit cards from these websites could translate to a $2.2 million gain for the criminals. When you look at it like that, it’s no surprise formjacking is becoming more and more popular among cybercriminals.

The United States suffered 1,473 cyber attacks in 2019, leading to 164.6 million stolen records.

(Statista)

The number of stolen records has dropped in recent years, and it seems that American government agencies and companies across all industries have taken this problem more seriously. A decade ago, only 35.7 million files were stolen annually.

Experts predict spending on cybersecurity training for staff will reach $10 billion by 2027.

(Cybersecurity Ventures)

With more than four billion people predicted to be online by the end of 2020, simply trying to protect your business through software solutions and basic security measures won’t be nearly enough.

Human error still plays a big role in most successful cyberattacks, and there is a growing need to spend more resources on training employees.

The Carbank gang committed the largest robbery of the century, using malware to steal $1 billion from 100 different banks in 30 different countries.

(Kaspersky)

The biggest data breach theft in history, and one of the largest robberies of all time, was carried out using spear phishing emails. That was something completely unthinkable just a decade or two ago, but now represents a dangerous reality for all financial institutions.

The attack by the Carbank gang lasted for more than two years. It was unprecedented in that it didn’t target individual users, but instead robbed the banks directly.

(AICPA)

This shows how widespread hacking has become, as more American citizens than ever face the threat of identity theft and fraud. The most common type of fraud took the form of a letter, email, or call from someone impersonating the IRS, comprising 34% of all reported schemes. After that came the theft of credit card numbers at 28% and fraudulent email phishing scams at 26%. 

Eight in 10 adult US citizens fear that businesses can’t secure their financial information.

(AICPA)

The population is losing faith in the ability of financial institutions and businesses to keep their personal data safe. Almost half of US citizens expect they will fall victim to a fraud that will cost them financially over the next year.

Around 80% of American adults have changed their behavior because of the threat of cyber breaches.

(AICPA)

The number of high-profile data breaches that have affected hundreds of millions of people in recent years has changed the nation’s behaviour when it comes to financial cybersecurity.

In this study, 56% of people surveyed claimed to self-monitor their accounts more often for fraudulent activity, while 43% said they now use cash and checks more often to minimize the chance of cybercrime. 

This data breach report also shows other notable shifts in behavior regarding finances. There is an increased reliance on local stores instead of national chains, with 40% of people saying they now shop locally.

Some 26% of people choose to reduce their social media presence purely to avoid potential fraud, while a fifth have signed up for fraud-detection and monitoring services.

Emotet malware now accounts for 16% of all financial Trojans.

(Symantec)

This self-propagating virus that was designed to spread through spam emails in order to steal sensitive financial information was first discovered in 2014. By the year 2017, with its worm-like capabilities of evading-malware detection software, Emotet malware amounted to 4% of all financial Trojans.

Three years later, it has increased its presence fourfold. Emotet can also spread Qakbot, which has climbed to seventh place on the list of Trojans (1.8%).

The number of cryptojacking URLs doubled during the last quarter of 2018. However, in the second half of 2019, the number of cryptojacking attacks fell by 78%.

(Help Net Security; SonicWall)

Some have attributed the rise in cryptojacking to the massive Bitcoin value boom. One of the main reasons for the popularity of cryptojacking is that it leaves a smaller footprint and doesn’t require users to pay a ransom, like ransomware attacks do. 

67% of financial institutions reported an increase in cyberattacks in 2018. According to a recent report, cyberattacks are 300 times as likely to hit financial institutions than companies from other industries.

(Carbon Black; Markets Insider, Independent)

Research on major data breaches performed by Carbon Black points to some alarming trends, with 26% of surveyed financial institutions admitting they had fallen victim to a destructive attack.

Compared to the data at the beginning of 2018, this represented an astonishing 160% increase. What’s even worse, 79% of the corporate information security officers surveyed said attacks on financial institutions were becoming more and more sophisticated.

Due to a recent coronavirus outbreak, the European Central Bank has urged financial institutions to take measures in protecting themselves from a possible increase in cyberattacks. Since many employees will be absent from a workplace, it may leave banks more vulnerable, and cybercriminals will certainly try to take advantage of the pandemic.

The FBI estimates that the amount paid to ransomware scammers has reached almost a $1 billion per year.

(The U.S. Department of Justice)

This report from the Department of Justice also noted that on a global scale, ransomware infects some 100,000 computers each day. As these ransom attacks continue to shift from private citizens to businesses and large corporations, the amount of money these scams make is also increasing.

This trend will not slow down in the near future. At current rates, one business will fall victim to a ransomware attack every 11 seconds.

The number of unfilled cybersecurity jobs will rise to 3.5 million by 2021.

(Cybersecurity Ventures)

The sheer volume of cybercrime keeps growing at such a pace that successfully combating the threat may soon become an unattainable goal. To better illustrate how dire this threat has become, there were 209,000 US cybersecurity job openings in 2015, and even that number had risen 74% compared to 2010.

Conclusion

When looking at the threat posed by cyberattacks and data breaches , one cannot help but feel at least a bit worried for what the future has in store. Theft, extortion, and fraud is quickly spreading throughout the digital world, and it’s difficult to know exactly how we can prevent this from happening in the future.

Despite this ever-worsening threat, companies seem unable to find the manpower and resources to successfully counter these threats.

The statistics we’ve gathered all point to the finance sector as the most at-risk of all industries. Cybercriminals will continue to target banks and financial institutions first and foremost, and the consequences of major breaches in this field are terrifying, to say the least.

Governments will do everything they can to reduce the threat by introducing new cybersecurity laws and guidelines. But at the end of the day, it’s up to you to invest time and money into keeping your data safe.  

Sources

About author

I have always thought of myself as a writer, but I began my career as a data operator with a large fintech firm. This position proved invaluable for learning how banks and other financial institutions operate. Daily correspondence with banking experts gave me insight into the systems and policies that power the economy. When I got the chance to translate my experience into words, I gladly joined the smart, enthusiastic Fortunly team.

More from blog