Top 25 Data Protection Statistics That You Must Be Informed

• 21 July, 2020
• No Comments

Top 25 Data Protection Statistics That You Must Be Informed

Organizations are under tremendous pressure to protect customer and business data protection statistics.

Laws such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have considerably upped the ante for entities that experience data breaches. Failure to comply with such requirements can result in costly fines and other legal implications.

Cloud migration, digital transformation, and enterprise mobility initiatives are other major issues. Data that used to be located on premises is now scattered across public cloud, private cloud, hybrid, and mobile environments, making it much harder for security organizations to protect it.

Also read: 100 Data Privacy and Data Security statistics for 2020

Here are the top 25 data protection statistics that you must be informed.

1. 4.1 billion: Number of data protection statistics compromised during just the first six months of 2019

Those numbers, from more than 3,800 publicly disclosed data breaches, put 2019 on track to be the worst ever for data breaches.

Source: 2019 State of Security Operations (Micro Focus)

2. 70 million: Data protection statistics stolen or leaked in 2018 due to poorly configured AWS S3 cloud storage buckets

The growth in the number of tools available that let attackers search for misconfigured cloud resources is adding to the seriousness of the issue.

Source: 2019 Internet Security Threat Report (Symantec)

3. $8.19 million: Average total cost of a data breach for US companies

That’s more than double the global average of $3.92 million per breach.

Source: 2019 Cost of a Data Breach Report (Ponemon Institute, for IBM Security)

4. 34%: Percentage of data breaches Verizon investigated in 2018 caused by internal actor

Outside actors perpetrated 69% of breaches, and 5% involved both.

Source: 2019 Data Breach Investigations Report (Verizon)

5. 45%: Share of healthcare organizations attacked whose primary motive was data destruction

Some 66% have been targeted in a ransomware attack over the past year.

Source: Healthcare Cyber Heists in 2019 (VMWare Carbon Black)

Sensitive data protection statistics deluge

6. 53%: Proportion of organizations that leave 1,000 or more files with sensitive data protection statistics open to all employees

This is whether the employees actually need access to the data protection statistics or not. Every employee, on average, has access to 17% of all files containing sensitive data at their organizations.

Source: 2019 Global Data Risk Report (Varonis)

7. 534,465: Number of files containing sensitive data protection statistics at the average company

More than half of the data (53%) at the average organization is stale; 58% of organizations have at least 1,000 stale user accounts.

Source: 2019 Global Data Risk Report (Varonis)

8. 1:2.2: Ratio of companies found to have mobile apps that access high-risk data in 2018

That number is lower than the 54.6% of organizations (1 in 1.8) that had mobile apps doing the same thing in 2017.

Source: 2019 Internet Security Threat Report (Symantec)

9. $40: The upper price limit on the dark web for a fullz

This is a packet of personally identifiable information that includes a victim’s full name, date of birth, Social Security number, phone number, address, mother’s maiden name, driver’s license number, and other data. For a fullz from the US, the cost can range from $30 to $40. In the UK, the same data costs between $35 and $50.

Source: The Black Market Report (Armor)

10. $1,000 to $1,200: Average price for credentials to a bank account with $20,000 balance or more

At the lower end, the price for credentials to a bank account with $3,000 or less ranges from $150 to $300.

Source: The Black Market Report (Armor)

[ Get on top of access with TechBeacon’s guide to identity governance. Plus: Learn how to secure cloud-based Linux resources with Active Directory in this Webinar. ]

Data regulations and the cloud security challenge

11. 66%: Industry influencers who cited data security as biggest challenge in moving to the public cloud

Nearly six in 10 (57%) expressed the same concern over data privacy in cloud environments.

Source: Cloud Vision 2020: The Future of the Cloud Study (LogicMonitor)

12. 27%: Organizations that say 95% of their critical workloads will run in the cloud in five years

The survey asked specifically about public, private, or hybrid cloud. Another 20% expect the migration to happen in 10 years, and 11% believe they will get there in seven years.

Source: Cloud Vision 2020: The Future of the Cloud Study (LogicMonitor)

13. 44%: Proportion of organizations that rated complexity as the top barrier to good data security

This was based on a survey of 1,200 IT and security executives. The move from single on-premises environments to multiple SaaS, IaaS, and PaaS environments is driving much of the complexity.

Source: 2019 Thales Data Threat Report — Global Edition (IDC, for Thales)

14. 31%: Share of organizations that encrypt data at rest on PCs

Though awareness is high about the need for data encryption, fewer than 30% have implemented it for a vast majority of user cases, including full disk encryption, workloads in the public cloud, big-data environments, mobile devices, IoT, and containers.

Source: 2019 Thales Data Threat Report — Global Edition (IDC, for Thales)

15. 59%: Proportion who said their organizations are currently meeting all GDPR requirements

This is based on a survey of 3,200 security professionals in 18 countries. Another 29% hope to be similarly ready by early 2020.

Source: Data Privacy Benchmark Study (Cisco)

16. 42%: The percentage of security leaders who say security is the biggest challenge to GDPR compliance

In this study of 3,200 professionals, 39% pointed to internal training as their biggest challenge, and 35% said it was hard for them to remain on top of constantly evolving requirements of GDPR.

Source: Data Privacy Benchmark Study (Cisco)

17. 10%: Share of US companies actively working to comply with 50 or more privacy laws

Some 13% reported working actively on between 6 and 10 data privacy laws at the same time, and 13% on between 11 and 49 laws.

Source: IAPP and TrustArc Report

18. 47%: Number of organizations that updated website cookie policies more than once over the past year

Over three-quarters (80%) of respondents in this global survey said they had done the same thing with their privacy policy.

Source: IAPP and TrustArc Report

19. $55 billion: The initial cost to California companies of complying with the CCPA

Legal, operational, technical, and business-related costs include renegotiating contracts and changing data-handling practices.

Source: Standardized Regulatory Impact Assessment (California Office of the Attorney General)

Consumer awareness and response

20. 78%: Percentage of respondents who care most about the security and privacy of their financial data 

Some 70% feel protective about their identity information, 61% about medical information, and 57% about their contact information.

Source: RSA Data Security & Privacy Survey 2019

21. 45%: Share of users who said personal information was compromised at least once in the past five years  

US users are likelier to have experienced a personal data compromise compared to users from other countries.

Source: RSA Data Security & Privacy Survey 2019

22. 34%: Percentage of US users who say their personal data is ‘very vulnerable’ to compromise 

Another 47% feel “somewhat vulnerable” on the issue. A bare 2% don’t feel their data is vulnerable at all to compromise.

Source: Statista

23. 45%: Proportion of US users who avoid opening emails from people they do not know 

Some 41% share less information online than they used to, and 40% avoid visiting sites they perceive as being risky to mitigate data breach risk.

Source: Statista

24. 49%: European online users who are aware of domestic data protection and privacy rules

This is compared to barely 29% of North American online users.

Source: Statista

25. 64%: Percentage of US users who would hold a company responsible for loss of personal data

In contrast, 72% of UK residents would blame the company—and not hackers—for losing personal data.

Source: RSA Data Security & Privacy Survey 2019

Also Read: What Is Pentest Report? Here’s A Walk-through

Disclaimer

The data privacy and data security statistics in this blog are fragments of various researches and surveys conducted on different numbers of subjects and organizations, using different methods. For further clarification, we encourage you to follow links in the article.

Understanding the cyber terminology, threats and opportunities is critical for every person in every business across all industries. By providing advanced cyber training and education solutions in all departments of your business, from marketing and sales to IT and InfoSec, you are investing in your company’s protection against cyber threats. Check out how Privacy Ninja’s range of services can help you achieve not only compliance to data privacy laws, but also cyber training and education.

Also read: What Legislation Exists in Singapore Regarding Data Protection and Security?