Data breaches accounted for 17.4% of cyber incidents affecting public administration in the EU in 2024.

Identity-related breaches impacted 69% of global organizations in 2026, up from 42% the previous year.

24% of global organizations indicated that costs from identity-related breaches exceeded $10 million, a three-percentage-point increase from the previous year.

69% of global organizations experienced an identity-related breach in the last three years, marking a 27-percentage-point increase from the previous year.

Only 56% of Japanese respondents reported experiencing an identity-related breach in the past three years.

Around eight in ten organizations report at least one data breach in the past year, both in on-premises infrastructure (78%) or in the public cloud (79%).

67% of family offices demonstrated the highest level of concern about outdated infrastructure and their ability to recover from a data breach (compared to 50% average).

Full Social Security numbers were exposed in 77% of US data breaches in H1 2025, marking an 8% increase over H1 2024 and an all-time high.

50% of enterprise security and business leaders say AI tools will cause the next data breach.

17 S&P 500 companies cited data breaches and unauthorized access as a cybersecurity risk tied to AI.

The percentage of U.S. Chief Information Security Officers (CISOs) who are very or extremely concerned about losing their job after a major breach decreased from 77% in 2024 to 55% in 2025.

Overall concern among U.S. CISOs about a breach fell from 86% in 2024 to 62% in 2025.

For companies with $5 billion or more in revenue, 41% reported a breach costing $1 million or more.

More than a quarter of executives reported that their most damaging data breach in the past three years cost their organisation at least $1 million.

60% of organizations have experienced data breaches or theft in software development, AI, and analytics environments, an 11% increase from the previous year.

Between 2019 and 2023, other sectors experienced large losses primarily from ransomware (53.1%), followed by data breaches (25.0%) and other causes (21.9%).

In 42.9% of cases prior to 2019, breaches were first flagged by outside parties such as security firms, regulators, or customers.

In 66.0% of data breach cases since 2019, the company’s own IT team or outsourced service providers discovered the attack.

In 17.0% of cases since 2019, breaches were first reported by external parties.

2021: 29.7% of large losses came from other causes, 23.7% from data breaches, and 46.6% from ransomware. Ransomware overtook all other causes and drove nearly half of the biggest cyber claims.