Data Breach Trends Report 2024

To give you a clearer view of attackers' tactics, we partnered with NordStellar and analyzed nearly 2,000 data breach incidents that occurred between August 31, 2022, and September 1, 2024.

Our report reveals trends that highlight which types of companies and industries face the highest risks, offering crucial insights for improving your business's cybersecurity strategy.

Key findings from our report:

• Retail, tech, and business services were the 3 most targeted industries.

• 85% of businesses that suffered from a breach were private companies.

• 72% of the targeted companies were small and medium-sized businesses.

• The countries with the most breached companies were the United States, India, and the United Kingdom.

Continue scrolling through this space to discover more detailed insights from our study. Here’s what we found:

The 3 most targeted industries were retail, tech, and business services

While no industry is immune to data breaches, some tend to attract more attention from cyberattackers. Retail, tech, and business services rank at the top of the list, but it’s not just these sectors being targeted; other industries face significant threats as well.

Here’s a rundown of the top 10 most targeted industries:

1. Retail (95 incidents)

2. Tech (56 incidents)

3. Business services (51 incidents)

4. Internet and web services (36 incidents)

5. IT services and IT consulting (35 incidents)

6. Entertainment (34 incidents)

7. Education (28 incidents)

8. Finance (27 incidents)

9. Software development (26 incidents) 

10. Computer hardware development (22 incidents)

Private companies make up 85% of all breached organizations

Just as no industry is safe from breaches, every type of company is also at risk. However, data indicates that private companies are targeted significantly more often. Out of almost 2,000 data breach incidents we analyzed, approximately 1,600 involved private organizations—a considerable proportion.

Other types of businesses should not be complacent, though, as they, too, are vulnerable to potential attacks.

74% of the targeted companies were small and medium-sized businesses

Once we compared the sizes of companies targeted by cybercriminals over the past 2 years, we found that businesses with up to 200 employees were more often in the line of fire. Possible reason? Smaller companies typically don’t have the same level of protection as larger enterprises, making them easier targets.

This doesn’t mean, however, that the big players are off the hook. In fact, when larger companies do experience breaches, the financial impact can be much bigger, and the number of people affected is often much greater.

The United States, India, and the United Kingdom had the highest number of breached companies

When we examined the locations of data breaches, we found that the majority of incidents occurred in the United States. In fact, the US experienced over 4 times as many breaches as India, which ranked second. This highlights the significant scale of the problem in North America.

Still, it’s worth noting that breaches aren’t confined to just 2 or 3 countries—they’re happening all over the globe. So, there’s really no corner of the world where companies can feel completely safe from these threats.

Here’s a list of the top 10 countries with the most data breaches:

1. The United States (489 incidents)

2. India (114 incidents)

3. The United Kingdom (73 incidents)

4. Spain (43 incidents)

5. France (39 incidents)

6. Canada (37 incidents)

7. Brazil (26 incidents)

8. Russia (26 incidents)

9. Indonesia (23 incidents)

10. Australia (20 incidents)

What’s the real cost of a data breach?

We all know that data breaches can lead to dire consequences for companies, especially when it comes to their finances. Many of you might have read IBM's report showing that the average cost of a data breach in 2024 is nearly $5 million. That’s a staggering figure and a big reason why many businesses invest in cybersecurity tools and adopt strict practices to minimize the risk of a breach.

But the impact of a data breach isn’t just about money—it can also take a toll on a company’s reputation. Once a breach occurs, clients might lose trust, questioning whether the company handled their data responsibly, or even deciding it’s not worth doing business with them anymore. This is why organizations must do everything they can to protect both their data and their customers' information.

How you can protect your business from breaches

The first step to solving any problem is admitting there is one. In the world of data security, this means being aware of the threats your business might face. Spreading that awareness throughout your organization is crucial—when everyone knows what to look out for, it enhances their vigilance.

That being said, awareness alone isn’t enough to keep cybercriminals at bay. What you need are robust cybersecurity tools that will help you monitor the situation and be proactive about your company’s security. One such tool is NordPass.

While it’s primarily known as an encrypted password manager, NordPass is also a comprehensive business security solution equipped with a wide range of features to help protect your organization from data breaches. One standout feature is the free Dark Web Monitor, which allows you to continuously scan the dark web for any mentions of your company data. Additionally, NordPass can be used as an access management tool, giving you control over who can access specific resources and ensuring that only authorized personnel can get into sensitive files.

Methodology

This study was carried out in collaboration with NordStellar, which specializes in researching cybersecurity incidents. The data was analyzed based on factors such as country, industry, business type, company size, and the types of data involved. The study focuses on breaches that occurred between August 31, 2022, and September 1, 2024.