Recent years have witnessed a surge in the number of data breaches, causing a massive financial hit to businesses worldwide. With millions of people working from home and using videoconferencing and cloud applications, the COVID-19 pandemic has only increased the number of these malicious attacks. According to data presented by, the health care industry tops the list of the most expensive data breaches with an average cost of $7.13 million, 84% more than the global average.

The global average cost of a data breach has fluctuated between $3.5 million and $4 million in recent years. In 2020, it hit $3.86 million, a 1.5% drop year-over-year, revealed the Ponemon Institute's Cost of a Data Breach Report 2020, commissioned by IBM. The report also showed it usually took 280 days for an organization to spot and contain a breach, a day more than a year ago. However, statistics indicate these figures vary significantly based on industry.

Besides leading in the average cost of a data breach, the health care industry also had the highest average time to identify a violation of 329 days. The energy industry ranked second of the 17 sectors surveyed, with $6.39 million in average cost and 254 days to spot a breach.

Financial services, the pharma industry, and the technology sector follow, with $5.85 million, $5.06 million, and $5.04 million in average data breach cost, respectively.

Analyzed by geography, the U.S. convincingly leads among all surveyed countries with an average data breach cost of $8.64 million, a 5.5% increase in a year. Statistics also show this figure surged by 60% in the last seven years, growing from $5.4 million in 2013. Financial services represent the costliest industry in the U.S. in 2020, while companies and organizations need 237 days to identify a breach, compared to 245 days in 2019.

Germany leads among European countries with an average data breach cost of $4.45 million in 2020, a 7% drop year-on-year, while companies usually need 160 days to identify a data breach.

Malicious attacks caused 52% of all breaches. Human error and system glitches follow at 23% and 25%, respectively. Statistics also show that around 20% of companies that had been victims of a malicious breach were hacked by using stolen or compromised credentials.