Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Top 25 Data Protection Statistics That You Must Be Informed

data protection statistics
Organizations are under tremendous pressure to protect customer and business data protection statistics.

Top 25 Data Protection Statistics That You Must Be Informed

Organizations are under tremendous pressure to protect customer and business data protection statistics.

Laws such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have considerably upped the ante for entities that experience data breaches. Failure to comply with such requirements can result in costly fines and other legal implications.

Cloud migration, digital transformation, and enterprise mobility initiatives are other major issues. Data that used to be located on premises is now scattered across public cloud, private cloud, hybrid, and mobile environments, making it much harder for security organizations to protect it.

Also read: 100 Data Privacy and Data Security statistics for 2020

This will help you paint a picture of how potentially dire leaving your company insecure can be as well as show the prevalence and need for cyber security in business.

Here are the top 25 data protection statistics that you must be informed.

1. 4.1 billion: Number of data protection statistics compromised during just the first six months of 2019

Those numbers, from more than 3,800 publicly disclosed data breaches, put 2019 on track to be the worst ever for data breaches.

Source: 2019 State of Security Operations (Micro Focus)

2. 70 million: Data protection statistics stolen or leaked in 2018 due to poorly configured AWS S3 cloud storage buckets

The growth in the number of tools available that let attackers search for misconfigured cloud resources is adding to the seriousness of the issue.

Source: 2019 Internet Security Threat Report (Symantec)

3. $8.19 million: Average total cost of a data breach for US companies

That’s more than double the global average of $3.92 million per breach.

Source: 2019 Cost of a Data Breach Report (Ponemon Institute, for IBM Security)

4. 34%: Percentage of data breaches Verizon investigated in 2018 caused by internal actor

Outside actors perpetrated 69% of breaches, and 5% involved both.

Source2019 Data Breach Investigations Report (Verizon)

5. 45%: Share of healthcare organizations attacked whose primary motive was data destruction

Some 66% have been targeted in a ransomware attack over the past year.

Source: Healthcare Cyber Heists in 2019 (VMWare Carbon Black)

Sensitive data protection statistics deluge

6. 53%: Proportion of organizations that leave 1,000 or more files with sensitive data protection statistics open to all employees

This is whether the employees actually need access to the data protection statistics or not. Every employee, on average, has access to 17% of all files containing sensitive data at their organizations.

Source: 2019 Global Data Risk Report (Varonis)

7. 534,465: Number of files containing sensitive data protection statistics at the average company

More than half of the data (53%) at the average organization is stale; 58% of organizations have at least 1,000 stale user accounts.

Source: 2019 Global Data Risk Report (Varonis)

8. 1:2.2: Ratio of companies found to have mobile apps that access high-risk data in 2018

That number is lower than the 54.6% of organizations (1 in 1.8) that had mobile apps doing the same thing in 2017.

Source: 2019 Internet Security Threat Report (Symantec)

9. $40: The upper price limit on the dark web for a fullz

This is a packet of personally identifiable information that includes a victim’s full name, date of birth, Social Security number, phone number, address, mother’s maiden name, driver’s license number, and other data. For a fullz from the US, the cost can range from $30 to $40. In the UK, the same data costs between $35 and $50.

Source: The Black Market Report (Armor)

10. $1,000 to $1,200: Average price for credentials to a bank account with $20,000 balance or more

At the lower end, the price for credentials to a bank account with $3,000 or less ranges from $150 to $300.

Source: The Black Market Report (Armor)

[ Get on top of access with TechBeacon’s guide to identity governance. Plus: Learn how to secure cloud-based Linux resources with Active Directory in this Webinar. ]

Data regulations and the cloud security challenge

11. 66%: Industry influencers who cited data security as biggest challenge in moving to the public cloud

Nearly six in 10 (57%) expressed the same concern over data privacy in cloud environments.

Source: Cloud Vision 2020: The Future of the Cloud Study (LogicMonitor)

12. 27%: Organizations that say 95% of their critical workloads will run in the cloud in five years

The survey asked specifically about public, private, or hybrid cloud. Another 20% expect the migration to happen in 10 years, and 11% believe they will get there in seven years.

Source: Cloud Vision 2020: The Future of the Cloud Study (LogicMonitor)

data protection statistics
In order to give you a better idea, we went through different statistics and researches on the current state of privacy and security. 

13. 44%: Proportion of organizations that rated complexity as the top barrier to good data security

This was based on a survey of 1,200 IT and security executives. The move from single on-premises environments to multiple SaaS, IaaS, and PaaS environments is driving much of the complexity.

Source: 2019 Thales Data Threat Report — Global Edition (IDC, for Thales)

14. 31%: Share of organizations that encrypt data at rest on PCs

Though awareness is high about the need for data encryption, fewer than 30% have implemented it for a vast majority of user cases, including full disk encryption, workloads in the public cloud, big-data environments, mobile devices, IoT, and containers.

Source: 2019 Thales Data Threat Report — Global Edition (IDC, for Thales)

15. 59%: Proportion who said their organizations are currently meeting all GDPR requirements

This is based on a survey of 3,200 security professionals in 18 countries. Another 29% hope to be similarly ready by early 2020.

Source: Data Privacy Benchmark Study (Cisco)

16. 42%: The percentage of security leaders who say security is the biggest challenge to GDPR compliance

In this study of 3,200 professionals, 39% pointed to internal training as their biggest challenge, and 35% said it was hard for them to remain on top of constantly evolving requirements of GDPR.

Source: Data Privacy Benchmark Study (Cisco)

17. 10%: Share of US companies actively working to comply with 50 or more privacy laws

Some 13% reported working actively on between 6 and 10 data privacy laws at the same time, and 13% on between 11 and 49 laws.

Source: IAPP and TrustArc Report

18. 47%: Number of organizations that updated website cookie policies more than once over the past year

Over three-quarters (80%) of respondents in this global survey said they had done the same thing with their privacy policy.

Source: IAPP and TrustArc Report

19. $55 billion: The initial cost to California companies of complying with the CCPA

Legal, operational, technical, and business-related costs include renegotiating contracts and changing data-handling practices.

Source: Standardized Regulatory Impact Assessment (California Office of the Attorney General)

Consumer awareness and response

20. 78%: Percentage of respondents who care most about the security and privacy of their financial data 

Some 70% feel protective about their identity information, 61% about medical information, and 57% about their contact information.

Source: RSA Data Security & Privacy Survey 2019

21. 45%: Share of users who said personal information was compromised at least once in the past five years  

US users are likelier to have experienced a personal data compromise compared to users from other countries.

Source: RSA Data Security & Privacy Survey 2019

22. 34%: Percentage of US users who say their personal data is ‘very vulnerable’ to compromise 

Another 47% feel “somewhat vulnerable” on the issue. A bare 2% don’t feel their data is vulnerable at all to compromise.

Source: Statista

23. 45%: Proportion of US users who avoid opening emails from people they do not know 

Some 41% share less information online than they used to, and 40% avoid visiting sites they perceive as being risky to mitigate data breach risk.

Source: Statista

24. 49%: European online users who are aware of domestic data protection and privacy rules

This is compared to barely 29% of North American online users.

Source: Statista

25. 64%: Percentage of US users who would hold a company responsible for loss of personal data

In contrast, 72% of UK residents would blame the company—and not hackers—for losing personal data.

Source: RSA Data Security & Privacy Survey 2019

Also Read: What Is Pentest Report? Here’s A Walk-through


The data privacy and data security statistics in this blog are fragments of various researches and surveys conducted on different numbers of subjects and organizations, using different methods. For further clarification, we encourage you to follow links in the article.

Understanding the cyber terminology, threats and opportunities is critical for every person in every business across all industries. By providing advanced cyber training and education solutions in all departments of your business, from marketing and sales to IT and InfoSec, you are investing in your company’s protection against cyber threats. Check out how Privacy Ninja’s range of services can help you achieve not only compliance to data privacy laws, but also cyber training and education.

Also read: What Legislation Exists in Singapore Regarding Data Protection and Security?



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us