Disclosure: TheBestVPN is reader-supported. When you buy a VPN through links on our site, we may earn commissions. Learn more.

How Much Do U.S. Data Breaches Cost Each Year?

Last updated:
How Much Do U.S. Data Breaches Cost Each Year?

 

Key Takeaways

  • U.S. data breach losses hit $534 million in 2023, up from $129 million in 2020
  • Biggest surge: 203% increase in 2022 drove six-year total to $2.07 billion
  • Losses fell 32% in 2024 but rebounded 19% to $435 million in 2025 – still 237% above the 2020 baseline

The Story Behind the Numbers

From 2020 to 2025, reported U.S. losses tied to data breach complaints rose from $129 million to a six-year high of $534 million in 2023, before easing to $365 million in 2024 and climbing again to $435 million in 2025. Year over year, losses grew 17.6% in 2021, surged 203.1% in 2022, climbed another 16.3% in 2023, fell 31.7% in 2024, then rose 19.2% in 2025. Across the six years, the total reaches $2.07 billion, or about $346 million on average per year. One way to sanity-check why totals can balloon is to look at cost per record, which depends on what data got exposed. In 2025, customer PII averaged $160 per record, employee PII $168, and intellectual property $178, so even a mid-sized breach can stack up quickly.

The pattern shows financial harm can expand quickly and then cool without returning to early-period levels. The 2025 rebound – after a meaningful 2024 drop – reinforces this: losses did not stabilize, they resumed an upward move. These figures reflect only the IC3 Data Breach category, but they provide a consistent view of how costly breach activity has been in recent years. For comparison, Americans lost about $986M to identity theft over the same period, showing how stolen data often turns into downstream fraud.

Why This Data is Important

Loss totals capture impact, not just incident counts, so sharp swings can reflect a changing mix of targets, the value of stolen records, and disclosure practices rather than simple “more or fewer attacks”. Interpreting the pattern benefits from technical context: how VPNs work and basic encryption and logging shape what is observable on networks, while IP address visibility influences how activity can be linked to people or devices. Performance characteristics also matter for real-world baselines – network speed and stability affect how privacy tools are used and measured over time. Viewed this way, the numbers are a barometer of exposure and financial impact rather than a simple year-by-year scoreboard.

Looking Ahead: Future Outlook

Expect volatility. The 2025 rebound to $435M – after a dip in 2024 – shows losses don’t trend cleanly downward once they’ve risen. Shifts in attacker focus, monetization, and disclosure rules can push annual loss totals up or down, but the incentive to steal valuable data remains high. Track the multi-year arc – how fast losses rise, how far they fall, and where they settle – for a clearer signal than any single year. Watch for step changes tied to new cash-out methods or major vulnerabilities; these often precede jumps in losses. In practice, the direction of travel over several years matters more than any one spike or trough.

Source & Methodology

We analyzed the Data Breach loss totals in the FBI IC3 annual data for 2020–2025 and summarized year-to-year changes shown in the chart. Figures reflect incidents reported to IC3 and likely understate true losses.