Data Protection Statistics

EUR 13.4 billion

Total enforcement fines

Cumulative fines from 419 enforcement actions issued by data protection authorities worldwide, spanning 2018 to 2026.

Source: IQWorks Data Observatory, 33 regulatory sources

419

Enforcement actions tracked

Individual enforcement actions from 33+ data protection authorities including CNIL, ICO, DPC Ireland, Garante, and more.

Source: IQWorks Data Observatory

15.9 billion

Records exposed in data breaches

Total records compromised across 953 documented data breaches from 2007 to 2026.

Source: IQWorks Data Observatory, Have I Been Pwned

953

Data breaches tracked

Top industries affected: Technology (207), Gaming (161), Other (137).

Source: IQWorks Data Observatory, Have I Been Pwned

129

Countries with privacy laws

Of 174 countries tracked, 129 have enacted comprehensive privacy legislation and 8 have laws in draft.

Source: IQWorks Data Observatory

174

Countries tracked

Complete regulatory profiles covering privacy law status, DPA enforcement, breach notification requirements, DPO obligations, and cross-border transfer restrictions.

Source: IQWorks Data Observatory

$384 million

Total ransom demanded

Across 61 major ransomware incidents. $161 million was actually paid.

Source: IQWorks Data Observatory, CISA KEV

1,551

CISA KEV vulnerabilities

Known exploited vulnerabilities in the CISA catalog, of which 313 are associated with ransomware campaigns.

Source: CISA Known Exploited Vulnerabilities Catalog