Forrester’s new research, Lessons Learned From The World’s Biggest Data Breaches And Privacy Abuses, 2022, finds that, last year, 1.2 billion customer or citizen records were exposed in just the top 35 global breaches. More than $2.7 billion in fines were levied by regulatory bodies to the top 35 violators.

According to Forrester, 74% of security decision-makers with network, data center, app security, or security ops responsibilities experienced at least one data breach at their firm in the previous 12 months — while 36% experienced three or more breaches. Forrester’s analysis of 2022’s top 35 global breaches reveal that public sector and healthcare; media, entertainment, and leisure; and finance services and insurance accounted for over 75% of the top 35 breaches.

Forrester further finds that 40% of privacy decision-makers state that improving customer privacy communication is one of their top five tactical privacy priorities over the next 12 months. However, the majority of the top 35 fines (79%) were for failures in disclosing the collection, sharing, or selling of customer data. In 2022, Europe accounted for more than half of the top 35 fines for privacy abuses.

The report offers lessons for security leaders and professionals in the wake of these breaches and abuses, including:

  • Conducting due diligence on cryptocurrency firms before partnering with them.
  • Preparing for data exposure, especially with ransomware attacks continuing to evolve.
  • Taking a Zero Trust approach to insider risk.
  • Building plans to defend against and respond to attacks by nation states and affiliated actors.

Additional information can be found here for reference. To access this research or arrange an interview with a Forrester analyst, please contact