- New Proton research shows that 71% of data breaches affect companies with fewer than 250 employees
- The findings come from its new Proton Data Breach Observatory
- Hundreds of billions of compiled records have already been affected so far in 2025
New research from Proton has identified nearly 800 verified data breaches in 2025 so far, leading to the exposure of over 300 million individual records.
Its data suggests that over 1,500 breaches will have affected companies by 2025, if compilations are included, with hundreds of billions of records compromised. Unfortunately, those who can least afford a breach are small businesses, but they are the most targeted.
Companies with between 10-49 and 50-249 employees accounted for 48% of breach incidents, and companies with fewer than 10 accounted for a further 23% – meaning that the vast majority of incidents (71%) affected companies with less than 250 employees.
Retail trade at risk
Unsurprisingly, especially for UK readers, retailers and wholesalers are the most targeted industry, accounting for just over 25% of breaches. 2025 has seen a number of high-profile cyber attacks on UK retailers, with the Coop and M&S attack reportedly costing around £300m to recover from.
The most commonly compromised form of personally identifiable information is email addresses – the very basic information most websites collect when users sign up – which is included in 100% of exposures.
Similarly, names (90%) and contact information such as phone numbers (72%) are also common components. Less frequently, but more seriously, passwords appear in 49% of incidents, and sensitive information such as health or government records are involved in 34% of breaches.
The findings were discovered following the launch of Proton’s Data Breach Observatory, a resource that monitors and reports breaches and cyber attacks based on dark web data.
While the numbers may not seem like that many – the “hundreds of billions” of exposed records signal that virtually all of us have had our information compromised – most of us a few times.
The primary danger of these breaches is the risk of identity theft – as criminals will use your information to take out loans or credit cards.
We always advise vigilance and continuous monitoring of accounts and bank statements to ensure that nothing is misplaced. You can also check if your information has been included in any breaches using the Have I Been Pwned notification page, so you can use this to assess your exposure.
The best protection against identity theft for all budgets
