The Scale
Approximately 11 data breaches are publicly disclosed every day based on the 4,100+ breaches reported last year. However, many breaches go unreported for months. Our tracker shows ransomware victims as soon as threat actors post them to leak sites, often significantly before official company disclosures.
Over the past five years, major supply chain and third-party breaches increased sharply, with incidents quadrupling, according to the report.
The Pattern
In 2026, headline incidents have exposed data through software defects, outsourced support access, cloud infrastructure, and vendor-managed storage. The pattern is clear: risk is spreading across the wider operating model.
The European Commission said on 27 Mar, 2026 that a cyberattack struck the cloud infrastructure hosting the Europa web platform on 24 Mar, 2026. Early findings indicate data was taken from affected websites, though the Commission said the incident was contained quickly and its internal systems were not impacted.
The AI Angle
AI-based assistants or "agents" — autonomous programs that have access to the user's computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.
The Cost
According to the IBM 2025 Cost of a Data Breach Report, the global average cost of a data breach has reached $4.45 million, with industries like healthcare, manufacturing, and public services absorbing record-breaking losses.
My Take: Q1 2026 revealed that we're not securing data—we're securing perimeters that no longer exist. The cloud + supply chain + AI agents model has created a risk topology that traditional CISO playbooks can't handle. The European Commission getting breached is symbolic: if the world's most bureaucratic organization can't secure itself, who can? The answer: nobody. The new normal is inevitable breaches + managed detection.