2021 to Date Has Seen More Data Breaches Than 2020
We're poised to break records this year when it comes to statistics on breaches, ransomware, and phishing, according to a new report.
If it feels like you've been hearing more about data breaches and cyberattacks than ever before, it’s because that’s exactly the case. Statistics suggest we're approaching the end of what should be a record-breaking year.
According to a new report, there's been more publicly-reported compromises through the first three quarters of 2021 than 2020 in its entirety.
A quarterly Data Breach Analysis report published by the Identity Theft Resource Center released last week said that while data compromises in Q3 were down, on the whole, they've been up in 2021. So far this year there's been 1,291 compared to 1,108 in 2020, a 17 percent rise.
When broken down, the number of cyberattack-related data compromises so far in 2021 are up too; this year's numbers correlate to a 27 percent increase over 2020's numbers.
Those numbers are mostly driven by phishing and ransomware. Statistics for those types of cyberattacks, at least those tracked by the ITRC, look like they'll continue to surpass 2020’s figures. The report claims there's been 370 publicly reported phishing related attacks so far this year, down but very close to the 383 reported in 2020 and 244 ransomware data compromises, a figure that already surpasses the 241 reported in 2020 and 2019 combined.
Malware attacks look like they'll increase too. So far the ITRC claims there's been 103 publicly-reported attacks involving malware compared to 2020's 104.
The ITRC, a national nonprofit organization that helps educate consumers to minimize the risk of identity compromise, suggests the overall numbers could portend a high-water mark as far as data compromises. The previous record was set in 2017: 1,529 breaches. The numbers in the Q3 Data Breach Analysis report come from publicly-reported data compromises through September 30, 2021.
The numbers indicate that we've come a long way from around this time last year when the ITRC said 2020 was on track to see the lowest number of breaches and exposures since 2015. 2020 ultimately finished with 1,108 breaches/exposures, four shy from tying 2016's numbers but not close to 2015, which saw just 785.
Other trends observed by the ITRC - like an increase in supply chain attacks and a lack of breach transparency at both the organization and government level - won't be too much of a surprise if you've been following headlines of late.
Supply chain breaches at Kaseya and of course, last year's at Solarwinds, have had far reaching outcomes for impacted companies. Federally and statewide, there's been no shortage of efforts introduced to require organizations to disclose cyberattacks sooner and if an entity has been hit by ransomware, whether or not they paid the attackers.
Accounting for the number of people actually impacted by these attacks is where things get a bit muddy. Unsecured cloud databases were responsible for exposing data on 48 million while another cloud database exposed information belonging to 99 million, skewing the Q3 numbers pretty heavily. That's to say nothing of the 793,000 individuals the ITRC claims were impacted by 23 different supply chain attacks in Q3.
It's probably best to view these attacks as the ITRC does, through the lens of the actual number of compromises and not the number of victims themselves.
While the ITRC issues reports recapping data breach information every quarter, it also regularly updates a dashboard it oversees called notified that aggregates numbers from the latest incidents. For those who like to keep tabs on numbers it's worth noting you can sort breaches by sector and by date as well as compare and contrast year over year trends.
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business