- Last year, industry saw fewer publicly disclosed breaches, but there was an uptick in severity, according to Risk Based Security research published Thursday. Eighteen breaches compromised between 100 million and 1 billion records; and five breaches compromised at least 1 billion records each.
- In 2020, companies across sectors disclosed 3,932 breaches, marking a 48% decline from 2019. But the total number of exposed records — more than 37 billion — represented a 141% increase from 2019. And that's with half of breaches lacking a confirmed number of records exposed, according to the report.
- Healthcare was the most compromised sector in 2020, accounting for 12.3% of breaches, according to the report. The information sector was the next most compromised sector at 10.9% of breaches with the finance and insurance sector following closely behind at 9.7%.
2020 culminated in the disclosure of two damaging and far-reaching cyberattacks — FireEye and SolarWinds — set to change the shape of the security industry. Though splashy and causing IT professionals to question the security of the technology supply chain, the cyberattacks represent the outlier in the security incidents.
Cybersecurity damage across sectors is far more incremental, with negligence or outright malicious activity chipping away at an organization's security posture and resilience.
The report captures a quick view of data breaches in 2020, but organizations will likely still have data breaches to disclose from last year. A 5%-10% increase in the number of reported breaches is typical, according to the security firm.
Risk Based Security does not believe fewer breaches are taking place. Instead, reduced media coverage, a shift from targeting personally identifiable information and slow reporting reduced the count thus far.
What type of data is exposed is shifting away from access credentials; the theft and sale of personal data is not the only way for malicious actors to get paid. And money is not always the motivator.
In a cyberattack last year, malicious actors stole vaccine-related data from the European Medicines Agency (EMA). In a data leak this month, actors manipulated the data before disclosing it, which regulators say was an effort to undermine trust in vaccines.
Security threats to organizations remain largely external. In 77% of breaches, the threat actor comes from outside the organization, according to the report. In the case of insider threats — which make up 16% of breaches — 69% of the compromises are accidental, the result of employees mistakes, errors or oversight.
To create the database for the report, Risk Based Security crawled the internet and aggregated potential data breaches, tracked news feeds and blogs and used Freedom of Information Act requests for breach notification request data at the state and local level.