Despite Drop in Data Breaches, Exposed Records Jump in 2020

By | Managed Services News

Jan 21

Health care was the most victimized sector last year, accounting for 12.3% of reported breaches.

Publicly reported data breaches fell last year by 48%, but the number of exposed records exceeded 37 billion.

That’s according to Risk Based Security’s 2020 Year End Data Breach QuickView Report. The total number of records compromised increased by 141%. This was by far the most exposed records in a single year since the company reporting began in 2005.

Health care was the most victimized sector last year, accounting for 12.3% of reported breaches.

Risk Based Security's Inga Goddjin

Risk Based Security’s Inga Goddjin

Inga Goddijn is executive vice president at Risk Based Security.

“2020 has challenged the security-minded community quite unlike any other, and the number of records exposed highlights how unique the year has been,” she said. “We do not believe fewer breaches are happening. Disruptions at certain governmental sources, delayed reporting, and declining news coverage have all contributed to fewer breaches coming to light in 2020. But that is only a part of the story. More complex and damaging attacks have also contributed to lengthy and complex investigations.”

Ransomware Skyrockets

Notable findings include:

  • There were 3,932 publicly reported breach events at the time of this report. That’s a 48% decline compared to 2019. As the year matures, and 2020 breaches continue to be disclosed into 2021, it is typical for the number of reported breaches to grow by 5% to 10%. In normal times that would place 2020 on par with 2015 and 2016 breach years.
  • There were 676 breaches that included ransomware as an element of the attack. That’s a 100% increase compared to 2019.
  • Breach severity, as measured by severity score, steadily increased throughout the year, reaching an average of 5.71 in Q4 compared to 4.75 in Q1.
  • Five breaches each exposed 1 billion or more records. Furthermore, another 18 breaches exposed between 100 million and 1 billion records.

“The rise of ransomware coupled with the particularly pernicious practice of leaking data stolen during the attack has been a leading theme of the year,” she said. “There were few signs that ransomware would explode into a preferred method for monetizing attacks. And while the coverage of breach events has picked up once again, the changing tactics means less information about events is being disclosed. It is anyone’s guess where 2021 might take us.”

About the Author

>