Skip to main content
close search
site logo
Dive Brief

2020 marked by fewer, but more damaging, data breaches

Published Jan. 21, 2021
Naomi Eide's headshot
Managing Editor
Mikko Macaspac for Unsplash

Dive Brief:

  • Last year, industry saw fewer publicly disclosed breaches, but there was an uptick in severity, according to Risk Based Security research published Thursday. Eighteen breaches compromised between 100 million and 1 billion records; and five breaches compromised at least 1 billion records each.  
  • In 2020, companies across sectors disclosed 3,932 breaches, marking a 48% decline from 2019. But the total number of exposed records — more than 37 billion — represented a 141% increase from 2019. And that's with half of breaches lacking a confirmed number of records exposed, according to the report. 
  • Healthcare was the most compromised sector in 2020, accounting for 12.3% of breaches, according to the report. The information sector was the next most compromised sector at 10.9% of breaches with the finance and insurance sector following closely behind at 9.7%.

Dive Insight:

2020 culminated in the disclosure of two damaging and far-reaching cyberattacks — FireEye and SolarWinds —  set to change the shape of the security industry. Though splashy and causing IT professionals to question the security of the technology supply chain, the cyberattacks represent the outlier in the security incidents. 

Cybersecurity damage across sectors is far more incremental, with negligence or outright malicious activity chipping away at an organization's security posture and resilience. 

The report captures a quick view of data breaches in 2020, but organizations will likely still have data breaches to disclose from last year. A 5%-10% increase in the number of reported breaches is typical, according to the security firm. 

Risk Based Security does not believe fewer breaches are taking place. Instead, reduced media coverage, a shift from targeting personally identifiable information and slow reporting reduced the count thus far. 

What type of data is exposed is shifting away from access credentials; the theft and sale of personal data is not the only way for malicious actors to get paid. And money is not always the motivator. 

In a cyberattack last year, malicious actors stole vaccine-related data from the European Medicines Agency (EMA). In a data leak this month, actors manipulated the data before disclosing it, which regulators say was an effort to undermine trust in vaccines

Security threats to organizations remain largely external. In 77% of breaches, the threat actor comes from outside the organization, according to the report. In the case of insider threats — which make up 16% of breaches — 69% of the compromises are accidental, the result of employees mistakes, errors or oversight. 

To create the database for the report, Risk Based Security crawled the internet and aggregated potential data breaches, tracked news feeds and blogs and used Freedom of Information Act requests for breach notification request data at the state and local level. 

Filed Under: Breaches

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell