September 13, 2023
Data compromises are at record levels. Convergent outlines concrete steps organizations can take to prepare and reduce their exposure to breaches.
The United States has experienced a worrying surge in data compromises in recent months, and there’s reason to believe the problem will worsen.
Publicly reported cases of data compromises spiked 114% in the second quarter, according to the Identity Theft Resource Center (ITRC). Those 951 incidents were the most the ITRC has ever seen in a single quarter.
The first half of 2023 had 1,393 data compromises, more than the annual total for any year between 2005 and 2020 except for 2017, 2021 and 2022.
If data compromises continue to occur at this rate, 2023’s year-end total will pass the all-time high set in 2021.
The ITRC report noted several other concerning trends:
Every industry included in the study reported an increase in data compromises.
The more sensitive a company’s data, it seemed, the more likely it was to be targeted.
The healthcare sector represented 379 incidents, more than any other. It had more than double the number reported by this point in 2022.
Financial services, the second most targeted vertical, recorded 241 incidents during the first half of this year, not quite double the total from the first half of 2022.
Phishing and ransomware were the most commonly identified methods of cyberattacks.
They represented 246 (phishing) and 131 (ransomware) incidents during the first half of 2023. That’s about how many cases were reported by the same point in 2022. Malware, the third most common attack vector, nearly doubled, from 47 to 89 cases.
Cyberattacks weren’t the only cause of data compromises.
System and human errors, like failing to configure cloud security correctly, represented a significant number of cases — 311, or almost five times what was reported in the first half of 2022.
Not all causes for data compromises were reported.
The IRTC reported 534 incidents over the first six months of 2023 with a cause of “not specified,” more than any other single category.
Start by implementing more basic cybersecurity tactics. Not only are these relatively quick to complete, but they also tend to be very cost-effective.
Some companies — especially those with a higher risk profile and highly sensitive information — may want to invest in more advanced security strategies to identify potential weaknesses before a bad actor can take advantage of them.
Both tests can uncover potential dangers, but should only be undertaken after more basic security improvements are first implemented.