09 Feb 2022 nearly broke record for most data breaches in single year
By Anita Byer, Setnor Byer Insurance & Risk
A survey of publicly reported data breaches revealed that 2022 nearly broke the record for most data compromise events in a single year. According to the Identity Theft Resource Center’s 2022 Data Breach Report, there were 1,802 publicly reported data compromise events, affecting more than 422 million individuals, in 2022. This is just 60 events short of the current single-year record, which was set in 2021. “While we did not set a record for the number of data compromises in the U.S. during 2022,” said the CEO of Identity Theft Resource Center (ITRC), “we came close.”
ITRC’s analysis of data compromise events, which are events where personal information is accessible by unauthorized individuals or for unintended purposes, revealed the emergence of three major trends in 2022.
1. Data compromises overall were flat compared to 2021; the estimated victim count exceeded 2021 due to two breaches at one organization.
According to ITRC, there were fewer data compromises reported, and generally fewer victims, during the first half of 2022, but things changed during the second half. The number of data compromise events steadily increased, prompting concerns of another record-breaking year. The estimated number of data compromise victims was also trending downward for most of the year, until late December, when news broke that the personal information of 221 million Twitter users was available for sale in illicit identity marketplaces. ITRC notes that but for Twitter’s data compromise event, the estimated number of victims in 2022 would have decreased by 33 percent year-over-year.
2. Data breach notices suddenly lacked detail, resulting in increased risk for individuals and businesses as well as uncertainty about the true number of data breaches and victims.
In 2022, 747 data compromises were announced in notices that did not specify a root cause of the event. According to ITRC, this trend of including less and less information in required data breach notices began in late 2021, and accelerated throughout most of last year. As a result, the information individuals and businesses need to determine the risk to their identity after a compromise was not included in approximately two-thirds of all public breach notices in 2022.
3. The number of data breaches resulting from supply chain attacks now exceeds compromises linked to malware.
ITRC reports that in 2022, supply chain attacks surpassed the number of malware-based attacks by approximately 40 percent. A supply chain attack is a cyberattack against a single entity in hopes of gaining access to information maintained by the organization on behalf of other businesses or institutions. In 2022, more than 10 million people were impacted by supply chain attacks. The report notes that phishing and related exploits remain the number one cyberattack vectors, followed by ransomware.
Awareness of these emerging trends can help businesses protect their sensitive data and maintain cybersecurity. Developing and strengthening a culture of cyber readiness with appropriate security protocols is just the first step. Businesses should also have Cyber Perils Insurance Coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws.
Please contact us if you would like more information about insurance specifically designed to protect against cyber threats and data security breaches.