2023 shatters record for most data compromise events in a single year
Cybercriminals, it seems, believe that records are meant to be broken. When it comes to data breaches, the worst year on record tends to be the latest year, and 2023 was no different. According to the Identity Theft Resource Center’s 2023 Data Breach Report, there were more data compromise events last year than any year before. A lot more. The number of data compromise events in 2023 is 78 percent higher than 2022. While this and other data compiled by the ITRC in 2023 may not be encouraging, its analysis may prevent 2024 from becoming another record-breaking year.
Data compromise events include data breaches, data exposures and data leaks. In 2023, there were 3,205 such events and more than 353 million estimated victims. The top five compromises by victim count are:
- T-Mobile (37 million victims)
- Xfinity (35.8 million victims)
- Peopleconnect (20.2 million victims)
- Nationstar Mortgage (14.6 million victims)
- PBI Research Services (Moveit) (11.7 million victims)
The top five compromises by industry are:
- Healthcare
- Financial Services
- Professional Services
- Manufacturing
- Education
The report’s attack vector data is particularly interesting. The attack vector is the method used by cyber criminals to compromise an organization’s data. Cyberattacks were the most common attack vector. They involve compromising an electronic information system using software or computer technology. They include phishing/smishing/BEC, ransomware, malware, zero-day, credential stuffing and non-secured cloud environments.
Events caused by another attack vector, system and human errors, more than tripled in 2023. These are failures of a system or person to perform as expected or required without malicious intent that results in a data compromise. This attack vector targets correspondence, lost devices/documents, missing and misconfigured firewalls and cloud security systems. Physical attack vectors, such as device and document theft, skimming devices and improper disposal, were employed with less frequency than other vectors, but remained a threat in 2023.
The 2023 Data Breach Report describes the dramatic increase in supply chain (third-party vendor) attacks as an emerging trend. A supply chain attack targets a single entity in hopes of gaining access to information maintained by the organization on behalf of other businesses or institutions. According to the ITRC, the number of organizations impacted by supply chain attacks has surged by more than 2,600 percent since 2018.
Awareness of these emerging trends can help businesses protect their sensitive data and maintain cybersecurity. Developing and strengthening a culture of cyber readiness with appropriate security protocols is just the first step. Businesses should also have Cyber Perils Insurance Coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws.
The Human Equation prepares all risk management and insurance content with the professional guidance of Setnor Byer Insurance & Risk.