The Number of Data Breaches Reached New Highs in 2021

The number of data compromises increased 68 percent year-on-year during 2021, reaching a new record, according to a report from The Identity Theft Resource Center (ITRC). The number of incidents during the past year was 23 percent above the previous all-time high, which was set in 2017.

In 2021, more than 1,860 events were recorded, and 83 percent of those involved sensitive information, such as Social Security numbers and birthdates, the ITRC’s annual data breach report revealed.

Almost no industry was immune from cyber incidents during 2021, as ITRC reported nearly every sector showed year-on-year increases in compromises. The one exception was the military, which didn’t publicly report any incidents. The manufacturing and utility sectors saw the biggest increases in data comprises, growing more than 200 percent year-on-year.

“In 2021, we saw a shift in the identity crime space,” Eva Velasquez, ITRC president and CEO, said in the report. “Too many people found themselves in between criminals and organizations that hold consumer information. We may look back at 2021 as the year when we moved from the era of identity theft to identity fraud. Many of the cyberattacks committed were highly sophisticated and complex, requiring aggressive defenses to prevent them. If those defenses failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”

The most common cause of a compromise, accounting for 33 percent of incidents, were phishing; business email compromise; and “smishing,” text message–based phishing. Ransomware accounted for 22 percent of data compromises during 2021, ITRC reported.

See also:

• Managing Risk in the Cloud: A Guide for Corporate Treasurers
• Shining a Light on Payments Fraud
• Impostor Fraud: A Cyber Risk Management Challenge
• Mitigating the Risk of Wire Fraud

Ransomware Woes Roll On

During the past two years, ransomware-related breaches have doubled, according to ITRC, and these types of attacks are projected to become the number-one cause of data compromises in the coming year.

While ransomware has proven a prickly issue for organizations of all sizes, small businesses are particularly vulnerable, according to Holly Burton, technology leader at Insureon. She tells PropertyCasualty360.com this is because small businesses tend to not run offsite backups and often lack dedicated IT staff to oversee security.

“They also don’t typically understand these risks. This makes them very susceptible to attacks,” Barton says. “Most know what cyber liability is in general, but very few understand the complexity of coverages or associated risks.”

The best way to reduce the risks from ransomware is to put in place security measures that include setting up virtual private networks (VPN) and having multifactor authentication (MFA) processes, Burton says. Setting up VPNs and MFA are probably the easiest and most effective steps a company can take, she says, adding: “Daily offsite backups might take more to implement but are very important. If information is held for ransom, it might only be a day’s worth of information that is taken, as opposed to weeks or months.”

From: PropertyCasualty360