Data breaches increased 38% in Q2
Data breaches are projected to reach an all-time high by the end of 2021.
During the second quarter of 2021, data breaches increased 38% in the U.S. compared with the prior quarter, according to the Identity Theft Resource Center (ITRC).
If the volume of breaches continues on its current trajectory, 2021 could set a new record, according to ITRC.
“Data compromises have been up every month this year except May. We’re 76% of the way to 2020’s total number of compromises with six months left in the year,” explains James E. Lee, chief operating officer at ITRC. “If we just see 141 compromises each month for the rest of the year (the current monthly average), that puts us just short of 1,700 at the end of 2021, which would be an all-time high.”
The current record of 1,632 incidents was set in 2017.
While phishing, ransomware and supply chain attacks were the major root causes during the quarter, Lee tells PropertyCasualty360.com that it is never just one thing that drives a change in cyberattacks.
“In this case, it’s the acceleration of the shift away from gathering mass amounts of personal data used to attack individual consumers and toward more organized and targeted attacks against businesses using very specific types of data,” he explains.
Additionally, phishing and ransomware, the two most common attacks that lead to data breaches today, can now be automated, require less effort, carry less risk, and can be easily repeated, Lee says. Further, they don’t require much more than a login and password to execute.
Although breach incidents were up, the number of individuals impacted declined 20% during the period. And while data breaches are projected to reach an all-time high this year, if things stay the current course the number of individuals impacted will reach its lowest number since 2014, ITRC found. As with most things in life, the major push away from individuals to larger organizations is primarily about time and money.
“Think of it this way: The average loss from an identity crime against a person is about $300, according to the Federal Trade Commission. The average ransomware payment by a business as of Q1 this year was more than $300,000, with some payments in the millions of dollars,” Lee explains, continuing: “That’s not to say consumers can let their guard down because they can’t. Identity thieves still need personal information, but what they steal and how they steal it is changing.”
Concerning his final point, Lee says consumers and businesses need to change their “cyber-hygiene habits.” He gives the following cyber-safety tips:
Every account needs a unique password or phrase comprised of 12 or more characters.
Do not use the same passwords at work and home.
Use multifactor authentication apps on your mobile devices or SMS if an authenticator app is not available.
Freeze your credit in case none of the above works.
Businesses need to ensure they are not collecting more personal information than they need. You can’t breach what you don’t have.