Risk-Based Security released their 2020 year-end data breach report that shows the number of breached records grew dramatically. Many of the trends observed in 2020 have been present for the past several years. Hacking or unauthorized access into systems or services accounted for the most incidents reported in 2020 while web or publication of sensitive data online, accounted for the most number of records exposed.
Highlights of the report
There were 3,932 publicly reported breach events at the time of this report; a 48% decline compared to 2019. As the year matures, and 2020 breaches continue to be disclosed into 2021, it is typical for the number of reported breaches to grow by 5% to 10%. In ‘normal’ times that would place 2020 on par with 2015 and 2016 breach years.
Here are some of the highlights from the report:
- Despite 1,923 breaches (49%) without a confirmed number of records exposed, the total number of records compromised in 2020 exceeded 37 billion, a 141% increase compared to 2019 and by far the most records exposed in a single year since we have been reporting on data breach activity.
- There were 676 breaches that included ransomware as an element of the attack, a 100% increase compared to 2019.
- Breach severity, as measured by severity score, steadily increased throughout the year, reaching an average of 5.71 in Q4 compared to 4.75 in Q1. The severity score is a base 10 logarithmic scale, meaning that the severity of breach events increased by a factor of 10 over the course of the year.
- Five breaches each exposed one billion or more records and another 18 breaches exposed between 100 million and 1 billion records.
- Healthcare was the most victimized sector this year, accounting for 12.3% of reported breaches.