[BreachExchange] Reported Data Breaches Down by 52% in 2020

Destry Winant destry at riskbasedsecurity.com
Mon Aug 17 10:11:56 EDT 2020


https://www.infosecurity-magazine.com/news/reported-data-breaches-down-2020/

Reports of data breaches are down by 52% year-on-year in the first half of 2020.

According to research by Risk Based Security, whilst the number of
reported data breaches are down, the number of records exposed is more
than four-times higher than any previously reported time period.

“The striking differences between 2020 and prior years brings up many
questions,” commented Inga Goddijn, executive vice-president at Risk
Based Security. “Why is the breach count low compared to prior years?
What is driving the growth in the number of records exposed? Perhaps
most importantly, is this a permanent change in the data breach
landscape?”

According to the research, there were 2037 publicly reported breaches
through to June 30, accounting for a 52% decrease compared to the
first six months of 2019 and 19% below the same time period for 2018.
By mid-year 2019, there had been 4298 breaches reported.

The main cause of data breaches in the first half of this year were
misconfigured databases and services. Over 27 billion records were
exposed between January 1 2020 and June 30 2020, exceeding the total
number of records exposed during all of 2019 by more than 12 billion
records.

In an email to Infosecurity, HaveIBeenPwned? founder Troy Hunt said
there is an issue around data breaches, as “we only ever know about
the tip of the data breach iceberg and there’s frequently a long lead
time between breach and discovery.”

He added: “Depending on how you measure it, I’m sure one could easily
show the trend going the other way too; I normally load a new breach
into HIBP once every four days but added 16 in a two-week period over
late July and early August due to the ShinyHunters incidents.”

Steven Furnell, professor of cybersecurity at the University of
Nottingham, said his instinct is that we’re not necessarily seeing a
decrease of breach events, “but more likely that attention has been
distracted by the pressing demands of COVID-19 and the transition to
home working.”

He suspected that certain things are also going to be more difficult
to monitor and capture in the home working context, “and I so I
imagine that some events may not come to light as quickly or clearly
as would otherwise have been the case.

“Given that organizations will have differed quite widely in their
prior positioning for home working (e.g. whether they had any policy
in place to guide staff, and had done any related training and
awareness), it is likely that many will have had staff fending for
themselves to a greater degree than normal, and potentially left
exposed in the process,” Furnell said. “So, it seems unlikely that
breaches would have really decreased in this ‘less controlled’ context
compared to what happens in the normal workplace setting.”

Last week’s research released by CI Security analyzed data from the US
Department of Health and Human Services, and found healthcare breach
reports in the first half of this year were down 10.4% compared to the
second half of 2019, with the number of breached records falling by
nearly 83%.

Robert Meyers, channel solutions architect at One Identity, also
suspected the numbers had decreased due to lower reporting. “The
reason is simple, the world changed,” Meyers said. “The COVID-19
outbreak changed the way organizations work, and shifted everyone’s
priorities. So, while things may have calmed back down and
organizations may have settled into their new, remote working set-up,
we can expect a rise in breaches reported in the second half of the
year, and an artificially low number in the first half of the year.”


More information about the BreachExchange mailing list