[BreachExchange] Risk Based Security releases its Year-End 2020 Data Breach Report

[Destry Winant]

https://www.securityinfowatch.com/cybersecurity/press-release/21207207/riskbased-security-risk-based-security-releases-its-yearend-2020-data-breach-report

RICHMOND, VA, January 21, 2020 — Risk Based Security recently released
their 2020 Year End Data Breach QuickView Report, revealing that there
were 3,932 publicly reported data breaches, compromising over 37
billion records.

Compared to 2019, the number of publicly reported breach events
decreased by 48%. However, the total number of records compromised
increased by 141% and is by far the most records exposed in a single
year since RBS reporting began in 2005.

“2020 has challenged the security-minded community quite unlike any
other, and the number of records exposed highlights how unique the
year has been,” commented Inga Goddijn, Executive Vice President at
Risk Based Security. “We do not believe fewer breaches are happening.
Disruptions at certain governmental sources, delayed reporting, and
declining news coverage have all contributed to fewer breaches coming
to light in 2020, but that is only a part of the story. More complex
and damaging attacks have also contributed to lengthy and complex
investigations.”

“The rise of ransomware coupled with the particularly pernicious
practice of leaking data stolen during the attack has been a leading
theme of the year,” commented Inga Goddijn, Executive Vice President
at Risk Based Security. “There were few signs that ransomware would
explode into a preferred method for monetizing attacks and while the
coverage of breach events has picked up once again, the changing
tactics means less information about events is being disclosed. It is
anyone’s guess where 2021 might take us.”

The 2020 Year End Data Breach QuickView Report covers data breaches
publicly disclosed between January 1, 2020, and December 31, 2020.

Here are some highlights:

- There were 3,932 publicly reported breach events at the time of this
report; a 48% decline compared to 2019. As the year matures, and 2020
breaches continue to be disclosed into 2021, it is typical for the
number of reported breaches to grow by 5% to 10%. In “normal” times
that would place 2020 on par with 2015 and 2016 breach years.
- Despite 1,923 breaches (49%) without a confirmed number of records
exposed, the total number of records compromised in 2020 exceeded 37
billion, a 141% increase compared to 2019 and by far the most records
exposed in a single year since we have been reporting on data breach
activity.
- There were 676 breaches that included ransomware as an element of
the attack, a 100% increase compared to 2019.
- Breach severity, as measured by severity score, steadily increased
throughout the year, reaching an average of 5.71 in Q4 compared to
4.75 in Q1. Severity score is a base 10 logarithmic scale, meaning
that the severity of breach events increased by a factor of 10 over
the course of the year.
- Five breaches each exposed one billion or more records and another
18 breaches exposed between 100 million and 1 billion records.
- Healthcare was the most victimized sector this year, accounting for
12.3% of reported breaches.


About Risk Based Security

Risk Based Security (RBS) provides detailed information and analysis
on Data Breaches, Vendor Risk Ratings and Vulnerability Intelligence.
Our products, Cyber Risk Analytics (CRA) and VulnDB, provide
organizations access to the most comprehensive threat intelligence
knowledge bases available, including advanced search capabilities,
access to raw data via API, and email alerting to assist organizations
in taking the right actions in a timely manner. In addition, our
YourCISO offering provides organizations with on-demand access to high
quality security and information risk management resources in one,
easy to use web portal.


Cyber Risk Analytics (CRA) provides actionable threat intelligence
about organizations that have had a data breach or leaked credentials.
This enables organizations to reduce exposure to the threats most
likely to impact them and their vendor base. In addition, our
PreBreach vendor risk rating, the result of a deep-view into the
metrics driving cyber exposures, are used to better understand the
digital hygiene of an organization and the likelihood of a future data
breach. The integration of PreBreach ratings into security processes,
vendor management programs, cyber insurance processes and risk
management tools allows organizations to avoid costly risk
assessments, while enabling businesses to understand its risk posture,
act quickly and appropriately to proactively protect its most critical
information assets.