2020 Data Breach Report Offers Some Surprises

The Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity crime. Last week, this organization released it’s 15th Annual Data Breach Report.

Here is a summary of some of their more compelling findings.

Good News for Consumers! In 2020, the number of individuals impacted by a data breach was down 66% compared to 2019. This is surprising, considering the unprecedented shift to Work from Home, as well as the huge increase in online shopping. Two factors that have dramatically raised the threat landscape that could lead to a data breach. It is important for consumers to remain vigilant, however. Just because cyber criminals are less interested in stealing vast databases of personal information does not mean consumer data is safe. These bad actors have simply switched their focus to more profitable prey.

Bad News for Organizations… Cyberthieves are taking advantage of bad consumer behaviors to attack organizations (businesses, charities, government agencies, etc.). The number one cause for data breaches in 2020 is lost and stolen credentials – logins and passwords. Stolen credentials are used to gain access to individual, client and vendor data as well as the organization’s intellectual property. In fact, client and vendor data offer criminals the opportunity to compromise all of a company’s customer records AND any third-parties that they do business with. Often clicking on one link in an unsolicited email, text or social media account is all it takes to compromise a user’s credentials. With that set of credentials, a ransomware attack can be launched, generating as much revenue in minutes as 100s of individual identity theft attempts over months or even years. Once a business’ data is locked, it can cost thousands of dollars in ransom with no guarantee of recovery, even after payment. While the likelihood of recovering data after payment has actually increased, a business’ good reputation can not be recovered so easily.

When considering the monetary cost to companies there are a few stats that are hard to ignore. By the end of 2020, the average ransomware payout was more than $233,000 per event (Q4 2020). Up from less than $10,000 per event barely 2 years before (Q3 2018). Business Email Compromise (BEC) scams cost companies over $1.8 billion in 2019. The average loss to businesses grew by 48% in Q1 through Q3 of 2020.

Because the repercussions can be so far reaching, it is critical that individuals remain vigilant and organizations educate and train staff at every level to help safeguard against these ever increasing security threats.

Visit the Identity Theft Center online at idtheftcenter.org to access the full data breach report for 2020.