2019 is on track to set a record for the highest number of security incidents ever recorded, with 5,183 data breaches and 7.9 billion records exposed by November in the United States alone, according to a report from Risk Based Security.
The latest data from the vulnerability intelligence firm shows a 33.3% increase in publicly reported breaches from Q3 2018, and the volume of records exposed increased 112%.
The data includes only publicly disclosed breaches, which means the true figures are likely much higher. The past eight years has seen a steady uptick in breaches and an even faster increase in number of records exposed. In 2012, only 2,323 breaches were reported, with 485 million records exposed. 2019 has seen 5,183 breaches, and more than 7,9 billion records leaked.
The stark difference between the numbers has two possible causes. The first could be more transparency from companies that suffer security incidents, and the second is the increase in the volume of personal data organizations now hold.
“Despite occasional dips, there has been a steady increase in the number of breaches reported over the past eight years. So the increase in 2019 is not surprising,” reads the Risk Based Security report. “However, the change does stand out from the general trend, with a 33.3% increase in the number of breaches disclosed compared to the same point in 2018. The last time there was a jump like this was in 2015, which saw a 36.8% increase in breaches reported compared to the same point in 2014.”
The most common attack vector reported by companies is unauthorized access to systems, and cybercriminals are behind such events. But data is also often made freely accessible by misconfigured databases, backups, endpoints, and services.
Also, the two types of data most commonly leaked in breaches are the user’s emails (59.1%) and passwords (65.1%), with the names (26%) and addresses (12.7%) following from afar. The report also names some of the most exposed industries.
Healthcare is the most affected industry, with 343 breaches in 2019, followed by retail with 307, public administration with 264, and finance and insurance with 263 breaches. The business sector accounts for 66% of the breaches, medical 14%, government 12%, and education 8%.