The ITRC’s Annual Data Breach report for 2023 reports on the alarming increase in the number of data compromises and continued evolution of cyber-attacks.
As technology has advanced, cyber criminal’s skills have also improved, and 2023 set a record high with 3,205 publicly reported data compromises impacting an estimated 353,027,892 individuals – a 78% increase from a record-high 2022. Consider this alarming perspective:
The sheer scale of the 2023 data compromises is overwhelming. Just the increase from the past record high to 2023’s number is larger than the annual number of events from 2005 until 2020 (except for 2017). But, we cannot let complacency, frustration, or weariness lead us to surrender the fight to protect identity crime victims. We’re not about to give-up or give-in and we hope you will join us as we seek to start a different conversation about protecting identities in 2024. – Eva Velasquez, CEO, ITR
Velasquez states that there is never just one reason why data breaches increase, nor is there one single technology solution that is 100% effective in stopping breaches or the identity crimes that follow. However, she believes two key breach trends could help plan a better future.
Supply Chain Attacks
Organizations impacted by this type of attack has surged over 2,600% since 2018, with victims increasing 15% in 2023 alone. Stronger reporting requirements and increased carefulness surrounding vendors would increase data protection while reducing vulnerabilities and risks associated with compromises.
Breach Notifications
The two-decade old legislation and regulatory framework that is designed to alert consumers of breaches is outdated, resulting in businesses under-reporting breaches – or not at all. An enhanced notification system for breach notices would help both consumers and businesses in the aftermath of a breach.
Other Key Trends from 2023’s report:
- The United States saw the highest number of data events reported in a single year, over 3,000 events.
- 16% reduction of estimated number of victims impacted from breaches compared to 2022 due to a focus on identity-related fraud vs. mass attacks.
- While most industries saw increases in breaches, three industries reported more than double the number of compromises compared to 2022: Healthcare, Financial Services and Transportation.
- Healthcare led all industries in reported compromises in each of the past five (5) years, but Utilities companies led in the estimated number of victims in 2023.
- Over 9% of the 3,700 U.S. publicly traded companies issued a data breach notice in 2023, impacting 143M victims, representing 11% of overall number of compromises.
- Public companies accounted for 40% of all data compromise victims impacting 210M victims.
- Public companies withheld actionable information about their data breach in 47% of notices compared to 46% for private companies, government agencies, education institutions and nonprofit organizations.
- Most data compromises were linked to cyberattacks in 2023. Phishing-related and ransomware attacks were down slightly, while malware and Zero Day attacks jumped significantly compared to previous years.
- Compromises related to System and Human errors more than tripled in 2023, with a 590% increase in data being exposed in emails and correspondence.
- Physical breaches are down 65 percent (65%) since 2018.
The report focuses on solutions to protect personal information and methods to respond once the data is compromised. Uniform breach notice laws, using facial biometrics in the identity verification processes, and improved due diligence on the breach history of an organization are the ITRC’s recommended steps.
Looking for a place to start? Review our article 4 Best Practices for Preparing a Data Breach Response Plan.
Download full report.