Cybercriminals exposed 5 billion records in 2019, costing U.S. organizations over $1.2 trillion

Cybercriminals exposed over 5 billion records in 2019, costing over $1.2 trillion to U.S. organizations, according to ForgeRock. Coupled with breaches in 2018 costing over $654 billion, breaches over the last two years have cost U.S. organizations over $1.8 trillion.

Healthcare: The most targeted industry

Healthcare emerged as the most targeted industry in 2019, accounting for 382 breaches and costing over $2.45B, an increase from 164 incidents costing over $633 million in 2018.

Despite healthcare being the most frequently targeted industry, technology firms had the highest number of records compromised from breaches with over 1.37 billion exposed in 2019 costing a total of over $250 billion.

Personally identifiable information (PII) remained as the most targeted data by attackers and was exposed in 98% of 2019 breaches, up from 97% in 2018.

• Unauthorized access was the most common attack vector used in 2019, responsible for 40% of breaches, followed by ransomware and malware at 15% and phishing at 14%.
• By targeting PII and leveraging unauthorized access, cybercriminals highlight how weaknesses in enterprises’ identity and access management (IAM) practices increasingly allow for greater volumes and more sensitive types of data to be pilfered.
• In fact, social security numbers (SSNs) were the most targeted type of data compromised as they were exposed in 384 breaches in 2019.

“Cybercriminals continue to refine their attack vectors and can execute a greater volume of attacks than ever before to pilfer consumer data,” said Eve Maler, CTO, ForgeRock.

“The Consumer Identity Breach Report’s findings demonstrate that no industry is safe. Enterprises need to critically evaluate their digital identity management strategies for weaknesses.

“Given that there are new pressures to tear down the corporate castle walls for access by bring-your-own devices, temporary workers and outside applications, organizations must deploy a modern platform that provides intelligent, contextual and continuous security that can prompt for identity validation after detecting anomalous behavior. They can then ensure more layers of security between threat actors and consumer data while delivering superior experiences to their legitimate users.”

Cybercriminals and exposed records: 2020 is set to outpace 2019

Based on Q1 2020 data, 2020 is set to outpace 2019 in terms of records breached, despite the fact the number of breaches tracks down by 57%. There have been 92 data breaches affecting 1.6 billion records in Q1 2020 alone, 9% more records than Q1 2019.

Healthcare is still the most breached industry in Q1 2020, accounting for 51% of the incidents, which may be due to attackers targeting strained healthcare organizations amid the COVID-19 pandemic. However, the most records exposed throughout Q1 2020 have been from social media firms.

Key findings

• Following healthcare, the banking/insurance/financial industry was the second most targeted in 2019, accounting for 12% of all breaches. This is followed by education (7%), government (5%) and retail (5%).
• Social security numbers and date of birth details were the most targeted data – accounting for 37% of breached information, yet this is down from 54% in 2018.
• Name and addresses (18%) and personal health information (17%) were the second and third most breached data types, respectively.
• Medical records are the most sought-after type of PII in Q1 2020, accounting for 25% of all exposed data.