According to a survey report from identity and access management firm ForgeRock, threat actors exposed more than 5 billion consumer records in 2019, costing over $1.2 trillion to organizations in the U.S.
The report “2019 Consumer Identity Breach Report” revealed that the total data breach incidents over the last two years have cost U.S. enterprises $1.8 trillion. The survey found that the data breaches increased both in numbers and cost. While unauthorized access was the most common attack vector accounting to 40% of breaches, ransomware and malware was at 15% and phishing at 14%.
Attacks on the Health Care Sector
According to the report, the health care industry emerged as the most targeted industry in 2019, accounting for 382 breaches and costing over $2.45 billion in 2019. Health care providers have become an easy target for attackers, as they hold sensitive information of their patients. Medical records are the most targeted data type in Q1 2020, accounting for 25% of all exposed data. Even though health care being the most targeted industry, technology firms had the highest number of records compromised from data breaches with over 1.37 billion exposed in 2019, costing a total of over $250 billion.
Data Breaches in 2020 Outpace 2019
According to the Q1 2020 data, this year is set to outpace 2019 in terms of records breached, despite the fact the number of breaches dropped by 57%. There have been 92 data breaches affecting 1.6 billion records in Q1 2020 alone, accounting to 9% more records than Q1 2019. Health care is still the most breached industry in Q1 2020, accounting for 51% of the incidents, which may be due to hackers targeting health care organizations amid the COVID-19 pandemic.
Other Key Findings Include:
- After health care, the banking, insurance, and financial industries was the second most targeted in 2019, accounting for 12% of all breaches. This is followed by education (7%), government (5%), and retail (5%)
- Social security numbers and date of birth details were the most targeted data – accounting for 37% of breached information, yet this is down from 54% in 2018
- Name and addresses (18%) and personal health information (17%) were the second and third most breached data types, respectively
- Personally identifiable information (PII) remained the most targeted data by attackers and was exposed in 98% of 2019 breaches
Eve Maler, CTO at ForgeRock, said, “When it comes to data breaches, we’re seeing the biggest cybersecurity problem continues to be an identity problem. The Consumer Identity Breach Report’s findings demonstrate that enterprises need to increase their identity and access management maturity. The secret is democratizing data control so organizations can allow known users to hop onto authentication express lanes for a great experience, entrusting them with convenient consent options, and make bad actors jump through extra hoops to help prevent fraud.”