CyberGuide - Information Security and Cyber Risk Management



Malicious data breaches increased 55% in 2020: Advisen Data

By Rebecca Gainsburg, Advisen

 

The number of malicious data breaches increased 55% from 2019 through 2020, driven by several high-profile breaches, according to Advisen data.

This spike reverses the downward trend seen in the previous few years, as bad actors searched for more lucrative options – namely ransomware. Time will tell if the spike in malicious data breaches during a period dominated by the pandemic will continue into the post-COVID world.

In Advisen’s loss database, a malicious data breach is classified as a situation where personal confidential information or digital assets have been exposed or stolen by unauthorized internal or external actors. It may occur as the result of a ransomware attack.

Notable data breaches in 2020 included the Blackbaud ransomware attack. The cloud-based service provider found that backup files with client information had been breached, affecting thousands of people and exposing the information of nearly 900 companies. Another example was a data breach at British tech giant Advanced Computer Software, which exposed the information of nearly 200 law firms, according to Advisen data.

Malicious Data Breaches by Accident Date

The transition to remote work and an increased reliance on mobile devices during the pandemic left organizations vulnerable to malicious data breaches. And, in the healthcare industry, the accelerated implementation and use of new technology due to the increased dependence on telehealth left the industry vulnerable to bad actors, causing a shift in the most frequently targeted industries, according to Advisen’s loss database.

Initial theories that bad actors would forgo attacks on healthcare organizations in the midst of a pandemic proved to be false. On the contrary, recent reports of eastern European cyber gang Ryuk seem to indicate that some gangs have been intentionally targeting the healthcare industry.

Hospitals are lucrative targets for cyberattacks because of the in-depth information they store and they often have less mature cybersecurity protocols than what is typically seen in other industries, like Finance & Insurance.

Malicious Data Breaches by Industry

 

Data Journalist Rebecca Gainsburg can be reached at Rebecca.gainsburg@zywave.com

To learn more about Advisen’s data call (212) 897-4800 or email adv_support@zywave.com.

*Advisen’s loss data is curated from a wide variety of public sources. Our collection efforts focus on larger and more significant cases. For this reason, the figures in this article may not be fully representative of all cases of this type.