The number of data breaches reached new highs in 2021

The manufacturing and utility sectors saw the biggest increases in data comprises, increasing 217% compared with 2020.

“They (small business owners) also don’t typically understand these risks. This makes them very susceptible to attacks,” says Holly Burton, technology leader at Insureon. “Most know what cyber liability is in general, but very few understand the complexity of coverages or associated risks.” (Credit: valerybrozhinsky/Adobe Stock)

The number of data compromises increased 68% year-on-year during 2021, reaching a new record, according to a report from The Identity Theft Resource Center (ITRC). The number of incidents during the past year was 23% above the previous all-time high, which was set in 2017.

In 2021, more than 1,860 events were recorded and 83% of the incidents involved sensitive information, such as Social Security numbers and birth dates, the ITRC’s annual data breach report revealed.

Almost no industry was immune from cyber incidents during 2021, as ITRC reported nearly every sector showed year-on-year increases in compromises. The one exception was the military, which didn’t publicly report any incidents. The manufacturing and utility sectors saw the biggest increases in data comprises, growing more than 200% year on year.

“In 2021, we saw a shift in the identity crime space,” Eva Velasquez, ITRC president and CEO, said in the report. “Too many people found themselves in between criminals and organizations that hold consumer information. We may look back at 2021 as the year when we moved from the era of identity theft to identity fraud. Many of the cyberattacks committed were highly sophisticated and complex, requiring aggressive defenses to prevent them. If those defenses failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”

The most common cause of a compromise, accounting for 33% of incidents, were phishing, business email compromise and “smishing,” text message-based phishing. Ransomware accounted for 22% of data compromises during 2021, ITRC reported.

Ransomware woes roll on

During the past two years, ransomware-related breaches have doubled, according to ITRC, and these types of attacks are projected to become the number one cause of data compromises in the coming year.

While ransomware has proven a prickly issue for organizations of all sizes, small businesses are particularly vulnerable, according to Holly Burton, technology leader at Insureon. She tells PropertyCasualty360.com this is because small businesses tend to not run off-site backups and often lack dedicated IT staff to oversee security.

“They also don’t typically understand these risks. This makes them very susceptible to attacks,” Barton says. “Most know what cyber liability is in general, but very few understand the complexity of coverages or associated risks.”

The best way to reduce the risks from ransomware is to put in place security measures that include setting up virtual private networks (VPN) and having multi-factor authentication (MFA) processes, Burton says.

Setting up VPNs and MFAs are probably the easiest and most effective steps a company can take, she says, adding: “Daily off-site backups might take more to implement but are very important. If information is held for ransom, it might only be a day’s worth of information that is taken as opposed to weeks or months.”

Related: