A data breach can inflict severe financial and reputation damage to an organization. While such security incidents continue to remain a major concern, here’s what the report from ForgeRock has to say about the condition of data breaches in the U.S.

What does the report say?

  • According to the ForgeRock 2020 Consumer Identity Breach Report, U.S. organizations have reported the compromise of more than five billion records in 2019.
  • This has cost over $1.2 trillion to organizations - which is significantly higher than the estimated $654 billion loss in 2018.  
  • The combined loss due to data breaches in the last two years stands at $1.8 trillion.

The most targeted sector

  • Healthcare was the most targeted industry in 2019, accounting for 382 breaches and costing over $2.45 billion. 
  • However, technology firms had the highest number of records compromised from breaches with over 1.37 billion exposed. 

The most used attack vector  

  • Unauthorized access was the most common attack vector, accounting for 40% of all attack vectors used to steal data. 
  • This was followed by ransomware (14%) and phishing (14%) that were used to pilfer users’ sensitive data. 
  • Misconfigured systems and malicious insiders were also attributed to some data breaches that occurred in 2019.

The most targeted data

Social security numbers were the most popular PII breached in many data breaches. They were compromised in around 384 breaches recorded in 2019. 

What do we learn from this?

Cybercriminals will continue to refine their attack vectors to execute a greater volume of attacks than ever before to pilfer consumer data. Therefore, enterprises need to critically evaluate their digital identity management strategies for weaknesses and work upon them accordingly. 

“Given that there are new pressures to tear down the corporate castle walls for access by bring-your-own devices, temporary workers, and outside applications, organizations must deploy a modern platform that provides intelligent, contextual, and continuous security that can prompt for identity validation after detecting anomalous behavior," stated ForgeRock CTO Eve Maler, TechRepublic reported.

Cyware Publisher