ForgeRock 2022 Consumer Identity Breach Report reveals a huge increase in the number and cost of data breaches. Here are our top takeaways…
Accelerated by the global pandemic, we are all living our lives increasingly online. But the convenience of the new digital BAU comes with a cost for consumers as well as many industry sectors. 2021 saw a huge increase in data breaches, both in number and severity, according to a report released by Forgerock. The 2022 Forgerock Consumer Identity Breach Report shows how cybercriminals have taken advantage of our new online lifestyle to tap into a rich vein of valuable information held by our new favourite shopping, healthcare and other day-to-day websites.
Here are our top takeaways from the report.
1. The number of records compromised rose by 37% in 2021
Between 2020 and 2021 in the US, this number increased from 3.4B in 2020 to 4.7B in 2021. The ForgeRock report focuses on confirmed breaches in which confidential data is exposed and/or stolen.
Because most breaches are financially driven, attackers typically target large caches of data that can be held for ransom or sold on the dark web.
2. The average cost of a breach has increased
Not only is the number of breaches increasing, so is the cost. The average cost of a breach in the U.S. increased by 16% between 2020 and 2021, with the report noting that there was a greater cost for organisations with remote workers.
The average cost of a breach in the U.S. continues to be the highest recorded globally, at $9.5 million, up 16% from $8.2 million in 2020.
3. Unauthorised Access Remains a Top Threat
“Unauthorised access is the king of attack vectors”- Eve Maler, ForgeRock Chief Technology Officer
Unauthorised access was the most common type of attack in 2021, representing half of all breach methods. Our personal data is at greater risk than ever thanks to what the report describes as ‘a perfected loop’ where previously breached data is used to drive new breaches and amplify their impact.
Unauthorised access to data, networks, applications, or devices is gained due to weak passwords, shared credentials, or compromised accounts.
4. Nearly a quarter of all breaches took place in healthcare
Healthcare and retail are highlighted as hot spots for breaches in 2021 in this report, with the healthcare industry taking out the top spot as the sector suffering nearly a quarter of all breaches (24%). Although healthcare breaches were small in terms of the number of records impacted, accounting for less than 1% of all records, those records contained valuable information including name, address, social security number, date of birth and, in two-thirds of the breaches, actual medical history information. Armed with this data, cybercriminals have access to information on the patient’s medical issues, diagnoses, treatments, and more. The average cost per record breached rose sharply from $474 in 2020 to $614 in 2021.
5. Our online shopping habit is costing us more than we think
Retail is another data breach hotspot identified by the report. E-commerce sales grew by 50% during the pandemic, according to the U.S. Department of Commerce Retail Indicator Division.
At the same time, retail data breaches became more prevalent and more costly. Retail accounted for more than one-quarter of all records breached in 2021. While the average cost of a retail breach in 2020 was $2.01 million, it jumped to $3.27 million in 2021, a 63% increase. The biggest target was customer information, such as credit card and payment information, along with personal information. As e-commerce sites and applications increasingly strive for an effortless user experience, they cut corners with tools such as two-factor authentication (2FA). So, we have high volumes of poorly-protected personal information collected by retail, creating the perfect conditions for breaches and then fraud.
6. Stolen records are increasingly data rich
The records that are stolen are increasingly data-rich, making them more valuable to the perpetrators and more damaging to those impacted. US records compromised containing username/password increased 35% in 2021 to more than 2 billion.
- 99% contained name/address,
- 59% contained a US Social Security number (SSN),
- 53% contained date of birth (DOB),
- 34% contained Protected Health Information (PHI),
- 28% contained payment or banking information.
7. Governments need to step up across the globe
The report highlights the role of governments in working with industry to create stronger protections for consumer data and ensure transparency if breaches take place. Although steps are being taken across the globe, such as GDPR in place since 2018 in Europe, the Cyber Incident Reporting for Critical Infrastructure Act in the US, and $1.67 billion being pledged towards cyber security over the next 10 years in Australia, there is clearly still much more work to be done.
8. We want seamless transactions AND security
As consumers, we want to have our cake and eat it too. According to the report, 55% of users transacting online say that security is their top priority. However, 60% of users expect a seamless online experience, and consumers will abandon a transaction if forced to wait more than 30 seconds. ForgeRock says the solution is an IAM platform infused with AI, detecting unexpected activity and blocking inappropriate access, thereby providing the holy grail of a low-friction user experience with strong security.
In conclusion, this report confirms that data-rich breaches are increasing in number and cost. The solutions lie at the intersection of increased consumer awareness, more aggressive government focus, and the adoption by online companies of a new breed of platform as highlighted by the report, along with an improved understanding of the role of training. The tools that the online community puts in place to protect themselves and their customers can only ever be as effective as the people who deploy them.