ITRC Breach Annual Report: Key Findings

The Identity Theft Resource Center (ITRC) is a nationally recognized nonprofit organization “established to support victims of identity crime.” The recently released Data Breach Annual Report provides statistics and perspectives on cyberattacks. Here’s what organizations need to know:

1. The overall number of data breaches rose a whopping 68 percent in 2021. There were 1,862 individual breaches last year, surpassing 2020’s total of 1,108 and the previous record of 1,506 (set in 2017).
2. Cyberattacks involving ransomware have doubled in each the past two years, representing 22% of the total number of reported cyberattacks in 2021. Forecasting into 2022, the ITRC said that at the current rate of growth, “ransomware attacks will surpass phishing as the number one root cause of data compromises in 2022.”
3. The type of data targeted by cybercriminals continues to shift. Criminals are now focusing on more specific data types rather than the mass acquisition of personally identifiable information (PII). This would explain why the number of individual victims is slowly but surely decreasing, down five percent in 2021 compared with 2020.

How Organizations Can Act Now

Considering that the ITRC reports suggest that ransomware “will continue to outpace other types of cyberattack,” it’s crucial for IT teams and organizations of all sizes to examine the situation–before it’s too late.

Eva Velasquez, ITRC president and CEO, had a realistic take on what this report might mean to organizations. She explained, “Many of the cyberattacks committed were highly sophisticated and complex, requiring aggressive defenses to prevent them.”

Velasquez’s point emphasizes the fact that individuals will not defend themselves. To safeguard from sophisticated and rapid attacks, the responsibility lies with organizations to protect their users’ information and take responsibility for informing them where they’ve been compromised. 

Depending on the size of your organization and budget, a robust defensive strategy can look different from company to company. However, some approaches are more efficient than others. For example, findings show that most breaches and ransomware are frequently linked to compromised credentials. Even a single vulnerable email and password combination can be the entry point to an entire network–so this is the main issue that businesses should address immediately.

Velasquez explained, “there is no reason to believe the level of data compromises will suddenly decline in 2022.”  But there is hope if organizations can act sooner rather than later.