A new report by the Identity Theft Resource Center (ITRC) found that data breaches in the US increased by a staggering 78% in 2023 compared to 2022, reaching a total of 3,205. The breaches compromised almost 11% of all publicly traded companies and affected over 350 million people.
The average cost of one of these data breaches was 4.45 million USD, not accounting for the long-term cost of a damaged reputation and loss of trust from customers. This sharp rise in data attacks, and their subsequent costs for a business, demonstrate how important it is that businesses are paying attention to cybersecurity trends and taking action to protect themselves before it’s too late.
2023’s Trends
Companies looking to better protect themselves against attackers should first look into the trends of 2023, which can tell a lot about how data criminals are evolving and which security areas should be enhanced.
According to the IRTC, data criminals focused more on finding specific information and identity-related fraud or scams than mass attacks. This resulted in fewer individuals falling victim to the attacks, but it also means data breaches are getting more specific as perpetrators learn what is most effective. Along with this, phishing-related and ransomware attacks decreased in 2023, but malware and Zero Day attacks saw a significant jump in use compared to previous years.
The industries most affected in 2023 were Healthcare, Financial Services, and Transportation. These sectors reported more than double the number of attacks than in 2022, with Healthcare experiencing the most for the fifth year in a row. Despite this, Utilities companies led with the number of victims in 2023.
How we can improve
As more and more of our information moves to cloud-based storage, it’s critical that we make the necessary moves to improve data security and the laws surrounding it.
In its report, the IRTC recommended action in three areas: breach notice laws, digital credentials, and vendor due diligence. The IRTC believes updating state laws and federal agency regulations to be more uniform will assist victims in addressing the attacks. Additionally, increasing the use of facial verification and digital credentials is also crucial to reducing the number of identity crimes using stolen personal information. Finally, the IRTC stressed the importance of understanding the risk represented by the use of vendors, including knowing their breach history.
On a more individual level, companies looking to improve their data protection should invest in security measures such as incident response planning and testing, employee training, and threat detection and response tools. 82% of breaches in 2023 involved data stored in the cloud, meaning organizations should implement solutions that work across hybrid environments and protect data as it moves through an organization’s uses.
While these measures may seem costly upfront, IBM estimates that the average savings for organizations that use security measures, specifically AI and automation, is 17.6 million USD.
Balancing data and its risks
As we evolve the way we use and store our data, specifically within the cloud, data criminals will also continue to evolve their methods of stealing it. We must be able to continually adapt our measures to properly protect ourselves against potential attacks, and learn how to balance the challenge of storing data and keeping it, and our customers, safe.
—
Colleen Douglas
Senior Marketing Coordinator
Executive Platforms
Colleen joined the Executive Platforms team in May of 2022. She has five years of experience in event marketing, with an emphasis on copywriting and digital strategies.
Colleen has a BA Honours in Business Communications from Brock University and a Diploma in Digital Media Marketing from George Brown College.