Industries most impacted in 2019 continued to be hard hit in both 2020 and so far in 2021, including healthcare, education and financial services. However, the greatest percentage increases occurred in industries that had been generally spared in 2019. The overall implication is that data attacks became broader and deeper during the pandemic, a trend that continues during the recovery.
Kroll attributes the rise in data breach notification cases to four trends: the shift to remote work, which has left employees and employers more vulnerable to cybercrime; the evolution of ransomware into data extortion schemes; the rising impact of supply chain attacks; and the combination of stricter privacy regulations with increased awareness of privacy rights. These drivers affect companies in all industries, even the ones that haven’t historically been targets of cyberattacks.
In 2020, Kroll data shows an average 125% growth in breach notification cases for industries which experienced five or more breaches in 2019. We continue to see a surge in the same, more traditional and regulated, group of industries as we move through 2021.
In contrast, the six other industries—food and beverage, utilities, construction, entertainment, agriculture and recreation—which experienced four or fewer breaches in 2019 according to Kroll data, experienced an average increase of 545% year-over-year (YoY) in 2020. This increased volume of breaches in historically spared industries remains steady in Q1 2021.
“The trend Kroll has identified toward a rise in attacks on previously less targeted industries means that stepping up incident detection and response capabilities for those companies will be extremely important. This is an area where a modest amount of preparation often goes a very long way in avoiding or reducing significant impacts on the business.”