Flashpoint’s 2022 Mid-Year Data Breach report shows an overall 15% decline in reported breaches from the same period last year and suggests that the retail, hospitality, and travel sectors are not among the industries reporting the most breaches by volume.
Context
On August 18, 2022, Flashpoint released its State of Data Breach Intelligence 2022 Midyear Edition report, which provides quantitative data and context for data breach trends for the first half of the year. Data provided in this report includes:
- How Flashpoint collected and researched 1,980 breaches reported in the first six months of the year—with approximately 60 % of them being the result of hacking
- How comprehensive and repeatable processes for hardening systems, coupled with periodic audits of controls, can substantially reduce the likelihood of a large-scale data leak
- Which economic sectors and business groups reported the most data breaches in the first half of 2022
Impact Analysis
According to Flashpoint researchers, retail organizations reported 105 breaches for the first half of 2022, wholesale organizations reported 59, and hospitality organizations reported 15. None of these industries ranked in the top of the rankings. Retail organizations were eighth out of 19 industries tracked, wholesale organizations ninth out of 19, and hospitality organizations 16th out of 19. The top industries reporting breaches were healthcare (299), finance/insurance (272), and public administration (251).
Overall, Flashpoint reported a 15% decline in reported breaches from the same time period in 2021. It is not known if this decline is due to actual decreased threat actor activity or to a decline in public disclosures.
Names, social security numbers, and other personally identifiable information (PII) were the topmost compromised data types. Only 23% of reported breaches originated inside victim organizations. Overwhelmingly, malicious cyber threat actor activity accounted for the most records compromised, which is a significant change from past years, when fraud overwhelmingly resulted in the most records compromised.
One of the most impactful trends is that breach disclosures are, on average, less detailed and less actionable than in previous years, likely due to legal departments and cyber insurance advisors cautioning organizations against providing detailed information in public notices to limit liabilities. If continued, this trend could make it increasingly difficult for organizations and users to determine the full scope of impact on their security resulting from breaches of partner organizations or services.
Full Key Takeaways
Flashpoint provided a summary of key findings in their research:
- 1,980 breaches were reported in the first six months of the year, approximately 15 % below 2021’s final H1 total.
- The number of records exposed dropped dramatically in the first six months of 2022 compared to the first six months of 2021, falling from 27.3 billion records to 1.4 billion records.
- The decline in records exposed can be attributed to a decline in the number of breaches impacting 100 million or more records. In 2021 H1, there were 13 such incidents. In 2022 H1, only three such incidents have been reported.
- The most prolific breach type remains consistent with prior years, with unauthorized access to systems (aka “hacking”) accounting for approximately 60 % of breaches reported in 2022 H1.
- The combined healthcare and social service economic sector reported the most breaches in 2022 H1. However, on a business group level, financial services and software/data services both reported more breaches than hospitals, the leading reporter of breaches within the healthcare economic sector.
