ITRC Annual Data Breach Report 2023

Keypoints

• Cybersecurity reports are structured into key sections including executive summaries, attack trend analyses, industry-specific breach data, and solutions or recommendations.
• These reports provide vital statistics such as total number of breaches, victims impacted, and common attack vectors, revealing the scale and nature of threats faced annually.
• In 2023, the number of publicly reported data compromises reached a historic high of 3,205 events, impacting over 353 million individuals, marking a 78% increase over 2022.
• Supply chain attacks surged by over 2,600% since 2018, affecting millions of victims, with major incidents like the MOVEit breach illustrating their broad impact.
• Attack techniques evolved with a significant rise in malware and Zero Day exploits, while traditional phishing and ransomware slightly declined, indicating adaptive tactics by threat actors.
• Data breach notification laws are increasingly fragmented, with many organizations withholding attack details, limiting transparency and victims’ ability to respond effectively.
• Statistics highlight that healthcare, financial services, and transportation sectors experienced the highest number of compromises, emphasizing industry-specific vulnerabilities.
• Recurring themes include the necessity for improved vendor due diligence, the importance of uniform breach notification regulations, and the rise of sophisticated social engineering using AI to exploit stolen data.
• The reports stress that despite increased attack sophistication, a slight decline in total victims suggests targeted focus of criminals, but the overall threat landscape remains highly dynamic.