2021 Data Breach Annual Report from ITRC: Cybersecurity Trends

It’s report day! The Identity Theft Resource Center (ITRC) has released its 2021 Data Breach Annual Report, which is full of interesting and eye-opening statistics!

The 2021 Data Breach Annual Report is available for download here (hat tip to Sharon Nelson’s Ride the Lightning blog for the initial coverage here). Here are some notable stats from the Letter from the CEO and Executive Summary sections of the report:

  • In 2021, there were more data compromises reported in the United States of America than in any year since the first state data breach notice law became effective in 2003.
  • The overall number of data compromises (1,862) is up 68 percent over 2020; the new record number of data compromises is 23 percent over the previous all-time high (1,506).
  • The number of data events that involved sensitive information such as SSNs increased slightly YoY as a percent of the overall number of compromises (83 percent vs. 80 percent) but remained well below the previous all-time high of 95 percent set in 2017.
  • Ransomware-related data breaches have doubled in each of the past two years. At the current growth rate, ransomware attacks will pass Phishing as the number one root cause of data compromises in 2022.
  • The number of data breach notices that do not reveal the root cause of a compromise (607) has grown by more than 190 percent since 2020.
  • The number of supply chain attacks, where a single organization is attacked to obtain the data of multiple entities, is obscured by the root cause these compromises (e.g., phishing, ransomware, malware, etc.). In 2021, supply chain attacks would be classified as the fourth most common attack vector if a stand-alone cause.
  • There were more cyberattack–related data compromises (1,613) in 2021 than all data compromises in 2020 (1,108).
  • Compromises increased year-over-year in every primary sector but one – Military where there were no data breaches publicly disclosed. The Manufacturing & Utilities sector saw the largest percentage increase in data compromises at 217 percent over 2020.
  • As identity criminals focus more on specific data types rather than mass data acquisition, the number of victims continues to drift downward – ~5% in 2021 compared to the previous year. The number of consumers whose data is compromised multiple times per year, though, remains excessively high.

The 2021 Data Breach Annual Report is an efficient 30 pages and has considerable additional information and stats including a more extensive look at trends from 2015 to 2021, more details about 2021 compromises, root cause of compromises, types of data compromised and more! Check it out here!


So, what do you think about the 2021 Data Breach Annual Report?  Good news or bad news?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.


Leave a Reply