Quarterly Review: Data Breaches and Cyber Attacks – Q1 2021

Welcome to our first quarterly review of cyber attacks and data breaches.

For several years, we’ve produced a monthly list of security incidents, comprised of publicly disclosed breaches from mainstream publications.

At the start of 2021, we decided to expand our research to learn more about the organisations that are being breached and how they were falling victim.

We’ll present our findings at the end of each quarter, providing key statistics and observations.

This includes year-on-year comparisons in the number of incidents that were detected, a review of the most frequently breached sectors and a running total of incidents for the year.


IT Governance discovered 351 security incidents in the first three months of 2021, which accounted for 3,222,491,299 breached records.

This represents a 50% increase in the total number of breaches compared to the same stage last year (233), as well as a significant rise in the total number of breached records (2,970,455,198).

There has also been an upward trend so far in 2021. We discovered 82 incidents in January, 118 in February and 151 in March – which was the highest total we have ever seen in a single month.

How security incidents are occurring

In compiling our monthly lists, we distinguish between breaches caused by an organisation leaking data by mistake (‘data breaches’) and those that are the result of criminal hacking (‘cyber attacks’).

We also place ransomware in its own category, due in part to the frequency of attacks and in order to differentiate it from intrusions that may be harder to detect, such as password breaches.

Separating security incidents in this way reveals more about how security incidents happen and who is to blame, as you can see in this chart:

Cyber attacks were by far the most common type of security incident in Q1 2021 – although it obviously encompasses a broad range of threats.

To look at attacks more specifically, then, criminal hackers were most likely to breach organisations by exploiting system vulnerabilities, with 40% of attacks occurring this way.

Phishing attacks (22%) were the next most frequent form of cyber attack, followed by password breaches (19%).

It’s worth noting that many incidents that are described as password breaches don’t specify exactly how the attackers were able to capture login details. As such, many of those incidents may actually be the result of phishing, with scammers tricking users into handing over their password.

Want to bolster your organisation’s data protection practices?

IT Governance can help you navigate to cyber safety with our range of tools and resources.

Meanwhile, the comparative lack of data breaches may create the impression that this isn’t a significant threat. However, this isn’t necessarily true; the problem is that organisations often aren’t aware of these types of breaches, so they never get disclosed.

For example, an employee may email sensitive information to the wrong person, and the error may never come to light. Likewise, someone in the office may take advantage of poor access controls to snoop on sensitive information that’s not relevant to their job.

Because these types of error can go undetected for so long, the damage can escalate over several years and therefore result in a greater number of affected records.

If you find yourself facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

How many records have been compromised?

It’s hard to know definitively how many records were compromised, because few publicly disclosed breaches contain this information – either because the organisation doesn’t know or isn’t obliged to say.

However, in the incidents where this information was revealed, there were 3,222,491,299 breached records in total.

Although data breaches were the least common cause, they accounted for more than 86% of all breached records.

This demonstrates our earlier argument regarding the insidiousness of internal breaches. They may be less common than cyber attacks, but they often involve a much greater number of breached records.

Which sectors are most vulnerable?

The public sector has been the worst affected so far this year, accounting for 22% of all security incidents. It has surpassed the healthcare and health sciences sector, which suffered the most number of breaches in each of the past two years.

Healthcare organisations are still in a critical position, though. They accounted for 65 publicly disclosed security incidents in the first quarter of 2021, which equates to 17% of all breaches.

The education sector is the other major contributor, with 58 security incidents (16%). More than half of those came in March, which is a worrying sign for the security of the education sector in future months, particularly with schools reopening across the globe.

Keeping your organisation secure

IT Governance offers a range of resources to help you navigate the threat landscape, including cyber security software, training courses, books and toolkits.

Those looking for advice on where to get started may be interested in reading The Data Breach Survival Guide.

This free guide provides a six-step outline on how to respond to a security incident.

Whether you’re hit by a cyber criminal or you discover an internal error, we can show you how to respond effectively and mitigate the risk.

No Responses