Data Breaches and Cyber Attacks Quarterly Review: Q1 2022

Welcome to our first quarterly review of security incidents for 2022, in which we take a closer look at the information gathered in our monthly list of data breaches and cyber attacks.

In this article, you’ll find an overview of the cyber security landscape from the past three months, including the latest statistics and our observations.

This includes year-on-year comparisons in the number of publicly disclosed data breaches, a review of the most breached sectors and a running total of incidents for the year.


IT Governance discovered 266 security incidents between January and March 2022, which accounted for 75,099,482 breached records.

This matches the number of security incidents that we saw in Q4 2021, but is a significant decrease on the number of breached records (185,721,284).

How security incidents are occurring

In compiling our monthly lists, we distinguish between breaches caused by an organisation leaking data by mistake (‘data breaches’) and those that are the result of criminal hacking (‘cyber attacks’).

We also place ransomware in its own category, due in part to the frequency of attacks and in order to differentiate it from intrusions that may be harder to detect, such as password breaches.

Separating security incidents in this way reveals more about how security incidents happen and who is to blame, as you can see in this chart:

As has been the case for the past year, cyber attacks were the most common type of security incident. In Q1, we found 161 cyber attacks, which represents 61% of the publicly disclosed incidents that we detected.

Phishing and malware are among the most common types of cyber attacks, but in many cases the breached organisation doesn’t disclose how it fell victim.

That’s often a deliberate strategy as it doesn’t want to publicise its vulnerability – particularly if it’s still working on a solution.

One reason that these types of attack account for such a high percentage of the total is the dramatic decrease in ransomware. In Q1, we found 50 publicly disclosed ransomware attacks; by comparison, at this stage last year we had already seen more than 100.

The drop-off follows a surge in intrusions that reached its peak last summer, with high-profile attacks at Colonial Pipelinethe meat supplier JBSthe Irish health service and the chemical distributor Brenntag.

Those incidents brought mainstream attention to the threat of ransomware, and have been followed by a concerted effort to implement more effective defences.

The White House unveiled new initiatives to combat ransomware, which included a State Department programme that mirrors its anti-terrorism scheme in offering financial rewards for information that helps prevent or identify attackers.

Meanwhile, the UK’s NCSC (National Cyber Security Centre) announced that it had joined the RTF (Ransomware Task Force), which contains expertise from governments, software firms, cybersecurity vendors, non-profits, and academic institutions from across the world. 

In an 81-page report, the group called for “aggressive and urgent action” against ransomware. 

These efforts have clearly had an effect, with our researching discovering a 53% decrease in publicly disclosed ransomware attacks compared to Q1 2022.

If you are facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

How many records have been compromised?

As we often note, it’s hard to know definitively how many records have been compromised, because few publicly disclosed breaches contain this information.

However, in the incidents where this information was revealed, there were 75,099,482 breached records in total.

The incidents with the most breached records in Q1 were:

Which sectors are most vulnerable?

The healthcare and health sciences sector accounted for the most security incidents in Q1 (65). It was followed by the public sector (47) – and between them they accounted for 42% of all incidents that we identified.

Data breaches by sector

The other big contributors were the technology and media sector (35 incidents), the education sector (25), professional services (18) and retail (16).

Keeping your organisation secure

IT Governance offers a range of resources to help you navigate the threat landscape, including cyber security software, training courses, books and toolkits.

Those looking for advice on where to get started may be interested in reading The Data Breach Survival Guide.

This free guide provides a six-step outline on how to respond to a security incident.

Whether you’re hit by a cyber criminal or you discover an internal error, we can show you how to respond effectively and mitigate the risk.