Data breaches and cyber attacks quarterly review: Q2 2021

Welcome to our second quarterly review of security incidents for 2021, in which we take a closer look at the information gathered in our monthly list of cyber attacks and data breaches.

In this blog, we provide an overview of the security landscape in the past three months, and look at key statistics and observations.

This includes year-on-year comparisons in the number of publicly disclosed incidents, a review of the most breaches sectors and a running total of incidents for the year.


IT Governance discovered 377 security incidents between April and June 2021, which accounted for 1,224,539,395 breached records.

This represents a 7.4% increase in the total number of breaches compared to the previous quarter (351), but a significant decrease in the number of breached records (3,222,491,299).

However, it’s worth noting that the total number of breached records can easily be skewed by one major incident – and that’s what happened in Q1, when Comcast left a database containing 1.5 billion records exposed online.

When comparing breaches over time, the total number of breaches is a more useful figure as it is less prone to anomalies.

How security incidents are occurring

In compiling our monthly lists, we distinguish between breaches caused by an organisation leaking data by mistake (‘data breaches’) and those that are the result of criminal hacking (‘cyber attacks’).

We also place ransomware in its own category, due in part to the frequency of attacks and in order to differentiate it from intrusions that may be harder to detect, such as password breaches.

Separating security incidents in this way reveals more about how security incidents happen and who is to blame, as you can see in this chart:

As was the case in Q1, cyber attacks were the most common type of security incident, accounting for 43% of all incidents.

Phishing and malware are among the most common types of cyber attacks that we detected, but in many cases the breached organisation hasn’t disclosed how it fell victim.

That’s often a deliberate strategy as it doesn’t want to publicise its vulnerability – particularly if it’s still working on a solution.

Meanwhile, we have again seen a comparatively low number of data breaches (75). Although this sounds like promising news, the fact is that data breaches are much harder to spot than cyber attacks, so there will be countless incidents that are never identified or disclosed.

For example, an employee might email sensitive information to the wrong person and the error may never come to light.

Likewise, someone in the office might take advantage of poor access controls to snoop on sensitive information that’s not relevant to their job.

Finally, we’ve seen a continuation in the rise of ransomware. We discovered 141 publicly disclosed incidents in Q2, which represents a 42% increase compared to Q1 (107).

To put this in even more context, in the second quarter of 2020 we disclosed just 55 incidents, meaning attacks have almost tripled in the past year.

One reason for this might be the increasing normalisation of ransomware attacks. The public is learning that they aren’t necessarily a catastrophe and symptomatic of a negligent organisation but something that can happen to anyone.

As such, organisations may be more willing to disclose when they’ve been attacked rather than blaming a mysterious ‘technical issue’ while quietly paying off the attackers.

If you find yourself facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

How many records have been compromised?

It’s hard to know definitively how many records were compromised, because few publicly disclosed breaches contain this information – either because the organisation doesn’t know or isn’t obliged to say.

However, in the incidents where this information was revealed, there were 1,224,539,395 breached records in total.

Cyber attacks accounted for the majority of those, thanks to a data leak at Facebook (553 million breached records) and a web scraping attack on LinkedIn (500 million).

Which sectors are most vulnerable?

For the second quarter in a row, the public sector has suffered the most incidents. The 82 data breaches and cyber attacks equate to 24% of Q2’s total.

The healthcare and health sciences sector, which suffered the most number of breaches in 2019 and 2020, was second with 76 disclosures.

The education, technology and retail sectors were the other big contributors to Q2’s total with 44, 42, and 41 incidents, respectively.

Notably, there was a significant increase in data breaches and cyber attacks in the retail sector compared to Q1 (41 vs 14). This is likely a result of shops reopening as lockdown measures eased across the globe.

Organisations may only now be noticing vulnerabilities that had been present for some time, or employees made mistakes due to they had grown unfamiliar with best practices and data protection policies.

Keeping your organisation secure

IT Governance offers a range of resources to help you navigate the threat landscape, including cyber security software, training courses, books and toolkits.

Those looking for advice on where to get started may be interested in reading The Data Breach Survival Guide.

This free guide provides a six-step outline on how to respond to a security incident.

Whether you’re hit by a cyber criminal or you discover an internal error, we can show you how to respond effectively and mitigate the risk.