Data Breaches and Cyber Attacks Quarterly Review: Q2 2022

Welcome to our second quarterly review of security incidents for 2022, in which we take a closer look at the information gathered in our monthly list of data breaches and cyber attacks.

In this article, you’ll find an overview of the cyber security landscape from the past three months, including the latest statistics and our observations.

This includes year-on-year comparisons in the number of publicly disclosed data breaches, a review of the most breached sectors and a running total of incidents for the year.


IT Governance discovered 237 security incidents between April and June 2022, which accounted for 99,019,967 breached records.

This represents an 11.5% decrease in the number of security incidents compared to Q4 2022 (266), but an increase in the number of breached records (75,099,482).

How security incidents are occurring

In compiling our monthly lists, we distinguish between breaches caused by an organisation leaking data by mistake (‘data breaches’) and those that are the result of criminal hacking (‘cyber attacks’).

We also place ransomware in its own category, due in part to the frequency of attacks and in order to differentiate it from intrusions that may be harder to detect, such as password breaches.

Separating security incidents in this way reveals more about how security incidents happen and who is to blame, as you can see in this chart:

Cyber attacks continue to be the most common type of security incident. In Q2 2022, we found 127 cyber attacks, which represents 54% of the publicly disclosed incidents that we detected.

Phishing and malware are among the most common types of cyber attacks, but in many cases the breached organisation doesn’t disclose how it fell victim.

That’s often a deliberate strategy as it doesn’t want to publicise its vulnerability – particularly if it’s still working on a solution.

Part of the reason that these attacks account for such a high percentage of the total is the decrease in ransomware attacks. Throughout this year, we have seen cyber criminals move away from ransomware and back to more traditional attack methods, such as phishing.

Although the number of ransomware attacks has increased slightly compared to Q1 2022 (50 vs 55), there has been a sharp downward trend in the past year.

Between 2020 and 2021, there was a 39% increase in publicly disclosed ransomware attacks (289 to 401). In the first half of 2022, there have been just 105 such incidents.

The dramatic change in fortune can be attributed to the public’s growing awareness of the threat. Following high-profile attacks at Colonial Pipelinethe meat supplier JBSthe Irish health service and the chemical distributor Brenntag, ransomware has been given more mainstream media attention and organisations have prepared accordingly.

Some of the steps that organisations can take include regularly backing up sensitive information, which can be restored rather than negotiating with the attackers to receive a decryption key.

They can also adopt business continuity plans to better equip themselves to deal with disruptive incidents. 

If you are facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

How many records have been compromised?

As we often note, it’s hard to know definitively how many records have been compromised, because few publicly disclosed breaches contain this information.

However, in the incidents where this information was revealed, there were 75,099,482 breached records in total.

The incidents with the most breached records in Q2 2022 were:

Which sectors were the most vulnerable?

The healthcare and health sciences sector remains the most vulnerable to security incidents, accounting for 63 breaches in Q2 2022. This represents 27% of all incidents that we detected.

It was followed by the public sector (47 incidents), and between them they account for almost half of all incidents that we documented.

The other big contributors were the technology and media sector (36 incidents), the education sector (25), professional services (16) and retail (14).

Keeping your organisation secure

IT Governance offers a range of resources to help you navigate the threat landscape, including cyber security software, training courses, books and toolkits.

Those looking for advice on where to get started may be interested in reading The Data Breach Survival Guide.

This free guide provides a six-step outline on how to respond to a security incident.

Whether you’re hit by a cyber criminal or you discover an internal error, we can show you how to respond effectively and mitigate the risk.