Data breaches and cyber attacks quarterly review: Q3 2021

Welcome to our third quarterly review of security incidents for 2021, in which we take a closer look at the information gathered in our monthly list of cyber attacks and data breaches.

In this article, you’ll find an overview of the cyber security landscape from the past three months, including the latest statistics and our observations.

This includes year-on-year comparisons in the number of publicly disclosed incidents, a review of the most breached sectors and a running total of incidents for the year.


IT Governance discovered 266 security incidents between July and September 2021, which accounted for 185,721,284 breaches records.

This represents a significant decrease in the total number of breached records compared to the previous quarter (377) and the number of breached records (1,224,539,395).

How security incidents are occurring

In compiling our monthly lists, we distinguish between breaches caused by an organisation leaking data by mistake (‘data breaches’) and those that are the result of criminal hacking (‘cyber attacks’).

We also place ransomware in its own category, due in part to the frequency of attacks and in order to differentiate it from intrusions that may be harder to detect, such as password breaches.

Separating security incidents in this way reveals more about how security incidents happen and who is to blame, as you can see in this chart:

As has been the case in both Q1 and Q2, cyber attacks were the most common type of security incident. In Q3, they accounted for 38% of all incidents.

Phishing and malware are among the most common types of cyber attacks that we detect, but in many cases the breached organisation doesn’t disclose how it fell victim.

That’s often a deliberate strategy as it doesn’t want to publicise its vulnerability – particularly if it’s still working on a solution.

Meanwhile, we have seen a resurgence in the number of publicly disclosed data breaches. After identifying 75 incidents in Q2 (accounting for just 20% of the total), we identified 87 in Q3. This represents 33% of the incidents we found.

In more positive news, we reported on just 79 ransomware attacks in Q3, compared to 107 in the previous quarter.

The decrease may be a result of widely discussed incidents earlier this year – including the attack that caused massive delays at Colonial Pipeline – leading to organisations evaluating and improving their security mechanisms.

If you find yourself facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

How many records have been compromised?

As we often note, it’s hard to know definitively how many records have been compromised, because few publicly disclosed breaches contain this information. This is because the organisation either doesn’t know or isn’t obliged to say.

However, in the incidents where this information was revealed, there were 185,721,284 breaches records in total.

The incidents with the most breached records in Q3 were:

Which sectors are most vulnerable?

The healthcare and health sciences sector accounted for the most security incidents in Q3 (66). It surpassed the public sector (60), which had been the most vulnerable in both Q1 and Q2.

These two sectors are by far the worst offenders when it comes to effective security, combining for 47% of all incidents in Q3.

As the graph above demonstrates, the other big contributors were the technology and media sector (37 incidents), the education sector (35), retail (18) and professional services (15).

Notably, there has been a decline in data breaches and cyber attacks in the retail sector compared to Q2 (18 vs 41). We noted in last quarter’s report that incidents may have increased in the sector retail sector as stores reopened following lockdown measures.

As a result, they may have discovered incidents that had occurred during their closure. Alternatively, employees may have made costly errors because they had grown unfamiliar with best practices and data protection and privacy policies.

This theory is supported by the fact that the number of security incidents has dipped to a similar level as it was in Q1. Hopefully this means that retail firms have addressed their security concerns and the figures will now level out.

Keeping your organisation secure

IT Governance offers a range of resources to help you navigate the threat landscape, including cyber security software, training courses, books and toolkits.

Those looking for advice on where to get started may be interested in reading The Data Breach Survival Guide.

This free guide provides a six-step outline on how to respond to a security incident.

Whether you’re hit by a cyber criminal or you discover an internal error, we can show you how to respond effectively and mitigate the risk.


  1. Usaf 26th October 2021
  2. Vince Schira 1st November 2021
    • Luke Irwin 4th November 2021
  3. Reni 8th November 2021