Data Breaches and Cyber Attacks Quarterly Review: Q3 2022

Welcome to our third quarterly review of security incidents for 2022, in which we take a closer look at the information gathered in our monthly list of data breaches and cyber attacks.

In this article, you’ll find an overview of the cyber security landscape from the past three months, including the latest statistics and our observations.

This includes year-on-year comparisons in the number of publicly disclosed data breaches, a review of the most breached sectors and a running total of incidents for the year.


IT Governance identified 285 publicly disclosed security incidents between July and September 2022, which accounted for 232,266,148 compromised records.

This represents a sharp increase (20.5%) in the number of security incidents compared to Q2 2022 and an even steeper rise in the number of compromised records (134%).

It brings the annual running total of security incidents to 788 and number of compromised records to 406,385,597.

We are on pace for over 1,000 publicly disclosed data breaches for the second year running, but in more positive news, the projected number of disclosed incidents (541 million) is well below 2021’s total (5.1 billion).

How security incidents are occurring

In compiling our monthly lists, we distinguish between breaches caused by an organisation leaking data by mistake (‘data breaches’) and those that are the result of criminal hacking (‘cyber attacks’).

We also place ransomware in its own category, due in part to the frequency of attacks and in order to differentiate it from intrusions that may be harder to detect, such as password breaches.

Separating security incidents in this way reveals more about how security incidents happen and who is to blame, as you can see in this chart:

Cyber attacks continue to be the most common type of security incident. In Q2 2022, we found 172 cyber attacks, which represents 60% of the publicly disclosed incidents that we detected.

Phishing and malware are among the most common types of cyber attacks, but in many cases the breached organisation doesn’t disclose how it fell victim.

That’s often a deliberate strategy as it doesn’t want to publicise its vulnerability – particularly if it’s still working on a solution.

Part of the reason that these attacks account for such a high percentage of the total is the way organisations address ransomware attacks.

After a huge spike in ransomware last year, with the number of publicly disclosed incidents increasing from 289 in 2020 to 401 the following year, the number has shot back down. Our figures project that there will be fewer than 250 publicly disclosed incidents.

However, if you speak to any cyber security researcher or professional, you’ll know that ransomware remains as much a threat as ever. But with the notoriety of the threat and the widespread discussion of the damage it can cause, organisations have prioritised ransomware prevention and are implementing more effective defences.

Some of the steps that organisations can take include regularly backing up sensitive information, which can be restored rather than negotiating with the attackers to receive a decryption key.

They can also adopt business continuity plans to better equip themselves to deal with disruptive incidents. 

Organisations’ ability to prevent ransomware attacks hasn’t suppressed the threat of cyber crime altogether, though. Cyber criminals continue to launch attacks and using different techniques.

We have seen, for example, a renewed interest in more traditional attack methods, such as phishing.

If you are facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

How many records have been compromised?

As we often note, it’s hard to know definitively how many records have been compromised, because few publicly disclosed breaches contain this information.

However, in the incidents where this information was revealed, there were 232,266,148 breached records in total.

The incidents with the most breached records in Q3 2022 were:

Which sectors were the most vulnerable?

The public sector was the most vulnerable to compromise in Q3 2022, accounting for 60 breaches. This represents one in five publicly disclosed security incidents.

It replaces the healthcare and health science sector (52 incidents) atop the list. Between them, they represent almost 40% of all breaches.

The other big contributors were the education sector (39 incidents), technology (33) and retail (25).

Keeping your organisation secure

IT Governance offers a range of resources to help you navigate the threat landscape, including cyber security software, training courses, books and toolkits.

Those looking for advice on where to get started may be interested in reading The Data Breach Survival Guide.

This free guide provides a six-step outline on how to respond to a security incident.

Whether you’re hit by a cyber criminal or you discover an internal error, we can show you how to respond effectively and mitigate the risk.