U.S. businesses reported fewer cyber breaches in 2022 than the year before, though with new SEC disclosure rules coming into effect soon, that number looks to head back up next year.
Ideagen’s analysis showed a 36% drop in breach disclosures, the highest one-year decline in the past 12 years, with some experts suggesting the decline is due to cyber criminals turning their attention elsewhere amid geopolitical strife.
The research also points to longer notification periods, with businesses taking two weeks longer to inform the markets of cyber breaches than in 2021, though the SEC’s cybersecurity disclosure rules will look to change that, as the regulations require publicly traded companies to disclose incidents of material impact in a matter of days rather than weeks. These findings largely track with other research from Deloitte that indicated few organizations are ready to comply with the new SEC rules.
Phishing, ransomware and malware breaches continue to drop, but breaches described as “unauthorized access” soared, accounting for 69% of disclosed breaches during the year, compared to just 48% in 2021 and 32% in 2020.
And personal data was the most oft-compromised, including name (77%), Social Security number (62%) and bank account details (36%).