Username and password breaches increase by 450 percent

credential hacker

A new report from identity specialist ForgeRock reveals a massive 450 percent surge in breaches containing usernames and passwords globally.

The report also finds that unauthorized access was the leading cause of breaches for the third consecutive year, increasing year-on-year for the past two years, and accounting for 43 percent of all breaches in 2020.

While the number of 100-million plus record 'mega-breaches' fell, cybercriminals broadened their attack surfaces to include organizations of all sizes and across industries in attempts to seize valuable assets, so the total number of breaches rose. Breaches affecting smaller enterprises -- with many still involving tens of millions of records -- have seen a 50 percent increase.

Advertisement

"For too long, usernames and passwords have been the backbone of providing people secure access to their digital lives. The findings in our identity breach report reveal that it's time for change," says Fran Rosch, CEO of ForgeRock. "The surge in breaches involving usernames and passwords at an astounding 450 percent clearly emphasizes the need to adopt a strong digital identity and access management solution that offers the ability to go passwordless. It also gives companies a much better chance at reducing data exposure, as well as lowering their reputational and financial risk."

Among other findings, phishing (25 percent) and ransomware (17 percent) were the second and third most frequent causes of breaches. The average cost of a breach in the US increased to $8.64 million -- the highest in the world.

Attackers have also been keen to zero in on specific sectors. Healthcare is the most targeted industry for the second year with the highest number of breaches, while the technology sector paid the highest aggregate cost of recovery from breaches at $288 billion.

You can find out more on the ForgeRock site.

Photo Credit: triocean/Shutterstock

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.