The State of Cyber Threats in 2020 and Ongoing Risks to Small and Medium-Size Companies


By: Renata Hoddinott

As we approach mid-year 2020, we look back on trends in data breaches and the landscape of cyber threats compared to 2019 as we continue to advise our clients before, during, and after a cyber incident.  Risk-Based Security recently issued its analytics for Q1 2020, finding that the number of publicly reported breaches in Q1 2020 decreased by 42% compared to Q1 2019. That decrease may be due to both disruptions in reporting breaches due to the coronavirus pandemic and the unusually high number of breaches reported last year.

But the number of records exposed in Q1 2020 surged to a record 8.4 billion, an increase of 273% compared to the same time last year. This number is particularly daunting when you consider the enforcement date for the CCPA is quickly approaching on July 1st with no news of any delay in enforcement from the California Attorney General.

While that number is certainly daunting, a possible silver lining is despite the large number of records, around 68% of breaches exposed fewer than 1,000 records. In fact, of the billions of records exposed, one breach was responsible for 5.1 billion of those records, 11 breaches exposed more than 100 million records each, and five breaches exposed between 10 and 99 million records. So, while cyber threats continue to rise, the majority of those threats continue to affect small and mid-size companies.

Unsurprisingly, in the reported breaches to date this year, the vast majority of reported breaches (70%) were the result of unauthorized access to systems or services. Thus, the largest threat to companies continues to be phishing scams and other social engineering aimed at gathering employee data and credentials. Given the unprecedented work-from-from mobilization of employees around the world, these schemes are an even bigger threat. Bad actors are thriving on the current conditions, their schemes fed by the actions of employees desperate for information on pandemic updates, remote working tools, and official news on potential reopening of businesses and social restrictions.

History has shown that recessions tend to lead to an increase in cybercrime. Most economic experts are convinced the country is headed towards a recession, if not already there. Thus, as the pandemic continues, lockdown orders are extended or only partially lifted, and employees to continue to work from home (indefinitely for many), companies must remain vigilant. Now more than ever companies must reinforce employee training as well as update security software and protocols to protect themselves and the records of their employees and customers stored in their systems.