The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase. Professor Stuart E. Madnick, Ph.D. December 2023: “Around the world, individuals’ most private, most personal data has become a target for cybercriminals. Attacks and data breaches across the globe continue to increase. Even as organizations work to fight back, cybercriminals are constantly finding new ways to access and exploit readable personal data, in particular when stored in the cloud. Last year’s study, “The Rising Threat to Consumer Data in the Cloud,” found that these threats had reached historically high levels. And now, with complete data from 2022 and most of 2023 underway, many indicators show that the threat is getting even worse. For US organizations, data breaches are now at an all-time high. In just the first nine months of 2023, data breaches in the US have already increased by nearly 20% compared to all of 2022 — and organizations around the world have faced similar trends. These attacks are increasingly impactful because people are now living more of their lives online, meaning that corporations, governments, and other types of organizations collect more and more personal data — sometimes with little choice from individuals. And because people’s most personal data can be exploited and sold for a significant profit, it’s become a growing target for cybercriminals. Most recently, two key factors have contributed to the increased threat to personal data:

• First, ransomware attacks are more numerous and dangerous than ever. In 2023, ransomware attacks increased to levels never seen before, while also becoming more sophisticated and aggressive. Hackers are becoming more organized, often through ransomware gangs. Their attacks are also more threatening and more likely to target organizations with sensitive data, like governments, mass-market genetic testing companies, or healthcare facilities. In the past, ransomware attacks often locked up a company’s data until a ransom was paid. Now, hackers are more likely to leak corporate and consumer data, often hurting consumers.
• Second, attacks that exploit vendors are increasing, and they frequently spread to many other organizations that depend on those vendors. This means that the consequences of even one attack can be devastating.
• In today’s interconnected world, virtually every organization relies on a wide range of vendors and software. As a result, hackers only need to exploit vulnerabilities in third-party software or a vendor’s system to gain access to the data stored by every organization that relies on that vendor. Tellingly, 98% of organizations have a relationship with a vendor that experienced a data breach within the last two years.”