Compared to 2019, the number of publicly reported breach events (3,932) decreased by 48%. However, the total number of records compromised (37 billion) increased by 141% and is by far the most records exposed in a single year since RiskBased Security (RBS) reporting began in 2005, according to the RBS 2020 Year End Data Breach QuickView Report.
Other key findings include:
• There were 676 breaches that included ransomware as an element of the attack, a 100% increase compared to 2019.
• Breach severity, as measured by severity score, steadily increased throughout the year, reaching an average of 5.71 in Q4 compared to 4.75 in Q1. Severity score is a base 10 logarithmic scale, meaning that the severity of breach events increased by a factor of 10 over the course of the year.
• Five breaches each exposed one billion or more records and another 18 breaches exposed between 100 million and 1 billion records.
• Healthcare was the most victimized sector in 2020, accounting for 12.3% of reported breaches.
“2020 has challenged the security-minded community quite unlike any other, and the number of records exposed highlights how unique the year has been,” commented Inga Goddijn, Executive Vice President at Risk Based Security. “We do not believe fewer breaches are happening. Disruptions at certain governmental sources, delayed reporting and declining news coverage have all contributed to fewer breaches coming to light in 2020, but that is only a part of the story. More complex and damaging attacks have also contributed to lengthy and complex investigations.”
The 10th Allianz Risk Barometer 2021 survey reports potential disruption and loss scenarios companies are facing; this year's top three risks all relate to the coronavirus pandemic. Business interruption (BI) (#1 with 41% responses); Pandemic outbreak (#2 with 40%) and Cyber incidents (#3 with 40%) rank as the top three risks.
The COVID-19 crisis continues to represent an immediate threat to both individual safety and businesses, according to the Risk Barometer, reflecting why pandemic outbreak has rocketed 15 positions up to #2 in the rankings at the expense of other risks. Prior to 2021, it had never finished higher than #16 in 10 years of the Allianz Risk Barometer. However, in 2021, it’s the number one risk in 16 countries and among the three biggest risks across all continents.
According to Allianz Risk Barometer respondents, improving business continuity management is the main action companies are taking (62%), followed by developing alternative or multiple suppliers (45%), investing in digital supply chains (32%) and improved supplier selection and auditing (31%).
Al Stiehler – San Diego MTA’s New Director of Transit Security and Passenger Safety
San Diego's Metropolitan Transit System has hired Al Stiehler as Director of Transit Security and Passenger Safety. Stiehler brings several transportation-related roles to his new position, including most recently as chief of field operations for the New York Metropolitan Transportation Authority.
Stiehler will oversee 64 internal MTS code compliance inspectors and 158 contracted security officers. Officers work in teams of two and are responsible for patrolling 54 stations, three trolley lines and 95 bus routes. Congratulations! Image courtesy of Stiehler
Vitaliy Panych – California’s New CISO
Vitaliy Panych has been officially appointed as Chief Information Security Officer (CISO) of the state of California, after spending the past two years as California’s acting CISO. Panych’s main responsibilities will be expanding the capabilities of the California Cybersecurity Integration Center, which operates in conjunction with law enforcement and emergency services agencies.
Before joining the California Department of Technology as deputy to former CISO Peter Liebert in 2019, Panych previously served as an agency chief information security and privacy officer at the California Department of Corrections and Rehabilitation. Congratulations! Image courtesy of Panych
Tony Porter – Corsight AI’s New Chief Privacy Officer
The U.K.’s former Surveillance Camera Commissioner Tony Porter has taken on the role of Chief Privacy Officer at facial recognition provider Corsight AI. In the new role, Porter is responsible for ensuring that technology is not only legally compliant across international jurisdictions, but also operates to the highest ethical standards.
Tony Porter was appointed Surveillance Camera Commissioner in March 2014. He has a combination of business and law enforcement expertise. He is an intelligence specialist (most recently within the financial sector) and retired senior police leader. His experience spans community and business engagement, international counter-terrorism and serious and organized crime. Congratulations! Image courtesy of Porter
Don Freese – Digital Realty’s New CISO
Don Freese has joined Digital Realty as CISO. Freese, who previously served as a Senior Executive with the Federal Bureau of Investigation and a cybersecurity leader at PwC, brings more than 30 years of leadership experience advising large corporations and the highest ranks of the U.S. government on cybersecurity, cyber operations and IT risk management.
He reports to Executive Vice President, Operations Erich Sanchack and is responsible for overseeing Digital Realty’s company-wide information security technology and programs, as well as managing risks related to confidentiality, integrity and availability of systems and data. Congratulations! Image courtesy of Freese
Heather Hinton – RingCentral’s New CISO
Heather Hinton has joined RingCentral as CISO, bringing more than 30 years of experience in information technology (IT) and cybersecurity expertise. Hinton was instrumental in bringing Privacy by Design thinking into IBM’s Security and Privacy by Design discipline in response to emerging privacy requirements. She has also overseen security operations and data center security, risk management, and incident response activities for large Fortune 500 customers.
At RingCentral, Hinton will be tasked with providing customers with a trusted, reliable and secure platform to support digital transformation as well as maintaining and improving RingCentral’s current security posture and processes. Congratulations! Image courtesy of Hinton
Anne Neuberger – National Security Council’s New Deputy National Security Adviser for Cybersecurity
U.S. President Joe Biden has tapped Anne Neuberger for the cybersecurity slot on the National Security Council (NSC). Neuberger, who joined the National Security Agency (NSA) more than a decade ago and has been serving as the agency’s director of cybersecurity since 2019, will be named deputy national security adviser for cybersecurity in the incoming NSC.
At the NSA, Neuberger was responsible for directing the agency's cybersecurity mission. Prior to her role as Director, she led NSA’s Election Security effort and served as Assistant Deputy Director of NSA’s Operations Directorate, where she managed NSA’s foreign intelligence and cybersecurity operations. Congratulations! Image courtesy of Neuberger
Raquel Brown – Trimont Real Estate Advisors’ New Global CSO
Raquel Brown has taken over as Global Chief Security Officer (CSO) for Trimont Real Estate Advisors. Brown was previously the Managing Director of Cybersecurity at the firm, overseeing the organization’s cybersecurity efforts in the Americas.
In her new role, Brown is responsible for security strategy, security program oversight and security architecture development for the organization. This includes all security technologies and services domestically as well as internationally. Congratulations! Image courtesy of Brown
Dr. Chase Cunningham – Ericom’s New Chief Strategy Officer
Dr. Chase Cunningham, a recipient of Security magazine's Most Influential People in Security, has joined Ericom as its Chief Strategy Officer. In this role, he will shape the company's strategic vision, roadmap and key partnerships.
Dr. Cunningham previously served as vice president and principal analyst at Forrester Research, providing strategic guidance on Zero Trust, artificial intelligence, machine learning and security architecture design for security leaders around the globe. Prior to joining Forrester Research, Dr. Cunningham was the director of cyber threat intelligence at Armor. He is also a retired U.S. Navy Chief Cryptologic Technician, with more than 20 years’ experience in cyberforensic and cyberanalytic operations, including time spent working in security centers within the NSA, CIA, FBI, and other government agencies. Congratulations! Image courtesy of Dr. Cunningham
Shawn Ellies – University of Pittsburgh’s New Director of Security and Emergency Management
Shawn Ellies was appointed Director of Security and Emergency Management at the University of Pittsburgh. Ellies oversees the Integrated Security Department, which includes the University’s physical security, access controls and emergency management areas within the Office of Public Safety and Emergency Management.
Ellies brings demonstrated leadership effectiveness to his expanded role. He has served at the University for the past 23 years in public safety roles including patrol officer, shift sergeant, shift lieutenant, administrative lieutenant, commander of the special emergency response team and commander of operations. Congratulations! Image courtesy of Ellies
Roy Mellinger – Aimbridge Hospitality’s New Global CISO
Roy Mellinger has joined Aimbridge Hospitality as global CISO, responsible for data security. In his role, Mellinger will implement baseline protection strategies, enhance network security and raise the bar on cyber protection and safeguarding measures. He will prioritize security initiatives and collaborate with the extended technology teams to consolidate initiatives for merging systems, infrastructures and security solutions for the organization.
Before joining Aimbridge, Mellinger was CISO/SVP of risk and security for Sabre GLBL, a technology provider to the airline, hotel and travel industry. Congratulations! Image courtesy of Mellinger
James Kent – NJR's New VP of Corporate Risk Management
James W. Kent was promoted to Vice President-Corporate Risk Management at New Jersey Resources (NJR). In his new role, Kent is responsible for the management, leadership and strategic direction of NJR’s risk management, internal audit, financial controls compliance, security, business continuity, procurement and contract management programs, as well as facility operations.
He joined NJR as the Director of Sarbanes-Oxley Compliance in 2013 and was named Director of Risk Management and later Treasurer in 2015. With more than 29 years of experience in the energy industry, Kent is a leader in the fields of risk management and financial controls. Prior to NJR, he worked for such organizations as Constellation Energy, American Electric Power, NextEra Energy and Deloitte. Congratulations! Image courtesy of Kent
Adolph Barclift – Five Star Bank’s New CISO
Adolph Barclift has joined the Five Star Bank as CISO. In his new role, Barclift serves as subject matter expert responsible for the development and delivery of a comprehensive information and cybersecurity program, ensuring that information is protected from external and internal threats. He also oversees compliance with statutory and regulatory requirements regarding information access, security and privacy.
He brings more than 20 years of experience in information technology, cybersecurity, vulnerability management and fraud detection as well as a comprehensive understanding of regulatory frameworks. He served as CISO for the Financial Services Division of NCR and in information security roles with Fannie Mae and Metris Companies. Congratulations! Image courtesy of Barclift