Breach Notification , Security Operations , Video

ITRC Breach Report: Lack of Transparency, Details Worsen

IRTC's James Lee on Big Events, 'Troubling' Trends in the 2022 Data Breach Report
James Lee, chief operating officer, Identity Theft Resource Center

The 2022 Annual Data Breach Report, published by the Identity Theft Resource Center, reveals a near-record number of compromises last year - the second-highest number since the ITRC first published the report 17 years ago.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

James Lee, chief operating officer of the ITRC, says the 2022 report highlights a sudden lack of transparency and important details in breach notices, which is creating more risk for consumers.

It's a "very troubling" trend, Lee says, because "companies and other organizations rely on the information that other companies who are compromised share, so they can prepare for a similar attack."

Lee says the group first noticed in 2021 an upswing in organizations failing to report basic information such as how the attack happened, who was impacted and what's being done to correct it. In 2022, only 58% provided such actionable information.

"When you combine that with the fact that we also saw a decline in the number of victim counts - how many people were impacted … we only had 34% of the data breach notices include actionable information. That is a huge decline in less than one year,” Lee says.

In this video interview with Information Security Media Group, Lee also discusses:

  • Highlights from the ITRC's 2022 Annual Data Breach Report;
  • Why the sudden lack of transparency in breach notices is creating more risk for consumers;
  • How supply chain attacks are surpassing malware as a primary cause of data breaches.

A data protection and technology veteran, Lee is the former executive vice president and company secretary of Irish application security company Waratek and former senior vice president and chief marketing officer for Atlanta-based data pioneer ChoicePoint - now LexisNexis. He also chaired two working groups for the American National Standards Institute - ANSI - on identity management and privacy. Prior to joining ChoicePoint, Lee served as a global public affairs and communication executive at International Paper.


About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.