Breach Notification , Security Operations , Video
ITRC Breach Report: Lack of Transparency, Details Worsen
IRTC's James Lee on Big Events, 'Troubling' Trends in the 2022 Data Breach ReportThe 2022 Annual Data Breach Report, published by the Identity Theft Resource Center, reveals a near-record number of compromises last year - the second-highest number since the ITRC first published the report 17 years ago.
See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware
James Lee, chief operating officer of the ITRC, says the 2022 report highlights a sudden lack of transparency and important details in breach notices, which is creating more risk for consumers.
It's a "very troubling" trend, Lee says, because "companies and other organizations rely on the information that other companies who are compromised share, so they can prepare for a similar attack."
Lee says the group first noticed in 2021 an upswing in organizations failing to report basic information such as how the attack happened, who was impacted and what's being done to correct it. In 2022, only 58% provided such actionable information.
"When you combine that with the fact that we also saw a decline in the number of victim counts - how many people were impacted … we only had 34% of the data breach notices include actionable information. That is a huge decline in less than one year,” Lee says.
In this video interview with Information Security Media Group, Lee also discusses:
- Highlights from the ITRC's 2022 Annual Data Breach Report;
- Why the sudden lack of transparency in breach notices is creating more risk for consumers;
- How supply chain attacks are surpassing malware as a primary cause of data breaches.
A data protection and technology veteran, Lee is the former executive vice president and company secretary of Irish application security company Waratek and former senior vice president and chief marketing officer for Atlanta-based data pioneer ChoicePoint - now LexisNexis. He also chaired two working groups for the American National Standards Institute - ANSI - on identity management and privacy. Prior to joining ChoicePoint, Lee served as a global public affairs and communication executive at International Paper.