Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
View our privacy policy

Kroll recently published its own research into recent data breaches and the industries they affect. In this blog, we outline its main findings and recommendations

Kroll’s 2021 Data Breach Outlook has identified a 140% increase in data breach notification cases from 2019 to 2020. Industries such as healthcare, education and financial services, which were the most impacted in 2019, continued to be hard hit in 2020 and, so far, in 2021 too.

However, the greatest increases occurred in industries that were generally spared in 2019. Data attacks became broader and deeper during the COVID-19 pandemic, a trend that has continued throughout the recovery.

Kroll attributes the rise in data breach notification cases to four trends:

  • The shift to remote working, which has left employees and employers more vulnerable to cybercrime
  • The evolution of ransomware into data extortion schemes
  • The rising impact of supply chain attacks
  • The combination of stricter privacy regulations with increased awareness of privacy rights

These factors have been found to affect companies in all industries – even those that haven’t historically been the target of cyber-attacks. Kroll investigated the drivers of cyber-attacks within its client-base in six of those industries: food and drink, utilities, construction, entertainment, agriculture and recreation.


More industries vulnerable to data breaches

In 2020, Kroll’s data showed an average 125% growth in breach notification cases for industries which experienced five or more breaches in 2019. It continues to see a surge in the same, more traditional and regulated group of industries in 2021.


Increases in data breaches varied by industry

Interestingly, some industries saw a massive increase in data breaches in 2020 compared with 2019. For example, food and drink experienced a 1,300% increase, while construction saw an 800% increase.

While these are significant rises, it is important to keep them in context. The hardest-hit industries experienced many more data breaches than the six industries outlined here. In 2020, for example, the average number of breaches experienced in historically hard-hit industries was 104, whereas the average number for the group of six historically less-targeted industries was 12.

“The hardest hit and heavily-regulated industries—such as financial services and healthcare—are also some of the best prepared to handle data breaches.

The historically less affected industries are also less prepared, so it is not surprising that during COVID-19 they would experience dramatic increases in data breaches year-on-year”

The six industries identified by Kroll as having the lowest number of data breach notifications in 2019 – food and drink, utilities, construction, entertainment, agriculture and recreation – saw a 545% increase in notifications from 2019 to 2020.

Picture of bar graph

Source – Kroll


Drivers of data breaches across industries

Kroll identified several trends that have led to increases in the number of breaches across industries during the pandemic. These include:

The shift to remote working

This change has left both employees and employers more vulnerable to cybercrime. Most industries were affected by an uptick in COVID-19-related spear phishing emails, as well as an increase in malicious activity against platforms adopted for remote working.

The evolution of ransomware into data extortion schemes

The economic downturn has triggered an increase in ransomware attacks, as well as a diversification of extortion tactics used by threat actors to pressure victims into paying.

The rising impact of supply chain attacks

Cybercrime groups have demonstrated considerable operational maturity to not only develop a high rate of zero-day vulnerabilities but also to rapidly exploit security vulnerabilities before patches can be applied.



Kroll found that 43% of the organisations interviewed still felt they lacked readiness to notify in the event of a breach. Given the significant growth in data breach notifications seen in 2020, Kroll strongly recommends organisations take proactive steps to prepare for a notifiable data breach incident. In the long run, this is likely to minimise regulatory and reputational impact.

Kroll’s five key recommendations for better preparing for a breach event are:

  1. Negotiate and retain key vendors to assist during incident response
  2. Conduct tabletop exercises with leadership and incident response specialists
  3. Provide education, training and technical support to employees
  4. Understand where data resides in your organisation
  5. Don’t rely on encryption as your only method of defence


Taking a proactive stance against data breaches

With most organisations receiving more than 100 threat alerts every day and a reduction of endpoint visibility due to the shift to remote working, the ability to swiftly detect and confidently respond to cyber threats has become a difficult challenge for organisations to undertake on their own.

Kroll recommends that organisations assess their incident response and breach notification capabilities and consider a 24×7 managed detection and response solution that can enhance security capabilities ahead of an incident. Investing in detection and response delivers the biggest ROI in security as organisations can prevent larger attacks and minimise business interruption.