The newest data from NordVPN’s Dark Web Monitor feature shows that the number of breached companies remains high, but the number of users affected by those leaks has decreased 18 times since 2019.
However, with the data of nearly two-thirds (62%) of Dark Web Monitor users available on the dark web, the risk of data theft is still very high.
In 2019 the average number of users affected in a breach amounted to 9,3-million per incident. In 2022, this number decreased to 497 000 per incident.
Furthermore, we noticed that the number of large-scale breaches affecting lots of customers has declined. In 2019, around a third of breaches affected more than 1-million users. In 2020, this percentage dropped to 18%. In 2021, only 10% of breaches affected millions of users. In 2022, this number is even smaller at 7%.
“On the one hand, this is great news,” says Daniel Markuson, cybersecurity expert at NordVPN. “On the other hand, we don’t see cybercrime slowing down because of those numbers. A recent report by Verizon showed that around 50% of security incidents in 2021 happened due to leaked credentials.
“So criminals continue to reuse and exploit the data that was leaked on the dark web in the past.”
The researchers at NordVPN analyzed data breaches with a known incident date, which make up around 7% of data breaches. However, this still allows us to see a clear trend — consumers are affected by company breaches much more rarely.
Breaches increased from 2012 until 2018, with 2018 and 2019 experiencing a slight decrease. In 2020, the number of breached companies reached a peak because of the Covid-19 pandemic and companies becoming more vulnerable.
Looking at the past two years, the number of attacks on companies remains high. However, most data breaches affected fewer than a million users, potentially because companies invest significant resources into securing their customers.
While the number of leaked phone numbers and email addresses per incident was very high in 2019 (at least 9,3-million users affected per incident), it has dropped 18-times since then.
According to Dark Web Monitor data, 62% of its users have had their data breached on the dark web. But even though the Dark Web Monitor team works hard to alert users — people still choose to ignore the alerts and don’t change their habits.
“Most businesses are doing everything in their power to protect customers’ data. So when companies get hacked, consumer data is rarely affected. But users still have a lot to learn because human error causes 95% of cybersecurity incidents,” says Markuson.