Sites like PrivacyRights.org provide an abundance of information on
data breaches, and researchers can derive new insights from public data
regarding data breaches. Many of the reported data breaches are
categorized by the malicious techniques used, the location of the breach, as
well as the industry type it occurred in. As of 2023, the year of the last
reported breaches, the states with the highest number of breached entities
are California, Indiana, Massachusetts, Texas, and Maryland. Based on public
data, financial organizations, hospitals and medical related organizations,
and insurance companies are the most impacted industries to be targeted by
a cyber-attack. A common trend about these data breaches is that they
involved some form of hacking into the organization’s network. Thus,
researchers can study patterns of what industries have the most incidents of
breach and whether users’ confidential data has been compromised.
Furthermore, most attacks had little to no impact on users’ confidential data.
Regarding users’ confidential data, threat actors had the tendency to hold
such information hostage by encrypting it in industries like medical
organizations. By understanding the types of malicious techniques used to
breach company data, researchers can better understand the motives of
these attacks and identify the most suitable measures to counter these
cyber-attacks.