Cybercriminals shifted away from stealing individual consumers’ information in 2020 to focus on bigger, more profitable attacks on businesses, according to a report from the Identity Theft Resource Center.
The nonprofit, which supports victims of identity crime, found that the number of U.S. data breaches fell 19% in 2020 to 1,108. But the number of individual victims of such cybercrimes fell 66% compared with the year prior.
Ransomware and phishing attacks are now the preferred form of data theft because they require less effort and generate bigger payouts. The ITRC said that one ransomware attack can generate as much revenue in minutes as hundreds of individual identity theft attempts over months or years.
According to cybersecurity firm Coveware, the average ransomware payout has grown from less than $10,000 per event in 2018 to more than $233,000 per event in 2020.
However, experts urge consumers not to let down their guard.
According to the ITRC report released Thursday, even with the decline, there were still 300.5 million individuals impacted by data breaches in 2020. Although this figure may include repeats, where a person is victimized multiple times.
“People should understand that this problem is not going away,” said Eva Velasquez, ITRC’s president and CEO. “Cybercriminals are simply shifting their tactics to find a new way to attack businesses and consumers.”
One rising trend is attacks on third parties, such as a vendor, that would yield access to multiple organizations through a single attack. Often, the organization is smaller, with weaker security measures than the companies they work for.
Additionally, the pandemic may have fueled some changes, with employees working remotely and potentially exposing their company networks to criminals. There was also an increase in unemployment fraud as cybercriminals tapped into those systems, which were overwhelmed with claims and new protocols.
Velasquez urged consumers to remain vigilant in protecting their personal and professional information. Criminals will continue to use personal information even if the means by which they obtain it has changed.
“We are not out of the woods,” she said. “It’s not time for consumers to breathe a sigh of relief.”
Related: Over 250 Organizations Breached via SolarWinds Supply Chain Hack: Report
Related: Verizon 2020 DBIR: More Extensive, More Detailed and More Thorough Than Ever
