Data Breach Analysis for the First Half of 2022: What it Means for MSPs and SMBs

The Identity Theft Resource Center (ITRC) is a non-profit that was established in 1999 to minimize risk and mitigate the impact of identity compromise. The organization conducts independent surveys and studies to learn more about identity theft and related issues like data breaches, privacy, scams, and fraud. In their latest data breach research, First Half 2022 Data Breach Analysis, the ITRC reveals some first-ever changes in the numbers compared to recent years.

Keep reading to understand what these numbers mean for the channel, our cybersecurity landscape, and business continuity in the face of data breaches.

  • Data compromises continued to shift to attacks targeting businesses, government agencies, and institutions, while the number of people impacted by data compromises continued to drop.
  • Cyberattacks accounted for an estimated 87% of data compromises in the first half of the year.
  • Ransomware attacks linked to data breaches dropped 20% from the previous quarter, and phishing remains the number one root cause of data breaches so far this year.
  • Top compromises by sector include healthcare, financial services, manufacturing & utilities, and professional services.

MSPs and SMBs Are Still Being Targeted in Data Breaches.

According to the ITRC, “The number of people reportedly impacted by data compromises continued to drop in H1 2022 as the nature of data compromises shifted to attacks targeting businesses, government agencies, and institutions.” So while victim rates are declining, data breaches continue to target businesses. This is especially important for MSPs in light of the May 2022 advisory warning released by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and NSA in partnership with international cybersecurity agencies in the U.K., Australia, Canada, and New Zealand.

“As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks.”

– Jen Easterly, CISA Director

The advisory warns that “cybersecurity authorities expect malicious cyber actors – including state-sponsored advanced persistent threat (APT) groups – to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships.” To combat these threats, authorities recommend defense strategies, including monitoring and logging processes, multifactor authentication (MFA), system and data backups, and incident response and disaster recovery plans. In response to these recommendations, MSPs must reevaluate their security stack and vendors. Because MSPs hold the keys to the castle – meaning they have access to an aggregate of client data – it’s vital they work with MSP-only solution providers dedicated to protecting the channel. These vendors provide the highest level of support with MSP-specific features designed to ensure survival after a data breach occurs.

That said, even a comprehensive business continuity and disaster recovery (BCDR) product can only do so much. It’s up to MSPs to develop and exercise a robust disaster recovery plan, in addition to their product, to ensure rapid and reliable recovery no matter the incident. Data breaches are inevitable in today’s cybersecurity landscape, so proactive preparedness is crucial to recovery.

Download >> Disaster Recovery Playbook: Best Practices for MSP Planning and Testing

Cyberattacks Are Responsible for Most Data Breaches, But Ransomware is Declining

In good news/bad news, about 87% of the data compromises in the first half of 2022 were due to a cyberattack. However, ransomware attacks declined quarter-over-quarter for the first time since ransomware surpassed malware as the number two primary cause of data breaches in 2019. So, while cyberattacks continue to be a massive threat to businesses, ransomware may be declining. In fact, according to ITRC’s data, successful ransomware attacks dropped 20% in Q2 2022 from the previous quarter. This is the first quarter-over-quarter drop in ransomware since the ITRC began tracking ransomware in 2018.

Why? There aren’t any concrete reasons yet, but the ITRC says, “SecurityRansomeware hacker researchers speculate that the sudden decline in ransomware attacks is due to a combination of factors, including the ongoing conflict in Ukraine and the collapse of cryptocurrencies favored by cybercriminals.” However, the ITRC also cautions that the decline could be an illusion. Forty percent of data breach notices in the first half of 2022 did not include basic information, including attack vector and victim count. This is a new trend in the data that makes understanding the numbers difficult and requires further investigation. Regardless of why there is a drop, it’s more important to note that ransomware and other malware are still a constant threat to MSPs and their SMB clients. Notably, phishing remained the number one root cause of data compromises in the first half of 2022.

The reason these attacks are so successful is they rely on human error. To gain access to business-critical data and systems, humans have to provide access. Unfortunately, despite cybersecurity training, password protections, and zero trust models, it can be incredibly easy for well-intentioned and educated people to open the door for hackers. That’s why a security-first approach is required for today’s MSPs and SMBs. Rather than hoping it doesn’t happen to you, it’s best to confront the reality of the situation and proactively prepare for a full recovery.

Video >> MSP Recovers From Total Ransomware Takedown in the Kaseya Ransomware Attack

Data Breaches Also Target Specific Verticals.

If you’re an MSP protecting SMBs in the following industries, you’ve got one of the most challenging jobs in data protection…

  • Healthcare
  • Financial Services
  • Manufacturing & Utilities
  • Professional Services

Unfortunately, on top of the target you have on your back as an MSP and an SMB, you’re further targeted for working in these highly victimized industries. While many MSPs choose to focus their services in specific verticals because it can be a lucrative business choice, the decision demands an even higher level of security. Sadly, these same industries are also some of the optimal target verticals for MSPs. According to the ChannelE2E Top 100 Vertical Market MSPs 2022 Edition, the most successful market for MSPs is healthcare and manufacturing, with continued interest in financial services, legal, and government opportunities. The cross-over between highly targeted industries and specializations in the channel requires additional efforts, attention, and protections by the MSPs responsible for navigating data breaches.

Oftentimes, an MSP’s understanding and ability to adhere to industry-specific compliance standards and regulations makes them an attractive choice for SMBs. BCDR solutions with built-in features like pooled flat-fee data storage and secure long-term retention, Chain-Free backups, anti-data deletion technology, and instant virtualization ensure long-term retention, rapid and reliable recovery, and cost-efficiency. MSPs specializing in these types of verticals should reassess their stack for these components in the face of rising and targeted attacks to not only ensure business continuity but as a way to increase sales, attract new clients, and gain a competitive edge in the market.

Preparing for the Future with Comprehensive BCDR

Axcient’s x360Recover BCDR solution includes the features and capabilities MSPs need to get ahead of the impact of today’s data breaches. As a 100% MSP-only solution provider, Axcient’s solutions are designed to cater to the needs of MSPs, regardless of the verticals they serve. With per device and per server pricing, and all-in-one vendor simplicity, MSPs gain the freedom to focus on value-added tasks rather than vendor management. Schedule a 1:1 Axcient Demo or Start Your Free Trial today.

Carissa Kohn Johnson Axcient

About the Author: Carissa Johnson // Product Marketing Manager, Axcient

Carissa Kohn-Johnson has a background in behavioral and physical healthcare technology and information technology and currently works as the Product Marketing Manager for Axcient. She has a lot of MSP Channel experience from planning and attending hundreds of conferences and tradeshows, and found her passion in technology, and working with MSPs in particular. She serves on the Information Services Advisory Board for her community and feels most at home with other technology-forward people. Connect with her on LinkedIn – perhaps you can contribute to the Axcient blog?

8 Tips for Optimizing Your Disaster Recovery Strategy

If disaster strikes, how will your organization respond?

Axcient recovery

How well could you sleep with reliable cloud-based backups and recovery?

Take a deep dive into Axcient’s proprietary, automated security features to see how we’re ensuring uninterrupted business continuity — no matter what:

Axcient Solutions


Protect Everything.
Access Axcient Now!

Axcient Logo