Stolen identities lead to massive breaches, costing businesses an average of $9.4 million per breach in 2022, a new report by ForgeRock found.

Its identity breach report found that 1.5 billion records were exposed as a result of data breaches in 2022.

Artificial intelligence (AI)-driven fraud attacks create a huge threat for both businesses and consumers.

“Through the use of new technologies like generative AI, tactics such as phishing emails, malicious code and voice or video-based impersonation, otherwise known as ‘deep fakes,’ are becoming more common and difficult to detect,” the report stated.

Credentials continue to be the main target, as cyber criminals use them as a stepping stone to infiltrate an organization across industries and geographies, it added, with “AI making it more difficult for the average human to identify threats.”

Other key findings include:

  • Unauthorized access is the leading cause of breaches for the fifth consecutive year.
  • 52 percent of all reported breaches came through third-party partners and suppliers.
  • Healthcare remains a top target with attacks increasing by 50 percent compared to 2021.
  • Social Security Number and date of birth information were exposed in 72 percent of breaches.
  • Attacks within the financial services sector decreased by 29 percent, but nearly half of those attacks affected the insurance industry.

The report found that just one compromise of a single authorized identity of an employee or of a service provider or vendor to the enterprise “can cause a serious breach or ransomware attack affecting millions of consumers.”

To thwart these types of attacks, organizations must adopt holistic digital identity and access management strategies to strengthen security, without jeopardizing the user experience across all functions, the report stated.

Best practices like “adopting a Zero Trust framework to verify access requests, implementing passwordless authentication to stop password-based attack and leveraging AI-driven IAM tools to manage the volume and velocity of cyberattacks” are recommended.

“The most secure organizations will be those that combine the use of technologies like AI with a well designed approach to security operations and usability,” said Eve Maler, CTO at ForgeRock.

In addition to US data breaches, the ForgeRock Identity Breach Report also highlights attacks in other regions, including the United Kingdom, Germany, Australia and Singapore.