According to a report from IBM Security, more than 2.9 billion records were leaked worldwide from publicly disclosed incidents in 2017, a drop of nearly 25 percent over the previous year, which saw over 4 billion records sent into the wild.
"Instead of compromising data in large quantities, attackers instead regularly locked down access to data, demanding ransom payments from the data owners," the report said. "As a result, it's been estimated that ransomware attacks cost companies more than $8 billion globally last year in downtime and other impacts to business, and in ransomware payments."
According to the report, cybercriminals continued to take advantage of human error and mistakes in infrastructure configurations to launch attacks in 2017. Despite the overall decline, the number of records breached through misconfigured cloud servers, due to employee mistakes, rose by 424 percent in 2017.
Nearly 70 percent of the compromised records tracked in 2017 were exposed due to one of these misconfigured servers, IBM explained.
Beyond misconfigured cloud, individuals lured via phishing attacks represented one-third of inadvertent activity that led to a security event in 2017.
IBM said this includes users clicking on a link or opening an attachment laced with malicious code, usually shared via a spam campaign.
"While breached records are a good indication of cybercriminal activity, it doesn't tell the full story of 2017," Wendi Whitmore, IBM X-Force Incident Response and Intelligence Services global lead, said.
"Last year, there was a clear focus by criminals to lock or delete data, not just steal it, through ransomware attacks. These attacks are not quantified by records breached, but have proven to be just as, if not more, costly to organisations than a traditional data breach."
Security incident and attack volume across the top-targeted industries also declined in 2017 from 2016, down 22 percent and 18 percent respectively, IBM said.
While financial services has been the most targeted industry by cybercriminals, in 2017, it fell to the third-most attacked industry, accounting for 17 percent of overall attacks behind IT with 33 percent and manufacturing with 18 percent.
However, financial services experienced the highest volume of security incidents for the second consecutive year, accounting for 27 percent of attacks across all industries.
The most active financial malware according to IBM was Gozi, which toppled Zeus from its number one position in 2017, while the once-notorious financial Trojans Neverquest, GozNym, and Shifu also saw their demise last year, the report said.
The report was compiled using data IBM collected between January 1 and December 31, 2017.