While it is likely that the breach activity of 2018 won’t reach the level of 2017, a look back at the first nine months suggests that 2018 is on pace to be another significant year for breaches, according to Risk Based Security.

The 2018 Q3 Data Breach QuickView Report found that 3,676 data compromise events were disclosed between 1 January and 30 September, exposing 3.6 billion records. However high those numbers might seem, and despite the consistent pace at which disclosures are reported, 2018 is not expected to see the record number of breaches reported in 2017. In fact, the report found that when compared to the same point in 2017, the number of reported breaches fell by 8%, and the number of exposed records decreased by 49% from 7 billion.

“The number of reported breaches shows some improvement compared to 2017 and the number of records exposed has dropped dramatically,” said Inga Goddijn, executive vice president for Risk Based Security, in a press release. “However, an improvement from 2017 is only part of the story, since 2018 is on track to have the second most reported breaches and the third most records exposed since 2005. Despite the decrease from 2017, the overall trend continues to be more breaches and more ‘mega breaches’ impacting tens of millions, if not hundreds of millions, of records at once.”

The report looked at breaches by sector and found that business made up 38% of reported breaches. Though 43% of reported breaches couldn’t be classified into a sector category, the research did find that government represented 8.2% of the overall breaches while medical trailed slightly behind at 7.8%. The education sector represented only 3.9% of the classifiable breaches.

Of the 3.6 billion records exposed, 63.6% were from the business sector, and 100 million or more records were stolen in only seven of the 3,676 breaches. In addition, the 10 largest breaches accounted for 84.5% of the records exposed year to date.

According to the report, criminals often used fraud, which was in the top spot for the breach type compromising the most records and accounting for 35.7% of exposed records, while hacking led the pack in number of incidents, accounting for 57.1% of reported breaches.

An additional key finding of the report noted the lack of transparency that continues to reign among breached organizations in 2018, with 34.5% of impacted companies unwilling or unable to disclose the number of records exposed.