Cyber-criminals are getting bolder and bolder, a new report shows, indicating that the number of records breached in 2016 increased 556% compared to the previous year, hitting 4 billion.

According to IBM's 2017 X-Force Threat Intelligence Index, on top of the 4 billion records that ended up on the Internet last year, there were also 10,000 software vulnerabilities documented, which is the highest single-year number in the 20 years it has published its report.

The report takes into account numerous cyber crime trends, including the rise of spam messages. IBM's data shows Spam was up 400% in 2016, while 44% of these messages contained malicious attachments, most of which were ransomware. In fact, 85% of the attachments fell into this category of malware that tries to lock people's computers, offering a decryption key only to those who decide to pay a ransom.

A shift in attack targets

Another trend noticed by IBM regards targetted attacks on unstructured data. If in past years data breaches focused on various structured information sets, such as credit card data, passwords, personal health information and so on, 2016 saw a shift. In fact, hundreds of gigabytes of email archives, documents, intellectual property and source code were targeted by criminals and exposed along with all the other data that we've become "accustomed" to.

"Cyber-criminals continued to innovate in 2016 as we saw techniques like ransomware move from a nuisance to an epidemic. While the volume of records compromised last year researched historic highs, we see this shift to unstructured data as a seminal moment," said Caleb Barlow, VP of threat intelligence for IBM Security. He adds that the value of structured data to cyber-criminals is beginning to wane as the supply outstrips the demand.

The top field targeted by criminals was the financial one, which managed to dethrone healthcare, the number 1 affected field in 2015. In 2016, only 12 million healthcare records were leaked, as opposed to the 100 million compromised in the previous year. The second most-targeted field was government, which saw 398 million records compromised.