The number of cyber security breaches disclosed in the first three months of the year fell to 686, compared to 1,444 breaches reported in the first quarter of 2017.
This was according to Risk Based Security, which has released the results of its Q1 2018 Data Breach QuickView Report.
The report found that the number of data records compromised in the quarter remained high, with over 1.4 billion exposed.
In addition, it found that in Q1 last year there were over 200 instances of phishing for employee data. However, by the end of April 2018, that activity had fallen to just over 30 reported events.
According to Risk Based Security, shifting tactics has played a part in the drop in breaches. Crypto-mining malware and cryptojacking has been a threat since early 2017. However, the rapid increase in the value of cryptocurrencies that occurred in January drove a rapid expansion into the theft of computing resources, the company said.
Inga Goddijn, executive vice president at Risk Based Security, said: “While there is no direct data linking the rise of crypto-miners to a reduction in data breach activity, there are tantalising bits of evidence that lead us to believe there is some level of relationship at play here.”
The report found that the top five breach types dominating recent reports – hacking, skimming, inadvertent disclosure on the Internet, phishing and malware – all remained the top breach types into 2018.
Meanwhile, Risk Based Security said the average number of days between the discovery of a breach and its public disclosure has been “steadily declining from year to year”. However, the firm said that at an average of 37.9 days, work still needs to be done to meet the obligation to report breaches within 72 hours of detection.