The number of US organisations to publicly disclose cyber attacks and data breaches grew to 614 last year from 449 in 2012, according to the Insurance Information Institute (III).

This year, 311 breaches had been reported as of May 27.

Businesses accounted for 34.4% of reported data breaches last year, while medical and healthcare organisations suffered the most, at 43.8% of the total.

Companies accounted for 84% of records exposed, or 77.3 million.

“Businesses that store confidential customer and client information online are fighting to maintain their reputations in the wake of massive data breaches,” the III’s report says.

Recent victims include retailers eBay, Michaels Stores, Neiman Marcus and Target. In each case millions of customer records were accessed.

There have been worse years for reported data breaches in the US, with 662 in 2010 and 656 in 2008.

But the report’s authors, III President Robert Hartwig and economist Claire Wilkinson, warn the risk to organisations is greater than the data shows.

“Despite the large number of reported breaches, the actual number of breaches and exposed records is without a doubt much higher because many, if not most, attacks go unreported.”

This year’s Allianz Risk Barometer for businesses ranks cyber risk eighth – its first appearance on the global top 10.