Gemalto, the world leader in digital security, released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88 percent increase from 2016. While data breach incidents decreased by 11 percent, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013.
Over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised every day. Of the 1,765 data breach incidents in 2017, identity theft represented the leading type of data breach, accounting for 69 percent of all data breaches. Malicious outsiders remained the number one cybersecurity threat last year at 72 percent of all breach incidents. Companies in the healthcare, financial services and retail sectors were the primary targets for breaches last year. However, government and educational institutions were not immune to cyber risks in 2017, making up 22 percent of all breaches.
The Breach Level Index* serves as a global database that tracks and analyzes data breaches, the type of data compromised and how it was accessed, lost or stolen. Based on data breach reports collected in the Breach Level Index, the major 2017 highlights include:
- Human error a major risk management and security issue: Accidental loss, consisting of improper disposal of records, misconfigured databases and other unintended security issues, caused 1.9 billion records to be exposed. A dramatic 580 percent increase in the number of compromised records from 2016.
- Identity theft is still the number one type of data breach: Identity theft was 69 percent of all data breach incidents. Over 600 million records were impacted resulting in a 73 percent increase from 2016.
- Internal threats are increasing: The number of malicious insider incidents decreased slightly. However, the amount of records stolen increased to 30 million, a 117 percent increase from 2016.
- What a nuisance: The number of records breached in nuisance type attacks increased by 560 percent from 2016. The Breach Level Index defines a data breach as a nuisance when the compromised data includes basic information such as name, address and/or phone number. The larger ramification of this type of breach is often unknown, as hackers use this data to orchestrate other attacks.
"The manipulation of data or data integrity attacks pose an arguably more unknown threat for organizations to combat than simple data theft, as it can allow hackers to alter anything from sales numbers to intellectual property. By nature, data integrity breaches are often difficult to identify and in many cases, where this type of attack has occurred, we have yet to see the real impact," said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “In the event that the confidentiality, or privacy, of the data is breached, an organization must have controls, such as encryption, key management and user access management, in place to ensure that integrity of the data isn't tampered with and it can still be trusted. Regardless of any concerns around manipulation, these controls would protect the data in situ and render it useless the moment it's stolen."
"Companies can mitigate the risks surrounding a breach through a 'security by design' approach, building in security protocols and architecture at the beginning," said Jason Hart, "This will be especially important, considering in 2018 new government regulations like Europe's General Data Protection Regulation (GDPR) and the Australian Privacy Amendment Act (Notifiable Data Breaches) go into effect. These regulations require companies to adapt a new mindset towards security, protecting not only their sensitive data but the privacy of the customer data they store or manage."
*The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful (scores run 1-10).
For a full summary of data breach incidents by industry, source, type and geographic region, download the Breach Level Index 2017 Report.
To learn more about the 2017 statistics and trends, register for the upcoming FREE live webinar "New Data Breach Findings: The Year of Internal Threats and Misplaced data".