Theft of identities and personal information retains top spot, accounting for 53 percent of data breaches; health care and government overtake retail as most-targeted sectors
AMSTERDAM – February 23, 2016 ─ Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, today released the latest findings of the Breach Level Index, revealing that 1,673 data breaches led to 707 million data records being compromised worldwide during 2015.
The Breach Level Index (BLI) is a global database that tracks data breaches globally and measures their severity based on multiple dimensions, including the type of data and the number of records compromised, the source of the breach and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing nuisances from truly impactful mega breaches. Gemalto will feature the Breach Level Index and the 2015 findings next week at the 2016 RSA Conference in San Francisco (booth N4108).
According to the Breach Level Index, more than 3.6 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. In 2015, malicious outsiders were the leading source of these breaches, accounting for 964, or 58 percent of breaches and 38 percent of compromised records, while identity theft remained the primary type of breach, accounting for 53 percent of data breaches and 40 percent of all compromised records.
“In 2014, consumers may have been concerned about having their credit card numbers stolen, but there are built-in protections to limit the financial risks,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “However, in 2015 criminals shifted to attacks on personal information and identity theft, which are much harder to remediate once they are stolen. As companies and devices collect ever-increasing amounts of customer information and as consumers’ online digital activities become more diverse and prolific, more data about what they do, who they are and what they like is at risk to be stolen from the companies that store their data. If consumers’ entire personal data and identities are being co-opted again and again by cyber thieves, trust will increasingly become the centerpiece in the calculus of which companies they do business with.”
Across industries, the government sector accounted for 43 percent of compromised data records — up 476 percent from 2014 due to several very large data breaches in the United States and Turkey — and 16 percent of all data breaches. The health care sector accounted for 19 percent of total records compromised and 23 percent of all data breaches. The retail sector saw a major drop (93 percent) in the number of stolen data records compared to the same period last year, accounting for just 6 percent of stolen records and 10 percent of the total number of breaches in 2015. The financial services sector also saw a nearly 99 percent drop, representing just 0.1 percent of compromised data records and 15 percent of the total number of breaches.
While malicious outsiders accounted for the largest percentage of data breach incidents (58 percent), accidental loss or exposure of data records accounted for 36 percent of all records. The number of state-sponsored attacks accounted for 2 percent of data breach incidents, but the number of records compromised as a result of those attacks totaled 15 percent of all records exposed. Malicious insiders accounted for 14 percent of all data breaches and just 7 percent of compromised records.
In terms of geographic regions, 77 percent of all data breach incidents occurred in North America, with 59 percent of all compromised records happening in the United States. Europe accounted for 12 percent of overall breach incidents, followed by the Asia-Pacific region at 8 percent.
Scoring the severity – Not all data breaches are created equal
“It is important to keep in mind that not all breaches are equal in terms of the level of severity and damage that they can bring for companies and their customers,” added Hart. “Even if a breach occurs, it can be a secure breach if the right security technologies, such as encryption, are properly in place to protect the most important and sensitive data. Unfortunately, this year there were several major breaches involving personal data and identities that were not encrypted when they should have been.”
“The Breach Level Index is designed to serve as a guide for security professionals as they navigate the widening threat landscape. It provides CIOs and CSOs with the data they need to better classify breaches, conduct internal risk assessment and planning and, most importantly, employ the right security technologies to help ensure that if a breach were to occur their high value and most sensitive data would not be compromised,” concluded Hart.
- Secure the Breach Manifesto
- Secure the Breach Web Site
- Blog : Digital Security 2016 – This Time It’s Personal
Gemalto (Euronext NL0000400653 GTO) is the world leader in digital security, with 2014 annual revenues of €2.5 billion and blue-chip customers in over 180 countries.
Gemalto helps people trust one another in an increasingly connected digital world. Billions of people want better lifestyles, smarter living environments, and the freedom to communicate, shop, travel, bank, entertain and work – anytime, everywhere – in ways that are enjoyable and safe. In this fast moving mobile and digital environment, we enable companies and administrations to offer a wide range of trusted and convenient services by securing financial transactions, mobile services, public and private clouds, eHealthcare systems, access to eGovernment services, the Internet and internet-of-things and transport ticketing systems.
Gemalto’s unique technology portfolio – from advanced cryptographic software embedded in a variety of familiar objects, to highly robust and scalable back-office platforms for authentication, encryption and digital credential management – is delivered by our world-class service teams. Our 14,000 employees operate out of 99 offices, 34 personalization and data centers and 24 research and software development centers located in 46 countries.