No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

Gemalto Releases Findings of First Half 2015 Breach Level Index

by Corporate Compliance Insights
September 9, 2015
in GRC Vendor News
Gemalto Releases Findings of First Half 2015 Breach Level Index

Identity Theft Takes Top Spot, Accounting for 53 Percent of Data Breaches; State-Sponsored Attacks See Huge Gains, Accounting for 41 Percent of Stolen Data Records

Amsterdam – September 9, 2015 – Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, today released the findings of the Breach Level Index for the first six months of 2015, revealing that 888 data breaches occurred, compromising 246 million records worldwide.

Compared to the first half of 2014, data breaches increased by 10 percent while the number of compromised data records declined by 41 percent during the first six months of this year. This decline in compromised records can most likely be attributed to that fact that fewer large scale mega breaches have occurred in the retail industry compared to the same period last year.

Despite the decrease in the number of compromised records, large data breaches continued to expose massive amounts of personal information and identities. The largest breach in the first half of 2015 – which scored a 10 in terms of severity on the Breach Level Index – was an identity theft attack on Anthem Insurance that exposed 78.8 million records, representing almost one-third (32 percent) of the total data records stolen in the first six months of 2015. Other notable breaches during this analysis period included a 21-million-record breach at the U.S. Office of Personnel Management (BLI: 9.7), a 50-million-record breach at Turkey’s General Directorate of Population and Citizenship Affairs (BLI: 9.3) and a 20-million-record breach at Russia’s Topface (BLI: 9.2). In fact, the top 10 breaches accounted for 81.4 percent of all compromised records.

“What we’re continuing to see is a large ROI for hackers with sophisticated attacks that expose massive amounts of data records. Cybercriminals are still getting away with big and very valuable data sets. For instance, the average health care data breach in the first half of 2015 netted more than 450,000 data records, which is an increase of 200 percent compared to the same time last year,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.

Data Breaches by Source

The number of state-sponsored attacks accounted for just 2 percent of data breach incidents, but the number of records compromised as a result of those attacks totaled 41 percent of all records exposed, due to the breaches at Anthem Insurance and the U.S. Office of Personnel Management. While none of the top 10 breaches from first half of 2014 were caused by state-sponsored attacks, three of the top 10 this year were state sponsored—including the top two.

At the same time, malicious outsiders were the leading source of data breaches in the first half of 2015, accounting for 546 or 62 percent of breaches, compared to 465 or 58 percent in the first half of last year. Forty-six percent or 116 million of the total compromised records were attributable to malicious outsiders, down from 71.8 percent or 298 million in 2014.

Data Breaches by Type

Identity theft remained the primary type of breach, accounting for 75 percent of all records compromised and slightly more than half (53 percent) of data breaches in the first half of 2015. Five of the top 10 breaches, including the top three – which were all classified as Catastrophic on the BLI – were identity theft breaches, down from seven of the top 10 from the same period last year.

Data Breaches by Industry

Across industries, the government and health care sectors accounted for about two-thirds of compromised data records (31 percent and 34 percent respectively), though health care only accounted for 21 percent of breaches this year, down from 29 percent compared to the same period last year. The retail sector saw a significant drop in the number of stolen data records, accounting for 4 percent compared to 38 percent for the same period last year. Across regions, the U.S. represented the largest share with three-quarters (76 percent) of data breaches and nearly half of all compromised records (49 percent). Turkey accounted for 26 percent of compromised records, with its massive GDPCA breach in which 50 million records were breached by a malicious outsider.

The level of encryption used to protect exposed data — which can dramatically reduce the impact of data breaches – increased slightly to 4 percent of all breaches compared with 1 percent in H1 2014.

“While the number of data breaches fluctuates, it’s still clear that breaches are not a matter of ‘if’ but ‘when.’ The Breach Level Index data shows that most companies are not able to protect their data once their perimeter defenses are compromised. Although more companies are encrypting data, they are not doing it at the levels needed to reduce the magnitude of these attacks,” added Hart. “What is needed is a data-centric view of digital threats starting with better identity and access control techniques including multi-factor authentication and strong encryption to render sensitive information useless to thieves.”

According to Forrester, as cybercriminals have become more skillful and sophisticated, they have eroded the effectiveness of traditional perimeter-based security controls. The constantly mutating threat landscape requires new defensive measures, one of which is the pervasive use of data encryption technologies. In the future, organizations will encrypt data — both in motion and at rest — by default. This data-centric approach to security is a much more effective way to keep up with determined cybercriminals. By encrypting, and thereby devaluing, sensitive data, organizations can make cybercriminals bypass their networks and look for less robustly protected targets. Encryption will become a strategic cornerstone for security and risk executives responsible for their organization’s data security and privacy efforts.1

For a full summary of data breach incidents for the first half of 2015 by industry, source, type and geographic region, download the 1H 2015 Breach Level Index Report.

The Breach Level Index provides a centralized, global database of data breaches and calculates their severity based on multiple dimensions, including the type of data and the number of records stolen, the source of the breach and whether or not the data was encrypted. By assigning a severity score to each breach, the BLI provides a comparative list of breaches, distinguishing nuisances from truly impactful mega breaches. Information populating the BLI database is based on publicly-available breach disclosure information.  For more information, visit www.breachlevelindex.com.

Related Resources:

  • Infographic: 2015 1H Breach Level Index
  • Secure the Breach Manifesto
  • Secure the Breach Web Site

1 Forrester Research, Inc., Kill Your Data to Protect It From Cybercriminals, July 12, 2012

About Gemalto

Gemalto (Euronext NL0000400653 GTO) is the world leader in digital security, with 2014 annual revenues of €2.5 billion and blue-chip customers in over 180 countries.

Gemalto helps people trust one another in an increasingly connected digital world. Billions of people want better lifestyles, smarter living environments and the freedom to communicate, shop, travel, bank, entertain and work – anytime, everywhere – in ways that are enjoyable and safe. In this fast moving mobile and digital environment, we enable companies and administrations to offer a wide range of trusted and convenient services by securing financial transactions, mobile services, public and private clouds, eHealthcare systems, access to eGovernment services, the Internet and internet-of-things and transport ticketing systems.

Gemalto’s unique technology portfolio – from advanced cryptographic software embedded in a variety of familiar objects, to highly robust and scalable back-office platforms for authentication, encryption and digital credential management – is delivered by our world-class service teams. Our 14,000 employees operate out of 99 offices, 34 personalization and data centers and 24 research and software development centers located in 46 countries.

For more information visit www.gemalto.com, www.justaskgemalto.com, blog.gemalto.com, or follow @gemalto on Twitter.


Previous Post

The Unwanted Internal Auditor

Next Post

Despite Multimillion-Dollar Federal Penalties for OFAC and Other Sanctions Violations, Corporate Finance Departments Still Fail to Implement Simple Protections. Why?

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

dod pentagon

CMMC 2.0 Creates New Compliance Calculus for Defense Contractors

by Shrav Mehta
July 3, 2025

Simplified framework still poses significant challenges for smaller defense industrial base participants

Integreon Launch

Integreon Launches AI-Enabled Legal & Regulatory Compliance Services

by Corporate Compliance Insights
July 2, 2025

Integreon has launched AI-enabled legal and regulatory compliance services powered by ContractPodAi's Leah intelligence platform to automate compliance processes and...

SpeakUp Launch

SpeakUp Launches AI Phone Agent and Disclosure Management Platform

by Corporate Compliance Insights
July 2, 2025

SpeakUp has launched two new solutions — an AI-powered disclosure and approval management platform called SpeakUp Paths and an AI...

Riskonnect Launch

Riskonnect Launches AI Governance Solution for Risk Management

by Corporate Compliance Insights
July 2, 2025

Riskonnect has launched an AI governance solution integrated within its risk management platform to help organizations manage AI-related risks and...

Next Post
Despite Multimillion-Dollar Federal Penalties for OFAC and Other Sanctions Violations, Corporate Finance Departments Still Fail to Implement Simple Protections. Why?

Despite Multimillion-Dollar Federal Penalties for OFAC and Other Sanctions Violations, Corporate Finance Departments Still Fail to Implement Simple Protections. Why?

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights