(Thomson Reuters ONE) -
Data breaches up 15% and compromised data records up 31% compared to previous
six months
Identity and personal data theft account for 64% of all data breaches
Healthcare organizations account for nearly one-third of all data breaches
Amsterdam - September 20, 2016 - Gemalto (Euronext NL0000400653 GTO), the world
leader in digital security, today released the findings of the Breach Level
Index revealing that data breaches increased 15% in the first six months of
2016 compared to the last six months of 2015. Worldwide, there were 974 reported
data breaches and more than 554 million compromised data records in the first
half of 2016, compared to 844 data breaches and 424 million compromised data
records in the previous six months. In addition, 52% percent of the data
breaches in the first half of this year did not disclose the number of
compromised records at the time they were reported.
The Breach Level Index is a global database that tracks data breaches and
measures their severity based on multiple dimensions, including the number of
records compromised, the type of data, the source of the breach, how the data
was used, and whether or not the data was encrypted. By assigning a severity
score to each breach, the Breach Level Index provides a comparative list of
breaches, distinguishing data breaches that are a not serious versus those that
are truly impactful.
According to the Breach Level Index, more than 4.8 billion data records have
been exposed since 2013 when the index began benchmarking publicly disclosed
data breaches. For the first six months of 2016, identity theft was the leading
type of data breach, accounting for 64% of all data breaches, up from 53% in the
previous six months. Malicious outsiders were the leading source of data
breaches, accounting for 69% of breaches, up from 56% in the previous six
months.
"Over the past twelve months hackers have continued to go after both low hanging
fruit and unprotected sensitive personal data that can be used to steal
identities," Jason Hart, Vice President and Chief Technology Officer for Data
Protection at Gemalto. "The theft of user names and account affiliation may be
irritating for consumers, but the failure of organizations to protect sensitive
personal information and identities is a growing problem that will have
implications for consumer confidence in the digital services and companies they
entrust with their personal data."
Across industries, the healthcare industry accounted for 27% of data breaches
and saw its number of data breaches increase 25% compared to the previous six
months. However, healthcare represented just 5% of compromised data records
versus 12% in the previous six months. Government accounted for 14% of all data
breaches, which was the same as the previous six months, but represented 57% of
compromised records. Financial services companies accounted for 12% of all data
breaches, a 4% decline compared to previous six months, but accounted for just
2% of compromised data records. Retail accounted for 11% of data breaches, and
declined 6% versus the previous six months, and accounted for 3% of compromised
data records. Education accounted for 11% of data breaches and represented less
than one percent of all compromised records. All other industries represented
16% of data breaches and 16% of compromised data records.
In terms of top three geographic regions for reported data breaches, 79% were in
North America, 9% were in Europe, and 8% were in Asia-Pacific.
Breach Level Index: Understanding That Not All Data Breaches Are Equal in
Severity
As data breaches continue to grow in frequency and size, it is becoming more
difficult for consumers, government regulatory agencies and companies to
distinguish between nuisance data breaches and truly impactful mega breaches,"
said Jason Hart, Vice President and Chief Technology Officer for Data Protection
at Gemalto. "News reports fail to make these distinctions, but they are
important to understand because each have different consequences. A breach
involving 100 million user names is not as severe as a breach of one million
accounts with social security numbers and other personally identifiable
information that are used for financial gain."
"In this increasingly digital world, companies, organizations and governments
are storing greater and greater amounts of data that has varying levels of
sensitivity. At the same time, it is clear that data breaches are going to
happen and that companies need to shift from a total reliance on breach
prevention to strategies that help them secure the breach. That is why more
focus needs to be understanding what really constitutes sensitive data, where it
is stored, and using the best means to defend it. At the end of the day, the
best way to protect data is to kill it. That means ensuring user credentials are
secured with strong authentication and sensitive data is protected with
encryption so it is useless to the thieves."
For a full summary of data breach incidents by industry, source, type and
geographic region, download the H1 2016 Breach Level Index Report.
