Gemalto releases findings of first half 2016 Breach Level Index
September 2016 by Gemalto
Gemalto released the findings of the Breach Level Index revealing that data breaches increased 15% in the first six months of 2016 compared to the last six months of 2015. Worldwide, there were 974 reported data breaches and more than 554 million compromised data records in the first half of 2016, compared to 844 data breaches and 424 million compromised data records in the previous six months. In addition, 52% percent of the data breaches in the first half of this year did not disclose the number of compromised records at the time they were reported.
The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful.
According to the Breach Level Index, more than 4.8 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. For the first six months of 2016, identity theft was the leading type of data breach, accounting for 64% of all data breaches, up from 53% in the previous six months. Malicious outsiders were the leading source of data breaches, accounting for 69% of breaches, up from 56% in the previous six months.
"Over the past twelve months hackers have continued to go after both low hanging fruit and unprotected sensitive personal data that can be used to steal identities," Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. "The theft of user names and account affiliation may be irritating for consumers, but the failure of organizations to protect sensitive personal information and identities is a growing problem that will have implications for consumer confidence in the digital services and companies they entrust with their personal data."
Across industries, the healthcare industry accounted for 27% of data breaches and saw its number of data breaches increase 25% compared to the previous six months. However, healthcare represented just 5% of compromised data records versus 12% in the previous six months. Government accounted for 14% of all data breaches, which was the same as the previous six months, but represented 57% of compromised records. Financial services companies accounted for 12% of all data breaches, a 4% decline compared to previous six months, but accounted for just 2% of compromised data records. Retail accounted for 11% of data breaches, and declined 6% versus the previous six months, and accounted for 3% of compromised data records. Education accounted for 11% of data breaches and represented less than one percent of all compromised records. All other industries represented 16% of data breaches and 16% of compromised data records.
In terms of top three geographic regions for reported data breaches, 79% were in North America, 9% were in Europe, and 8% were in Asia-Pacific.
Breach Level Index: Understanding That Not All Data Breaches Are Equal in Severity
As data breaches continue to grow in frequency and size, it is becoming more difficult for consumers, government regulatory agencies and companies to distinguish between nuisance data breaches and truly impactful mega breaches," said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. "News reports fail to make these distinctions, but they are important to understand because each have different consequences. A breach involving 100 million user names is not as severe as a breach of one million accounts with social security numbers and other personally identifiable information that are used for financial gain."
"In this increasingly digital world, companies, organizations and governments are storing greater and greater amounts of data that has varying levels of sensitivity. At the same time, it is clear that data breaches are going to happen and that companies need to shift from a total reliance on breach prevention to strategies that help them secure the breach. That is why more focus needs to be understanding what really constitutes sensitive data, where it is stored, and using the best means to defend it. At the end of the day, the best way to protect data is to kill it. That means ensuring user credentials are secured with strong authentication and sensitive data is protected with encryption so it is useless to the thieves."
For a full summary of data breach incidents by industry, source, type and geographic region, download the H1 2016 Breach Level Index Report.