Data Leakage Statistics 2017
2017 was a banner year of data security, and not in a good way. Read on to get the horrifying statistics that made last year so fun (and by fun, I mean terrifying).
Join the DZone community and get the full member experience.Join For Free
If you think that data breaches are common, then know that it is much worse than what is presented to you. This is because most of the security breaches are not disclosed publicly. Then it so happens that some of the breaches have not yet been detected. This category of breaches forms a large number because the research shows that it may be months or sometimes years before an organization realizes that a security breach has taken place.
Breaches are so wide-spread and so are its ramifications. The breaches affect the organizations as well as their core constituencies and partners. And they have varying degrees of fallout; some breaches affect the entire network chain globally containing highly sensitive data while some others have no impact at all.
The state-sponsored breach of Yahoo was conducted in late 2014 but was discovered in 2016. Users were only then advised to change their passwords and secure their accounts. This is a fine example of breaches not being detected early by organizations. 150 million data breaches in 2005 rose to 800 million in 2016.
2017 Statistics on Data Breaches
- You will be astonished to know that there are about 60 records that are lost or stolen every second and that adds up to a humongous 5 million records every day.
- Of the security breaches taking place, only 4% are the security breaches where apt encryption techniques were used. Thus, even the stolen data is rendered useless since it cannot be deciphered.
- This takes us to the remaining 96% of the breaches that have taken place due to the inadequate implementation of data security measures or the negligence of organizations in not knowing the significance of confidential data being exposed by hackers.
Equifax, a global leader in information solutions, was the target of a breach by a malicious outsider where more than 143 million records were affected which compromised personal information such as names, social security numbers, birth dates, credit card numbers, and addresses.
Breaches by Type and Source:
- Breaches that take place due to identity theft by a malicious outsider are the most common reason for breaches to take place and the percentage adds up to 74% of total data breaches.
- Financial access to the data by a malicious outsider is also one of the major reasons for breaches taking place in the United States. This accounts for 13% of financial access breaches.
- But it cannot be fully blamed to the malicious outsider for hacking to take place. Negligence on the part of organizations cost them dearly, with more than 18% of the breaches in 2017 being due to accidental loss. Then comes the next category of a malicious insider, accounting for 8% of data lost.
Breaches by Industry:
- The healthcare industry is the most vulnerable among the industrial breaches, coming at 25%.
- The financial industry comes in at second, suffering 14% of the year's total breaches, followed closely by the education industry with 13%. Around 118 cases of breaches were reported by the education sector for the first half of 2017 alone.
Breaches by Country:
- The United States accounts for the highest number of breaches, with around 700 incidents in the first half of 2017. The whole of the North American continent accounted for a total of 88% of the world's data breaches.
- The United Kingdom came in a distant second with 40 breach incidents. Next is Canada with 26 cases of reported breaches.
Breaches by Month in the Year 2017:
- March showed a poor result as far as data breach is concerned, with the highest number of active breaches.
- May and June had almost similar breach levels but were significantly lower when compared to the breaches that took place in March.
The statistics of data breaches are not encouraging when the year 2017 is compared with the previous years.
Organizations need to know that a new approach is essential if their confidential data is to be secured. All confidential data has to be encrypted, both at rest and in motion, and the encryption keys have to be securely managed. Identity Access Management is also an important criterion, as this controls access to and authentication of the user's techniques which have to be implemented in the company’s IT infrastructure to avoid breaches.
Opinions expressed by DZone contributors are their own.