Gemalto Breach Level Index: 86% year-on-year increase in compromised data records

Last year saw 1,792 data breaches and almost 1.4 billion compromised data records, according to Gemalto’s latest Breach Level Index (BLI) report.

Although the number of breaches actually decreased marginally from last year (1,866), the total number of compromised records rose by 86%.

However, Gemalto’s “most concerning” finding is that, in over half of data breaches, the victim organisation didn’t disclose the number of records involved.

Identity theft is the leading type of breach

For the fourth year in a row, identity theft was the leading type of data breach, accounting for 59% of all incidents.

In contrast to the general trend, there was a record-high number of breaches involving identity theft last year (1,050), while the number of records stolen (390 million) decreased from 2015’s total (526 million).

The other leading types of data breach were:

  • Financial access: 18%
  • Account access: 11%
  • Nuisance: 8%
  • Existential data: 4%

Malicious outsiders pose biggest threat

Malicious outsiders were responsible for 1,223 data breaches last year, compromising 1.05 billion records. They were by far the leading source of data breaches:

  • Malicious outsiders: 68%
  • Accidental loss: 19%
  • Malicious insiders: 9%
  • Hacktivists: 3%
  • State sponsored: 1%

The next leading sources, accidental loss and malicious insiders, both declined year-on-year.

The number of accidental losses fell from 437 (23.4% of all breaches) last year to 333 (18.6%), although the number of records involved in these breaches increased from 2.65 million to 2.90 million.

Attacks by malicious insiders fell from 271 incidents (14.5%) to 164 (9.2%). The number of records involved in these breaches also dropped dramatically – from 64.7 million to 13.9 million.

Undisclosed breaches

Gemalto admits that the results of this study can only portray a partial picture of the cyber security landscape, as in more than half (52%) of all documented data breaches, the victim organisation didn’t disclose the number of records that were affected when reporting the incident.

In some cases, such as the two enormous Yahoo breaches of 2013 and 2014 that were only made public last year, it can take years for companies to identify or disclose a breach.

Gemalto says this is particularly concerning because breaches that take time to identify give hackers “the time to conduct the most drastic breaches like data integrity attacks. Organisations base their decisions on the data they have access to and often rely heavily on its validity”.

Staying secure

The best way to mitigate the risk of data breaches is to have an effective information security management system (ISMS) in place. ISO 27001 is the international standard that describes best practice for an ISMS, covering people, processes and technology.

To help businesses implement an ISO 27001-compliant ISMS, IT Governance offers a range of packaged solutions. Each fixed-price solution provides a combination of products and services that can be accessed online and deployed anywhere in the world.

You may also be interested in knowing how strong your security posture currently is. If that’s the case, you should consider booking one of our penetration tests.

For more information about penetration testing, take a look at our new penetration testing data sheet >>