More data records were lost or stolen during the first half of 2017 than all of 2016, according to Gemalto’s Breach Level Index. In total, 1.9 billion records were compromised as of the end of June 2017, compared to 1.37 billion in 2016.
The rise in data breaches was already apparent last year, increasing from 685 over the first half of 2016 to 721 million in the second half, but 2017’s figures have been astronomical.
“Security breaches are unavoidable”
Despite the rise in breached records, the number of breaches has only grown by 13% – from 815 to 921. This means that the average breach is becoming a lot more damaging.
The caveat to this is that there were two massive breaches – at River City Media and the NHS – that inflate the overall figures. Still, there were 20 other incidents in which more than one million records were compromised, stolen or lost.
This is indicative of the rise in the frequency, scope and sophistication of cyber attacks. As Gemalto writes: “More and more organizations are accepting the fact that, despite their best efforts, security breaches are unavoidable.”
In general, organisations are stepping up their efforts. Even though malicious outsiders made up the largest source of data breaches (74%), these accounted for only 13% (254 million) of stolen, compromised or lost records. This represents a significant decrease from the previous six months (686 million).
Here is the full breakdown of data breaches by source:
One area where organisations need to improve is in accidental loss. Although this category only accounted for 166 incidents (18%), it was the cause of 86% of all breached records. Even if you discount the mammoth River City Media breach, this still accounts for about half of all breached records.
Information security training
Organisations can help mitigate the risk of accidental data loss by enrolling their staff on our Information Security Staff Awareness E-Learning Course.
This course will familiarise your employees with the basics of information security, including security threats via email, the Internet and the workplace. It will also introduce them to your policies on incident reporting and responses.
The subject matter isn’t technical, as the course is aimed at anyone who processes information or uses information technology or the Internet in their job.