Safenet, a large data security company based in Belcamp, MD, recently released a report at the RSA Conference. The RSA conference is sponsored by RSA the Security Division of EMC, which is based in Hopkinton MA. The report titled: “Data Breach Level Index” contains some very interesting statistics about data breaches. Here is a summary:
Death and Digital Assets
2013 Data Breach Highlights from the Breach Level Index website: The site estimates that 1,576,555 data records are lost or stolen every day.
Breach by Type (sorted by percentage of data breaches):
- Malicious outsiders: 57percent of data breaches
- Accidental loss: 27percent of data breaches
- Malicious insiders: 13 percent of data breaches
- Hacktivists: 2 percent of data breaches
- State-sponsored activity:<1 percent of data breaches
Breach By Industry (sorted by percentage of data breaches):
- Healthcare accounted for 31 percent of data breaches but only 2 percent of data records lost or stolen. The average healthcare breach lost 49,000 records.
- Government breaches made up 17 percent of data breaches in the report they also account for approximately 10 percent of data records lost or stolen. The government data breach averaged a loss of 630,000records.
- Financial institutions made up approximately 15 percent of data breaches. Yet the financial sector accounted for only 1 percent of data records lost or stolen. The average number of records lost in a financial institution breach: 112,000.
- The Technology industry is not immune to data breaches. Technology companies were hit for 11 percent of breaches and 43percent of the records lost or stolen. The average number of records stolen, however, reaches a staggering 5.7 million per breach.
- Retailers, even after the Target Breach in late 2013, only accounted for about 8 percent of the data breaches. However, retailers were responsible for 29 percent of the data records lost or stolen. The reason? The average number of records lost in a retail data breach: 6.6 million
- “Other industries” in the study, account for 23 percent of breaches and 13 percent of data records lost or stolen. The “other industries” group was responsible for an average 619,000 records lost in each breach.
In a press release dated February 18, 2014, Prakash Panjwani, Senior Vice President and General Manager, Data Protection, SafeNet reported: "Not all breaches are created or should be treated alike. The Breach Level Index helps us track and differentiate between an insecure breach, in which customer data is compromised and lost, and a security breach, where data is stolen but cannot be deciphered by cybercriminals because it is encrypted, rendering it useless to them."
Evidence Solutions, Inc. highly recommends your data be encrypted. Strong encryption, authentication and key management solutions can render breached data unusable. Some data breach laws reduce or eliminate the need for reporting if the stolen data is encrypted. Unfortunately it is estimated that less than 5% of data breached is encrypted.
