The Breach Level Index (BLI) is a global database that tracks data breaches globally and measures their severity based on multiple dimensions, including the type of data and the number of records compromised, the source of the breach, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing nuisances from truly impactful mega breaches. Gemalto will feature the Breach Level Index and the 2015 findings next week at the 2016 RSA Conference in San Francisco (booth N4108).
According to the Breach Level Index, more than 3.6 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. In 2015, malicious outsiders were the leading source of these breaches, accounting for 964, or 58 percent of breaches and 38 percent of compromised records, while identity theft remained the primary type of breach, accounting for 53 percent of data breaches and 40 percent of all compromised records. In the Middle East, there were 17 incidents reported out of which five were from United Arab Emirates and three from Saudi Arabia .
“In 2014, consumers may have been concerned about having their credit card numbers stolen, but there are built-in protections to limit the financial risks,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection, Gemalto. “However, in 2015 criminals shifted to attacks on personal information and identity theft, which are much harder to remediate once they are stolen. As companies and devices collect ever-increasing amounts of customer information and as consumers’ online digital activities become more diverse and prolific, more data about what they do, who they are and what they like is at risk to be stolen from the companies that store their data. If consumers’ entire personal data and identities are being co-opted again and again by cyber thieves, trust will increasingly become the centerpiece in the calculus of which companies they do business with.”
Across industries, the government sector accounted for 43 percent of compromised data records, up 476 percent from 2014 due to several very large data breaches in the United States and Turkey, and 16 percent of all data breaches. The healthcare sector accounted for 19 percent of total records compromised and 23 percent of all data breaches. The retail sector saw a major drop (93 percent) in the number of stolen data records compared to the same period last year, accounting for just 6 percent of stolen records and 10 percent of the total number of breaches in 2015. The financial services sector also saw a nearly 99 percent drop, representing just 0.1 percent of compromised data records and 15 percent of the total number of breaches.
While malicious outsiders accounted for the largest percentage of data breach incidents (58 percent), accidental loss or exposure of data records accounted for 36 percent of all records. The number of state-sponsored attacks accounted for 2 percent of data breach incidents, but the number of records compromised as a result of those attacks totaled 15 percent of all records exposed. Malicious insiders accounted for 14 percent of all data breaches and just 7 percent of compromised records.
“It is important to keep in mind that not all breaches are equal in terms of the level of severity and damage that they can bring for companies and their customers,” added Hart. “Even if a breach occurs, it can be a secure breach if the right security technologies, such as encryption, are properly in place to protect the most important and sensitive data. Unfortunately, this year there were several major breaches involving personal data and identities that were not encrypted when they should have been.”