Digital security firm Gemalto has released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88 per cent increase from 2016.
While data breach incidents decreased by 11 per cent, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013.
Over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised every day. Of the 1,765 data breach incidents in 2017, identity theft represented the leading type of data breach, accounting for 69 per cent of all data breaches.
“Here in the UAE, cyber-security has become more top-of-mind with businesses. To protect critical data information infrastructure and improve national cyber security, the government introduced the UAE Information Assurance Standards (UAE IAS), which is a set of guidelines for government entities in critical sectors. Compliance with these standards is mandatory for all government organizations, semi-government organizations and business organizations that are identified as critical infrastructure to UAE. To comply with these regulations, organizations should take a data-centric approach to security by applying comprehensive encryption methods, enforcing strict authentication and identity management solutions and building strong crypto management techniques to protect their data,” said Sebastien Pavie, Regional Director META, Enterprise & Cybersecurity, Gemalto.
Malicious outsiders remained the number one cybersecurity threat last year at 72 per cent of all breach incidents. Companies in the healthcare, financial services and retail sectors were the primary targets for breaches last year. However, government and educational institutions were not immune to cyber risks in 2017, making up 22 per cent of all breaches.
Based on data breach reports collected in the Breach Level Index, the major 2017 highlights include:
- Human error a major risk management and security issue:
Accidental loss, consisting of improper disposal of records, misconfigured databases and other unintended security issues, caused 1.9 billion records to be exposed. A dramatic 580 per cent increase in the number of compromised records from 2016.
- Identity theft is still the number one type of data breach:
Identity theft was 69 per cent of all data breach incidents. Over 600 million records were impacted resulting in a 73 per cent increase from 2016.
- Internal threats are increasing:
The number of malicious insider incidents decreased slightly. However, the amount of records stolen increased to 30 million, a 117 per cent increase from 2016.
Identity theft was the leading type of data breach, accounting for 69 per cent of all incidents constituting 26 per cent of breached data in 2017. The second most prevalent type of breach was access to financial data (16 per cent). The number of lost, stolen or compromised records increased the most for nuisance type of data breaches (560 per cent) which constituted 61 per cent of all compromised data. Account access and existential type breaches decreased both in incidents and records from 2016.
In 2017, the industries that experienced the largest number of data breach incidents were healthcare (27 per cent), financial services (12 per cent), education (11 per cent) and government (11 per cent). In terms of the amount of records lost, stolen or compromised, the most targeted sectors were government (18 per cent), financial services (9.1 per cent) and technology (16 per cent).