Data Breaches Surge 164%, Cost Enterprises $52B In 2017



Dan Gunderman
11/02/2017

Cyber threats to the enterprise are a constant thorn in the side of IT professionals. This year, it seems, that thorn is much sharper.

The number of data breaches worldwide skyrocketed in the first half of 2017, according to data compiled by the European digital security firm Gemalto and relayed via MediaPost.

Gemalto’s Breach Level Index indicated that 918 data incidents occurred during the first half of 2017. This led to a staggering 1.9 billion exposed data records. To understand that holistically, that’s a whopping 164% higher than the last six months of 2016.

Now, buckle up, because the statistics only get worse.

Twenty-two breaches in particular were of note in terms of their potency. In each instance, more than a million data records were compromised. (Statistics on compromised records were not available for more than 500 of the documented breaches.)

Attacks were further segmented into categories on their relevancy to the target. That is, both malicious “outsiders” and “insiders.” According to the same statistics, 74% of the attacks were traced back to the former category, i.e.., malicious outsiders. That in itself is a 23% increase from 2016.

The numbers are somewhat inverted when it comes to insider attacks. While they were only 8% of the total breach count, they account for 20 million exposed records. That could be due, in part, to an insider’s in-depth knowledge of the target setting.

See related: Cyber Security In The Information Age

Here’s where the statistics are doubly troubling: In the measured part of 2016, 500,000 compromised records were documented. That’s a meteoric 4,114% increase year over year.

What’s more, increasing 49% in the latest findings were cases of identity theft, which actually comprised 74% of all data breaches. Compromised data records within this subset increased 255%.

Gemalto also says around 10 million records were exposed each day. Magnified, that’s 122 per second. This includes the exposure of sensitive information such as medical, credit and financial records.

In terms of encryption – which would in theory stall a hacker or aggressive malware – less than 1% of the hacked files were actually encoded. This dropped 4% from the last half of 2016. This, obviously, is statistical motion in the wrong direction – especially as enterprises press on with their digital transformation initiatives and take greater strides in shoring up their networks.

Geographically, North America was a prime target for data breaches. In fact, it hosted 86% of the incidents. That’s a leap of 23% from 2016, according to the data. Compromised records in this region soared 201%.

In Europe, there were a total of 49 breaches during this timespan – which sits at just 5% of the larger total.

Nonetheless, analysis of breaches in Europe comes with a caveat – and that stems from pending legislation out of the European Union (EU) which will strictly enforce data privacy come May 2018. That signature legislation – the first of its kind since a directive in 1995 – is called the General Data Protection Regulation (GDPR), and will enforce strict regulations on data security. Businesses run the risk of steep fines, up to 4% of annual “global turnover” or €20 million (over $23 million), if they are not compliant.

See related: GDPR: Europe’s Data Compliance May Kill Your Global Business

Across industries there was also a significant surge in the number of exposed records.

The education sector saw a 103% rise in breaches and 4,000% increase in exposed records. The targeted attacks didn’t stop there, though, for victims spanned the industrial spectrum. This included within healthcare, government, financial services and entertainment.

Perhaps most importantly, though, is the financial burden to the enterprise. Gemalto’s Vice President and Chief Technology Officer for Data Protection, Jason Hart, said in the report that two-thirds of the firms breached had shares negatively impacted. Hart said that number was reached in a report from IT consultant CGI along with Oxford Economics.

Hart also said that among 65 evaluated companies, the breach cost shareholders over $52.4 billion. He expects the number to rise as government regulations in the U.S., Europe and elsewhere go into effect, protecting constituents’ data by placing a monetary value to data obtained via subterfuge.