As of December 4, 2014, the Identity Theft Resource Center had recorded 708 breaches affecting over 81,501,185 records. That’s 2.09 data breaches per day. There were 614 reported breaches affecting over 91,982,172 records in 2013. As of now, there has been a 26% increase in number of breaches over 2013. This makes 2014 a record-breaking year for data breaches.
So far, healthcare represents 42.5% of known breaches, followed by businesses at 32.6%, continuing the trend from 2013 where healthcare overtook business for total reported data breaches. With that said, businesses represent 79.4% of known breached records, which could indicate that businesses have faced proportionately larger data breaches. With that said, breached records are tricky, given that many organizations struggle to identify this figure accurately, and fewer still will report these figures.
DataLossDB, which has its own tally of data breaches, indicates that 17% of data breaches are attributed to accidental insider actions, 11% were malicious actions of insiders, and 59% could be attributed to outside factors. Hacking represented the largest number of recorded data breaches, at 41%, with other incidents of note including lost or stolen laptops and computers (7%+), and web-related incidents.
The Ponemon Institute and IBM recently released the 2014 Cost of Data Breach study, showing that the cost of data breaches continues to rise, up to $145 per lost record over the $136 from 2013. The average cost to a company was $3.5 million, 15% higher than the 2013 cost.
Data breaches are more complex than ever before. Verizon’s 2013 Data Breach Investigations Report showed that of the confirmed breaches in 2013, data breaches are harder to pin down. In 85% of data breach incidents, organizations could not determine the full extent of the breach. 66% of breaches took months or years to discover. Though most attacks are opportunistic, there is a growing indication that sophisticated attacks are on the rise. For example, we recently talked about how business travellers were being targeted for access to corporate data and networks. While the end-result may have been a hack, the attack targeted the vulnerability of the employee endpoint.
With the cost of data breaches on the rise, organizations need to pay particular attention to the protection of corporate data, no matter where it resides. Unlike encryption and other traditional data protection solutions, Absolute Software provides a range of capabilities to help you create a layered approach to securing your endpoints, one of the most risky points in corporate data security. Learn more about Absolute Software Data Security here.