RBS releases its year-end roundup and breach analysis
There’s nothing like some dramatic numbers to get attention to data breaches. Risk Based Security, Inc. has released their 2017 statistics, and yes, some of the numbers are dramatic. Here are just two snippets from their blog post about the report:
There were 5,207 breaches recorded last year, surpassing 2015’s previous high mark by nearly 20%. The number of records compromised also surpassed all other years with over 7.8 billion records exposed, a 24.2% increase over 2016’s previous high of 6.3 billion.[…]
In addition to the number of breaches and amount of data lost, 2017 stood out for another reason. For the past eight years, hacking has exposed more records than any other breach type. In 2017, breach type Web – which is largely comprised of accidentally exposing sensitive data to the Internet – took over the top spot compromising 68.8% or 5.4 billion records. Hacking still remained the leading breach type, account for 55% of reported incidents, but its impact on records exposed fell to the number two spot, with 2.3 billion records compromised. For the first time since 2008, inadvertent data exposure and other data mishandling errors caused more data loss than malicious intrusion into networks.
Read more on RBS, where you can also learn how to obtain the full report.
I wish they had frequency data as well as percentages so that I could try to compare their data from the medical sector to what Protenus and DataBreaches.net found for our U.S. health data. But it appears that both studies found that hacking accounted for a smaller percentage of breached records in 2017 than they had in 2016, so there’s some consistency across methods and findings on that. The fact that we found breached records decreased in 2017 compared to 2016 differs from their overall finding, but is not surprising because the business sector accounts for so much of their data and findings and our data and findings are restricted to health data breaches in the U.S. Also of interest to me is their findings on internal-external. Our data from health data studies has fairly consistently found that internal and external are fairly similar in frequency (although not in number of breached records). RBS’s report shows many more external incidents than internal ones.